From owner-freebsd-ports-bugs@freebsd.org Wed Jul 1 07:38:32 2015 Return-Path: Delivered-To: freebsd-ports-bugs@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 2E442991DBE for ; Wed, 1 Jul 2015 07:38:32 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 1AF052987 for ; Wed, 1 Jul 2015 07:38:32 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.14.9/8.14.9) with ESMTP id t617cVii088454 for ; Wed, 1 Jul 2015 07:38:31 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-ports-bugs@FreeBSD.org Subject: [Bug 201108] security/py-fail2ban: ssh log entries are ignored Date: Wed, 01 Jul 2015 07:38:32 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Ports & Packages X-Bugzilla-Component: Individual Port(s) X-Bugzilla-Version: Latest X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: oz42@oz42.eu X-Bugzilla-Status: New X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-ports-bugs@FreeBSD.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: maintainer-feedback? X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 Jul 2015 07:38:32 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=201108 --- Comment #7 from oz42@oz42.eu --- This is because with ipfw.conf, rules are added at the end which is pointless because my last rules are 01400 reset log logamount 20 tcp from any to me in via vtnet0 01500 unreach port log logamount 20 udp from any to me in via vtnet0 01600 deny log logamount 20 ip from any to me in via vtnet0 I need to insert the fail2ban rules at the top, so my 1st line of the ruleset is 00100 deny log logamount 20 ip from table(1) to me and ipfw-oz.conf adds rules to table 1. if we could insert rules ('iptables -I' in Linux speech) this would not be necessary. -- You are receiving this mail because: You are the assignee for the bug.