debian/NEWS - information for change of default iptables action to REJECT now (Closes: #711463)

pull/808/head
Yaroslav Halchenko 2013-11-16 22:30:31 -05:00
parent 2d068572bc
commit 4dba65f685
2 changed files with 16 additions and 0 deletions

13
debian/NEWS vendored
View File

@ -1,3 +1,16 @@
fail2ban (0.8.11-1) unstable; urgency=low
* retroactive for 0.8.9: by default iptables-* actions do not simply
DROP packets from offending IP but rather reject with
icmp-port-unreachable. If DROP behaviour is preferable, provide
config/action.d/iptables-blocktype.local with [Init] section defining
blocktype = DROP or override action definition to provide
blocktype=DROP option in jail.local
* Many failregex's were tight-up in this release which could
theoretically effect operation in comparison to previous release(s).
-- Yaroslav Halchenko <debian@onerussian.com> Sat, 16 Nov 2013 22:27:50 -0500
fail2ban (0.8.4-3) unstable; urgency=low
* Jail named-refused-udp is unsafe and opens possibility for easy DoS,

3
debian/changelog vendored
View File

@ -6,6 +6,9 @@ fail2ban (0.8.11-1) unstable; urgency=low
* debian/jail.conf
- dropbear jail: use dropbear filter (instead of ssh) and monitor
auth.log instead of non-existing /var/log/dropbear (Closes: #620760)
* debian/NEWS
- information for change of default iptables action to REJECT now
(Closes: #711463)
-- Yaroslav Halchenko <debian@onerussian.com> Sat, 16 Nov 2013 21:34:54 -0500