github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity

usage of failure-ID tag `<F-ID>...</F-ID>` causes raw handling automatically (avoid DNS-resolve for found ID)

pull/2601/head
sebres 2020-01-08 22:07:33 +01:00
parent a15832e773
commit dbc6590589
2 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
fail2ban/server/filter.py
View File

@ -883,6 +883,7 @@ class Filter(JailThread):
fid = failRegex.getFailID()
host = fid
cidr = IPAddr.CIDR_RAW
raw = True
# if mlfid case (not failure):
if host is None:
if ll <= 7: logSys.log(7, "No failure-id by mlfid %r in regex %s: %s",

9
fail2ban/tests/fail2banregextestcase.py
View File

@ -182,6 +182,15 @@ class Fail2banRegexTest(LogCaptureTestCase):
)
self.assertTrue(fail2banRegex.start(args))
self.assertLogged('Lines: 19 lines, 0 ignored, 13 matched, 6 missed')
# usage of <F-ID>\S+</F-ID> causes raw handling automatically:
self.pruneLog()
(opts, args, fail2banRegex) = _Fail2banRegex(
"-d", "^Epoch",
"1490349000 test failed.dns.ch", "^\s*test <F-ID>\S+</F-ID>"
)
self.assertTrue(fail2banRegex.start(args))
self.assertLogged('Lines: 1 lines, 0 ignored, 1 matched, 0 missed', all=True)
self.assertNotLogged('Unable to find a corresponding IP address')
def testDirectRE_2(self):
(opts, args, fail2banRegex) = _Fail2banRegex(