grouped tags (`<ADDR>`, `<HOST>`, `<SUBNET>`) recognize IP addresses enclosed in square brackets, closes gh-2494

ChangeLog

@@ -77,11 +77,13 @@ ver. 0.10.5-dev-1 (20??/??/??) - development edition
 * `filter.d/named-refused.conf`:
     - support BIND 9.11.0 log format (includes an additional field @0xXXX..., gh-2406);
     - `prefregex` extended, more selective now (denied/NOTAUTH suffix moved from failregex, so no catch-all there anymore)
+* all filters would accept square brackets around IPv4 addresses also (e. g. monit-filter, gh-2494)
 
 ### New Features
 * new replacement tags for failregex to match subnets in form of IP-addresses with CIDR mask (gh-2559):
   - `<CIDR>` - helper regex to match CIDR (simple integer form of net-mask);
   - `<SUBNET>` - regex to match sub-net adresses (in form of IP/CIDR, also single IP is matched, so part /CIDR is optional);
+* grouped tags (`<ADDR>`, `<HOST>`, `<SUBNET>`) recognize IP addresses enclosed in square brackets
 * new failregex-flag tag `<F-MLFGAINED>` for failregex, signaled that the access to service was gained
   (ATM used similar to tag `<F-NOFAIL>`, but it does not add the log-line to matches, gh-2279)
 * filters: introduced new configuration parameter `logtype` (default `file` for file-backends, and 

fail2ban/server/failregex.py

@@ -37,8 +37,6 @@ R_HOST = [
 		r"""(?:::f{4,6}:)?(?P<ip4>%s)""" % (IPAddr.IP_4_RE,),
 		# separated ipv6:
 		r"""(?P<ip6>%s)""" % (IPAddr.IP_6_RE,),
-		# place-holder for ipv6 enclosed in optional [] (used in addr-, host-regex)
-		"",
 		# separated dns:
 		r"""(?P<dns>[\w\-.^_]*\w)""",
 		# place-holder for ADDR tag-replacement (joined):
@@ -52,17 +50,15 @@ R_HOST = [
 ]
 RI_IPV4 =		0
 RI_IPV6 =		1
-RI_IPV6BR =	2
+RI_DNS =		2
-RI_DNS =		3
+RI_ADDR =		3
-RI_ADDR =		4
+RI_HOST =		4
-RI_HOST =		5
+RI_CIDR =		5
-RI_CIDR =		6
+RI_SUBNET =	6
-RI_SUBNET =	7
 
-R_HOST[RI_IPV6BR] =	r"""\[?%s\]?""" % (R_HOST[RI_IPV6],)
+R_HOST[RI_ADDR] =		r"\[?(?:%s|%s)\]?" % (R_HOST[RI_IPV4], R_HOST[RI_IPV6],)
-R_HOST[RI_ADDR] =		"(?:%s|%s)" % (R_HOST[RI_IPV4], R_HOST[RI_IPV6BR],)
+R_HOST[RI_HOST] =		r"(?:%s|%s)" % (R_HOST[RI_ADDR], R_HOST[RI_DNS],)
-R_HOST[RI_HOST] =		"(?:%s|%s|%s)" % (R_HOST[RI_IPV4], R_HOST[RI_IPV6BR], R_HOST[RI_DNS],)
+R_HOST[RI_SUBNET] =	r"\[?(?:%s|%s)(?:/%s)?\]?" % (R_HOST[RI_IPV4], R_HOST[RI_IPV6], R_HOST[RI_CIDR],)
-R_HOST[RI_SUBNET] =	r"""(?:%s|%s)(?:/%s)?""" % (R_HOST[RI_IPV4], R_HOST[RI_IPV6], R_HOST[RI_CIDR],)
 
 RH4TAG = {
 	# separated ipv4 (self closed, closed):

fail2ban/tests/files/logs/monit

@@ -19,3 +19,6 @@ Mar  9 09:18:32 hostname monit[5731]: HttpRequest: access denied -- client 1.2.3
 Mar  9 09:18:33 hostname monit[5731]: HttpRequest: access denied -- client 1.2.3.4: unknown user 'test1'
 # failJSON: { "time": "2005-03-09T09:18:34", "match": true, "host": "1.2.3.4", "desc": "wrong password try" }
 Mar  9 09:18:34 hostname monit[5731]: HttpRequest: access denied -- client 1.2.3.4: wrong password for user 'test2'
+
+# failJSON: { "time": "2005-08-06T10:14:52", "match": true, "host": "192.168.1.85", "desc": "IP in brackets, gh-2494" }
+[CEST Aug  6 10:14:52] error    : HttpRequest: access denied -- client [192.168.1.85]: wrong password for user 'root'