1 Topic by john.blue

  • john.blue
  • Member
  • Offline
  • Registered: 2013-10-05
  • Posts: 17

Topic: fail2ban: elif [ X"${KERNEL_NAME}" == X'FREEBSD' ]; then

I could be wrong but it seems like the script logic used to choose ipfw or pf when configuring fail2ban for FreeBSD is out of date.

The issue is that for a fresh install of FreeBSD no firewall is enabled.  That would make this default unuseable:

# Use ipfw by default
export FAIL2BAN_ACTION='ipfw'

If a firewall is enabled, it should be done via an entry in "/etc/rc.conf".  For ipfw it would be:

firewall_enable="YES"

and for pf:

pf_enable="YES"

As best as I can tell, no changes are made to "/boot/defaults/loader.conf" when either of those options are set in /etc/rc.conf.

Thoughts?

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 31,134

Re: fail2ban: elif [ X"${KERNEL_NAME}" == X'FREEBSD' ]; then

Hi John,

Would you like to send a PR to help fix it?
https://github.com/iredmail/iRedMail

3 Reply by john.blue

  • john.blue
  • Member
  • Offline
  • Registered: 2013-10-05
  • Posts: 17

Re: fail2ban: elif [ X"${KERNEL_NAME}" == X'FREEBSD' ]; then

ZhangHuangbin wrote:

Would you like to send a PR to help fix it?

I would be happy to help out!

However, my preference would be for the script to do a hard exit if either test fails.  Is that okay?

John