From abc45d28f7b33c68c4cf4b33808e28cf6b30542b Mon Sep 17 00:00:00 2001
From: Th4nat0s <thanspam@trollprod.org>
Date: Thu, 14 Jun 2012 23:44:52 +0200
Subject: [PATCH 1/7] initial ipv6 via iptable wapper

---
 config/action.d/iptables-multiport-46.conf | 69 ++++++++++++++++++++++
 fail2ban-iptwrp                            | 49 +++++++++++++++
 server/failregex.py                        |  2 +-
 server/filter.py                           | 17 +++---
 setup.py                                   |  3 +-
 5 files changed, 131 insertions(+), 9 deletions(-)
 create mode 100644 config/action.d/iptables-multiport-46.conf
 create mode 100755 fail2ban-iptwrp

diff --git a/config/action.d/iptables-multiport-46.conf b/config/action.d/iptables-multiport-46.conf
new file mode 100644
index 00000000..7bb944e4
--- /dev/null
+++ b/config/action.d/iptables-multiport-46.conf
@@ -0,0 +1,69 @@
+# Fail2Ban configuration file
+#
+# Author: Cyril Jaquier
+# Modified by Yaroslav Halchenko for multiport banning
+# Modified by Paul Jung for calling wrapper in dual stack ipv6 and v4 banning
+#
+
+[Definition]
+
+# Option:  actionstart
+# Notes.:  command executed once at the start of Fail2Ban.
+# Values:  CMD
+#
+actionstart = fail2ban-iptwrp -N fail2ban-<name>
+              fail2ban-iptwrp -A fail2ban-<name> -j RETURN
+              fail2ban-iptwrp -I INPUT -p <protocol> -m multiport --dports <port> -j fail2ban-<name>
+
+# Option:  actionstop
+# Notes.:  command executed once at the end of Fail2Ban
+# Values:  CMD
+#
+actionstop = fail2ban-iptwrp -D INPUT -p <protocol> -m multiport --dports <port> -j fail2ban-<name>
+             fail2ban-iptwrp -F fail2ban-<name>
+             fail2ban-iptwrp -X fail2ban-<name>
+
+# Option:  actioncheck
+# Notes.:  command executed once before each actionban command
+# Values:  CMD
+#
+actioncheck = fail2ban-iptwrp -n -L INPUT | grep -q fail2ban-<name>
+
+# Option:  actionban
+# Notes.:  command executed when banning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    <ip>  IP address
+#          <failures>  number of failures
+#          <time>  unix timestamp of the ban time
+# Values:  CMD
+#
+actionban = fail2ban-iptwrp -I fail2ban-<name> 1 -s <ip> -j DROP
+
+# Option:  actionunban
+# Notes.:  command executed when unbanning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    <ip>  IP address
+#          <failures>  number of failures
+#          <time>  unix timestamp of the ban time
+# Values:  CMD
+#
+actionunban = fail2ban-iptwrp -D fail2ban-<name> -s <ip> -j DROP
+
+[Init]
+
+# Defaut name of the chain
+#
+name = default
+
+# Option:  port
+# Notes.:  specifies port to monitor
+# Values:  [ NUM | STRING ]  Default:
+#
+port = ssh
+
+# Option:  protocol
+# Notes.:  internally used by config reader for interpolations.
+# Values:  [ tcp | udp | icmp | all ] Default: tcp
+#
+protocol = tcp
+
diff --git a/fail2ban-iptwrp b/fail2ban-iptwrp
new file mode 100755
index 00000000..0b4adb1d
--- /dev/null
+++ b/fail2ban-iptwrp
@@ -0,0 +1,49 @@
+#!/bin/sh
+
+# This file is part of Fail2Ban.
+#
+# Fail2Ban is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# Fail2Ban is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Fail2Ban; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+
+# Author: Paul Jung aka 'Thanat0s' 
+
+# IPTable WRaPper
+# This script will call iptable or ip6tables6 depending of the ip format
+
+LINE=$@
+
+# try to be simple, keep regexes 'approximatives'
+RESULT4=`echo $LINE | egrep -c -e "([0-9]{1,3}\.){3}[0-9]{1,3}"`
+RESULT6=`echo $LINE | egrep -c -e "(::[A-Fa-f0-9]{1,4}|(:[A-Fa-f0-9]{1,4}){2,})"`
+
+if [ $RESULT4 -ne "0" ]; then
+     # action for ipv4
+     iptables $LINE
+     ERRCODE=$?
+elif [ $RESULT6 -ne "0" ]; then
+     # action for ipv6
+     ip6tables $LINE
+     ERRCODE=$?
+else
+     # action for both iptables if no ip is present
+     iptables $LINE
+     ERRCODE=$?
+     ip6tables $LINE
+     if [ $? -ge "1" ]; then
+        ERRCODE=$?
+     fi
+fi
+
+# always report the error
+exit $ERRCODE
diff --git a/server/failregex.py b/server/failregex.py
index 8ce9597a..8c164d82 100644
--- a/server/failregex.py
+++ b/server/failregex.py
@@ -47,7 +47,7 @@ class Regex:
 		self._matchCache = None
 		# Perform shortcuts expansions.
 		# Replace "<HOST>" with default regular expression for host.
-		regex = regex.replace("<HOST>", "(?:::f{4,6}:)?(?P<host>[\w\-.^_]+)")
+		regex = regex.replace("<HOST>", "(?:::f{4,6}:)?(?P<host>[\w\-.^_:]+)")
 		if regex.lstrip() == '':
 			raise RegexException("Cannot add empty regex")
 		try:
diff --git a/server/filter.py b/server/filter.py
index 58385ea5..2e9a2bc9 100644
--- a/server/filter.py
+++ b/server/filter.py
@@ -547,6 +547,7 @@ import socket, struct
 class DNSUtils:
 	
 	IP_CRE = re.compile("^(?:\d{1,3}\.){3}\d{1,3}$")
+	IP_CRE6 = re.compile("^(?:[0-9:A-Fa-f]{3,})$")
 	
 	#@staticmethod
 	def dnsToIp(dns):
@@ -570,19 +571,21 @@ class DNSUtils:
 		if match:
 			return match
 		else:
-			return None
+			match = DNSUtils.IP_CRE6.match(text)
+			if match:
+				""" Right Here, we faced to a ipv6
+				"""
+				return match
+			else:
+				return None
 	searchIP = staticmethod(searchIP)
 	
 	#@staticmethod
 	def isValidIP(string):
 		""" Return true if str is a valid IP
+		We Consider that logfiles didn't make errors ;) 
 		"""
-		s = string.split('/', 1)
-		try:
-			socket.inet_aton(s[0])
-			return True
-		except socket.error:
-			return False
+		return True
 	isValidIP = staticmethod(isValidIP)
 	
 	#@staticmethod
diff --git a/setup.py b/setup.py
index 8cb17133..c5ddca57 100755
--- a/setup.py
+++ b/setup.py
@@ -54,7 +54,8 @@ setup(
 	scripts =	[
 					'fail2ban-client', 
 					'fail2ban-server', 
-					'fail2ban-regex'
+					'fail2ban-regex' ,
+					'fail2ban-iptwrp'
 				], 
 	packages =	[
 					'common', 

From d80643f5def0289cadd5ecd0aa0299ef2c329fe0 Mon Sep 17 00:00:00 2001
From: Th4nat0s <thanspam@trollprod.org>
Date: Sat, 16 Jun 2012 23:51:34 +0200
Subject: [PATCH 2/7] conversion of iptable wrapper to python

---
 config/action.d/iptables-multiport-46.conf | 69 ----------------------
 fail2ban-iptables                          | 43 ++++++++++++++
 fail2ban-iptwrp                            | 49 ---------------
 setup.py                                   |  2 +-
 4 files changed, 44 insertions(+), 119 deletions(-)
 delete mode 100644 config/action.d/iptables-multiport-46.conf
 create mode 100755 fail2ban-iptables
 delete mode 100755 fail2ban-iptwrp

diff --git a/config/action.d/iptables-multiport-46.conf b/config/action.d/iptables-multiport-46.conf
deleted file mode 100644
index 7bb944e4..00000000
--- a/config/action.d/iptables-multiport-46.conf
+++ /dev/null
@@ -1,69 +0,0 @@
-# Fail2Ban configuration file
-#
-# Author: Cyril Jaquier
-# Modified by Yaroslav Halchenko for multiport banning
-# Modified by Paul Jung for calling wrapper in dual stack ipv6 and v4 banning
-#
-
-[Definition]
-
-# Option:  actionstart
-# Notes.:  command executed once at the start of Fail2Ban.
-# Values:  CMD
-#
-actionstart = fail2ban-iptwrp -N fail2ban-<name>
-              fail2ban-iptwrp -A fail2ban-<name> -j RETURN
-              fail2ban-iptwrp -I INPUT -p <protocol> -m multiport --dports <port> -j fail2ban-<name>
-
-# Option:  actionstop
-# Notes.:  command executed once at the end of Fail2Ban
-# Values:  CMD
-#
-actionstop = fail2ban-iptwrp -D INPUT -p <protocol> -m multiport --dports <port> -j fail2ban-<name>
-             fail2ban-iptwrp -F fail2ban-<name>
-             fail2ban-iptwrp -X fail2ban-<name>
-
-# Option:  actioncheck
-# Notes.:  command executed once before each actionban command
-# Values:  CMD
-#
-actioncheck = fail2ban-iptwrp -n -L INPUT | grep -q fail2ban-<name>
-
-# Option:  actionban
-# Notes.:  command executed when banning an IP. Take care that the
-#          command is executed with Fail2Ban user rights.
-# Tags:    <ip>  IP address
-#          <failures>  number of failures
-#          <time>  unix timestamp of the ban time
-# Values:  CMD
-#
-actionban = fail2ban-iptwrp -I fail2ban-<name> 1 -s <ip> -j DROP
-
-# Option:  actionunban
-# Notes.:  command executed when unbanning an IP. Take care that the
-#          command is executed with Fail2Ban user rights.
-# Tags:    <ip>  IP address
-#          <failures>  number of failures
-#          <time>  unix timestamp of the ban time
-# Values:  CMD
-#
-actionunban = fail2ban-iptwrp -D fail2ban-<name> -s <ip> -j DROP
-
-[Init]
-
-# Defaut name of the chain
-#
-name = default
-
-# Option:  port
-# Notes.:  specifies port to monitor
-# Values:  [ NUM | STRING ]  Default:
-#
-port = ssh
-
-# Option:  protocol
-# Notes.:  internally used by config reader for interpolations.
-# Values:  [ tcp | udp | icmp | all ] Default: tcp
-#
-protocol = tcp
-
diff --git a/fail2ban-iptables b/fail2ban-iptables
new file mode 100755
index 00000000..74672f97
--- /dev/null
+++ b/fail2ban-iptables
@@ -0,0 +1,43 @@
+#!/usr/bin/python
+# This file is part of Fail2Ban.
+#
+# Fail2Ban is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# Fail2Ban is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Fail2Ban; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+
+
+# Iptable wrapper, call the right iptables depending of the ip proposed
+# Author: Paul J Aka "Thanat0s"
+
+import sys, re, subprocess
+
+def main(argv):
+ regv4 = re.compile('([0-9]{1,3}\.){3}[0-9]{1,3}')
+ if regv4.search(str(argv)):   
+    # we are facing to a ipv4
+    subprocess.call(["iptables", " ".join(argv)])
+    sys.exit                  
+ else:
+    # if not, maybe it's a ipv6
+    regv6 = re.compile('::[A-Fa-f0-9]{1,4}|(:[A-Fa-f0-9]{1,4}){2,}')
+    if regv6.search(str(argv)):
+       subprocess.call(["ip6tables", " ".join(argv)])
+       sys.exit                  
+    else:
+       # if it's not a ipv6 either, we call both iptables
+       subprocess.call(["iptables", " ".join(argv)])
+       subprocess.call(["ip6tables", " ".join(argv)])
+
+# Main call, pass all variables
+if __name__ == "__main__":
+    main(sys.argv[1:])
diff --git a/fail2ban-iptwrp b/fail2ban-iptwrp
deleted file mode 100755
index 0b4adb1d..00000000
--- a/fail2ban-iptwrp
+++ /dev/null
@@ -1,49 +0,0 @@
-#!/bin/sh
-
-# This file is part of Fail2Ban.
-#
-# Fail2Ban is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of the License, or
-# (at your option) any later version.
-#
-# Fail2Ban is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with Fail2Ban; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
-
-# Author: Paul Jung aka 'Thanat0s' 
-
-# IPTable WRaPper
-# This script will call iptable or ip6tables6 depending of the ip format
-
-LINE=$@
-
-# try to be simple, keep regexes 'approximatives'
-RESULT4=`echo $LINE | egrep -c -e "([0-9]{1,3}\.){3}[0-9]{1,3}"`
-RESULT6=`echo $LINE | egrep -c -e "(::[A-Fa-f0-9]{1,4}|(:[A-Fa-f0-9]{1,4}){2,})"`
-
-if [ $RESULT4 -ne "0" ]; then
-     # action for ipv4
-     iptables $LINE
-     ERRCODE=$?
-elif [ $RESULT6 -ne "0" ]; then
-     # action for ipv6
-     ip6tables $LINE
-     ERRCODE=$?
-else
-     # action for both iptables if no ip is present
-     iptables $LINE
-     ERRCODE=$?
-     ip6tables $LINE
-     if [ $? -ge "1" ]; then
-        ERRCODE=$?
-     fi
-fi
-
-# always report the error
-exit $ERRCODE
diff --git a/setup.py b/setup.py
index c5ddca57..833a5922 100755
--- a/setup.py
+++ b/setup.py
@@ -55,7 +55,7 @@ setup(
 					'fail2ban-client', 
 					'fail2ban-server', 
 					'fail2ban-regex' ,
-					'fail2ban-iptwrp'
+					'fail2ban-iptables'
 				], 
 	packages =	[
 					'common', 

From 33c2059d1d8e6a3617e4f30f8a5f6f694dd720e4 Mon Sep 17 00:00:00 2001
From: Th4nat0s <thanspam@trollprod.org>
Date: Sun, 17 Jun 2012 00:50:17 +0200
Subject: [PATCH 3/7] ip validation and reconfiguration of iptables actions

---
 config/action.d/iptables-allports.conf      | 23 +++++++--------
 config/action.d/iptables-multiport-log.conf | 31 +++++++++++----------
 config/action.d/iptables-multiport.conf     | 21 +++++++-------
 config/action.d/iptables-new.conf           | 23 +++++++--------
 config/action.d/iptables.conf               | 21 +++++++-------
 server/filter.py                            | 18 +++++++++---
 6 files changed, 76 insertions(+), 61 deletions(-)

diff --git a/config/action.d/iptables-allports.conf b/config/action.d/iptables-allports.conf
index 1cc2daba..51dc8a5d 100644
--- a/config/action.d/iptables-allports.conf
+++ b/config/action.d/iptables-allports.conf
@@ -2,7 +2,8 @@
 #
 # Author: Cyril Jaquier
 # Modified: Yaroslav O. Halchenko <debian@onerussian.com>
-# 			made active on all ports from original iptables.conf
+# 			made active on all ports from original fail2ban-iptables.conf
+# Modified by Paul J aka Thanat0s for ipv6 support
 #
 # $Revision$
 #
@@ -13,23 +14,23 @@
 # Notes.:  command executed once at the start of Fail2Ban.
 # Values:  CMD
 #
-actionstart = iptables -N fail2ban-<name>
-              iptables -A fail2ban-<name> -j RETURN
-              iptables -I <chain> -p <protocol> -j fail2ban-<name>
+actionstart = fail2ban-iptables -N fail2ban-<name>
+              fail2ban-iptables -A fail2ban-<name> -j RETURN
+              fail2ban-iptables -I <chain> -p <protocol> -j fail2ban-<name>
 
 # Option:  actionstop
 # Notes.:  command executed once at the end of Fail2Ban
 # Values:  CMD
 #
-actionstop = iptables -D <chain> -p <protocol> -j fail2ban-<name>
-             iptables -F fail2ban-<name>
-             iptables -X fail2ban-<name>
+actionstop = fail2ban-iptables -D <chain> -p <protocol> -j fail2ban-<name>
+             fail2ban-iptables -F fail2ban-<name>
+             fail2ban-iptables -X fail2ban-<name>
 
 # Option:  actioncheck
 # Notes.:  command executed once before each actionban command
 # Values:  CMD
 #
-actioncheck = iptables -n -L <chain> | grep -q fail2ban-<name>
+actioncheck = fail2ban-iptables -n -L <chain> | grep -q fail2ban-<name>
 
 # Option:  actionban
 # Notes.:  command executed when banning an IP. Take care that the
@@ -39,7 +40,7 @@ actioncheck = iptables -n -L <chain> | grep -q fail2ban-<name>
 #          <time>  unix timestamp of the ban time
 # Values:  CMD
 #
-actionban = iptables -I fail2ban-<name> 1 -s <ip> -j DROP
+actionban = fail2ban-iptables -I fail2ban-<name> 1 -s <ip> -j DROP
 
 # Option:  actionunban
 # Notes.:  command executed when unbanning an IP. Take care that the
@@ -49,7 +50,7 @@ actionban = iptables -I fail2ban-<name> 1 -s <ip> -j DROP
 #          <time>  unix timestamp of the ban time
 # Values:  CMD
 #
-actionunban = iptables -D fail2ban-<name> -s <ip> -j DROP
+actionunban = fail2ban-iptables -D fail2ban-<name> -s <ip> -j DROP
 
 [Init]
 
@@ -64,7 +65,7 @@ name = default
 protocol = tcp
 
 # Option:  chain
-# Notes    specifies the iptables chain to which the fail2ban rules should be
+# Notes    specifies the fail2ban-iptables chain to which the fail2ban rules should be
 #          added
 # Values:  STRING  Default: INPUT
 chain = INPUT
diff --git a/config/action.d/iptables-multiport-log.conf b/config/action.d/iptables-multiport-log.conf
index 9cdc4bab..bd63b388 100644
--- a/config/action.d/iptables-multiport-log.conf
+++ b/config/action.d/iptables-multiport-log.conf
@@ -2,6 +2,7 @@
 #
 # Author: Guido Bozzetto
 # Modified: Cyril Jaquier
+# Modified by Paul J aka Thanat0s for ipv6 support
 #
 # make "fail2ban-<name>" chain to match drop IP
 # make "fail2ban-<name>-log" chain to log and drop
@@ -16,28 +17,28 @@
 # Notes.:  command executed once at the start of Fail2Ban.
 # Values:  CMD
 #
-actionstart = iptables -N fail2ban-<name>
-              iptables -A fail2ban-<name> -j RETURN
-              iptables -I <chain> 1 -p <protocol> -m multiport --dports <port> -j fail2ban-<name>
-              iptables -N fail2ban-<name>-log
-              iptables -I fail2ban-<name>-log -j LOG --log-prefix "$(expr fail2ban-<name> : '\(.\{1,23\}\)'):DROP " --log-level warning -m limit --limit 6/m --limit-burst 2
-              iptables -A fail2ban-<name>-log -j DROP
+actionstart = fail2ban-iptables -N fail2ban-<name>
+              fail2ban-iptables -A fail2ban-<name> -j RETURN
+              fail2ban-iptables -I <chain> 1 -p <protocol> -m multiport --dports <port> -j fail2ban-<name>
+              fail2ban-iptables -N fail2ban-<name>-log
+              fail2ban-iptables -I fail2ban-<name>-log -j LOG --log-prefix "$(expr fail2ban-<name> : '\(.\{1,23\}\)'):DROP " --log-level warning -m limit --limit 6/m --limit-burst 2
+              fail2ban-iptables -A fail2ban-<name>-log -j DROP
 
 # Option:  actionstop
 # Notes.:  command executed once at the end of Fail2Ban
 # Values:  CMD
 #
-actionstop = iptables -D <chain> -p <protocol> -m multiport --dports <port> -j fail2ban-<name>
-             iptables -F fail2ban-<name>
-             iptables -F fail2ban-<name>-log
-             iptables -X fail2ban-<name>
-             iptables -X fail2ban-<name>-log
+actionstop = fail2ban-iptables -D <chain> -p <protocol> -m multiport --dports <port> -j fail2ban-<name>
+             fail2ban-iptables -F fail2ban-<name>
+             fail2ban-iptables -F fail2ban-<name>-log
+             fail2ban-iptables -X fail2ban-<name>
+             fail2ban-iptables -X fail2ban-<name>-log
 
 # Option:  actioncheck
 # Notes.:  command executed once before each actionban command
 # Values:  CMD
 #
-actioncheck = iptables -n -L fail2ban-<name>-log >/dev/null
+actioncheck = fail2ban-iptables -n -L fail2ban-<name>-log >/dev/null
 
 # Option:  actionban
 # Notes.:  command executed when banning an IP. Take care that the
@@ -47,7 +48,7 @@ actioncheck = iptables -n -L fail2ban-<name>-log >/dev/null
 #          <time>  unix timestamp of the ban time
 # Values:  CMD
 #
-actionban = iptables -I fail2ban-<name> 1 -s <ip> -j fail2ban-<name>-log
+actionban = fail2ban-iptables -I fail2ban-<name> 1 -s <ip> -j fail2ban-<name>-log
 
 # Option:  actionunban
 # Notes.:  command executed when unbanning an IP. Take care that the
@@ -57,7 +58,7 @@ actionban = iptables -I fail2ban-<name> 1 -s <ip> -j fail2ban-<name>-log
 #          <time>  unix timestamp of the ban time
 # Values:  CMD
 #
-actionunban = iptables -D fail2ban-<name> -s <ip> -j fail2ban-<name>-log
+actionunban = fail2ban-iptables -D fail2ban-<name> -s <ip> -j fail2ban-<name>-log
 
 [Init]
 
@@ -78,7 +79,7 @@ port = ssh
 protocol = tcp
 
 # Option:  chain
-# Notes    specifies the iptables chain to which the fail2ban rules should be
+# Notes    specifies the fail2ban-iptables chain to which the fail2ban rules should be
 #          added
 # Values:  STRING  Default: INPUT
 chain = INPUT
diff --git a/config/action.d/iptables-multiport.conf b/config/action.d/iptables-multiport.conf
index ad554f5c..65c3a7f5 100644
--- a/config/action.d/iptables-multiport.conf
+++ b/config/action.d/iptables-multiport.conf
@@ -2,6 +2,7 @@
 #
 # Author: Cyril Jaquier
 # Modified by Yaroslav Halchenko for multiport banning
+# Modified by Paul J aka Thanat0s for ipv6 support
 # $Revision$
 #
 
@@ -11,23 +12,23 @@
 # Notes.:  command executed once at the start of Fail2Ban.
 # Values:  CMD
 #
-actionstart = iptables -N fail2ban-<name>
-              iptables -A fail2ban-<name> -j RETURN
-              iptables -I <chain> -p <protocol> -m multiport --dports <port> -j fail2ban-<name>
+actionstart = fail2ban-iptables -N fail2ban-<name>
+              fail2ban-iptables -A fail2ban-<name> -j RETURN
+              fail2ban-iptables -I <chain> -p <protocol> -m multiport --dports <port> -j fail2ban-<name>
 
 # Option:  actionstop
 # Notes.:  command executed once at the end of Fail2Ban
 # Values:  CMD
 #
-actionstop = iptables -D <chain> -p <protocol> -m multiport --dports <port> -j fail2ban-<name>
-             iptables -F fail2ban-<name>
-             iptables -X fail2ban-<name>
+actionstop = fail2ban-iptables -D <chain> -p <protocol> -m multiport --dports <port> -j fail2ban-<name>
+             fail2ban-iptables -F fail2ban-<name>
+             fail2ban-iptables -X fail2ban-<name>
 
 # Option:  actioncheck
 # Notes.:  command executed once before each actionban command
 # Values:  CMD
 #
-actioncheck = iptables -n -L <chain> | grep -q fail2ban-<name>
+actioncheck = fail2ban-iptables -n -L <chain> | grep -q fail2ban-<name>
 
 # Option:  actionban
 # Notes.:  command executed when banning an IP. Take care that the
@@ -37,7 +38,7 @@ actioncheck = iptables -n -L <chain> | grep -q fail2ban-<name>
 #          <time>  unix timestamp of the ban time
 # Values:  CMD
 #
-actionban = iptables -I fail2ban-<name> 1 -s <ip> -j DROP
+actionban = fail2ban-iptables -I fail2ban-<name> 1 -s <ip> -j DROP
 
 # Option:  actionunban
 # Notes.:  command executed when unbanning an IP. Take care that the
@@ -47,7 +48,7 @@ actionban = iptables -I fail2ban-<name> 1 -s <ip> -j DROP
 #          <time>  unix timestamp of the ban time
 # Values:  CMD
 #
-actionunban = iptables -D fail2ban-<name> -s <ip> -j DROP
+actionunban = fail2ban-iptables -D fail2ban-<name> -s <ip> -j DROP
 
 [Init]
 
@@ -68,7 +69,7 @@ port = ssh
 protocol = tcp
 
 # Option:  chain
-# Notes    specifies the iptables chain to which the fail2ban rules should be
+# Notes    specifies the fail2ban-iptables chain to which the fail2ban rules should be
 #          added
 # Values:  STRING  Default: INPUT
 chain = INPUT
diff --git a/config/action.d/iptables-new.conf b/config/action.d/iptables-new.conf
index c249de2d..049ce719 100644
--- a/config/action.d/iptables-new.conf
+++ b/config/action.d/iptables-new.conf
@@ -1,8 +1,9 @@
 # Fail2Ban configuration file
 #
 # Author: Cyril Jaquier
-# Copied from iptables.conf and modified by Yaroslav Halchenko 
+# Copied from fail2ban-iptables.conf and modified by Yaroslav Halchenko 
 #  to fullfill the needs of bugreporter dbts#350746.
+# Modified by Paul J aka Thanat0s for ipv6 support
 #
 # $Revision$
 #
@@ -13,23 +14,23 @@
 # Notes.:  command executed once at the start of Fail2Ban.
 # Values:  CMD
 #
-actionstart = iptables -N fail2ban-<name>
-              iptables -A fail2ban-<name> -j RETURN
-              iptables -I <chain> -m state --state NEW -p <protocol> --dport <port> -j fail2ban-<name>
+actionstart = fail2ban-iptables -N fail2ban-<name>
+              fail2ban-iptables -A fail2ban-<name> -j RETURN
+              fail2ban-iptables -I <chain> -m state --state NEW -p <protocol> --dport <port> -j fail2ban-<name>
 
 # Option:  actionstop
 # Notes.:  command executed once at the end of Fail2Ban
 # Values:  CMD
 #
-actionstop = iptables -D <chain> -m state --state NEW -p <protocol> --dport <port> -j fail2ban-<name>
-             iptables -F fail2ban-<name>
-             iptables -X fail2ban-<name>
+actionstop = fail2ban-iptables -D <chain> -m state --state NEW -p <protocol> --dport <port> -j fail2ban-<name>
+             fail2ban-iptables -F fail2ban-<name>
+             fail2ban-iptables -X fail2ban-<name>
 
 # Option:  actioncheck
 # Notes.:  command executed once before each actionban command
 # Values:  CMD
 #
-actioncheck = iptables -n -L <chain> | grep -q fail2ban-<name>
+actioncheck = fail2ban-iptables -n -L <chain> | grep -q fail2ban-<name>
 
 # Option:  actionban
 # Notes.:  command executed when banning an IP. Take care that the
@@ -39,7 +40,7 @@ actioncheck = iptables -n -L <chain> | grep -q fail2ban-<name>
 #          <time>  unix timestamp of the ban time
 # Values:  CMD
 #
-actionban = iptables -I fail2ban-<name> 1 -s <ip> -j DROP
+actionban = fail2ban-iptables -I fail2ban-<name> 1 -s <ip> -j DROP
 
 # Option:  actionunban
 # Notes.:  command executed when unbanning an IP. Take care that the
@@ -49,7 +50,7 @@ actionban = iptables -I fail2ban-<name> 1 -s <ip> -j DROP
 #          <time>  unix timestamp of the ban time
 # Values:  CMD
 #
-actionunban = iptables -D fail2ban-<name> -s <ip> -j DROP
+actionunban = fail2ban-iptables -D fail2ban-<name> -s <ip> -j DROP
 
 [Init]
 
@@ -70,7 +71,7 @@ port = ssh
 protocol = tcp
 
 # Option:  chain
-# Notes    specifies the iptables chain to which the fail2ban rules should be
+# Notes    specifies the fail2ban-iptables chain to which the fail2ban rules should be
 #          added
 # Values:  STRING  Default: INPUT
 chain = INPUT
diff --git a/config/action.d/iptables.conf b/config/action.d/iptables.conf
index 09cfb98b..fffee7b8 100644
--- a/config/action.d/iptables.conf
+++ b/config/action.d/iptables.conf
@@ -1,6 +1,7 @@
 # Fail2Ban configuration file
 #
 # Author: Cyril Jaquier
+# Modified by Paul J aka Thanat0s for ipv6 support
 #
 # $Revision$
 #
@@ -11,23 +12,23 @@
 # Notes.:  command executed once at the start of Fail2Ban.
 # Values:  CMD
 #
-actionstart = iptables -N fail2ban-<name>
-              iptables -A fail2ban-<name> -j RETURN
-              iptables -I <chain> -p <protocol> --dport <port> -j fail2ban-<name>
+actionstart = fail2ban-iptables -N fail2ban-<name>
+              fail2ban-iptables -A fail2ban-<name> -j RETURN
+              fail2ban-iptables -I <chain> -p <protocol> --dport <port> -j fail2ban-<name>
 
 # Option:  actionstop
 # Notes.:  command executed once at the end of Fail2Ban
 # Values:  CMD
 #
-actionstop = iptables -D <chain> -p <protocol> --dport <port> -j fail2ban-<name>
-             iptables -F fail2ban-<name>
-             iptables -X fail2ban-<name>
+actionstop = fail2ban-iptables -D <chain> -p <protocol> --dport <port> -j fail2ban-<name>
+             fail2ban-iptables -F fail2ban-<name>
+             fail2ban-iptables -X fail2ban-<name>
 
 # Option:  actioncheck
 # Notes.:  command executed once before each actionban command
 # Values:  CMD
 #
-actioncheck = iptables -n -L <chain> | grep -q fail2ban-<name>
+actioncheck = fail2ban-iptables -n -L <chain> | grep -q fail2ban-<name>
 
 # Option:  actionban
 # Notes.:  command executed when banning an IP. Take care that the
@@ -37,7 +38,7 @@ actioncheck = iptables -n -L <chain> | grep -q fail2ban-<name>
 #          <time>  unix timestamp of the ban time
 # Values:  CMD
 #
-actionban = iptables -I fail2ban-<name> 1 -s <ip> -j DROP
+actionban = fail2ban-iptables -I fail2ban-<name> 1 -s <ip> -j DROP
 
 # Option:  actionunban
 # Notes.:  command executed when unbanning an IP. Take care that the
@@ -47,7 +48,7 @@ actionban = iptables -I fail2ban-<name> 1 -s <ip> -j DROP
 #          <time>  unix timestamp of the ban time
 # Values:  CMD
 #
-actionunban = iptables -D fail2ban-<name> -s <ip> -j DROP
+actionunban = fail2ban-iptables -D fail2ban-<name> -s <ip> -j DROP
 
 [Init]
 
@@ -68,7 +69,7 @@ port = ssh
 protocol = tcp
 
 # Option:  chain
-# Notes    specifies the iptables chain to which the fail2ban rules should be
+# Notes    specifies the fail2ban-iptables chain to which the fail2ban rules should be
 #          added
 # Values:  STRING  Default: INPUT
 chain = INPUT
diff --git a/server/filter.py b/server/filter.py
index 2e9a2bc9..d09c3844 100644
--- a/server/filter.py
+++ b/server/filter.py
@@ -582,10 +582,20 @@ class DNSUtils:
 	
 	#@staticmethod
 	def isValidIP(string):
-		""" Return true if str is a valid IP
-		We Consider that logfiles didn't make errors ;) 
-		"""
-		return True
+		# Return true if str is a valid IP
+            	s = string.split('/', 1)
+          	# try to convert to ipv4
+          	try:
+      			socket.inet_aton(s[0])
+      			return True
+    		except socket.error:
+    			# if it had failed try to convert ipv6
+    			try:  
+            			socket.inet_pton(socket.AF_INET6, s[0])
+          			return True
+        		except socket.error: 
+    				# not a valid address in both stacks
+          			return False
 	isValidIP = staticmethod(isValidIP)
 	
 	#@staticmethod

From 963e4623dd57ebeb5ebaa0bb11af8f8e43bb296a Mon Sep 17 00:00:00 2001
From: Th4nat0s <thanspam@trollprod.org>
Date: Sun, 17 Jun 2012 10:55:15 +0200
Subject: [PATCH 4/7] clean f2b-ipt

---
 config/fail2ban.conf |  7 +++++++
 fail2ban-iptables    | 15 ++++++++-------
 2 files changed, 15 insertions(+), 7 deletions(-)

diff --git a/config/fail2ban.conf b/config/fail2ban.conf
index a8e2eb9a..fb544397 100644
--- a/config/fail2ban.conf
+++ b/config/fail2ban.conf
@@ -36,3 +36,10 @@ logtarget = /var/log/fail2ban.log
 #
 socket = /var/run/fail2ban/fail2ban.sock
 
+# Option: ipv6
+# Notes.: Activate IPv6 support
+#         Warning : only with iptables action supported
+# Values: BOOLEAN Default:  disabled
+#
+ipv6 = enabled
+
diff --git a/fail2ban-iptables b/fail2ban-iptables
index 74672f97..7326ec74 100755
--- a/fail2ban-iptables
+++ b/fail2ban-iptables
@@ -23,21 +23,22 @@ import sys, re, subprocess
 
 def main(argv):
  regv4 = re.compile('([0-9]{1,3}\.){3}[0-9]{1,3}')
- if regv4.search(str(argv)):   
+ print "-" + argv + "-"
+ if regv4.search(argv):   
     # we are facing to a ipv4
-    subprocess.call(["iptables", " ".join(argv)])
+    subprocess.call(["iptables", argv])
     sys.exit                  
  else:
     # if not, maybe it's a ipv6
     regv6 = re.compile('::[A-Fa-f0-9]{1,4}|(:[A-Fa-f0-9]{1,4}){2,}')
-    if regv6.search(str(argv)):
-       subprocess.call(["ip6tables", " ".join(argv)])
+    if regv6.search(argv):
+       subprocess.call(["ip6tables", argv])
        sys.exit                  
     else:
        # if it's not a ipv6 either, we call both iptables
-       subprocess.call(["iptables", " ".join(argv)])
-       subprocess.call(["ip6tables", " ".join(argv)])
+       subprocess.call(["iptables", argv])
+       subprocess.call(["ip6tables", argv])
 
 # Main call, pass all variables
 if __name__ == "__main__":
-    main(sys.argv[1:])
+    main(" ".join(sys.argv[1:]))

From e2067b865929ee0386a7089dab7ca1f8b67a1bd1 Mon Sep 17 00:00:00 2001
From: Th4nat0s <thanspam@trollprod.org>
Date: Sun, 17 Jun 2012 11:13:40 +0200
Subject: [PATCH 5/7] f2b-iptables return errors

---
 fail2ban-iptables | 20 ++++++++++++--------
 1 file changed, 12 insertions(+), 8 deletions(-)

diff --git a/fail2ban-iptables b/fail2ban-iptables
index 7326ec74..b5712ba7 100755
--- a/fail2ban-iptables
+++ b/fail2ban-iptables
@@ -23,22 +23,26 @@ import sys, re, subprocess
 
 def main(argv):
  regv4 = re.compile('([0-9]{1,3}\.){3}[0-9]{1,3}')
- print "-" + argv + "-"
  if regv4.search(argv):   
     # we are facing to a ipv4
-    subprocess.call(["iptables", argv])
-    sys.exit                  
+    ret = subprocess.call(["iptables", argv])
+    sys.exit(ret)                  
  else:
     # if not, maybe it's a ipv6
     regv6 = re.compile('::[A-Fa-f0-9]{1,4}|(:[A-Fa-f0-9]{1,4}){2,}')
     if regv6.search(argv):
-       subprocess.call(["ip6tables", argv])
-       sys.exit                  
+       ret6 = subprocess.call(["ip6tables", argv])
+       sys.exit(ret6)                  
     else:
        # if it's not a ipv6 either, we call both iptables
-       subprocess.call(["iptables", argv])
-       subprocess.call(["ip6tables", argv])
-
+       ret = subprocess.call(["iptables", argv])
+       ret6 = subprocess.call(["ip6tables", argv])
+       # return worst error code  
+       if ret > ret6:
+	  sys.exit(ret)
+       else:
+          sys.exit(ret6)
+	
 # Main call, pass all variables
 if __name__ == "__main__":
     main(" ".join(sys.argv[1:]))

From bad7e1428dcf4d662bc1fdb5b1ee7d42942321fb Mon Sep 17 00:00:00 2001
From: Th4nat0s <thanspam@trollprod.org>
Date: Sun, 17 Jun 2012 14:29:17 +0200
Subject: [PATCH 6/7] f2b-iptable no os inject

---
 fail2ban-iptables | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/fail2ban-iptables b/fail2ban-iptables
index b5712ba7..c681f188 100755
--- a/fail2ban-iptables
+++ b/fail2ban-iptables
@@ -21,6 +21,15 @@
 
 import sys, re, subprocess
 
+# Try to avoid any shell injections
+def noinject(str):
+	for banned_chr in "`&;|":
+		if banned_chr in str: 
+			print "I don't like some chars in your iptables syntax"
+			sys.exit(2)                  
+	return True
+
+# Main procedure
 def main(argv):
  regv4 = re.compile('([0-9]{1,3}\.){3}[0-9]{1,3}')
  if regv4.search(argv):   
@@ -45,4 +54,6 @@ def main(argv):
 	
 # Main call, pass all variables
 if __name__ == "__main__":
-    main(" ".join(sys.argv[1:]))
+	pline = " ".join(sys.argv[1:])
+	if noinject(pline):
+		main(pline)

From af2a31222251662e6b855f86e0c78eccd987a151 Mon Sep 17 00:00:00 2001
From: Alastair Houghton <alastair@coriolis-systems.com>
Date: Thu, 8 Nov 2012 11:08:14 +0000
Subject: [PATCH 7/7] Fixed fail2ban-iptables.

---
 fail2ban-iptables | 60 +++++++++++++++++++++++------------------------
 1 file changed, 30 insertions(+), 30 deletions(-)

diff --git a/fail2ban-iptables b/fail2ban-iptables
index c681f188..56afadba 100755
--- a/fail2ban-iptables
+++ b/fail2ban-iptables
@@ -21,39 +21,39 @@
 
 import sys, re, subprocess
 
-# Try to avoid any shell injections
-def noinject(str):
-	for banned_chr in "`&;|":
-		if banned_chr in str: 
-			print "I don't like some chars in your iptables syntax"
-			sys.exit(2)                  
-	return True
+IPTABLES='/sbin/iptables'
+IP6TABLES='/sbin/ip6tables'
 
 # Main procedure
 def main(argv):
- regv4 = re.compile('([0-9]{1,3}\.){3}[0-9]{1,3}')
- if regv4.search(argv):   
-    # we are facing to a ipv4
-    ret = subprocess.call(["iptables", argv])
-    sys.exit(ret)                  
- else:
-    # if not, maybe it's a ipv6
-    regv6 = re.compile('::[A-Fa-f0-9]{1,4}|(:[A-Fa-f0-9]{1,4}){2,}')
-    if regv6.search(argv):
-       ret6 = subprocess.call(["ip6tables", argv])
-       sys.exit(ret6)                  
+    pline = " ".join(argv)
+    regv4 = re.compile('([0-9]{1,3}\.){3}[0-9]{1,3}')
+    if regv4.search(pline):   
+        # we are facing to a ipv4
+        ret = subprocess.call([IPTABLES] + argv)
+        sys.exit(ret)                  
     else:
-       # if it's not a ipv6 either, we call both iptables
-       ret = subprocess.call(["iptables", argv])
-       ret6 = subprocess.call(["ip6tables", argv])
-       # return worst error code  
-       if ret > ret6:
-	  sys.exit(ret)
-       else:
-          sys.exit(ret6)
-	
+        # if not, maybe it's a ipv6
+        regv6 = re.compile('::[A-Fa-f0-9]{1,4}|(:[A-Fa-f0-9]{1,4}){2,}')
+        if regv6.search(pline):
+            ret6 = subprocess.call([IP6TABLES] + argv)
+            sys.exit(ret6)
+        else:
+            # if it's not a ipv6 either, we call both iptables
+            proc = subprocess.Popen([IPTABLES] + argv)
+            proc6 = subprocess.Popen([IP6TABLES] + argv)
+
+            # Splitting the Popen and wait() calls lets us run them in
+            # parallel, rather than one after the other
+            ret = proc.wait()
+            ret6 = proc6.wait()
+            
+            # return worst error code
+            if ret > ret6:
+                sys.exit(ret)
+            else:
+                sys.exit(ret6)
+
 # Main call, pass all variables
 if __name__ == "__main__":
-	pline = " ".join(sys.argv[1:])
-	if noinject(pline):
-		main(pline)
+    main(sys.argv[1:])