From 77907369188b05b1f204a43c1f2518cfede3278d Mon Sep 17 00:00:00 2001 From: Lukas Date: Sun, 10 May 2026 09:35:33 +0200 Subject: [PATCH] feat(jail-config): add banaction and banaction_allports to blocklist config Adds iptables-multiport and iptables-allports ban actions to the blocklist-import jail configuration and updates the corresponding test assertions. --- backend/app/utils/jail_config.py | 2 ++ backend/tests/test_utils/test_jail_config.py | 2 ++ 2 files changed, 4 insertions(+) diff --git a/backend/app/utils/jail_config.py b/backend/app/utils/jail_config.py index 31cc38c..3e4b94d 100644 --- a/backend/app/utils/jail_config.py +++ b/backend/app/utils/jail_config.py @@ -51,6 +51,8 @@ maxretry = 1 findtime = 1d bantime = 86400 ignoreip = 127.0.0.0/8 ::1 172.16.0.0/12 +banaction = iptables-multiport +banaction_allports = iptables-allports """ _BLOCKLIST_IMPORT_LOCAL = """\ diff --git a/backend/tests/test_utils/test_jail_config.py b/backend/tests/test_utils/test_jail_config.py index 1f87e63..dfb92fc 100644 --- a/backend/tests/test_utils/test_jail_config.py +++ b/backend/tests/test_utils/test_jail_config.py @@ -68,6 +68,8 @@ class TestEnsureJailConfigs: # Blocklist-import jail must have a 24-hour ban time blocklist_conf = _read(jail_d, _BLOCKLIST_CONF) assert "bantime = 86400" in blocklist_conf + assert "banaction = iptables-multiport" in blocklist_conf + assert "banaction_allports = iptables-allports" in blocklist_conf # .local files must set enabled = true and nothing else for local_file in (_MANUAL_LOCAL, _BLOCKLIST_LOCAL):