[Bug 292358] security/py-fail2ban: Problems with 15.0

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: <bugzilla-noreply_at_freebsd.org>
Date: Sun, 11 Jan 2026 13:17:02 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=292358

            Bug ID: 292358
           Summary: security/py-fail2ban: Problems with 15.0
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Some People
          Priority: ---
         Component: Individual Port(s)
          Assignee: cy@FreeBSD.org
          Reporter: martin@waschbuesch.de
          Assignee: cy@FreeBSD.org
             Flags: maintainer-feedback?(cy@FreeBSD.org)

I have been using fail2ban for a long time and the bsd-ipfw actions worked
flawlessly (not using pf here).

After upgrading to 15.0, however, I experience problems:

1.) While IPs are added to a ipfw table, the fail2ban log reports errors doing
so:

2026-01-11 13:04:43,526 fail2ban.filter         [78741]: INFO    [apache-auth]
Found xxx.xxx.xxx.xxx - 2026-01-11 12:59:30
2026-01-11 13:04:43,701 fail2ban.actions        [78741]: NOTICE  [apache-auth]
Ban xxx.xxx.xxx.xxx
2026-01-11 13:04:43,710 fail2ban.utils          [78741]: ERROR   390afecac830
-- exec: e=`ipfw table 2 add xxx.xxx.xxx.xxx 2>&1`; x=$?; [ $x -eq 0 -o "$e" =
'ipfw: setsockopt(IP_FW_TABLE_XADD): File exists' ] || echo "$e" | grep -q
"record already exists" || { echo "$e" 1>&2; exit $x; }
2026-01-11 13:04:43,710 fail2ban.utils          [78741]: ERROR   390afecac830
-- stderr: 'ipfw: Adding record failed: Bad file descriptor'
2026-01-11 13:04:43,710 fail2ban.utils          [78741]: ERROR   390afecac830
-- stderr: 'added: xxx.xxx.xxx.xxx/32 0'
2026-01-11 13:04:43,710 fail2ban.utils          [78741]: ERROR   390afecac830
-- returned 71

The corresponding block in jail.local:

[apache-auth]
action   = bsd-ipfw[port="80,443",table=2,lowest_rule_num=1]
enabled  = true
logpath  = /home/*/logs/*error.log
           /var/log/httpd-error.log
findtime = 600
maxretry = 1
bantime  = 48h

2.) fail2ban will stop 'seeing' changes in logfiles after a while. I suppose
this is due to inotify changes in 15.0 and py-inotify, so maybe not an issue
with fail2ban per se, but since I cannot say this for certain, I wanted to
report it.

Also, I do not seem to be the only person to experience this as evidenced here:
https://www.reddit.com/r/freebsd/comments/1pdcr72/ipfw_throws_bad_file_descriptor_errors_when/

-- 
You are receiving this mail because:
You are the assignee for the bug.