From dbc659058920f0721c8dc33e901c6e06cf499dbb Mon Sep 17 00:00:00 2001
From: sebres <serg.brester@sebres.de>
Date: Wed, 8 Jan 2020 22:07:33 +0100
Subject: [PATCH] usage of failure-ID tag `<F-ID>...</F-ID>` causes raw
 handling automatically (avoid DNS-resolve for found ID)

---
 fail2ban/server/filter.py               | 1 +
 fail2ban/tests/fail2banregextestcase.py | 9 +++++++++
 2 files changed, 10 insertions(+)

diff --git a/fail2ban/server/filter.py b/fail2ban/server/filter.py
index 98c28e35..0c44c7ac 100644
--- a/fail2ban/server/filter.py
+++ b/fail2ban/server/filter.py
@@ -883,6 +883,7 @@ class Filter(JailThread):
 								fid = failRegex.getFailID()
 						host = fid
 						cidr = IPAddr.CIDR_RAW
+						raw = True
 				# if mlfid case (not failure):
 				if host is None:
 					if ll <= 7: logSys.log(7, "No failure-id by mlfid %r in regex %s: %s",
diff --git a/fail2ban/tests/fail2banregextestcase.py b/fail2ban/tests/fail2banregextestcase.py
index 05db2a24..0c2f2901 100644
--- a/fail2ban/tests/fail2banregextestcase.py
+++ b/fail2ban/tests/fail2banregextestcase.py
@@ -182,6 +182,15 @@ class Fail2banRegexTest(LogCaptureTestCase):
 		)
 		self.assertTrue(fail2banRegex.start(args))
 		self.assertLogged('Lines: 19 lines, 0 ignored, 13 matched, 6 missed')
+		# usage of <F-ID>\S+</F-ID> causes raw handling automatically:
+		self.pruneLog()
+		(opts, args, fail2banRegex) = _Fail2banRegex(
+			"-d", "^Epoch",
+			"1490349000 test failed.dns.ch", "^\s*test <F-ID>\S+</F-ID>"
+		)
+		self.assertTrue(fail2banRegex.start(args))
+		self.assertLogged('Lines: 1 lines, 0 ignored, 1 matched, 0 missed', all=True)
+		self.assertNotLogged('Unable to find a corresponding IP address')
 
 	def testDirectRE_2(self):
 		(opts, args, fail2banRegex) = _Fail2banRegex(