From a7f3a04b0e0c50a82db0b7a27cc783fd5faad0ec Mon Sep 17 00:00:00 2001
From: sebres <info@sebres.de>
Date: Fri, 21 Jun 2024 13:24:46 +0200
Subject: [PATCH] `filter.d/recidive.conf` - restore possibility to set jail
 name in the filter, _jailname is positive now (but by default it uses now
 negative lookahead to exclude recidive jail); closes gh-3769

---
 ChangeLog                     | 1 +
 config/filter.d/recidive.conf | 9 +++++----
 2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 09be05be..f221139d 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -20,6 +20,7 @@ ver. 1.1.1-dev-1 (20??/??/??) - development nightly edition
   - sshd backend switched to `systemd` (gh-3292)
 * `action.d/firewallcmd-ipset.conf`:
   - rename `ipsettype` to `ipsetbackend` (gh-2620), parameter `ipsettype` will be used now to the real set type (gh-3760)
+* `filter.d/recidive.conf` - restore possibility to set jail name in the filter, _jailname is positive now (gh-3769)
 
 ### New Features and Enhancements
 * `action.d/*-ipset.conf`:
diff --git a/config/filter.d/recidive.conf b/config/filter.d/recidive.conf
index 86d939bb..eba9a048 100644
--- a/config/filter.d/recidive.conf
+++ b/config/filter.d/recidive.conf
@@ -24,14 +24,15 @@ before = common.conf
 _daemon = (?:fail2ban(?:-server|\.actions)\s*)
 
 # The name of the jail that this filter is used for. In jail.conf, name the jail using
-# this filter 'recidive', or supply another name with `filter = recidive[_jailname="jail"]`
-_jailname = recidive
+# this filter 'recidive', or supply another name with `filter = recidive[_jailname="jail"]`,
+# default all jails excepting recidive
+_jailname = (?!recidive\])[^\]]*
 
-failregex = ^%(__prefix_line)s(?:\s*fail2ban\.actions\s*%(__pid_re)s?:\s+)?NOTICE\s+\[(?!%(_jailname)s\])(?:.*)\]\s+Ban\s+<HOST>\s*$
+failregex = ^%(__prefix_line)s(?:\s*fail2ban\.actions\s*%(__pid_re)s?:\s+)?NOTICE\s+\[<_jailname>\]\s+Ban\s+<HOST>
 
 [lt_short]
 _daemon = (?:fail2ban(?:-server|\.actions)?\s*)
-failregex = ^%(__prefix_line)s(?:\s*fail2ban(?:\.actions)?\s*%(__pid_re)s?:\s+)?(?:NOTICE\s+)?\[(?!%(_jailname)s\])(?:.*)\]\s+Ban\s+<HOST>\s*$
+failregex = ^%(__prefix_line)s(?:\s*fail2ban(?:\.actions)?\s*%(__pid_re)s?:\s+)?(?:NOTICE\s+)?\[<_jailname>\]\s+Ban\s+<HOST>
 
 [lt_journal]
 _daemon = <lt_short/_daemon>