Merge branch 'upstream-0.8' into upstream

* upstream-0.8:
  spellcheck jail.conf. Thanks Christoph Anton Mitterer
  default ignoreip to ignore entire loopback zone (/8): see http://bugs.debian.org/598200
  Tai64N stores time in GMT, we need to convert to local time before returning
  debug entry for lines ignored due to falling below findtime (v2)
  disabling entirely named-refused-udp jail with a big fat warning
  added time module. bug reported in buanzo's blog at http://blogs.buanzo.com.ar/2009/04/fail2ban-patch-ban-ip-address-manually.html

config/jail.conf

@@ -5,7 +5,7 @@
 # $Revision: 747 $
 #
 
-# The DEFAULT allows a global definition of the options. They can be override
+# The DEFAULT allows a global definition of the options. They can be overridden
 # in each jail afterwards.
 
 [DEFAULT]
@@ -13,7 +13,7 @@
 # "ignoreip" can be an IP address, a CIDR mask or a DNS host. Fail2ban will not
 # ban a host which matches an address in this list. Several addresses can be
 # defined using space separator.
-ignoreip = 127.0.0.1
+ignoreip = 127.0.0.1/8
 
 # "bantime" is the number of seconds that a host is banned.
 bantime  = 600
@@ -211,14 +211,22 @@ ignoreip = 168.192.0.1
 # in your named.conf to provide proper logging.
 # This jail blocks UDP traffic for DNS requests.
 
-[named-refused-udp]
+# !!! WARNING !!!
-
+#   Since UDP is connection-less protocol, spoofing of IP and imitation
-enabled  = false
+#   of illegal actions is way too simple.  Thus enabling of this filter
-filter   = named-refused
+#   might provide an easy way for implementing a DoS against a chosen
-action   = iptables-multiport[name=Named, port="domain,953", protocol=udp]
+#   victim. See
-           sendmail-whois[name=Named, dest=you@mail.com]
+#    http://nion.modprobe.de/blog/archives/690-fail2ban-+-dns-fail.html
-logpath  = /var/log/named/security.log
+#   Please DO NOT USE this jail unless you know what you are doing.
-ignoreip = 168.192.0.1
+#
+# [named-refused-udp]
+#
+# enabled  = false
+# filter   = named-refused
+# action   = iptables-multiport[name=Named, port="domain,953", protocol=udp]
+#            sendmail-whois[name=Named, dest=you@mail.com]
+# logpath  = /var/log/named/security.log
+# ignoreip = 168.192.0.1
 
 # This jail blocks TCP traffic for DNS requests.
 

server/datetemplate.py

@@ -1,4 +1,4 @@
-# -*- coding: utf8 -*-
+# -*- coding: utf-8 -*-
 # This file is part of Fail2Ban.
 #
 # Fail2Ban is free software; you can redistribute it and/or modify
@@ -168,7 +168,8 @@ class DateTai64n(DateTemplate):
 			# extract part of format which represents seconds since epoch
 			value = dateMatch.group()
 			seconds_since_epoch = value[2:17]
-			date = list(time.gmtime(int(seconds_since_epoch, 16)))
+			# convert seconds from HEX into local time stamp
+			date = list(time.localtime(int(seconds_since_epoch, 16)))
 		return date
 
 

server/filter.py

@@ -31,7 +31,7 @@ from datedetector import DateDetector
 from mytime import MyTime
 from failregex import FailRegex, Regex, RegexException
 
-import logging, re, os, fcntl
+import logging, re, os, fcntl, time
 
 # Gets the instance of the logger.
 logSys = logging.getLogger("fail2ban.filter")
@@ -268,7 +268,11 @@ class Filter(JailThread):
 		for element in self.processLine(line):
 			ip = element[0]
 			unixTime = element[1]
+			logSys.debug("Processing line with time:%s and ip:%s"
+						 % (unixTime, ip))
 			if unixTime < MyTime.time() - self.getFindTime():
+				logSys.debug("Ignore line since time %s < %s - %s"
+							 % (unixTime, MyTime.time(), self.getFindTime()))
 				break
 			if self.inIgnoreIPList(ip):
 				logSys.debug("Ignore %s" % ip)