diff --git a/ChangeLog b/ChangeLog index f1d912c4..fde414f4 100644 --- a/ChangeLog +++ b/ChangeLog @@ -94,6 +94,8 @@ Borreli, blotus: * [a2b29b4] Fixed lots of typos in config files and documentation. hamilton5 * [7ede1e8] Update dovecot filter config. + Romain Riviere + * [0ac8746] Enhance named-refused filter for views. Special Kudos also go to Fabian Wenk, Arturo 'Buanzo' Busleiman, Tom Hendrikx and other TBN heroes supporting users on fail2ban-users diff --git a/config/filter.d/named-refused.conf b/config/filter.d/named-refused.conf index ebf7681a..64f7d685 100644 --- a/config/filter.d/named-refused.conf +++ b/config/filter.d/named-refused.conf @@ -26,7 +26,7 @@ __line_prefix=(?:\s\S+ %(__daemon_combs_re)s\s+)? # Notes.: regex to match the password failures messages in the logfile. # Values: TEXT # -failregex = %(__line_prefix)sclient #.+: query(?: \(cache\))? '.*' denied\s*$ +failregex = %(__line_prefix)sclient #\S+: (view (internal|external): )?query(?: \(cache\))? '.*' denied\s*$ # Option: ignoreregex # Notes.: regex to ignore. If this regex matches, the line is ignored. diff --git a/testcases/files/logs/named-refused b/testcases/files/logs/named-refused index 6608ae2f..130e7417 100644 --- a/testcases/files/logs/named-refused +++ b/testcases/files/logs/named-refused @@ -3,3 +3,4 @@ Jul 24 14:16:56 raid5 named[3935]: client 62.123.164.113#32768: query 'ricreig.c Jul 24 14:17:13 raid5 named[3935]: client 148.160.29.6#33081: query (cache) 'geo-mueller.de/NS/IN' denied Jul 24 14:20:25 raid5 named[3935]: client 148.160.29.6#33081: query (cache) 'shivaree.de/NS/IN' denied Jul 24 14:23:36 raid5 named[3935]: client 148.160.29.6#33081: query (cache) 'mietberatung.de/NS/IN' denied +Jul 24 14:23:36 raid5 named[3935]: client 62.109.4.89#9334: view external: query (cache) './NS/IN' denied