Simplify the connector and jail.local cunstruction with a unified function for all connectors

2026-04-17 14:03:15 +02:00 · 2026-02-10 15:50:32 +01:00
parent 8f9399196e
commit 337d199143
4 changed files with 46 additions and 734 deletions
--- a/internal/fail2ban/connector_agent.go
+++ b/internal/fail2ban/connector_agent.go
@@ -410,52 +410,9 @@ func (ac *AgentConnector) TestLogpathWithResolution(ctx context.Context, logpath

 // UpdateDefaultSettings implements Connector.
 func (ac *AgentConnector) UpdateDefaultSettings(ctx context.Context, settings config.AppSettings) error {
-	// Check jail.local integrity first
-	exists, hasUI, chkErr := ac.CheckJailLocalIntegrity(ctx)
-	if chkErr != nil {
-		config.DebugLog("Warning: could not check jail.local integrity on agent %s: %v", ac.server.Name, chkErr)
-	}
-	if exists && !hasUI {
-		return fmt.Errorf("jail.local on agent server %s is not managed by Fail2ban-UI - skipping settings update (please migrate your jail.local manually)", ac.server.Name)
-	}
-	if !exists {
-		config.DebugLog("jail.local does not exist on agent server %s - initializing fresh managed file", ac.server.Name)
-		if err := ac.EnsureJailLocalStructure(ctx); err != nil {
-			return fmt.Errorf("failed to initialize jail.local on agent server %s: %w", ac.server.Name, err)
-		}
-	}
-
-	// Convert IgnoreIPs array to space-separated string
-	ignoreIPStr := strings.Join(settings.IgnoreIPs, " ")
-	if ignoreIPStr == "" {
-		ignoreIPStr = "127.0.0.1/8 ::1"
-	}
-	// Set default banaction values if not set
-	banaction := settings.Banaction
-	if banaction == "" {
-		banaction = "nftables-multiport"
-	}
-	banactionAllports := settings.BanactionAllports
-	if banactionAllports == "" {
-		banactionAllports = "nftables-allports"
-	}
-	chain := settings.Chain
-	if chain == "" {
-		chain = "INPUT"
-	}
-	payload := map[string]interface{}{
-		"bantimeIncrement":  settings.BantimeIncrement,
-		"defaultJailEnable": settings.DefaultJailEnable,
-		"ignoreip":          ignoreIPStr,
-		"bantime":           settings.Bantime,
-		"findtime":          settings.Findtime,
-		"maxretry":          settings.Maxretry,
-		"banaction":         banaction,
-		"banactionAllports": banactionAllports,
-		"chain":             chain,
-		"bantimeRndtime":    settings.BantimeRndtime,
-	}
-	return ac.put(ctx, "/v1/jails/default-settings", payload, nil)
+	// Since the managed jail.local is fully owned by Fail2ban-UI, a complete
+	// rewrite from current settings is always correct and self-healing.
+	return ac.EnsureJailLocalStructure(ctx)
 }

 // CheckJailLocalIntegrity implements Connector.