From: David Galloway <dgallowa@redhat.com>
Date: Wed, 5 Sep 2018 14:29:20 +0000 (-0400)
Subject: public_facing: Support blocking multiple ports in ufw fail2ban action
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=refs%2Fpull%2F407%2Fhead;p=ceph-cm-ansible.git

public_facing: Support blocking multiple ports in ufw fail2ban action

UFW requires the protocol be specified when multiple ports are given for
a deny rule.

Signed-off-by: David Galloway <dgallowa@redhat.com>
---

diff --git a/roles/public_facing/templates/f2b_ufw.conf.j2 b/roles/public_facing/templates/f2b_ufw.conf.j2
index 140a02a8..cc035865 100644
--- a/roles/public_facing/templates/f2b_ufw.conf.j2
+++ b/roles/public_facing/templates/f2b_ufw.conf.j2
@@ -8,4 +8,6 @@ actionstart =
 actionstop = 
 actioncheck = 
 actionban = ufw insert 1 deny from <ip> to any port <port>
+            ufw insert 1 deny proto tcp from <ip> to any port <port>
 actionunban = ufw delete deny from <ip> to any port <port>
+              ufw delete deny proto tcp from <ip> to any port <port>