set default fail2ban banaction iptables-allports

aptalca · aptalca · commit 0fe03f14bbd0 · 2020-05-05T10:42:41.000-04:00
diff --git a/README.md b/README.md
@@ -290,7 +290,7 @@ Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64
 
 ## Versions
 
-* **04.05.20:** - Allow for optionally setting propagation time for dns plugins. Add repo version of `whois` to replace the built-in busybox version.
+* **04.05.20:** - Allow for optionally setting propagation time for dns plugins. Add repo version of `whois` to replace the built-in busybox version. Update `jail.local` to change default fail2ban ban action to more widely supported `iptables-allports`.
 * **13.04.20:** - Update cloudflare.ini with token info.
 * **11.03.20:** - Add php7-sodium.
 * **06.03.20:** - Implement cert renewal attempt during container start (only if the cert is already expired or will expire within the next 24 hours, otherwise it will be attempted at 2:08am).
diff --git a/readme-vars.yml b/readme-vars.yml
@@ -126,7 +126,7 @@ app_setup_nginx_reverse_proxy_block: ""
 
 # changelog
 changelogs:
-  - { date: "04.05.20:", desc: "Allow for optionally setting propagation time for dns plugins. Add repo version of `whois` to replace the built-in busybox version." }
+  - { date: "04.05.20:", desc: "Allow for optionally setting propagation time for dns plugins. Add repo version of `whois` to replace the built-in busybox version. Update `jail.local` to change default fail2ban ban action to more widely supported `iptables-allports`." }
   - { date: "13.04.20:", desc: "Update cloudflare.ini with token info." }
   - { date: "11.03.20:", desc: "Add php7-sodium." }
   - { date: "06.03.20:", desc: "Implement cert renewal attempt during container start (only if the cert is already expired or will expire within the next 24 hours, otherwise it will be attempted at 2:08am)." }
diff --git a/root/defaults/jail.local b/root/defaults/jail.local
@@ -1,10 +1,14 @@
+## Version 2020/05/05 - Changelog: https://github.com/linuxserver/docker-letsencrypt/commits/master/root/defaults/jail.local
 # This is the custom version of the jail.conf for fail2ban
 # Feel free to modify this and add additional filters
 # Then you can drop the new filter conf files into the fail2ban-filters
 # folder and restart the container
 
 [DEFAULT]
 
+# Changes the default ban action from "iptables-multiport", which causes issues on some platforms, to "iptables-allports".
+banaction = iptables-allports
+
 # "bantime" is the number of seconds that a host is banned.
 bantime  = 600
 
