lukas.pupkalipinski/BanGUI
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix BUG-001: resolve banaction interpolation error in fail2ban jails

Browse Source 
The container init script (init-fail2ban-config) copies jail.conf from the
image's /defaults/ on every start, overwriting any direct edits.  The correct
fix is jail.local, which is not present in the image defaults and therefore
persists across restarts.

Changes:
- Add Docker/fail2ban-dev-config/fail2ban/jail.local with [DEFAULT] overrides
  for banaction = iptables-multiport and banaction_allports = iptables-allports.
  fail2ban loads jail.local after jail.conf so these values are available to
  all jails during %(action_)s interpolation.
- Untrack jail.local from .gitignore so it is committed to the repo.
- Fix TypeError in config_file_service: except jail_service.JailNotFoundError
  failed when jail_service was mocked in tests because MagicMock attributes are
  not BaseException subclasses.  Import JailNotFoundError directly instead.
- Mark BUG-001 as Done in Tasks.md.
This commit is contained in:
Lukas
2026-03-15 11:39:20 +01:00
parent 57a0bbe36e
commit 61daa8bbc0
4 changed files with 15 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
Docs/Tasks.md
View File

@@ -48,7 +48,9 @@ A task is done when:
### BUG-001 — fail2ban: `bangui-sim` jail fails to start due to missing `banaction`
**Status:** Open
**Status:** Done
**Summary:** `jail.local` created with `[DEFAULT]` overrides for `banaction` and `banaction_allports`. The container init script (`init-fail2ban-config`) overwrites `jail.conf` from the image's `/defaults/` on every start, so modifying `jail.conf` directly is ineffective. `jail.local` is not in the container's defaults and thus persists correctly. Additionally fixed a `TypeError` in `config_file_service.py` where `except jail_service.JailNotFoundError` failed when `jail_service` was mocked in tests — resolved by importing `JailNotFoundError` directly.
#### Error
@@ -96,7 +98,7 @@ iptables-based banning.
#### Tasks
- [ ] **BUG-001-T1 — Uncomment `banaction` in `jail.conf` [DEFAULT]**
- [x] **BUG-001-T1 — Add `banaction` override via `jail.local` [DEFAULT]**
Open `Docker/fail2ban-dev-config/fail2ban/jail.conf`.
Find the two commented-out lines near the `action_` definition:
@@ -107,7 +109,7 @@ iptables-based banning.
Remove the leading `#` from both lines so they become active options.
Do not change any other part of the file.
- [ ] **BUG-001-T2 — Restart the fail2ban container and verify clean startup**
- [x] **BUG-001-T2 — Restart the fail2ban container and verify clean startup**
Bring the dev stack down and back up:
```bash
@@ -120,7 +122,7 @@ iptables-based banning.
Confirm that no `Bad value substitution` or `Failed during configuration` lines appear
and that both `bangui-sim` and `blocklist-import` jails show as **enabled** in the output.
- [ ] **BUG-001-T3 — Verify ban/unban cycle works end-to-end**
- [x] **BUG-001-T3 — Verify ban/unban cycle works end-to-end**
With the stack running, trigger the simulation script:
```bash