Fixed misunderstanding of port in (ban)action: port will be always specified in jail config ([DEFAULT] or jail)

config/action.d/pf.conf

@@ -72,10 +72,6 @@ tablename = f2b
 protocol = tcp
 
 
-# Option:  port
-# Notes.:  specifies port to monitor
-# Values:  [ NUM | STRING ]  Default:
-port = ssh
 
 # Option: actiontype
 # Notes.: defines additions to the blocking rule
@@ -90,5 +86,5 @@ allports = any
 
 # Option: multiport
 # Notes.: addition to block access only to specific ports
-# Usage.: use in jail config: "banaction = pf[actiontype=<multiport>, port="%(port)s"]"
+# Usage.: use in jail config: "banaction = pf[actiontype=<multiport>]"
 multiport = any port <port>

fail2ban/tests/servertestcase.py

@@ -1372,12 +1372,12 @@ class ServerConfigReaderTests(LogCaptureTestCase):
 						r"`echo -2001:db8:: > /proc/net/xt_recent/f2b-j-w-iptables-xtre6`",
 					),
 				}),
-				# pf default - multiport on ssh --
+				# pf default -- multiport on default port (tag <port> set in jail.conf, but not in this test case)
 				('j-w-pf', 'pf[name=%(__name__)s]', {
 					'ip4': (), 'ip6': (),
 					'start': (
 						'`echo "table <f2b-j-w-pf> persist counters" | pfctl -f-`',
-						'`echo "block proto tcp from <f2b-j-w-pf> to any port ssh" | pfctl -f-`',
+						'`echo "block proto tcp from <f2b-j-w-pf> to any port <port>" | pfctl -f-`',
 					),
 					'stop': (
 						'`pfctl -sr 2>/dev/null | grep -v f2b-j-w-pf | pfctl -f-`',
@@ -1411,7 +1411,7 @@ class ServerConfigReaderTests(LogCaptureTestCase):
 					'ip6-unban': ("`pfctl -t f2b-j-w-pf-mp -T delete 2001:db8::`",),
 				}),
 				# pf allports --
-				('j-w-pf-ap', 'pf[name=%(__name__)s,actiontype=<allports>]', {
+				('j-w-pf-ap', 'pf[actiontype=<allports>][name=%(__name__)s]', {
 					'ip4': (), 'ip6': (),
 					'start': (
 						'`echo "table <f2b-j-w-pf-ap> persist counters" | pfctl -f-`',