From 6d4cada584805a42c3180079a0e495f63b343049 Mon Sep 17 00:00:00 2001 From: James Fellows Date: Sun, 29 May 2016 20:50:27 +0100 Subject: [PATCH 1/3] Remove %( )s wrapper from action variables --- templates/etc/fail2ban/jail.local.j2 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/templates/etc/fail2ban/jail.local.j2 b/templates/etc/fail2ban/jail.local.j2 index 32656a6..eb8856e 100644 --- a/templates/etc/fail2ban/jail.local.j2 +++ b/templates/etc/fail2ban/jail.local.j2 @@ -75,7 +75,7 @@ action_mwl = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(proto # Choose default action. To change, just override value of 'action' with the # interpolation to the chosen action shortcut (e.g. action_mw, action_mwl, etc) in jail.local # globally (section [DEFAULT]) or per specific section -action = %({{ fail2ban_action }})s +action = {{ fail2ban_action }} # # JAILS @@ -111,7 +111,7 @@ findtime = {{ service.findtime }} bantime = {{ service.bantime }} {% endif %} {% if service.action is defined %} -action = %({{ service.action }})s +action = {{ service.action }} {% endif %} {% if service.banaction is defined %} banaction = {{ service.banaction }} From 21155e145be70c25c951848a0212ef5c4ec7f912 Mon Sep 17 00:00:00 2001 From: James Fellows Date: Mon, 30 May 2016 16:22:59 +0100 Subject: [PATCH 2/3] Add variable expansion to README file --- README.md | 4 ++-- defaults/main.yml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 1e30014..ae6a966 100644 --- a/README.md +++ b/README.md @@ -27,7 +27,7 @@ None - `fail2ban_mta`: [default: `sendmail`]: Email action - `fail2ban_protocol`: [default: `tcp`]: Sets the default protocol - `fail2ban_chain`: [default: `INPUT`]: Specifies the chain where jumps would need to be added in iptables-* actions -- `fail2ban_action`: [default: `action_`]: Default action +- `fail2ban_action`: [default: `%(action_)s`]: Default action. **Note that variables (including the actions defined elsewhere in the config files) must be wrapped in python-style `%(` and `)s` so they are expanded.** - `fail2ban_filterd_path`: [optional]: Path to directory containing filters to copy (**note the trailing slash**) - `fail2ban_actiond_path`: [optional]: Path to directory containing actions to copy (**note the trailing slash**) @@ -44,7 +44,7 @@ fail2ban_services: logpath: /var/log/auth.log maxretry: 6 protocol: tcp (optional) - action: action_ (optional) + action: %(action_)s (optional) banaction: iptables-multiport (optional) bantime: 600 (optional) findtime: 600 (optional) diff --git a/defaults/main.yml b/defaults/main.yml index 6086c52..07a3e52 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -18,7 +18,7 @@ fail2ban_banaction: iptables-multiport fail2ban_mta: sendmail fail2ban_protocol: tcp fail2ban_chain: INPUT -fail2ban_action: action_ +fail2ban_action: %(action_)s fail2ban_services: - name: ssh From aa5e888c2be4ca47555f74802df4bcf39eaf6c15 Mon Sep 17 00:00:00 2001 From: James Fellows Date: Mon, 30 May 2016 17:56:14 +0100 Subject: [PATCH 3/3] wrap fail2ban_action in quotes --- defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/defaults/main.yml b/defaults/main.yml index 07a3e52..e9f9f65 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -18,7 +18,7 @@ fail2ban_banaction: iptables-multiport fail2ban_mta: sendmail fail2ban_protocol: tcp fail2ban_chain: INPUT -fail2ban_action: %(action_)s +fail2ban_action: '%(action_)s' fail2ban_services: - name: ssh