* Fixed typos (thanx to Ross Boylan).

* Robust startup: if iptables module gets fully initialized after
    startup of fail2ban, fail2ban will do "maxreinit" attempts to
    initialize its own firewall. It will sleep between attempts for
    "polltime" number of seconds (closes: #334272).
  * To overcome possible conflict with other firewall solutions and as a
    secondary solution for the bug 334272, fail2ban startup is moved
    during bootup to the latest (S99) sequenece position. That should not
    cause any discomfort I believe.

confreader/configreader.py

@@ -81,7 +81,8 @@ class ConfigReader:
 				
 				values[option[1]] = v
 			except NoOptionError:
-				logSys.warn("No '" + option[1] + "' defined in '" + sec + "'")
+				logSys.warn("No '" + option[1] + "' defined in '" + sec +
+							"'. Using default one: '" + `option[2]` + "'")
 				values[option[1]] = option[2]
 			except ValueError:
 				logSys.warn("Wrong value for '" + option[1] + "' in '" + sec +

debian/README.Debian

@@ -43,4 +43,10 @@ work nicely now
 See TODO.Debian for more details, as well as the Debian Bug Tracking
 system.
 
- -- Yaroslav O. Halchenko <debian@onerussian.com>, Wed Oct 12 13:14:48 2005
+Dirty exit:
+
+If firewall rules gets cleaned out before fail2ban exits (like was
+happening with firestarter), errors get reported during the exit of
+fail2ban, but they are "safe" and can be ignored.
+
+ -- Yaroslav O. Halchenko <debian@onerussian.com>, Thu Oct 20 13:24:56 2005

debian/changelog

@@ -1,3 +1,17 @@
+fail2ban (0.5.4-6.1) unstable; urgency=low
+
+  * Fixed typos (thanx to Ross Boylan).
+  * Robust startup: if iptables module gets fully initialized after
+    startup of fail2ban, fail2ban will do "maxreinit" attempts to
+    initialize its own firewall. It will sleep between attempts for
+    "polltime" number of seconds (closes: #334272).
+  * To overcome possible conflict with other firewall solutions and as a
+    secondary solution for the bug 334272, fail2ban startup is moved
+    during bootup to the latest (S99) sequenece position. That should not
+    cause any discomfort I believe.
+
+ -- Yaroslav Halchenko <debian@onerussian.com>  Tue, 18 Oct 2005 15:54:38 -0400
+
 fail2ban (0.5.4-5.14) unstable; urgency=low
 
   * Added a notification regarding the importance of 0.5.4-5 change of
@@ -13,7 +27,7 @@ fail2ban (0.5.4-5.14) unstable; urgency=low
     effect of crash during parsing of the config file.
   * Introduced fwcheck option to verify consistency of the
     chains. Implemented automatic restart of fail2ban main function in
-    case if check of fwban or fwban command failed (closes: #329163, #331695).
+    case check of fwban or fwunban command failed (closes: #329163, #331695).
     (Introduced patch was further adjusted by upstream author).
   * Added -f command line parameter for [findtime].
   * Fixed the issue of not respecting command line parameters for parameters
@@ -24,7 +38,7 @@ fail2ban (0.5.4-5.14) unstable; urgency=low
     exception is catched.
   * Fail2ban should not crash now if a wrong file name is specified in
     config.
-  
+
  -- Yaroslav Halchenko <debian@onerussian.com>  Mon,  3 Oct 2005 22:26:28 -1000
 
 fail2ban (0.5.4-5) unstable; urgency=low
@@ -44,7 +58,7 @@ fail2ban (0.5.4-4) unstable; urgency=low
 
 fail2ban (0.5.4-3) unstable; urgency=low
 
-  * Resolved the mistery of debug mode in which commands are not really
+  * Resolved the mystery of debug mode in which commands are not really
     executed: added verbose option to config file, removed -v from
     /etc/default/fail2ban, reordered code a bit so that log targets are
     setup right after background and then only loglevel (verbose,debug) is

debian/postinst

@@ -26,23 +26,23 @@ case "$1" in
 
        # Note regarding changed configuration file
 		if [ ! -z $preversion ] \
-			&& dpkg --compare-versions $preversion lt 0.5.4-6;
+			&& dpkg --compare-versions $preversion lt 0.5.4-5.14;
 			then
 			cat <<EOF
 WARNING!
 
  Configuration file /etc/fail2ban.conf, failregex configuration
  parameter specificly, were changed in 0.5.4-5 to close reported
- security breach, and in 0.5.4-6 to close few other bugs.
+ security breach, and in 0.5.4-5.14 to close few other bugs.
 
 updating from <0.5.4-5
  Unless configuration file (or corresponding failregex'es) gets updated,
  security breach is not closed and corresponding warning will be reported
  by the fail2ban (in the log files).
 
-updating from <0.5.4-6
+updating from <0.5.4-5.14
  Bugs #329163, #331695 dealing with changed iptables rules
- outside of fail2ban were fixed in 0.5.4-6, and require upgrade of the
+ outside of fail2ban were fixed in 0.5.4-5.14, and require upgrade of the
  configuration file (fwcheck option was introduced) to take full
  advantage of the problem solution (otherwise some problems might
  persist)

debian/rules

@@ -84,7 +84,7 @@ binary-arch: build install copy-inits
 #	dh_installemacsen
 #	dh_installpam
 #	dh_installmime
-	dh_installinit
+	dh_installinit -uparams -- defaults 99
 #	dh_installcron
 #	dh_installinfo
 	dh_installman fail2ban.8 man/fail2ban.conf.5

fail2ban.py

@@ -452,8 +452,25 @@ def main():
 				element[1].addIgnoreIP(ip)
 		else:
 			logSys.warn(ip + " is not a valid IP address")
-	
+
-	initializeFwRules()
+	# Startup loop -- necessary to avoid crash if it takes time for iptables
+	# to startup
+	# To avoid introduction of new config options, reusing maxreinits and polltime
+	reinits = 0
+	while True:
+		try:
+			initializeFwRules()
+			break
+		except ExternalError, e:
+			reinits += 1
+			logSys.warn(e)
+			if conf["maxreinits"] < 0 or (reinits < conf["maxreinits"]):
+				logSys.warn("#%d attempt to initialize the firewalls"%reinits)
+			else:
+				logSys.error("Exiting: Too many attempts to initialize the firewall")
+				killApp()
+			time.sleep(conf["polltime"])
+
 	# try to reinit once if it fails immediately
 	lastReinitTime = time.time() - conf["reinittime"] - 1
 	reinits = 0