New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[RFE]: Maintain use of [INIT] defaults for jails using multiple actions. #3531
Comments
I don't understand the RFE. If for example there is a [Init]
cftoken = abcdefgh
cfuser = test it will overwrite both init parameters from: fail2ban/config/action.d/cloudflare.conf Lines 81 to 83 in 226a594
so if action = %(action_)s
cloudflare the action Line 241 in 226a594
then both parameters get overwritten from jail.local .
So please describe more precisely what is basically the goal of this RFE? |
I have a related question, if I want to define a custom action that inherits from Let's say Will adding a line like Also is it possible to inherit This will be very useful, because in my case I want the same actionstart / actionstop but want to override actionban and actionunban. |
Thus either: iptables-custom.local:[INCLUDES]
before = iptables-multiport.conf
# your own custom definitions in related sections Or much simpler, make a However normally one doesn't need to get parameters like port that are supposed to be set from jail.
Yes, it happens automatically with both variants, but better and sane using
Then create This RFE seems to be about completely different thing and seeks for possibility to supply parameters to action(s) without to specify them in action declaration (comma separated within square brackets). |
Sorry @sebres, I entirely missed the notification for your more info. I have an
I then had an
But this did not work and I had to change to using
This might be intended functionality, it just felt unintuitive to me when I originally opened the issue. |
Yes this is intended. The settings will be loaded using following scenario:
Thereby the interpolation (of Supplying of ALL parameters, that jail config has, as requested is too heavy and can seriously slowdown the init process as well as may conflict with some parameter in action or some of its include. With other words it is really complex stuff.
Agree, but due to above-mentioned difficulty as well as possible parameter conflict it is hardly possible or rather may be too dangerous. Although it is not necessary to specify Also note the declarion for Line 212 in 9bedc3c
Here is an example: [DEFAULT]
my_cf = cloudflare-apiv4[cfuser="MY-USERNAME", cftoken="MY-TOKEN", chain=<chain>]
action = %(action_)s
%(my_cf)s
banaction = iptables[type=multiport]
banaction_allports = iptables[type=allports]
[npm-docker]
port = http,https
chain = DOCKER-USER
enabled = true
[other-jail-wo-cf]
port = 1234
chain = MY-CHAIN
protocol = all
# single port ban-action:
banaction = iptables[type=oneport]
# no cloudflare needed here:
action = %(action_)s
enabled = true
[other-jail-cf-only]
chain = CF-SOME-SERVICE
# only cloudflare needed here:
action = %(my_cf)s
enabled = true All parameters looking like |
Thank you! That explanation clarifies why the cf token and user need to be specified in the jail, not necessarily the action's INIT. I agree this is much more complex than I initially perceived, and most definitely not truly an enhancement to the current process. |
Feature request type
Have Fail2Ban use the defaults specified in [INIT] of the action (both for defaults and custom actions) when configuring a jail using multiple actions.
Description
When there are multiple actions, such as:
You need to further specify all required parameters, even if they are set in the an action.d/*.local file, i.e.
This appears to be the case even if "port" and "chain" are specified in the jail.local on other lines or if cfuser and cftoken are specified in the cloudflare.local
The text was updated successfully, but these errors were encountered: