Bug 1388179

Summary: Please remove FirewallD and Fail2Ban-FirewallD as dependency of Fail2Ban package
Product: [Fedora] Fedora EPEL Reporter: Hannes <info>
Component: fail2banAssignee: Orion Poplawski <orion>
Status: CLOSED NOTABUG QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: epel7CC: athmanem, orion, vonsch
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-10-24 17:05:00 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Hannes 2016-10-24 16:51:42 UTC 
Description of problem:
Fail2Ban currently depends on FirewallD and Fail2ban-FirewallD, though it also can be used with IPTables only.
There is no way to completely get rid of FirewallD package when using Fail2Ban.

Version-Release number of selected component (if applicable):
0.9.5-3

How reproducible:
Easy

Steps to Reproduce:
1. Install Fail2ban
2. Switch to IPtables-Services
3. Try to uninstall FirewallD

Actual results:
Yum asks to also remove Fail2Ban and Fail2Ban-FirewallD because of dependencies.

Expected results:
FirewallD (and maybe also Fail2Ban-FirewallD) get removed without touchin Fail2ban itself.

Additional info:
While it makes absolute sense to have Fail2ban-FirewallD depend on FirewallD, Fail2Ban itself is perfectly usable without both of them.
Also, having the masked FirewallD residing on your system can result in unexpected behaviour with other programs (PSAD for example).
Also, updates to FirewallD can cause the masked service to be reactivated, making the system unreachable.
Comment 1 Orion Poplawski 2016-10-24 17:05:00 UTC 
fail2ban is a dummy package to bring in the default configuration.  You are free to remove it.  fail2ban-server contains the actual fail2ban server.
Comment 2 Hannes 2016-10-24 19:04:45 UTC 
Ok great, thank you! And sorry für the misunderstanding then...