From 7aad6685aff32112ec69e739191633ae8d15edce Mon Sep 17 00:00:00 2001
From: Arturo 'Buanzo' Busleiman <buanzo@buanzo.com.ar>
Date: Thu, 4 Mar 2010 17:15:12 +0000
Subject: [PATCH 1/6] added time module. bug reported in buanzo's blog at
 http://blogs.buanzo.com.ar/2009/04/fail2ban-patch-ban-ip-address-manually.html

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@758 a942ae1a-1317-0410-a47c-b1dcaea8d605
---
 server/filter.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/server/filter.py b/server/filter.py
index 52a99e28..ef18519c 100644
--- a/server/filter.py
+++ b/server/filter.py
@@ -31,7 +31,7 @@ from datedetector import DateDetector
 from mytime import MyTime
 from failregex import FailRegex, Regex, RegexException
 
-import logging, re, os, fcntl
+import logging, re, os, fcntl, time
 
 # Gets the instance of the logger.
 logSys = logging.getLogger("fail2ban.filter")

From dabe3aeae1deb814940d574dadfebd801eb3dc99 Mon Sep 17 00:00:00 2001
From: Yaroslav Halchenko <debian@onerussian.com>
Date: Tue, 29 Jun 2010 01:34:08 +0000
Subject: [PATCH 2/6] disabling entirely named-refused-udp jail with a big fat
 warning

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@761 a942ae1a-1317-0410-a47c-b1dcaea8d605
---
 config/jail.conf | 24 ++++++++++++++++--------
 1 file changed, 16 insertions(+), 8 deletions(-)

diff --git a/config/jail.conf b/config/jail.conf
index 8d5f66e6..41a56ffd 100644
--- a/config/jail.conf
+++ b/config/jail.conf
@@ -211,14 +211,22 @@ ignoreip = 168.192.0.1
 # in your named.conf to provide proper logging.
 # This jail blocks UDP traffic for DNS requests.
 
-[named-refused-udp]
-
-enabled  = false
-filter   = named-refused
-action   = iptables-multiport[name=Named, port="domain,953", protocol=udp]
-           sendmail-whois[name=Named, dest=you@mail.com]
-logpath  = /var/log/named/security.log
-ignoreip = 168.192.0.1
+# !!! WARNING !!!
+#   Since UDP is connectionless protocol, spoofing of IP and immitation
+#   of illegal actions is way too simple.  Thus enabling of this filter
+#   might provide an easy way for implementing a DoS against a chosen
+#   victim. See
+#    http://nion.modprobe.de/blog/archives/690-fail2ban-+-dns-fail.html
+#   Please DO NOT USE this jail unless you know what you are doing.
+#
+# [named-refused-udp]
+#
+# enabled  = false
+# filter   = named-refused
+# action   = iptables-multiport[name=Named, port="domain,953", protocol=udp]
+#            sendmail-whois[name=Named, dest=you@mail.com]
+# logpath  = /var/log/named/security.log
+# ignoreip = 168.192.0.1
 
 # This jail blocks TCP traffic for DNS requests.
 

From 2a38820ed660b69fa5103b824d54fa6ae6cf4f83 Mon Sep 17 00:00:00 2001
From: Yaroslav Halchenko <debian@onerussian.com>
Date: Tue, 21 Sep 2010 17:52:44 +0000
Subject: [PATCH 3/6] debug entry for lines ignored due to falling below
 findtime (v2)

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@763 a942ae1a-1317-0410-a47c-b1dcaea8d605
---
 server/filter.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/server/filter.py b/server/filter.py
index ef18519c..6f1e4c7d 100644
--- a/server/filter.py
+++ b/server/filter.py
@@ -268,7 +268,11 @@ class Filter(JailThread):
 		for element in self.processLine(line):
 			ip = element[0]
 			unixTime = element[1]
+			logSys.debug("Processing line with time:%s and ip:%s"
+						 % (unixTime, ip))
 			if unixTime < MyTime.time() - self.getFindTime():
+				logSys.debug("Ignore line since time %s < %s - %s"
+							 % (unixTime, MyTime.time(), self.getFindTime()))
 				break
 			if self.inIgnoreIPList(ip):
 				logSys.debug("Ignore %s" % ip)

From 12304f7a3e7fcebef0b4901412750ba73d718b88 Mon Sep 17 00:00:00 2001
From: Yaroslav Halchenko <debian@onerussian.com>
Date: Mon, 27 Sep 2010 13:10:40 +0000
Subject: [PATCH 4/6] Tai64N stores time in GMT, we need to convert to local
 time before returning

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@764 a942ae1a-1317-0410-a47c-b1dcaea8d605
---
 server/datetemplate.py | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/server/datetemplate.py b/server/datetemplate.py
index 284d374b..711c6c99 100644
--- a/server/datetemplate.py
+++ b/server/datetemplate.py
@@ -1,4 +1,4 @@
-# -*- coding: utf8 -*-
+# -*- coding: utf-8 -*-
 # This file is part of Fail2Ban.
 #
 # Fail2Ban is free software; you can redistribute it and/or modify
@@ -168,7 +168,8 @@ class DateTai64n(DateTemplate):
 			# extract part of format which represents seconds since epoch
 			value = dateMatch.group()
 			seconds_since_epoch = value[2:17]
-			date = list(time.gmtime(int(seconds_since_epoch, 16)))
+			# convert seconds from HEX into local time stamp
+			date = list(time.localtime(int(seconds_since_epoch, 16)))
 		return date
 
 

From 521631cfcc3ab14be02c95ed3a29835670cfcfc0 Mon Sep 17 00:00:00 2001
From: Yaroslav Halchenko <debian@onerussian.com>
Date: Mon, 27 Sep 2010 13:10:48 +0000
Subject: [PATCH 5/6] default ignoreip to ignore entire loopback zone (/8): see
 http://bugs.debian.org/598200

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@765 a942ae1a-1317-0410-a47c-b1dcaea8d605
---
 config/jail.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/config/jail.conf b/config/jail.conf
index 41a56ffd..81a736d0 100644
--- a/config/jail.conf
+++ b/config/jail.conf
@@ -13,7 +13,7 @@
 # "ignoreip" can be an IP address, a CIDR mask or a DNS host. Fail2ban will not
 # ban a host which matches an address in this list. Several addresses can be
 # defined using space separator.
-ignoreip = 127.0.0.1
+ignoreip = 127.0.0.1/8
 
 # "bantime" is the number of seconds that a host is banned.
 bantime  = 600

From 7b54c7b33b82af9c1f8119bd9055a5c28654ee86 Mon Sep 17 00:00:00 2001
From: Yaroslav Halchenko <debian@onerussian.com>
Date: Mon, 27 Sep 2010 13:18:32 +0000
Subject: [PATCH 6/6] spellcheck jail.conf. Thanks Christoph Anton Mitterer

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@766 a942ae1a-1317-0410-a47c-b1dcaea8d605
---
 config/jail.conf | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/config/jail.conf b/config/jail.conf
index 81a736d0..4ec8a34a 100644
--- a/config/jail.conf
+++ b/config/jail.conf
@@ -5,7 +5,7 @@
 # $Revision$
 #
 
-# The DEFAULT allows a global definition of the options. They can be override
+# The DEFAULT allows a global definition of the options. They can be overridden
 # in each jail afterwards.
 
 [DEFAULT]
@@ -212,7 +212,7 @@ ignoreip = 168.192.0.1
 # This jail blocks UDP traffic for DNS requests.
 
 # !!! WARNING !!!
-#   Since UDP is connectionless protocol, spoofing of IP and immitation
+#   Since UDP is connection-less protocol, spoofing of IP and imitation
 #   of illegal actions is way too simple.  Thus enabling of this filter
 #   might provide an easy way for implementing a DoS against a chosen
 #   victim. See