initial ipv6 via iptable wapper

config/action.d/iptables-multiport-46.conf

@@ -0,0 +1,69 @@
+# Fail2Ban configuration file
+#
+# Author: Cyril Jaquier
+# Modified by Yaroslav Halchenko for multiport banning
+# Modified by Paul Jung for calling wrapper in dual stack ipv6 and v4 banning
+#
+
+[Definition]
+
+# Option:  actionstart
+# Notes.:  command executed once at the start of Fail2Ban.
+# Values:  CMD
+#
+actionstart = fail2ban-iptwrp -N fail2ban-<name>
+              fail2ban-iptwrp -A fail2ban-<name> -j RETURN
+              fail2ban-iptwrp -I INPUT -p <protocol> -m multiport --dports <port> -j fail2ban-<name>
+
+# Option:  actionstop
+# Notes.:  command executed once at the end of Fail2Ban
+# Values:  CMD
+#
+actionstop = fail2ban-iptwrp -D INPUT -p <protocol> -m multiport --dports <port> -j fail2ban-<name>
+             fail2ban-iptwrp -F fail2ban-<name>
+             fail2ban-iptwrp -X fail2ban-<name>
+
+# Option:  actioncheck
+# Notes.:  command executed once before each actionban command
+# Values:  CMD
+#
+actioncheck = fail2ban-iptwrp -n -L INPUT | grep -q fail2ban-<name>
+
+# Option:  actionban
+# Notes.:  command executed when banning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    <ip>  IP address
+#          <failures>  number of failures
+#          <time>  unix timestamp of the ban time
+# Values:  CMD
+#
+actionban = fail2ban-iptwrp -I fail2ban-<name> 1 -s <ip> -j DROP
+
+# Option:  actionunban
+# Notes.:  command executed when unbanning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    <ip>  IP address
+#          <failures>  number of failures
+#          <time>  unix timestamp of the ban time
+# Values:  CMD
+#
+actionunban = fail2ban-iptwrp -D fail2ban-<name> -s <ip> -j DROP
+
+[Init]
+
+# Defaut name of the chain
+#
+name = default
+
+# Option:  port
+# Notes.:  specifies port to monitor
+# Values:  [ NUM | STRING ]  Default:
+#
+port = ssh
+
+# Option:  protocol
+# Notes.:  internally used by config reader for interpolations.
+# Values:  [ tcp | udp | icmp | all ] Default: tcp
+#
+protocol = tcp
+

fail2ban-iptwrp

@@ -0,0 +1,49 @@
+#!/bin/sh
+
+# This file is part of Fail2Ban.
+#
+# Fail2Ban is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# Fail2Ban is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Fail2Ban; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+
+# Author: Paul Jung aka 'Thanat0s' 
+
+# IPTable WRaPper
+# This script will call iptable or ip6tables6 depending of the ip format
+
+LINE=$@
+
+# try to be simple, keep regexes 'approximatives'
+RESULT4=`echo $LINE | egrep -c -e "([0-9]{1,3}\.){3}[0-9]{1,3}"`
+RESULT6=`echo $LINE | egrep -c -e "(::[A-Fa-f0-9]{1,4}|(:[A-Fa-f0-9]{1,4}){2,})"`
+
+if [ $RESULT4 -ne "0" ]; then
+     # action for ipv4
+     iptables $LINE
+     ERRCODE=$?
+elif [ $RESULT6 -ne "0" ]; then
+     # action for ipv6
+     ip6tables $LINE
+     ERRCODE=$?
+else
+     # action for both iptables if no ip is present
+     iptables $LINE
+     ERRCODE=$?
+     ip6tables $LINE
+     if [ $? -ge "1" ]; then
+        ERRCODE=$?
+     fi
+fi
+
+# always report the error
+exit $ERRCODE

server/failregex.py

@@ -47,7 +47,7 @@ class Regex:
 		self._matchCache = None
 		# Perform shortcuts expansions.
 		# Replace "<HOST>" with default regular expression for host.
-		regex = regex.replace("<HOST>", "(?:::f{4,6}:)?(?P<host>[\w\-.^_]+)")
+		regex = regex.replace("<HOST>", "(?:::f{4,6}:)?(?P<host>[\w\-.^_:]+)")
 		if regex.lstrip() == '':
 			raise RegexException("Cannot add empty regex")
 		try:

server/filter.py

@@ -547,6 +547,7 @@ import socket, struct
 class DNSUtils:
 	
 	IP_CRE = re.compile("^(?:\d{1,3}\.){3}\d{1,3}$")
+	IP_CRE6 = re.compile("^(?:[0-9:A-Fa-f]{3,})$")
 	
 	#@staticmethod
 	def dnsToIp(dns):
@@ -570,19 +571,21 @@ class DNSUtils:
 		if match:
 			return match
 		else:
-			return None
+			match = DNSUtils.IP_CRE6.match(text)
+			if match:
+				""" Right Here, we faced to a ipv6
+				"""
+				return match
+			else:
+				return None
 	searchIP = staticmethod(searchIP)
 	
 	#@staticmethod
 	def isValidIP(string):
 		""" Return true if str is a valid IP
+		We Consider that logfiles didn't make errors ;) 
 		"""
-		s = string.split('/', 1)
-		try:
-			socket.inet_aton(s[0])
-			return True
-		except socket.error:
-			return False
+		return True
 	isValidIP = staticmethod(isValidIP)
 	
 	#@staticmethod

setup.py

@@ -54,7 +54,8 @@ setup(
 	scripts =	[
 					'fail2ban-client', 
 					'fail2ban-server', 
-					'fail2ban-regex'
+					'fail2ban-regex' ,
+					'fail2ban-iptwrp'
 				], 
 	packages =	[
 					'common',