fixes race condition bug #339133

config/fail2ban.conf.default

@@ -198,8 +198,8 @@ logfile = /var/log/apache/access.log
 # Values:  CMD  Default:
 #
 fwstart = iptables -N fail2ban-http
-          iptables -I INPUT -p tcp --dport http -j fail2ban-http
           iptables -A fail2ban-http -j RETURN
+          iptables -I INPUT -p tcp --dport http -j fail2ban-http
 
 # Option:  fwend
 # Notes.:  command executed once at the end of Fail2Ban
@@ -276,8 +276,8 @@ logfile = /var/log/auth.log
 # Values:  CMD  Default:
 #
 fwstart = iptables -N fail2ban-ssh
-          iptables -I INPUT -p tcp --dport ssh -j fail2ban-ssh
           iptables -A fail2ban-ssh -j RETURN
+          iptables -I INPUT -p tcp --dport ssh -j fail2ban-ssh
 
 # Option:  fwend
 # Notes.:  command executed once at the end of Fail2Ban

debian/changelog

@@ -1,3 +1,11 @@
+fail2ban (0.5.4-10) unstable; urgency=low
+
+  * Fixed the order of ssh and apache rules to avoid possible race
+    condition (Thanks to Jefferson Cowart for the bug report) (closes:
+    #339133)
+
+ -- Yaroslav Halchenko <debian@onerussian.com>  Mon, 14 Nov 2005 23:44:45 -0500
+
 fail2ban (0.5.4-9) unstable; urgency=low
 
   * Fixed init.d script so it doesn't return non-0 status if fail2ban is not