From 52399e6ef10f062ee7261fee21149907ed120336 Mon Sep 17 00:00:00 2001 From: sebres Date: Tue, 26 Aug 2025 18:03:46 +0200 Subject: [PATCH] amend to #2351: providing the attempt via fail2bans protocol (Pickle, client command, etc) must follow ignore facilities (shall be ignored if matches ignoreip, ignoreself, ignorecommand etc) --- fail2ban/server/filter.py | 5 ++++- fail2ban/tests/servertestcase.py | 7 +++++++ 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/fail2ban/server/filter.py b/fail2ban/server/filter.py index 942e0ba1..44ed13b5 100644 --- a/fail2ban/server/filter.py +++ b/fail2ban/server/filter.py @@ -475,6 +475,10 @@ class Filter(JailThread): # Generate the failure attempt for the IP: unixTime = MyTime.time() ticket = FailTicket(ip, unixTime, matches=matches) + # check it shall be ignored: + if self._inIgnoreIPList(ip, ticket): + return 0 + # add attempt (found failure): logSys.info( "[%s] Attempt %s - %s", self.jailName, ip, datetime.datetime.fromtimestamp(unixTime).strftime("%Y-%m-%d %H:%M:%S") ) @@ -485,7 +489,6 @@ class Filter(JailThread): # report to observer - failure was found, for possibly increasing of it retry counter (asynchronous) if Observers.Main is not None: Observers.Main.add('failureFound', self.jail, ticket) - return 1 ## diff --git a/fail2ban/tests/servertestcase.py b/fail2ban/tests/servertestcase.py index 9f8a4cd3..e68dd3f5 100644 --- a/fail2ban/tests/servertestcase.py +++ b/fail2ban/tests/servertestcase.py @@ -393,6 +393,13 @@ class Transmitter(TransmitterBase): # resulted to ban for "192.0.2.2" but not for "192.0.2.1": self.assertLogged("Ban 192.0.2.2", wait=True) self.assertNotLogged("Ban 192.0.2.1") + # check attempt will be ignored by ignore facilities: + ip = "192.0.2.1" + self.transm.proceed(["set", self.jailName, "addignoreip", ip]) + self.assertLogged("Add %r to ignore list" % (ip,), wait=True) + self.assertEqual(attempt(ip, ["test failure %d" % i for i in (3,4,5)]), (0, 0)) + self.assertLogged("Ignore %s by ip" % (ip,), wait=True) + self.assertNotLogged("Ban 192.0.2.1") @with_alt_time def testJailBanList(self):