Merge branch 'upstream-0.8' into debian-release

* upstream-0.8:
  disabling entirely named-refused-udp jail with a big fat warning
  added time module. bug reported in buanzo's blog at http://blogs.buanzo.com.ar/2009/04/fail2ban-patch-ban-ip-address-manually.html

config/jail.conf

@@ -211,14 +211,22 @@ ignoreip = 168.192.0.1
 # in your named.conf to provide proper logging.
 # This jail blocks UDP traffic for DNS requests.
 
-[named-refused-udp]
-
-enabled  = false
-filter   = named-refused
-action   = iptables-multiport[name=Named, port="domain,953", protocol=udp]
-           sendmail-whois[name=Named, dest=you@mail.com]
-logpath  = /var/log/named/security.log
-ignoreip = 168.192.0.1
+# !!! WARNING !!!
+#   Since UDP is connectionless protocol, spoofing of IP and immitation
+#   of illegal actions is way too simple.  Thus enabling of this filter
+#   might provide an easy way for implementing a DoS against a chosen
+#   victim. See
+#    http://nion.modprobe.de/blog/archives/690-fail2ban-+-dns-fail.html
+#   Please DO NOT USE this jail unless you know what you are doing.
+#
+# [named-refused-udp]
+#
+# enabled  = false
+# filter   = named-refused
+# action   = iptables-multiport[name=Named, port="domain,953", protocol=udp]
+#            sendmail-whois[name=Named, dest=you@mail.com]
+# logpath  = /var/log/named/security.log
+# ignoreip = 168.192.0.1
 
 # This jail blocks TCP traffic for DNS requests.
 

server/filter.py

@@ -31,7 +31,7 @@ from datedetector import DateDetector
 from mytime import MyTime
 from failregex import FailRegex, Regex, RegexException
 
-import logging, re, os, fcntl
+import logging, re, os, fcntl, time
 
 # Gets the instance of the logger.
 logSys = logging.getLogger("fail2ban.filter")