Bug 1321476

Summary: shouldn't require fail2ban-firewalld
Product: [Fedora] Fedora EPEL Reporter: Brian J. Murrell <brian>
Component: fail2banAssignee: Orion Poplawski <orion>
Status: CLOSED NOTABUG QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: unspecified    
Version: epel7CC: athmanem, orion, vonsch
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-03-27 21:35:12 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Brian J. Murrell 2016-03-27 19:00:12 UTC 
Description of problem:
fail2ban requires fail2ban-firewalld, but I implement my bans at the network edge, not the fail2ban server.

Version-Release number of selected component (if applicable):
fail2ban-0.9.3-1.el7.noarch

How reproducible:
100%

In my fail2ban installation, I am running the server on a central logging server which receives the logs from many other machines but in particular from the firewall for the network, which is not the fail2ban server.

As such I have customized actions to implement the bans on the network firewall, not the fail2ban server.  Having fail2ban-firewalld on the fail2ban server is useless for me and I should not be forced to have it.

I'd be happy to supply an alternative to fail2ban-firewalld for remote routers (mine is an OpenWrt) but I'm not convinced it would be useful to anyone but my customized installation.  That said, I should still be allowed to choose not to have fail2ban-firewalld.
Comment 1 Orion Poplawski 2016-03-27 21:35:12 UTC 
If you don't want firewalld, just install fail2ban-server which is the core fail2ban server component.  The fail2ban package is just a meta package that brings in the default components.
Comment 2 Brian J. Murrell 2016-03-28 11:09:42 UTC 
Ahh.  Yes, that does the trick.  Thanks!