From f543dab768f9b1e3e3278085be88369ec2e5db6b Mon Sep 17 00:00:00 2001
From: Mark Wooding <mdw@distorted.org.uk>
Date: Sun, 17 Jul 2011 13:43:16 +0100
Subject: [PATCH] bookends.m4: Provide a hook chain for fail2ban.

Otherwise it does its filtering before we've permitted loopback, and
stuff could get very bad.
---
 bookends.m4 | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/bookends.m4 b/bookends.m4
index ed5dcc7..7374cd3 100644
--- a/bookends.m4
+++ b/bookends.m4
@@ -104,7 +104,7 @@ errorchain interesting ACCEPT
 
 m4_divert(36)m4_dnl
 ###--------------------------------------------------------------------------
-### Standard loopback stuff.
+### Standard filtering.
 
 ## Don't clobber local traffic
 run ip46tables -A INPUT -i lo -j ACCEPT
@@ -138,6 +138,10 @@ for x in 0 1 2 3 4 5 6 7 8 9 a b c d e f; do
 	-d fe${x}2::/16
 done
 
+## Add a hook for fail2ban.
+clearchain fail2ban
+run ip46tables -A INPUT -j fail2ban
+
 m4_divert(90)m4_dnl
 ###--------------------------------------------------------------------------
 ### Finishing touches.
-- 
2.11.0