Only restart fail2ban in rc.firewall if it's *not* started from boot.

2022-09-03 17:48:46 +01:00 · 2022-09-03 17:48:46 +01:00 · bd76367f27
commit bd76367f27
parent 3f174b140e
3 changed files with 13 additions and 7 deletions
--- a/rc.d/rc.firewall
+++ b/rc.d/rc.firewall
@ -69,7 +69,7 @@ start_firewall() {

  # Allow unrestricted access from our IPs.
  for ENTRY in "${UNFILTERED_RANGES_V4[@]}"; do
-    iptables -A INPUT -i "$EX_IF" --s "$ENTRY" -j ACCEPT
+    iptables -A INPUT -i "$EX_IF" -s "$ENTRY" -j ACCEPT
  done
  for ENTRY in "${UNFILTERED_RANGES_V6[@]}"; do
    ip6tables -A INPUT -i "$EX_IF" -s "$ENTRY" -j ACCEPT
@ -159,7 +159,9 @@ case "$1" in
    ;;
 esac

-# Restart fail2ban to re-create the ban chains.
+# Unless the system is booting, restart fail2ban to re-create the ban chains.
+[[ "$PREVLEVEL" != "N" ]] && {
  [[ -x /etc/rc.d/rc.fail2ban ]] && /etc/rc.d/rc.fail2ban restart >/dev/null
+}

 exit 0
--- a/rc.d/rc.firewall-complete
+++ b/rc.d/rc.firewall-complete
@ -205,7 +205,9 @@ case "$1" in
    ;;
 esac

-# Restart fail2ban to re-create the ban chains.
+# Unless the system is booting, restart fail2ban to re-create the ban chains.
+[[ "$PREVLEVEL" != "N" ]] && {
  [[ -x /etc/rc.d/rc.fail2ban ]] && /etc/rc.d/rc.fail2ban restart >/dev/null
+}

 exit 0
--- a/rc.d/rc.firewall-float
+++ b/rc.d/rc.firewall-float
@ -187,7 +187,9 @@ case "$1" in
    ;;
 esac

-# Restart fail2ban to re-create the ban chains.
+# Unless the system is booting, restart fail2ban to re-create the ban chains.
+[[ "$PREVLEVEL" != "N" ]] && {
  [[ -x /etc/rc.d/rc.fail2ban ]] && /etc/rc.d/rc.fail2ban restart >/dev/null
+}

 exit 0