From 861ce4177c07f9771725b2dd94ae8a9b1ed237d7 Mon Sep 17 00:00:00 2001
From: Christoph Theis <theis@gmx.at>
Date: Tue, 14 Feb 2017 18:31:42 +0100
Subject: [PATCH 1/4] #1689: Make lowest rule number in action.d/bsd-ipfw.conf
 configurable

---
 ChangeLog                     |  3 +++
 config/action.d/bsd-ipfw.conf | 10 +++++++++-
 2 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index b37d7a08..9aa27c09 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -22,6 +22,9 @@ releases.
       (0.10th resp. IPv6 relevant only, amend for gh-1479)
 * config/pathes-freebsd.conf
     - Fixed filenames for apache and nginx log files (gh-1667)
+* action.d/bsd-ipfw.conf
+    - Make the rule number, the action starts looking for a free slot to insert
+      the new rule, configurable (gh-1689)
 
 ### New Features
 * New Actions:
diff --git a/config/action.d/bsd-ipfw.conf b/config/action.d/bsd-ipfw.conf
index 8b0a51aa..65d4294a 100644
--- a/config/action.d/bsd-ipfw.conf
+++ b/config/action.d/bsd-ipfw.conf
@@ -14,7 +14,7 @@
 # Notes.:  command executed once at the start of Fail2Ban.
 # Values:  CMD
 #
-actionstart = ipfw show | fgrep -q 'table(<table>)' || ( ipfw show | awk 'BEGIN { b = 1 } { if ($1 <= b) { b = $1 + 1 } else { e = b } } END { if (e) exit e <br> else exit b }'; num=$?; ipfw -q add $num <blocktype> <block> from table\(<table>\) to me <port>; echo $num > "<startstatefile>" )
+actionstart = ipfw show | fgrep -q 'table(<table>)' || ( ipfw show | awk 'BEGIN { b = <lowest_rule_num> } { if ($1 < b) {} else if ($1 == b) { b = $1 + 1 } else { e = b } } END { if (e) exit e <br> else exit b }'; num=$?; ipfw -q add $num <blocktype> <block> from table\(<table>\) to me <port>; echo $num > "<startstatefile>" )
 
 
 # Option:  actionstop
@@ -81,3 +81,11 @@ block = ip
 # Values:  STRING
 #
 blocktype = unreach port
+
+# Option:  lowest_rule_num
+# Notes:   When fail2ban starts with action and there is no rule for the given table yet
+#          then fail2ban will start looking for an empty slot starting with this rule number.
+# Values:  NUM
+lowest_rule_num = 1
+
+

From 6110ba9cc34e212d0ff6ac5be4b3d5bebadef794 Mon Sep 17 00:00:00 2001
From: "Serg G. Brester" <github@sebres.de>
Date: Fri, 30 Jun 2017 18:00:01 +0200
Subject: [PATCH 2/4] filter.d/proftpd.conf: added option `journalmatch` for
 systemd backend (closes gh-1613)

---
 config/filter.d/proftpd.conf | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/config/filter.d/proftpd.conf b/config/filter.d/proftpd.conf
index 4bc0ba01..303be5e5 100644
--- a/config/filter.d/proftpd.conf
+++ b/config/filter.d/proftpd.conf
@@ -23,5 +23,8 @@ failregex = ^%(__prefix_line)s%(__hostname)s \(\S+\[<HOST>\]\)[: -]+ USER .*: no
 
 ignoreregex = 
 
+[Init]
+journalmatch = _SYSTEMD_UNIT=proftpd.service
+
 # Author: Yaroslav Halchenko
 #         Daniel Black - hardening of regex

From f27e053592767ef1fd37da0cf242ee49c6bbebcc Mon Sep 17 00:00:00 2001
From: "Serg G. Brester" <github@sebres.de>
Date: Sat, 1 Jul 2017 17:10:53 +0200
Subject: [PATCH 3/4] Update bsd-ipfw.conf

increased starting rule number (lowest_rule_num = 111)
---
 config/action.d/bsd-ipfw.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/config/action.d/bsd-ipfw.conf b/config/action.d/bsd-ipfw.conf
index 65d4294a..65a5e39b 100644
--- a/config/action.d/bsd-ipfw.conf
+++ b/config/action.d/bsd-ipfw.conf
@@ -86,6 +86,6 @@ blocktype = unreach port
 # Notes:   When fail2ban starts with action and there is no rule for the given table yet
 #          then fail2ban will start looking for an empty slot starting with this rule number.
 # Values:  NUM
-lowest_rule_num = 1
+lowest_rule_num = 111
 
 

From 9f55ed86df19d990890c0103f038a147cb7145b9 Mon Sep 17 00:00:00 2001
From: sebres <serg.brester@sebres.de>
Date: Mon, 3 Jul 2017 12:38:21 +0200
Subject: [PATCH 4/4] fixed testCymruInfoNxdomain (since cymru does not provide
 ASN mapping info for "10.0.0.0" anymore)

---
 fail2ban/tests/banmanagertestcase.py | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/fail2ban/tests/banmanagertestcase.py b/fail2ban/tests/banmanagertestcase.py
index 8c58994c..ec1e5686 100644
--- a/fail2ban/tests/banmanagertestcase.py
+++ b/fail2ban/tests/banmanagertestcase.py
@@ -106,13 +106,12 @@ class StatusExtendedCymruInfo(unittest.TestCase):
 						   "country": ["nxdomain"],
 						   "rir": ["nxdomain"]})
 
-		# even for private IPs ASNs defined
 		# Since it outputs for all active tickets we would get previous results
 		# and new ones
-		ticket = BanTicket("10.0.0.0", 1167606000.0)
+		ticket = BanTicket("8.0.0.0", 1167606000.0)
 		self.assertTrue(self.__banManager.addBanTicket(ticket))
 		cymru_info = self.__banManager.getBanListExtendedCymruInfo()
 		assert_dict_equal(cymru_info,
-						  {"asn": ["nxdomain", "4565",],
-						   "country": ["nxdomain", "unknown"],
-						   "rir": ["nxdomain", "other"]})
+						  {"asn": ["nxdomain", "3356",],
+						   "country": ["nxdomain", "US"],
+						   "rir": ["nxdomain", "arin"]})