From 2a3790f8e8c45a6867e1f68be68272ddaa4dc9e8 Mon Sep 17 00:00:00 2001
From: Yaroslav Halchenko <debian@onerussian.com>
Date: Tue, 4 Nov 2014 13:24:54 -0500
Subject: [PATCH] use iptables-allports for recidive

---
 ChangeLog        | 3 +++
 config/jail.conf | 3 +--
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 0e107735..c4fc1a44 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -14,6 +14,9 @@ ver. 0.9.2 (2014/XX/XXX) - wanna-be-released
    * $ typo in jail.conf. Thanks Skibbi. Debian bug #767255
    * grep'ing for IP in *mail-whois-lines.conf should now match also
      at the begginning and EOL.  Thanks Dean Lee
+   * recidive uses iptables-allports banaction by default now.
+     Avoids problems with iptables versions not understanding 'all' for
+     protocols and ports
 
 - New Features:
 
diff --git a/config/jail.conf b/config/jail.conf
index d119d229..d2949023 100644
--- a/config/jail.conf
+++ b/config/jail.conf
@@ -655,8 +655,7 @@ maxretry = 5
 [recidive]
 
 logpath  = /var/log/fail2ban.log
-port     = all
-protocol = all
+banaction = iptables-allports
 bantime  = 604800  ; 1 week
 findtime = 86400   ; 1 day
 maxretry = 5