mirror of https://github.com/fail2ban/fail2ban
debian/NEWS - information for change of default iptables action to REJECT now (Closes: #711463)
parent
2d068572bc
commit
4dba65f685
|
@ -1,3 +1,16 @@
|
|||
fail2ban (0.8.11-1) unstable; urgency=low
|
||||
|
||||
* retroactive for 0.8.9: by default iptables-* actions do not simply
|
||||
DROP packets from offending IP but rather reject with
|
||||
icmp-port-unreachable. If DROP behaviour is preferable, provide
|
||||
config/action.d/iptables-blocktype.local with [Init] section defining
|
||||
blocktype = DROP or override action definition to provide
|
||||
blocktype=DROP option in jail.local
|
||||
* Many failregex's were tight-up in this release which could
|
||||
theoretically effect operation in comparison to previous release(s).
|
||||
|
||||
-- Yaroslav Halchenko <debian@onerussian.com> Sat, 16 Nov 2013 22:27:50 -0500
|
||||
|
||||
fail2ban (0.8.4-3) unstable; urgency=low
|
||||
|
||||
* Jail named-refused-udp is unsafe and opens possibility for easy DoS,
|
||||
|
|
|
@ -6,6 +6,9 @@ fail2ban (0.8.11-1) unstable; urgency=low
|
|||
* debian/jail.conf
|
||||
- dropbear jail: use dropbear filter (instead of ssh) and monitor
|
||||
auth.log instead of non-existing /var/log/dropbear (Closes: #620760)
|
||||
* debian/NEWS
|
||||
- information for change of default iptables action to REJECT now
|
||||
(Closes: #711463)
|
||||
|
||||
-- Yaroslav Halchenko <debian@onerussian.com> Sat, 16 Nov 2013 21:34:54 -0500
|
||||
|
||||
|
|
Loading…
Reference in New Issue