Fix blocklist import: detect UnknownJailException and abort early

_is_not_found_error in jail_service did not match the concatenated form 'unknownjailexception' that fail2ban produces when it serialises UnknownJailException, so JailOperationError was raised instead of JailNotFoundError and every ban attempt in the import loop failed individually, skipping all 27 840 IPs before returning an error. Two changes: - Add 'unknownjail' to the phrase list in _is_not_found_error so that UnknownJailException is correctly mapped to JailNotFoundError. - In blocklist_service.import_source, catch JailNotFoundError explicitly and break out of the loop immediately with a warning log instead of retrying on every IP.
2026-03-01 21:02:37 +01:00
parent d1d6366cd2
commit 6e76711940
4 changed files with 56 additions and 0 deletions
--- a/backend/app/services/blocklist_service.py
+++ b/backend/app/services/blocklist_service.py
@@ -304,6 +304,16 @@ async def import_source(
        try:
            await jail_service.ban_ip(socket_path, BLOCKLIST_JAIL, stripped)
            imported += 1
+        except jail_service.JailNotFoundError as exc:
+            # The target jail does not exist in fail2ban — there is no point
+            # continuing because every subsequent ban would also fail.
+            ban_error = str(exc)
+            log.warning(
+                "blocklist_jail_not_found",
+                jail=BLOCKLIST_JAIL,
+                error=str(exc),
+            )
+            break
        except Exception as exc:
            skipped += 1
            if ban_error is None:
--- a/backend/app/services/jail_service.py
+++ b/backend/app/services/jail_service.py
@@ -131,6 +131,10 @@ def _ensure_list(value: Any) -> list[str]:
 def _is_not_found_error(exc: Exception) -> bool:
    """Return ``True`` if *exc* indicates a jail does not exist.

+    Checks both space-separated (``"unknown jail"``) and concatenated
+    (``"unknownjail"``) forms because fail2ban serialises
+    ``UnknownJailException`` without a space when pickled.
+
    Args:
        exc: The exception to inspect.

@@ -142,6 +146,7 @@ def _is_not_found_error(exc: Exception) -> bool:
        phrase in msg
        for phrase in (
            "unknown jail",
+            "unknownjail",  # covers UnknownJailException serialised by fail2ban
            "no jail",
            "does not exist",
            "not found",