diff --git a/ChangeLog b/ChangeLog index 1cd21884..7c0c61c5 100644 --- a/ChangeLog +++ b/ChangeLog @@ -14,8 +14,14 @@ ver. 0.9.2 (2014/XX/XXX) - wanna-be-released * $ typo in jail.conf. Thanks Skibbi. Debian bug #767255 * grep'ing for IP in *mail-whois-lines.conf should now match also at the begginning and EOL. Thanks Dean Lee + * failregex declared in jail was joined to single line (specifying of multiple + expressions was not possible). + - New Features: + - new options for jail introduced addfailregex/addignoreregex: extends regex + specified in filter (opposite to failregex/ignoreregex that overwrites it) + see gh-867. - Enhancements: * Enable multiport for firewallcmd-new action. Closes gh-834 diff --git a/fail2ban/client/jailreader.py b/fail2ban/client/jailreader.py index 84cc5e2a..01186a1e 100644 --- a/fail2ban/client/jailreader.py +++ b/fail2ban/client/jailreader.py @@ -97,6 +97,8 @@ class JailReader(ConfigReader): ["string", "usedns", None], ["string", "failregex", None], ["string", "ignoreregex", None], + ["string", "addfailregex", None], + ["string", "addignoreregex", None], ["string", "ignorecommand", None], ["string", "ignoreip", None], ["string", "filter", ""], @@ -201,11 +203,14 @@ class JailReader(ConfigReader): stream.append(["set", self.__name, "bantime", self.__opts[opt]]) elif opt == "usedns": stream.append(["set", self.__name, "usedns", self.__opts[opt]]) - elif opt == "failregex": - stream.append(["set", self.__name, "addfailregex", self.__opts[opt]]) + elif opt in ("failregex", "addfailregex"): + for regex in self.__opts[opt].split('\n'): + # Do not send a command if the rule is empty. + if regex != '': + stream.append(["set", self.__name, "addfailregex", regex]) elif opt == "ignorecommand": stream.append(["set", self.__name, "ignorecommand", self.__opts[opt]]) - elif opt == "ignoreregex": + elif opt in ("ignoreregex", "addignoreregex"): for regex in self.__opts[opt].split('\n'): # Do not send a command if the rule is empty. if regex != '':