From 1ed911f78f24c1fb4a0e65f1f8473921cf6bdb38 Mon Sep 17 00:00:00 2001
From: Serghey Rodin <serghey.rodin@gmail.com>
Date: Wed, 21 Oct 2015 18:57:20 +0300
Subject: [PATCH] fix for missing chain after reboot

---
 bin/v-update-firewall | 34 ++++++++++++++++++++++------------
 1 file changed, 22 insertions(+), 12 deletions(-)

diff --git a/bin/v-update-firewall b/bin/v-update-firewall
index cd7205b8..65b9438d 100755
--- a/bin/v-update-firewall
+++ b/bin/v-update-firewall
@@ -132,19 +132,29 @@ fi
 
 # Checking fail2ban support
 if [ ! -z "$FIREWALL_EXTENSION" ]; then
-    chains=$(cat $VESTA/data/firewall/chains.conf 2>/dev/null)
-fi
-for chain in $chains; do
-    eval $chain
-    if [[ "$PORT" =~ ,|-|: ]] ; then
-        port="-m multiport --dports $PORT"
-    else
-        port="--dport $PORT"
-    fi
-    echo "$iptables -I INPUT -p $PROTOCOL $port -j fail2ban-$CHAIN" > $tmp
-    bash $tmp
+    for chain in $(cat $VESTA/data/firewall/chains.conf 2>/dev/null); do
+        eval $chain
+        if [[ "$PORT" =~ ,|-|: ]] ; then
+            port="-m multiport --dports $PORT"
+        else
+            port="--dport $PORT"
+        fi
+        echo "$iptables -N fail2ban-$CHAIN" >> $tmp
+        echo "$iptables -F fail2ban-$CHAIN" >> $tmp
+        echo "$iptables -I fail2ban-$CHAIN -s 0.0.0.0/0 -j RETURN" >> $tmp
+        echo "$iptables -I INPUT -p $PROTOCOL $port -j fail2ban-$CHAIN" >>$tmp
+    done
+    bash $tmp 2>/dev/null
     rm -f $tmp
-done
+
+    for ban in $(cat $VESTA/data/firewall/banlist.conf 2>/dev/null); do
+        eval $ban
+        echo -n "$iptables -I fail2ban-$CHAIN 1 -s $IP" >> $tmp
+        echo " -j REJECT --reject-with icmp-port-unreachable" >> $tmp
+    done
+    bash $tmp 2>/dev/null
+    rm -f $tmp
+fi
 
 # Saving rules to the master iptables file
 if [ -e "/etc/redhat-release" ]; then