From bd76367f278d738327ec5952e3f9bed29a3bc801 Mon Sep 17 00:00:00 2001
From: Darren 'Tadgy' Austin <darren@afterdark.org.uk>
Date: Sat, 3 Sep 2022 17:48:46 +0100
Subject: [PATCH] Only restart fail2ban in rc.firewall if it's *not* started
 from boot.

---
 rc.d/rc.firewall          | 8 +++++---
 rc.d/rc.firewall-complete | 6 ++++--
 rc.d/rc.firewall-float    | 6 ++++--
 3 files changed, 13 insertions(+), 7 deletions(-)

diff --git a/rc.d/rc.firewall b/rc.d/rc.firewall
index d86171d..710029d 100755
--- a/rc.d/rc.firewall
+++ b/rc.d/rc.firewall
@@ -69,7 +69,7 @@ start_firewall() {
 
   # Allow unrestricted access from our IPs.
   for ENTRY in "${UNFILTERED_RANGES_V4[@]}"; do
-    iptables -A INPUT -i "$EX_IF" --s "$ENTRY" -j ACCEPT
+    iptables -A INPUT -i "$EX_IF" -s "$ENTRY" -j ACCEPT
   done
   for ENTRY in "${UNFILTERED_RANGES_V6[@]}"; do
     ip6tables -A INPUT -i "$EX_IF" -s "$ENTRY" -j ACCEPT
@@ -159,7 +159,9 @@ case "$1" in
     ;;
 esac
 
-# Restart fail2ban to re-create the ban chains.
-[[ -x /etc/rc.d/rc.fail2ban ]] && /etc/rc.d/rc.fail2ban restart >/dev/null
+# Unless the system is booting, restart fail2ban to re-create the ban chains.
+[[ "$PREVLEVEL" != "N" ]] && {
+  [[ -x /etc/rc.d/rc.fail2ban ]] && /etc/rc.d/rc.fail2ban restart >/dev/null
+}
 
 exit 0
diff --git a/rc.d/rc.firewall-complete b/rc.d/rc.firewall-complete
index 25196f9..44e7f8e 100755
--- a/rc.d/rc.firewall-complete
+++ b/rc.d/rc.firewall-complete
@@ -205,7 +205,9 @@ case "$1" in
     ;;
 esac
 
-# Restart fail2ban to re-create the ban chains.
-[[ -x /etc/rc.d/rc.fail2ban ]] && /etc/rc.d/rc.fail2ban restart >/dev/null
+# Unless the system is booting, restart fail2ban to re-create the ban chains.
+[[ "$PREVLEVEL" != "N" ]] && {
+  [[ -x /etc/rc.d/rc.fail2ban ]] && /etc/rc.d/rc.fail2ban restart >/dev/null
+}
 
 exit 0
diff --git a/rc.d/rc.firewall-float b/rc.d/rc.firewall-float
index 9ee055f..8bae5f4 100755
--- a/rc.d/rc.firewall-float
+++ b/rc.d/rc.firewall-float
@@ -187,7 +187,9 @@ case "$1" in
     ;;
 esac
 
-# Restart fail2ban to re-create the ban chains.
-[[ -x /etc/rc.d/rc.fail2ban ]] && /etc/rc.d/rc.fail2ban restart >/dev/null
+# Unless the system is booting, restart fail2ban to re-create the ban chains.
+[[ "$PREVLEVEL" != "N" ]] && {
+  [[ -x /etc/rc.d/rc.fail2ban ]] && /etc/rc.d/rc.fail2ban restart >/dev/null
+}
 
 exit 0