amend to #2351: providing the attempt via fail2bans protocol (Pickle, client command, etc) must follow ignore facilities (shall be ignored if matches ignoreip, ignoreself, ignorecommand etc)

fail2ban/server/filter.py

@@ -475,6 +475,10 @@ class Filter(JailThread):
 		# Generate the failure attempt for the IP:
 		unixTime = MyTime.time()
 		ticket = FailTicket(ip, unixTime, matches=matches)
+		# check it shall be ignored:
+		if self._inIgnoreIPList(ip, ticket):
+			return 0
+		# add attempt (found failure):
 		logSys.info(
 			"[%s] Attempt %s - %s", self.jailName, ip, datetime.datetime.fromtimestamp(unixTime).strftime("%Y-%m-%d %H:%M:%S")
 		)
@@ -485,7 +489,6 @@ class Filter(JailThread):
 		# report to observer - failure was found, for possibly increasing of it retry counter (asynchronous)
 		if Observers.Main is not None:
 			Observers.Main.add('failureFound', self.jail, ticket)
-
 		return 1
 
 	##

fail2ban/tests/servertestcase.py

@@ -393,6 +393,13 @@ class Transmitter(TransmitterBase):
 		# resulted to ban for "192.0.2.2" but not for "192.0.2.1":
 		self.assertLogged("Ban 192.0.2.2", wait=True)
 		self.assertNotLogged("Ban 192.0.2.1")
+		# check attempt will be ignored by ignore facilities:
+		ip = "192.0.2.1"
+		self.transm.proceed(["set", self.jailName, "addignoreip", ip])
+		self.assertLogged("Add %r to ignore list" % (ip,), wait=True)
+		self.assertEqual(attempt(ip, ["test failure %d" % i for i in (3,4,5)]), (0, 0))
+		self.assertLogged("Ignore %s by ip" % (ip,), wait=True)
+		self.assertNotLogged("Ban 192.0.2.1")
 
 	@with_alt_time
 	def testJailBanList(self):