From 3dd16eeddfc152f34093db8f5fc5ef5791084d81 Mon Sep 17 00:00:00 2001
From: Yaroslav Halchenko <debian@onerussian.com>
Date: Thu, 10 Sep 2009 09:09:01 -0400
Subject: [PATCH] BF: adjusted README.Debian - multiport is default (closes:
 #545971)

---
 debian/README.Debian | 13 ++++---------
 1 file changed, 4 insertions(+), 9 deletions(-)

diff --git a/debian/README.Debian b/debian/README.Debian
index 505b9dd6..c4707972 100644
--- a/debian/README.Debian
+++ b/debian/README.Debian
@@ -77,21 +77,16 @@ port = ssh
 protocol = tcp
 
 
-* Multiport banning: Comment for the wishlist #373592.
+* Multiport banning: Comment for #373592, #545971
 
-Default iptables rules for banning use --dport statement which allows
-to ban just a single port. For multiport banning you would need to use
-iptables-multiport action (just override banaction in jail.local),
-which is present in fail2ban shipped in Debian since 0.7.6-1.
+iptables-multiport action is now default banaction (file jail.conf, to
+be customized within jail.local). Therefore assure that you have built
+multiport module if you use custom kernel.
 
 If you would like to ban all ports for that host, just redefine
 fwban/fwunban commands to don't have --dport %(port)s statement at
 all, or use shorewall, where actionban bans whole IP.
 
-iptables-multiport action is not default banaction since multiport
-module might not be compiled for some hand compiled kernels.
-
-
 * Blocking of NEW connections only
 Comment for the wishlist #350746.