From b9facb80d25e4e7d7bdc46ab36426f23042237a7 Mon Sep 17 00:00:00 2001 From: Yaroslav Halchenko Date: Mon, 22 Jan 2018 10:38:48 -0500 Subject: [PATCH] debian/README.Debian - Instructions on how to establish correct startup/shutdown sequence in systemd for shorewall (Closes: #847728) final recipe --- debian/README.Debian | 17 ++++++++++++++++- debian/changelog | 6 +++++- 2 files changed, 21 insertions(+), 2 deletions(-) diff --git a/debian/README.Debian b/debian/README.Debian index a8922861..a69b7c27 100644 --- a/debian/README.Debian +++ b/debian/README.Debian @@ -11,6 +11,21 @@ Currently, the major difference with upstream: python libraries are placed under /usr/share/fail2ban instead of /usr/lib/fail2ban to comply with policy regarding architecture independent resources. +Shorewall and startup sequence (#847728) +---------------------------------------- + +If you are using systemd, create a +/etc/systemd/system/fail2ban.service.d/override.conf with contents: + +[Unit] +Requires=shorewall.service +After=shorewall.service + +go guarantee a proper sequence of startup/shotdown (shorewall should +be started before fail2ban, and stopped after). Similar settings +could be adopted for other firewall solutions. + + Upgrade from 0.6 versions: ------------------------- @@ -231,4 +246,4 @@ P.S. Anyone is welcome to recommend proper security solution to this issue, such as an alternative to sysklogd which allows better control over users logging to specific facilities (such as AUTH) - -- Yaroslav Halchenko , Fri, 15 Jul 2016 08:59:10 -0400 + -- Yaroslav Halchenko , Mon, 22 Jan 2018 10:37:00 -0500 diff --git a/debian/changelog b/debian/changelog index 8251a79c..4aa8ad12 100644 --- a/debian/changelog +++ b/debian/changelog @@ -21,12 +21,16 @@ fail2ban (0.10.2-1) unstable; urgency=medium - Boosted policy to 4.1.3 - sqlite3 is now needed for some tests, thus added to build-depends and suggests + * debian/README.Debian + - Instructions on how to establish correct startup/shutdown sequence + in systemd for shorewall (Closes: #847728). Thanks Ben Coleman for the + final recipe [ Viktor Szépe ] * Install provided config for monit under /etc/monit/conf-available (instead of /etc/monit/monitrc.d, location changed after monit 1:5.15-2) - -- Yaroslav Halchenko Sat, 20 Jan 2018 22:05:17 -0500 + -- Yaroslav Halchenko Mon, 22 Jan 2018 10:38:19 -0500 fail2ban (0.9.7-2) unstable; urgency=medium