From 3e2a09cdf7846dd384beff43d144f926dc2fb32b Mon Sep 17 00:00:00 2001
From: Yaroslav Halchenko <debian@onerussian.com>
Date: Sun, 20 Nov 2005 19:53:37 +0000
Subject: [PATCH] fixes race condition bug #339133

---
 config/fail2ban.conf.default | 4 ++--
 debian/changelog             | 8 ++++++++
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/config/fail2ban.conf.default b/config/fail2ban.conf.default
index d2a5d8e9..ae4bf27d 100644
--- a/config/fail2ban.conf.default
+++ b/config/fail2ban.conf.default
@@ -198,8 +198,8 @@ logfile = /var/log/apache/access.log
 # Values:  CMD  Default:
 #
 fwstart = iptables -N fail2ban-http
-          iptables -I INPUT -p tcp --dport http -j fail2ban-http
           iptables -A fail2ban-http -j RETURN
+          iptables -I INPUT -p tcp --dport http -j fail2ban-http
 
 # Option:  fwend
 # Notes.:  command executed once at the end of Fail2Ban
@@ -276,8 +276,8 @@ logfile = /var/log/auth.log
 # Values:  CMD  Default:
 #
 fwstart = iptables -N fail2ban-ssh
-          iptables -I INPUT -p tcp --dport ssh -j fail2ban-ssh
           iptables -A fail2ban-ssh -j RETURN
+          iptables -I INPUT -p tcp --dport ssh -j fail2ban-ssh
 
 # Option:  fwend
 # Notes.:  command executed once at the end of Fail2Ban
diff --git a/debian/changelog b/debian/changelog
index 33337c14..242a7c5f 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+fail2ban (0.5.4-10) unstable; urgency=low
+
+  * Fixed the order of ssh and apache rules to avoid possible race
+    condition (Thanks to Jefferson Cowart for the bug report) (closes:
+    #339133)
+
+ -- Yaroslav Halchenko <debian@onerussian.com>  Mon, 14 Nov 2005 23:44:45 -0500
+
 fail2ban (0.5.4-9) unstable; urgency=low
 
   * Fixed init.d script so it doesn't return non-0 status if fail2ban is not