github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity

BF: failregex declared direct in jail was joined to single line, (specifying of multiple expressions was not possible); 

feature request (gh-867): new options for jail introduced addfailregex/addignoreregex: extends regex specified in filter (opposite to failregex/ignoreregex that overwrites it);
pull/868/head
sebres 2014-11-28 03:17:47 +01:00
parent 72370d2574
commit cad09d2df3
2 changed files with 14 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
ChangeLog
View File

@ -14,8 +14,14 @@ ver. 0.9.2 (2014/XX/XXX) - wanna-be-released
* $ typo in jail.conf. Thanks Skibbi. Debian bug #767255 * $ typo in jail.conf. Thanks Skibbi. Debian bug #767255
* grep'ing for IP in *mail-whois-lines.conf should now match also * grep'ing for IP in *mail-whois-lines.conf should now match also
at the begginning and EOL. Thanks Dean Lee at the begginning and EOL. Thanks Dean Lee
* failregex declared in jail was joined to single line (specifying of multiple
expressions was not possible).
- New Features: - New Features:
- new options for jail introduced addfailregex/addignoreregex: extends regex
specified in filter (opposite to failregex/ignoreregex that overwrites it)
see gh-867.
- Enhancements: - Enhancements:
* Enable multiport for firewallcmd-new action. Closes gh-834 * Enable multiport for firewallcmd-new action. Closes gh-834

11
fail2ban/client/jailreader.py
View File

@ -97,6 +97,8 @@ class JailReader(ConfigReader):
["string", "usedns", None], ["string", "usedns", None],
["string", "failregex", None], ["string", "failregex", None],
["string", "ignoreregex", None], ["string", "ignoreregex", None],
["string", "addfailregex", None],
["string", "addignoreregex", None],
["string", "ignorecommand", None], ["string", "ignorecommand", None],
["string", "ignoreip", None], ["string", "ignoreip", None],
["string", "filter", ""], ["string", "filter", ""],
@ -201,11 +203,14 @@ class JailReader(ConfigReader):
stream.append(["set", self.__name, "bantime", self.__opts[opt]]) stream.append(["set", self.__name, "bantime", self.__opts[opt]])
elif opt == "usedns": elif opt == "usedns":
stream.append(["set", self.__name, "usedns", self.__opts[opt]]) stream.append(["set", self.__name, "usedns", self.__opts[opt]])
elif opt == "failregex": elif opt in ("failregex", "addfailregex"):
stream.append(["set", self.__name, "addfailregex", self.__opts[opt]]) for regex in self.__opts[opt].split('\n'):
# Do not send a command if the rule is empty.
if regex != '':
stream.append(["set", self.__name, "addfailregex", regex])
elif opt == "ignorecommand": elif opt == "ignorecommand":
stream.append(["set", self.__name, "ignorecommand", self.__opts[opt]]) stream.append(["set", self.__name, "ignorecommand", self.__opts[opt]])
elif opt == "ignoreregex": elif opt in ("ignoreregex", "addignoreregex"):
for regex in self.__opts[opt].split('\n'): for regex in self.__opts[opt].split('\n'):
# Do not send a command if the rule is empty. # Do not send a command if the rule is empty.
if regex != '': if regex != '':