diff --git a/THANKS b/THANKS index b92d09a7..c3ff109c 100644 --- a/THANKS +++ b/THANKS @@ -92,5 +92,6 @@ Yaroslav Halchenko Winston Smith ykimon Yehuda Katz +Zbigniew Jędrzejewski-Szmek zugeschmiert Zurd diff --git a/config/action.d/iptables-xt_recent-echo.conf b/config/action.d/iptables-xt_recent-echo.conf index 829d4c06..bc2e8971 100644 --- a/config/action.d/iptables-xt_recent-echo.conf +++ b/config/action.d/iptables-xt_recent-echo.conf @@ -33,13 +33,14 @@ before = iptables-blocktype.conf # own rules. The 3600 second timeout is independent and acts as a # safeguard in case the fail2ban process dies unexpectedly. The # shorter of the two timeouts actually matters. -actionstart = iptables -I INPUT -m recent --update --seconds 3600 --name fail2ban- -j +actionstart = if [ `id -u` -eq 0 ];then iptables -I INPUT -m recent --update --seconds 3600 --name fail2ban- -j ;fi # Option: actionstop # Notes.: command executed once at the end of Fail2Ban # Values: CMD # actionstop = echo / > /proc/net/xt_recent/fail2ban- + if [ `id -u` -eq 0 ];then iptables -D INPUT -m recent --update --seconds 3600 --name fail2ban- -j ;fi # Option: actioncheck # Notes.: command executed once before each actionban command diff --git a/doc/run-rootless.txt b/doc/run-rootless.txt index 5edf6ef6..57cd6f3a 100644 --- a/doc/run-rootless.txt +++ b/doc/run-rootless.txt @@ -74,12 +74,6 @@ further configuration. To run not as root, further setup is necessary: with suitably replaced. - - suppress actionstart for iptables-xt_recent-echo action by creating an override file - iptables-xt_recent-echo.local to accompany iptables-xt_recent-echo.conf with - - [Definition] - actionstart = - - Permissions: make sure that configuration files under /etc/fail2ban are readable by