[Bug 290298] fail2ban port should default to pf instead of iptables (which doesn't work)

Reply: bugzilla-noreply_a_freebsd.org: "[Bug 290298] fail2ban port should default to pf instead of iptables (which doesn't work)"
Reply: bugzilla-noreply_a_freebsd.org: "[Bug 290298] fail2ban port should default to pf instead of iptables (which doesn't work)"
Reply: bugzilla-noreply_a_freebsd.org: "[Bug 290298] security/py-fail2ban port should default to pf instead of iptables (which doesn't work)"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Thu, 16 Oct 2025 15:20:46 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=290298

            Bug ID: 290298
           Summary: fail2ban port should default to pf instead of iptables
                    (which doesn't work)
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Many People
          Priority: ---
         Component: Individual Port(s)
          Assignee: ports-bugs@FreeBSD.org
          Reporter: sean@rogue-research.com

Out-of-the-box, the fail2ban port is configured to use iptables, which is a
linux thing and doesn't work on FreeBSD.  Defaulting to pf would be a much
better experience.


The port already customizes the jail.conf file here:

https://github.com/freebsd/freebsd-ports/blob/84e02f358a1f386d7d883be8efb13e1fe1a605ef/security/py-fail2ban/Makefile#L58

Replacing the word debian with the word freebsd using:

```
@${REINPLACE_CMD} -e 's,paths-debian.conf,paths-freebsd.conf,g' \
```

It could presumably do the same to change:

```
banaction = iptables-multiport
```

to

```
banaction = pf[actiontype=<allports>]
```

-- 
You are receiving this mail because:
You are the assignee for the bug.