From 1f4571ac886a3b93b31542cbce49a2a7a2687a65 Mon Sep 17 00:00:00 2001
From: Yaroslav Halchenko <debian@onerussian.com>
Date: Fri, 23 Nov 2007 08:57:33 -0500
Subject: [PATCH] NF: ban tcpwrappers 'refused connect' reported IPs

---
 config/filter.d/sshd.conf | 1 +
 1 file changed, 1 insertion(+)

diff --git a/config/filter.d/sshd.conf b/config/filter.d/sshd.conf
index 96a3ae6a..63e5ce2d 100644
--- a/config/filter.d/sshd.conf
+++ b/config/filter.d/sshd.conf
@@ -20,6 +20,7 @@ failregex = (?:error: PAM: )?Authentication failure for .* from <HOST>\s*$
             [iI](?:llegal|nvalid) user .* from <HOST>\s*$
             User .+ from <HOST> not allowed because not listed in AllowUsers\s*$
             User .+ from <HOST> not allowed because none of user's groups are listed in AllowGroups\s*$
+            sshd(?:\[\d+\])?: refused connect from \S+ \(<HOST>\)\s*$
 
 # Option:  ignoreregex
 # Notes.:  regex to ignore. If this regex matches, the line is ignored.