- Replaced "reject" with "drop" in shorwall action. Fix #1854875

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@661 a942ae1a-1317-0410-a47c-b1dcaea8d605

ChangeLog

@@ -38,6 +38,8 @@ ver. 0.8.2 (2008/??/??) - stable
 - Added Mac OS/X startup script. Thanks to Bill Heaton.
 - Absorbed some Debian patches. Thanks to Yaroslav Halchenko.
 - Replaced "echo" with "printf" in actions. Fix #1839673
+- Replaced "reject" with "drop" in shorwall action. Fix
+  #1854875
 
 ver. 0.8.1 (2007/08/14) - stable
 ----------

config/action.d/shorewall.conf

@@ -4,6 +4,14 @@
 #
 # $Revision$
 #
+# The default Shorewall configuration is with "BLACKLISTNEWONLY=Yes" (see
+# file /etc/shorewall/shorewall.conf). This means that when Fail2ban adds a
+# new shorewall rule to ban an IP address, that rule will affect only new
+# connections. So if the attempter goes on trying using the same connection
+# he could even log in. In order to get the same behavior of the iptable
+# action (so that the ban is immediate) the /etc/shorewall/shorewall.conf
+# file should me modified with "BLACKLISTNEWONLY=No".
+# 
 
 [Definition]
 
@@ -33,7 +41,7 @@ actioncheck =
 #          <time>  unix timestamp of the ban time
 # Values:  CMD
 #
-actionban = shorewall reject <ip>
+actionban = shorewall drop <ip>
 
 # Option:  actionunban
 # Notes.:  command executed when unbanning an IP. Take care that the