[Bug 1146856] New: security/fail2ban: Bug - failtoban breaks restarting firewalld
http://bugzilla.opensuse.org/show_bug.cgi?id=1146856 Bug ID: 1146856 Summary: security/fail2ban: Bug - failtoban breaks restarting firewalld Classification: openSUSE Product: openSUSE.org Version: unspecified Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: 3rd party software Assignee: meissner@suse.com Reporter: Mathias.Homann@opensuse.org QA Contact: bnc-team-screening@forge.provo.novell.com Found By: --- Blocker: --- on a system with fail2ban installed and activated it is impossible to use systemctl restart to restart firewalld: nextcloud:~ # systemctl restart firewalld Failed to restart firewalld.service: Transaction contains conflicting jobs 'restart' and 'stop' for fail2ban.service. Probably contradicting requirement dependencies configured. See system logs and 'systemctl status firewalld.service' for details. the sequence "systemctl stop fail2ban; systemctl restart firewalld; systemctl start fail2ban" works as exected. the same used to happen when I still used SuSEfirewall2 instead of firewalld, so I'm pretty sure the issue is with fail2ban and not with either of the two firewalls... for more info: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=871993 https://bugzilla.redhat.com/show_bug.cgi?id=1379141 https://lists.freedesktop.org/archives/systemd-devel/2016-March/036011.html -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1146856 http://bugzilla.opensuse.org/show_bug.cgi?id=1146856#c2 Christian Boltz <suse-beta@cboltz.de> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |chris@computersalat.de, | |jweberhofer@weberhofer.at, | |suse-beta@cboltz.de --- Comment #2 from Christian Boltz <suse-beta@cboltz.de> --- Johannes and Christian, can you please fix this so that restarting SuSEfirewall2 in Leap is possible again? ;-) -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1146856 http://bugzilla.opensuse.org/show_bug.cgi?id=1146856#c3 Christian Wittmer <chris@computersalat.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CONFIRMED Flags| |needinfo?(jweberhofer@weber | |hofer.at) --- Comment #3 from Christian Wittmer <chris@computersalat.de> --- (In reply to Christian Boltz from comment #2)
Johannes and Christian, can you please fix this so that restarting SuSEfirewall2 in Leap is possible again? ;-)
looks for me more as systemd related: https://github.com/systemd/systemd/issues/2830 debians workaround taken from fedora: +--- a/files/fail2ban.service ++++ b/files/fail2ban.service +@@ -2,7 +2,7 @@ + Description=Fail2Ban Service + Documentation=man:fail2ban(1) + After=network.target iptables.service firewalld.service +-PartOf=iptables.service firewalld.service ++PartOf=firewalld.service Shouldn't we wait for a systemd fix ... or what do you think Johannes ? -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1146856 http://bugzilla.opensuse.org/show_bug.cgi?id=1146856#c4 Robert Divko <Robert@Divko.de> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |Robert@Divko.de --- Comment #4 from Robert Divko <Robert@Divko.de> --- Bug is in all current opensuse branches: Leap 15.1, 15.2, Tumbleweed and thus seams to wait long for a solution already. I have two cases of reboot hang due to firewall blocking because of it (can't prove). I would asked for sulution within fail2ban because it's part of the package: # rpm -ql fail2ban | grep system /usr/lib/python2.7/site-packages/fail2ban/server/filtersystemd.py /usr/lib/python2.7/site-packages/fail2ban/server/filtersystemd.pyc /usr/lib/systemd/system/fail2ban.service -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1146856 Bj�rn Voigt <bjoernv@arcor.de> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |bjoernv@arcor.de -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1146856 http://bugzilla.opensuse.org/show_bug.cgi?id=1146856#c6 Aaron Burnett <mullein@adelie.io> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |mullein@adelie.io --- Comment #6 from Aaron Burnett <mullein@adelie.io> --- Not to rush, but is there an ETA on this? I'm still seeing this bug. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1146856 http://bugzilla.opensuse.org/show_bug.cgi?id=1146856#c7 --- Comment #7 from OBSbugzilla Bot <bwiedemann+obsbugzillabot@suse.com> --- This is an autogenerated message for OBS integration: This bug (1146856) was mentioned in https://build.opensuse.org/request/show/914050 15.2+Backports:SLE-15-SP1+Backports:SLE-15-SP2+Backports:SLE-15-SP3 / fail2ban -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1146856 http://bugzilla.opensuse.org/show_bug.cgi?id=1146856#c10 Johannes Weberhofer <jweberhofer@weberhofer.at> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|CONFIRMED |RESOLVED Resolution|--- |FIXED --- Comment #10 from Johannes Weberhofer <jweberhofer@weberhofer.at> --- Fixed and created MR -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1146856 http://bugzilla.opensuse.org/show_bug.cgi?id=1146856#c11 Marc Chamberlin <marc@marcchamberlin.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED CC| |marc@marcchamberlin.com Resolution|FIXED |--- --- Comment #11 from Marc Chamberlin <marc@marcchamberlin.com> --- I am going to differ on the opinion that this bug is fixed. Not for me, running OpenSuSE 15.3 x64. I do keep my systems updated whenever I am told updated are available, and there are no outstanding updates on any of my systems to download and install. I am running Fail2Ban and Firewalld services. -- You are receiving this mail because: You are on the CC list for the bug.
participants (2)
-
bugzilla_noreply@novell.com -
bugzilla_noreply@suse.com