X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Ffail2ban%2Fmanifests%2Finit.pp;h=a6a9cfab04db673ec7ea6869fd290fb7a63e4101;hb=8c107072624a0b44645acad13d1f917580f7db2b;hp=8d640348a77b984b72c5c48050ebfd0ed8a2d139;hpb=35b92bafa9ca1cfa082a0edf4ace8a605270c306;p=mirror%2Fdsa-puppet.git

diff --git a/modules/fail2ban/manifests/init.pp b/modules/fail2ban/manifests/init.pp
index 8d640348a..a6a9cfab0 100644
--- a/modules/fail2ban/manifests/init.pp
+++ b/modules/fail2ban/manifests/init.pp
@@ -19,19 +19,27 @@ class fail2ban {
 				| EOF
 	}
 
-	@ferm::rule { 'dsa-f2b-setup':
+	@ferm::rule { 'dsa-f2b-setup1':
+		prio        => '005',
+		description => 'f2b master rule',
+		chain       => 'dsa-f2b',
+		domain      => '(ip ip6)',
+		rule        => '',
+		notarule    => true,
+	}
+	@ferm::rule { 'dsa-f2b-setup2':
 		prio        => '005',
 		description => 'f2b master rule',
 		chain       => 'INPUT',
 		domain      => '(ip ip6)',
-		rule        => 'saddr 0/0 @subchain "dsa-f2b" {}'
+		rule        => 'jump dsa-f2b',
 	}
 
 	# XXX Maybe this will be automatically done in buster, it is certainly needed in stretch. So maybe:  versioncmp($::lsbmajdistrelease, '9') <= 0
 	concat::fragment { 'dsa-puppet-stuff--fail2ban-cleanup':
 		target => '/etc/cron.d/dsa-puppet-stuff',
 		content  => @(EOF)
-			17 * * * * root python3 -c "import sys, logging; logging.basicConfig(stream=sys.stdout, level=logging.INFO); from fail2ban.server.database import Fail2BanDb; db = Fail2BanDb('/var/lib/fail2ban/fail2ban.sqlite3'); db.purge(); db._db.cursor().execute('VACUUM')"
+			17 * * * * root chronic python3 -c "import sys, logging; logging.basicConfig(stream=sys.stdout, level=logging.INFO); from fail2ban.server.database import Fail2BanDb; db = Fail2BanDb('/var/lib/fail2ban/fail2ban.sqlite3'); db.purge(); db._db.cursor().execute('VACUUM')"
 			| EOF
 	}