#!/sbin/openrc-run
# This file is part of Fail2Ban.
#
# Fail2Ban is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# Fail2Ban is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Fail2Ban; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
#
# Author: Sireyessire, Cyril Jaquier
#

description="Ban hosts that cause multiple authentication errors"
description_reload="reload configuration"
extra_started_commands="reload"

# The fail2ban-client program is also capable of starting and stopping
# the server, but things are simpler if we let start-stop-daemon do it.
command="/usr/bin/fail2ban-server"
pidfile="/run/${RC_SVCNAME}/${RC_SVCNAME}.pid"
command_args="${FAIL2BAN_OPTIONS} -p ${pidfile}"
retry="30"

depend() {
	use logger
	after iptables
}

start_pre() {
	checkpath -d "${pidfile%/*}" || return 1
}

reload() {
	# The fail2ban-client uses an undocumented protocol to tell
	# the server to reload(), so we have to use it here rather
	# than e.g. sending a signal to the server daemon.
	ebegin "Reloading ${RC_SVCNAME}"
	"${command%/*}/fail2ban-client" ${command_args} reload
	eend $? "Failed to reload ${RC_SVCNAME}"
}