diff --git a/ChangeLog b/ChangeLog
index a696a24f..cdbc7038 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -41,23 +41,27 @@ code-review and minor additions from Yaroslav Halchenko.
    * [..e019ab7] Multiple instances of the same action are allowed in the
      same jail -- use actname option to disambiguate.
 
-ver. 0.8.9 (2013/04/XXX) - wanna-be-stable
+ver. 0.8.9 (2013/05/XX) - wanna-be-stable
 ----------
 
-Although primarily a bugfix release, it incorporates many new
-enhancements, few new features, but more importantly -- quite extended
-tests battery with current 94% coverage.  This release incorporates
-more than a 100 of non-merge commits from 14 contributors (sorted by
-number of commits): Yaroslav Halchenko, Daniel Black, Steven Hiscocks,
-ArndRa, hamilton5, pigsyn, Erwan Ben Souiden, Michael Gebetsroither,
-Orion Poplawski, Artur Penttinen, sebres, Nicolas Collignon, Pascal
-Borreli, blotus:
+Originally targeted as a bugfix release, it incorporated many new
+enhancements, few new features, and more importantly -- quite extended
+tests battery with current 94% coverage.
 
-- Fixes:
-  Yaroslav Halchenko
-   * [6f4dad46] Documentation python-2.4 is the minimium version.
-   * [1eb23cf8] do not rely on scripts being under /usr -- might differ eg on
-     Fedora. Closes gh-112. Thanks to Camusensei for the bug report.
+This release introduces over 200 of non-merge commits from 16
+contributors (sorted by number of commits): Yaroslav Halchenko, Daniel
+Black, Steven Hiscocks, James Stout, Orion Poplawski, Enrico Labedzki,
+ArndRa, hamilton5, pigsyn, Erwan Ben Souiden, Michael Gebetsroither,
+Artur Penttinen, blotus, sebres, Nicolas Collignon, Pascal Borreli.
+
+Special Kudos also go to Fabian Wenk, Arturo 'Buanzo' Busleiman, Tom
+Hendrikx, Yehuda Katz and other TBN heroes supporting users on
+fail2ban-users mailing list and IRC.
+
+- Fixes: Yaroslav Halchenko
+   * [6f4dad46] python-2.4 is the minimal version.
+   * [1eb23cf8] do not rely on scripts being under /usr -- might differ e.g.
+     on Fedora. Closes gh-112. Thanks to Camusensei for the bug report.
    * [bf4d4af1] Changes for atomic writes. Thanks to Steven Hiscocks for
      insight. Closes gh-103.
    * [ab044b75] delay check for the existence of config directory until read.
@@ -84,6 +88,8 @@ Borreli, blotus:
      gh-70. Thanks to iGeorgeX for the idea.
   blotus
    * [96eb8986] ' and " should also be escaped in action tags Closes gh-109
+  Christoph Theis, Nick Hilliard, Daniel Black
+   * [b3bd877d,cde71080] Make syslog -v and syslog -vv formats work on FreeBSD
 - New features:
   Yaroslav Halchenko
    * [9ba27353] Add support for jail.d/{confilefile} and fail2ban.d/{configfile}
@@ -103,9 +109,18 @@ Borreli, blotus:
    * [5f2d383] Add roundcube auth filter. Closes Debian bug #699442.
   Daniel Black
    * [be06b1b] Add action for iptables-ipsets. Closes gh-102.
+  Nick Munger, Ken Menzel, Daniel Black, Christoph Theis & Fabian Wenk
+   * [b6d0e8a] Add and enhance the bsd-ipfw action from
+     FreeBSD ports.
   Soulard Morgan
    * [f336d9f] Add filter for webmin. Closes gh-99.
+  Steven Hiscocks
+   * [..746c7d9] bash interactive shell completions for fail2ban-*'s
+  Nick Hilliard
+   * [0c5a9c5] Add pf action.
 - Enhancements:
+  Enrico Labedzki
+   * [24a8d07] Added new date format for ASSP SMTP Proxy.
   Steven Hiscocks
    * [3d6791f] Ensure restart of Actions after a check fails occurs
      consistently. Closes gh-172.
@@ -128,19 +143,23 @@ Borreli, blotus:
    * [7cd6dab] Added help command to fail2ban-client.
    * [c8c7b0b,23bbc60] Better logging of log file read errors.
    * [3665e6d] Added code coverage to development process.
-   * [41b9f7b,32d10e9] More complete ssh filter rules to match openssh source.
+   * [41b9f7b,32d10e9,39750b8] More complete ssh filter rules to match openssh
+     source. Also include BSD changes.
    * [1d9abd1] Action files can have tags in definition that refer to other
      tags.
+   * [10886e7,cec5da2,adb991a] Change actions to response with ICMP port
+     unreachable rather than just a drop of the packet.
   Pascal Borreli
    * [a2b29b4] Fixed lots of typos in config files and documentation.
   hamilton5
    * [7ede1e8] Update dovecot filter config.
   Romain Riviere
    * [0ac8746] Enhance named-refused filter for views.
-
-Special Kudos also go to Fabian Wenk, Arturo 'Buanzo' Busleiman, Tom
-Hendrikx and other TBN heroes supporting users on fail2ban-users
-mailing list and IRC.
+  James Stout
+   * [..2143cdf] Solaris support enhancements:
+     - README.Solaris
+     - failregex'es tune ups (sshd.conf)
+     - hostsdeny: do not rely on support of '-i' in sed
 
 ver. 0.8.8 (2012/12/06) - stable
 ----------
diff --git a/DEVELOP b/DEVELOP
index cfbc5ac7..809e4c09 100644
--- a/DEVELOP
+++ b/DEVELOP
@@ -269,6 +269,7 @@ Releasing
   * http://svnweb.freebsd.org/ports/head/security/py-fail2ban/
   * https://build.opensuse.org/package/show?package=fail2ban&project=openSUSE%3AFactory
   * http://sophie.zarb.org/sources/fail2ban (Mageia)
+  * https://trac.macports.org/browser/trunk/dports/security/fail2ban
 
 # Check distribution outstanding bugs
 
@@ -291,6 +292,8 @@ Releasing
             http://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/net-analyzer/fail2ban/metadata.xml?view=markup
   * openSUSE: Stephan Kulow <coolo@suse.com>
             https://build.opensuse.org/package/users?package=fail2ban&project=openSUSE%3AFactory
+  * Mac Ports: @Malbrouck on github (gh-49)
+            https://trac.macports.org/browser/trunk/dports/security/fail2ban/Portfile
 
 # Wait for feedback from distributors
 
diff --git a/MANIFEST b/MANIFEST
index cf8e1892..a73cb0c0 100644
--- a/MANIFEST
+++ b/MANIFEST
@@ -58,6 +58,9 @@ fail2ban/tests/files/testcase02.log
 fail2ban/tests/files/testcase03.log
 fail2ban/tests/files/testcase04.log
 fail2ban/tests/files/testcase-usedns.log
+fail2ban/tests/files/logs/bsd/syslog-plain.txt
+fail2ban/tests/files/logs/bsd/syslog-v.txt
+fail2ban/tests/files/logs/bsd/syslog-vv.txt
 setup.py
 setup.cfg
 fail2ban/__init__.py
@@ -99,7 +102,9 @@ config/filter.d/dropbear.conf
 config/filter.d/lighttpd-auth.conf
 config/filter.d/recidive.conf
 config/filter.d/roundcube-auth.conf
+config/action.d/bsd-ipfw.conf
 config/action.d/dummy.conf
+config/action.d/iptables-blocktype.conf
 config/action.d/iptables-ipset-proto4.conf
 config/action.d/iptables-ipset-proto6.conf
 config/action.d/iptables-xt_recent-echo.conf
@@ -119,6 +124,7 @@ config/action.d/mail-buffered.conf
 config/action.d/mail-whois.conf
 config/action.d/mail-whois-lines.conf
 config/action.d/mynetwatchman.conf
+config/action.d/pf.conf
 config/action.d/sendmail.conf
 config/action.d/sendmail-buffered.conf
 config/action.d/sendmail-whois.conf
@@ -141,8 +147,10 @@ files/macosx-initd
 files/solaris-fail2ban.xml
 files/solaris-svc-fail2ban
 files/suse-initd
+files/fail2ban-logrotate
 files/cacti/fail2ban_stats.sh
 files/cacti/cacti_host_template_fail2ban.xml
 files/cacti/README
 files/nagios/check_fail2ban
 files/nagios/f2ban.txt
+files/bash-completion
diff --git a/README.Solaris b/README.Solaris
new file mode 100644
index 00000000..49056062
--- /dev/null
+++ b/README.Solaris
@@ -0,0 +1,141 @@
+# vim:tw=80:ft=txt
+
+README FOR SOLARIS INSTALLATIONS
+
+By Roy Sigurd Karlsbakk <roy@karlsbakk.net>
+
+ABOUT
+
+This readme is meant for those wanting to install fail2ban on Solaris 10,
+OpenSolaris, OpenIndiana etc. To some degree it may as well be useful for
+users of older Solaris versions and Nexenta, but don't rely on it.
+
+READ ME FIRST
+
+If I use the term Solaris, I am talking about any Solaris dialect, that is, the
+official Sun/Oracle ones or derivates. If I describe an OS as
+"OpenSolaris-based", it means it's either OpenSolaris, OpenIndiana or one of the
+other, but /not/ the Nexenta family, since this only uses the OpenSolaris/
+IllumOS kernel and not the userland. If I say Solaris 10, I mean Solaris 10 and
+perhaps, if you're lucky and have some good gods on your side, it may also apply
+to Solaris 9 or even 8 and hopefully in the new Solaris 11 whenever that may be
+released. Quoted lines of code, settings et cetera are indented with two spaces.
+This does _not_ mean you should use that indentation, especially in config files
+where they can be harmful. Optional settings are prefixed with OPT: while
+required settings are prefixed with REQ:. If no prefix is found, regard it as a
+required setting.
+
+INSTALLATION ON SOLARIS
+
+The installation is straight forward on Solaris as well as on linux/bsd/etc.
+./setup.py install installs the general packages in /usr/bin on OpenSolaris-
+based distros or (at least on this box) under /usr/sfw/bin on Solaris 10. In
+the files/ directory you will find the file solaris-fail2ban.xml containing the
+Solaris service. To install this, run the following command as root (or with
+sudo):
+
+  svccfg import files/solaris-fail2ban.xml
+
+This should normally without giving an error. If you get an error, deal with it,
+and please post any relevant info (or fixes?) to the fail2ban mailing list.
+Next install the service handler - copy the script in and allow it to be executed:
+
+  cp files/solaris-svc-fail2ban /lib/svc/method/svc-fail2ban
+  chmod +x /lib/svc/method/svc-fail2ban
+
+CONFIGURE SYSLOG
+
+For some reason, a default Solaris installation does not log ssh login attempts,
+and since fail2ban works by monitoring logs, enabling this logging is rather
+important for it to work. To enable this, edit /etc/syslog.conf and add a line
+at the end:
+
+  auth.info					/var/adm/auth.log
+
+Save the file and exit, and run
+
+  touch /var/adm/auth.log
+
+The Solaris system logger will _not_ create a non-existing file. Now, restart
+the system logger.
+
+  svcadm restart system-log
+
+Try to ssh into localhost with ssh asdf@localhost and enter an invalid password.
+Make sure this is logged in the above file. When done, you may configure
+fail2ban.
+
+FAIL2BAN CONFIGURATION
+
+OPT: Create /etc/fail2ban/fail2ban.local containing:
+
+# Fail2Ban main configuration file
+#
+# Comments: use '#' for comment lines and ';' for inline comments
+#
+# Changes:  in most of the cases you should not modify this
+#           file, but provide customizations in fail2ban.local file, e.g.:
+#
+# [Definition]
+# loglevel = 4
+#
+[Definition]
+
+# Option:  logtarget
+# Notes.:  Set the log target. This could be a file, SYSLOG, STDERR or STDOUT.
+#          Only one log target can be specified.
+#          If you change logtarget from the default value and you are
+#          using logrotate -- also adjust or disable rotation in the
+#          corresponding configuration file
+#          (e.g. /etc/logrotate.d/fail2ban on Debian systems)
+# Values:  STDOUT STDERR SYSLOG file  Default:  /var/log/fail2ban.log
+#
+logtarget = /var/adm/fail2ban.log
+
+
+REQ: Create /etc/fail2ban/jail.local containing:
+
+[ssh-tcpwrapper]
+
+enabled     = true
+filter      = sshd
+action      = hostsdeny
+              sendmail-whois[name=SSH, dest=you@example.com]
+ignoreregex = for myuser from
+logpath     = /var/adm/auth.log
+
+Set the sendmail dest address to something useful or drop the line to stop it spamming you.
+Set 'myuser' to your username to avoid banning yourself or drop it.
+
+START (OR RESTART) FAIL2BAN
+
+Enable the fail2ban service with
+
+  svcadm enable fail2ban
+
+When done, check that all services are running well
+
+  svcs -xv
+
+GOTCHAS AND FIXMES
+
+* It seems the installation may be starting fail2ban automatically. If this is
+  done, fail2ban will not start, but no errors will be returned from svcs
+  (above). Check if it's running with 'ps -ef | grep fail2ban' and manually kill
+  the PID if it is. Re-enable fail2ban and try again
+
+    svcadm disable fail2ban
+    svcadm enable fail2ban
+
+* If svcs -xv says that fail2ban failed to start or svcs says it's in maintenance mode
+  chcek /var/svc/log/network-fail2ban:default.log for clues. 
+  Check permissions on /var/adm, /var/adm/auth.log /var/adm/fail2ban.log and /var/run/fail2ban
+  You may need to:
+
+  sudo mkdir /var/run/fail2ban
+
+* Fail2ban adds lines like these to /etc/hosts.deny:
+
+    ALL: 1.2.3.4
+
+  wouldn't it be better to just block sshd?
diff --git a/THANKS b/THANKS
index f207d71e..9545d43a 100644
--- a/THANKS
+++ b/THANKS
@@ -16,6 +16,7 @@ Daniel B. Cid
 Daniel Black
 David Nutter
 Eric Gerbier
+Enrico Labedzki
 Guillaume Delvit
 Hanno 'Rince' Wagner
 Iain Lea
diff --git a/TODO b/TODO
index 61bdc093..33263d3e 100644
--- a/TODO
+++ b/TODO
@@ -13,6 +13,8 @@ Legend:
 # partially done
 * done
 
+- more detailed explaination in DEVELOP for new developers (eg. howto build this HEX numbers in ChangeLog)
+
 - Run tests though all filters/examples files - (see sshd example file) as unit
   test
 
diff --git a/config/action.d/bsd-ipfw.conf b/config/action.d/bsd-ipfw.conf
new file mode 100644
index 00000000..33f176e4
--- /dev/null
+++ b/config/action.d/bsd-ipfw.conf
@@ -0,0 +1,82 @@
+# Fail2Ban configuration file
+#
+# Author: Nick Munger
+# Modified by: Ken Menzel
+#              Daniel Black (start/stop)
+#              Fabian Wenk (many ideas as per fail2ban users list)
+#
+# Ensure firewall_enable="YES" in the top of /etc/rc.conf
+#
+
+[Definition]
+
+# Option:  actionstart
+# Notes.:  command executed once at the start of Fail2Ban.
+# Values:  CMD
+#
+actionstart = ipfw show | fgrep -q 'table(<table>)' || ( ipfw show | awk 'BEGIN { b = 1 } { if ($1 <= b) { b = $1 + 1 } else { e = b } } END { if (e) exit e <br> else exit b }'; num=$?; ipfw -q add $num deny <block> from table\(<table>\) to me <port>; echo $num > "<startstatefile>" )
+
+
+# Option:  actionstop
+# Notes.:  command executed once at the end of Fail2Ban
+# Values:  CMD
+#
+actionstop =  [ -f <startstatefile> ] && ( read num < "<startstatefile>" <br> ipfw -q delete $num <br> rm "<startstatefile>" )
+
+
+# Option:  actioncheck
+# Notes.:  command executed once before each actionban command
+# Values:  CMD
+#
+actioncheck = 
+
+
+# Option:  actionban
+# Notes.:  command executed when banning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    See jail.conf(5) man page
+# Values:  CMD
+#
+# requires an ipfw rule like "deny ip from table(1) to me"
+actionban = ipfw table <table> add <ip>
+
+
+# Option:  actionunban
+# Notes.:  command executed when unbanning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    See jail.conf(5) man page
+# Values:  CMD
+#
+actionunban = ipfw table <table> delete <ip>
+
+[Init]
+# Option:  table
+# Notes:   The ipfw table to use. If a ipfw rule using this table already exists,
+#          this action will not create a ipfw rule to block it and the following
+#          options will have no effect.
+# Values:  NUM
+table = 1
+
+# Option:  port
+# Notes.:  Specifies port to monitor. Blank indicate block all ports.
+# Values:  [ NUM | STRING ]
+#
+port = 
+
+# Option:  startstatefile
+# Notes:   A file to indicate that the table rule that was added. Ensure it is unique per table.
+# Values:  STRING
+startstatefile = /var/run/fail2ban/ipfw-started-table_<table>
+
+# Option:  action
+# Notes:   This is the action to take for automaticly created rules. See the 
+#          ACTION defination at the top of man ipfw for allowed values.
+#          "deny" and "unreach port" are probably the useful.
+# Values:  STRING
+action = deny
+
+# Option: block
+# Notes:  This is how much to block.
+#         Can be "ip", "tcp", "udp" or various other options.
+# Values: STRING
+block = ip
diff --git a/config/action.d/dshield.conf b/config/action.d/dshield.conf
index 151db28f..ca68e638 100644
--- a/config/action.d/dshield.conf
+++ b/config/action.d/dshield.conf
@@ -25,7 +25,6 @@
 # configured at DShield), and <lines>/<minreportinterval>/<maxbufferage> (to
 # configure how often the buffer is flushed).
 #
-# $Revision$
 
 [Definition]
 
diff --git a/config/action.d/dummy.conf b/config/action.d/dummy.conf
index ea59881a..20507c0b 100644
--- a/config/action.d/dummy.conf
+++ b/config/action.d/dummy.conf
@@ -2,7 +2,6 @@
 #
 # Author: Cyril Jaquier
 #
-# $Revision$
 #
 
 [Definition]
diff --git a/config/action.d/hostsdeny.conf b/config/action.d/hostsdeny.conf
index b04f2adb..50a4545c 100644
--- a/config/action.d/hostsdeny.conf
+++ b/config/action.d/hostsdeny.conf
@@ -2,7 +2,6 @@
 #
 # Author: Cyril Jaquier
 #
-# $Revision$
 #
 
 [Definition]
@@ -40,7 +39,7 @@ actionban = IP=<ip> &&
 # Tags:    See jail.conf(5) man page
 # Values:  CMD
 #
-actionunban = IP=<ip> && sed -i.old /ALL:\ $IP/d <file>
+actionunban = IP=<ip> && sed  /ALL:\ $IP/d <file> > <file>.new && mv <file>.new <file>
 
 [Init]
 
diff --git a/config/action.d/ipfilter.conf b/config/action.d/ipfilter.conf
index d77de9bf..61420e38 100644
--- a/config/action.d/ipfilter.conf
+++ b/config/action.d/ipfilter.conf
@@ -37,7 +37,7 @@ actioncheck =
 # Tags:    See jail.conf(5) man page
 # Values:  CMD
 #
-actionban = echo block in quick from <ip>/32 | /sbin/ipf -f -
+actionban = echo block <blocktype> in quick from <ip>/32 | /sbin/ipf -f -
 
 
 # Option:  actionunban
@@ -47,7 +47,12 @@ actionban = echo block in quick from <ip>/32 | /sbin/ipf -f -
 # Values:  CMD
 #
 # note -r option used to remove matching rule
-actionunban = echo block in quick from <ip>/32 | /sbin/ipf -r -f -
+actionunban = echo block <blocktype> in quick from <ip>/32 | /sbin/ipf -r -f -
 
 [Init]
 
+# Option: Blocktype
+# Notes : This is the return-icmp[return-code] mentioned in the ipf man page section 5. Keep this quoted to prevent
+#         Shell expansion. This should be blank (unquoted) to drop the packet.
+# Values: STRING
+blocktype = "return-icmp(port-unr)"
diff --git a/config/action.d/ipfw.conf b/config/action.d/ipfw.conf
index 62612307..09045815 100644
--- a/config/action.d/ipfw.conf
+++ b/config/action.d/ipfw.conf
@@ -3,7 +3,6 @@
 # Author: Nick Munger
 # Modified by: Cyril Jaquier
 #
-# $Revision$
 #
 
 [Definition]
@@ -35,7 +34,7 @@ actioncheck =
 # Tags:    See jail.conf(5) man page
 # Values:  CMD
 #
-actionban = ipfw add deny tcp from <ip> to <localhost> <port>
+actionban = ipfw add <blocktype> tcp from <ip> to <localhost> <port>
 
 
 # Option:  actionunban
@@ -59,3 +58,11 @@ port = ssh
 # Values:  IP
 #
 localhost = 127.0.0.1
+
+
+# Option:  blocktype
+# Notes.:  How to block the traffic. Use a action from man 5 ipfw
+#          Common values: deny, unreach port, reset
+# Values:  STRING
+#
+blocktype = unreach port
diff --git a/config/action.d/iptables-allports.conf b/config/action.d/iptables-allports.conf
index a02ba63d..91d40711 100644
--- a/config/action.d/iptables-allports.conf
+++ b/config/action.d/iptables-allports.conf
@@ -4,9 +4,13 @@
 # Modified: Yaroslav O. Halchenko <debian@onerussian.com>
 # 			made active on all ports from original iptables.conf
 #
-# $Revision$
 #
 
+[INCLUDES]
+
+before = iptables-blocktype.conf
+
+
 [Definition]
 
 # Option:  actionstart
@@ -37,7 +41,7 @@ actioncheck = iptables -n -L <chain> | grep -q 'fail2ban-<name>[ \t]'
 # Tags:    See jail.conf(5) man page
 # Values:  CMD
 #
-actionban = iptables -I fail2ban-<name> 1 -s <ip> -j DROP
+actionban = iptables -I fail2ban-<name> 1 -s <ip> -j <blocktype>
 
 # Option:  actionunban
 # Notes.:  command executed when unbanning an IP. Take care that the
@@ -45,7 +49,7 @@ actionban = iptables -I fail2ban-<name> 1 -s <ip> -j DROP
 # Tags:    See jail.conf(5) man page
 # Values:  CMD
 #
-actionunban = iptables -D fail2ban-<name> -s <ip> -j DROP
+actionunban = iptables -D fail2ban-<name> -s <ip> -j <blocktype>
 
 [Init]
 
diff --git a/config/action.d/iptables-blocktype.conf b/config/action.d/iptables-blocktype.conf
new file mode 100644
index 00000000..c505e49c
--- /dev/null
+++ b/config/action.d/iptables-blocktype.conf
@@ -0,0 +1,22 @@
+# Fail2Ban configuration file
+#
+# Author: Daniel Black
+#
+# This is a included configuration file and includes the defination for the blocktype
+# used in all iptables based actions by default.
+#
+# The user can override the default in iptables-blocktype.local
+
+[INCLUDES]
+
+after = iptables-blocktype.local
+
+[Init]
+
+# Option:  blocktype
+# Note:    This is what the action does with rules. This can be any jump target
+#          as per the iptables man page (section 8). Common values are DROP
+#          REJECT, REJECT --reject-with icmp-port-unreachable
+# Values:  STRING
+blocktype = REJECT --reject-with icmp-port-unreachable
+
diff --git a/config/action.d/iptables-ipset-proto4.conf b/config/action.d/iptables-ipset-proto4.conf
index 4221dd8d..3ed778f9 100644
--- a/config/action.d/iptables-ipset-proto4.conf
+++ b/config/action.d/iptables-ipset-proto4.conf
@@ -18,6 +18,10 @@
 # apt-get install ipset xtables-addons-source 
 # module-assistant auto-install xtables-addons
 
+[INCLUDES]
+
+before = iptables-blocktype.conf
+
 [Definition]
 
 # Option:  actionstart
@@ -25,13 +29,13 @@
 # Values:  CMD
 #
 actionstart = ipset --create fail2ban-<name> iphash
-              iptables -I INPUT -p <protocol> -m multiport --dports <port> -m set --match-set fail2ban-<name> src -j DROP
+              iptables -I INPUT -p <protocol> -m multiport --dports <port> -m set --match-set fail2ban-<name> src -j <blocktype>
 
 # Option:  actionstop
 # Notes.:  command executed once at the end of Fail2Ban
 # Values:  CMD
 #
-actionstop = iptables -D INPUT -p <protocol> -m multiport --dports <port> -m set --match-set fail2ban-<name> src -j DROP
+actionstop = iptables -D INPUT -p <protocol> -m multiport --dports <port> -m set --match-set fail2ban-<name> src -j <blocktype>
              ipset --flush fail2ban-<name>
              ipset --destroy fail2ban-<name>
 
@@ -68,4 +72,3 @@ port = ssh
 # Values:  [ tcp | udp | icmp | all ] Default: tcp
 #
 protocol = tcp
-
diff --git a/config/action.d/iptables-ipset-proto6.conf b/config/action.d/iptables-ipset-proto6.conf
index d90acd44..3cf9b140 100644
--- a/config/action.d/iptables-ipset-proto6.conf
+++ b/config/action.d/iptables-ipset-proto6.conf
@@ -18,6 +18,11 @@
 # apt-get install ipset xtables-addons-source 
 # module-assistant auto-install xtables-addons
 
+[INCLUDES]
+
+before = iptables-blocktype.conf
+
+
 [Definition]
 
 # Option:  actionstart
@@ -74,5 +79,3 @@ protocol = tcp
 # Values:  [ NUM ]  Default: 600
 
 bantime = 600
-
-
diff --git a/config/action.d/iptables-multiport-log.conf b/config/action.d/iptables-multiport-log.conf
index 49958013..6084cb6c 100644
--- a/config/action.d/iptables-multiport-log.conf
+++ b/config/action.d/iptables-multiport-log.conf
@@ -7,9 +7,12 @@
 # make "fail2ban-<name>-log" chain to log and drop
 # insert a jump to fail2ban-<name> from -I <chain> if proto/port match
 #
-# $Revision$
 #
 
+[INCLUDES]
+
+before = iptables-blocktype.conf
+
 [Definition]
 
 # Option:  actionstart
@@ -21,7 +24,7 @@ actionstart = iptables -N fail2ban-<name>
               iptables -I <chain> 1 -p <protocol> -m multiport --dports <port> -j fail2ban-<name>
               iptables -N fail2ban-<name>-log
               iptables -I fail2ban-<name>-log -j LOG --log-prefix "$(expr fail2ban-<name> : '\(.\{1,23\}\)'):DROP " --log-level warning -m limit --limit 6/m --limit-burst 2
-              iptables -A fail2ban-<name>-log -j DROP
+              iptables -A fail2ban-<name>-log -j <blocktype>
 
 # Option:  actionstop
 # Notes.:  command executed once at the end of Fail2Ban
diff --git a/config/action.d/iptables-multiport.conf b/config/action.d/iptables-multiport.conf
index ab0ee8de..daa31148 100644
--- a/config/action.d/iptables-multiport.conf
+++ b/config/action.d/iptables-multiport.conf
@@ -2,9 +2,12 @@
 #
 # Author: Cyril Jaquier
 # Modified by Yaroslav Halchenko for multiport banning
-# $Revision$
 #
 
+[INCLUDES]
+
+before = iptables-blocktype.conf
+
 [Definition]
 
 # Option:  actionstart
@@ -35,7 +38,7 @@ actioncheck = iptables -n -L <chain> | grep -q 'fail2ban-<name>[ \t]'
 # Tags:    See jail.conf(5) man page
 # Values:  CMD
 #
-actionban = iptables -I fail2ban-<name> 1 -s <ip> -j DROP
+actionban = iptables -I fail2ban-<name> 1 -s <ip> -j <blocktype>
 
 # Option:  actionunban
 # Notes.:  command executed when unbanning an IP. Take care that the
@@ -43,7 +46,7 @@ actionban = iptables -I fail2ban-<name> 1 -s <ip> -j DROP
 # Tags:    See jail.conf(5) man page
 # Values:  CMD
 #
-actionunban = iptables -D fail2ban-<name> -s <ip> -j DROP
+actionunban = iptables -D fail2ban-<name> -s <ip> -j <blocktype>
 
 [Init]
 
diff --git a/config/action.d/iptables-new.conf b/config/action.d/iptables-new.conf
index 12f398c7..38927442 100644
--- a/config/action.d/iptables-new.conf
+++ b/config/action.d/iptables-new.conf
@@ -4,9 +4,13 @@
 # Copied from iptables.conf and modified by Yaroslav Halchenko 
 #  to fullfill the needs of bugreporter dbts#350746.
 #
-# $Revision$
 #
 
+[INCLUDES]
+
+before = iptables-blocktype.conf
+
+
 [Definition]
 
 # Option:  actionstart
@@ -37,7 +41,7 @@ actioncheck = iptables -n -L <chain> | grep -q 'fail2ban-<name>[ \t]'
 # Tags:    See jail.conf(5) man page
 # Values:  CMD
 #
-actionban = iptables -I fail2ban-<name> 1 -s <ip> -j DROP
+actionban = iptables -I fail2ban-<name> 1 -s <ip> -j <blocktype>
 
 # Option:  actionunban
 # Notes.:  command executed when unbanning an IP. Take care that the
@@ -45,7 +49,7 @@ actionban = iptables -I fail2ban-<name> 1 -s <ip> -j DROP
 # Tags:    See jail.conf(5) man page
 # Values:  CMD
 #
-actionunban = iptables -D fail2ban-<name> -s <ip> -j DROP
+actionunban = iptables -D fail2ban-<name> -s <ip> -j <blocktype>
 
 [Init]
 
diff --git a/config/action.d/iptables-xt_recent-echo.conf b/config/action.d/iptables-xt_recent-echo.conf
index 887311be..829d4c06 100644
--- a/config/action.d/iptables-xt_recent-echo.conf
+++ b/config/action.d/iptables-xt_recent-echo.conf
@@ -2,9 +2,13 @@
 #
 # Author: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
 #
-# $Revision: 1 $
 #
 
+[INCLUDES]
+
+before = iptables-blocktype.conf
+
+
 [Definition]
 
 # Option:  actionstart
@@ -29,7 +33,7 @@
 #    own rules. The 3600 second timeout is independent and acts as a
 #    safeguard in case the fail2ban process dies unexpectedly. The
 #    shorter of the two timeouts actually matters.
-actionstart = iptables -I INPUT -m recent --update --seconds 3600 --name fail2ban-<name> -j DROP
+actionstart = iptables -I INPUT -m recent --update --seconds 3600 --name fail2ban-<name> -j <blocktype>
 
 # Option:  actionstop
 # Notes.:  command executed once at the end of Fail2Ban
diff --git a/config/action.d/iptables.conf b/config/action.d/iptables.conf
index a3412f6b..370e4731 100644
--- a/config/action.d/iptables.conf
+++ b/config/action.d/iptables.conf
@@ -2,9 +2,12 @@
 #
 # Author: Cyril Jaquier
 #
-# $Revision$
 #
 
+[INCLUDES]
+
+before = iptables-blocktype.conf
+
 [Definition]
 
 # Option:  actionstart
@@ -35,7 +38,7 @@ actioncheck = iptables -n -L <chain> | grep -q 'fail2ban-<name>[ \t]'
 # Tags:    See jail.conf(5) man page
 # Values:  CMD
 #
-actionban = iptables -I fail2ban-<name> 1 -s <ip> -j DROP
+actionban = iptables -I fail2ban-<name> 1 -s <ip> -j <blocktype>
 
 # Option:  actionunban
 # Notes.:  command executed when unbanning an IP. Take care that the
@@ -43,7 +46,7 @@ actionban = iptables -I fail2ban-<name> 1 -s <ip> -j DROP
 # Tags:    See jail.conf(5) man page
 # Values:  CMD
 #
-actionunban = iptables -D fail2ban-<name> -s <ip> -j DROP
+actionunban = iptables -D fail2ban-<name> -s <ip> -j <blocktype>
 
 [Init]
 
diff --git a/config/action.d/mail-buffered.conf b/config/action.d/mail-buffered.conf
index 94a60e3b..7ff17cf2 100644
--- a/config/action.d/mail-buffered.conf
+++ b/config/action.d/mail-buffered.conf
@@ -2,7 +2,6 @@
 #
 # Author: Cyril Jaquier
 #
-# $Revision$
 #
 
 [Definition]
diff --git a/config/action.d/mail-whois-lines.conf b/config/action.d/mail-whois-lines.conf
index 2120432e..d30e266d 100644
--- a/config/action.d/mail-whois-lines.conf
+++ b/config/action.d/mail-whois-lines.conf
@@ -2,7 +2,6 @@
 #
 # Author: Cyril Jaquier
 # Modified-By: Yaroslav Halchenko to include grepping on IP over log files
-# $Revision$
 #
 
 [Definition]
diff --git a/config/action.d/mail-whois.conf b/config/action.d/mail-whois.conf
index 3293c7a2..f58ae535 100644
--- a/config/action.d/mail-whois.conf
+++ b/config/action.d/mail-whois.conf
@@ -2,7 +2,6 @@
 #
 # Author: Cyril Jaquier
 #
-# $Revision$
 #
 
 [Definition]
diff --git a/config/action.d/mail.conf b/config/action.d/mail.conf
index f9942e10..f9a54979 100644
--- a/config/action.d/mail.conf
+++ b/config/action.d/mail.conf
@@ -2,7 +2,6 @@
 #
 # Author: Cyril Jaquier
 #
-# $Revision$
 #
 
 [Definition]
diff --git a/config/action.d/mynetwatchman.conf b/config/action.d/mynetwatchman.conf
index 06f16db6..5245a4e3 100644
--- a/config/action.d/mynetwatchman.conf
+++ b/config/action.d/mynetwatchman.conf
@@ -24,7 +24,6 @@
 # Another useful configuration value is <getcmd>, if you don't have wget
 # installed (an example config for curl is given below)
 #
-# $Revision$
 
 [Definition]
 
diff --git a/config/action.d/pf.conf b/config/action.d/pf.conf
new file mode 100644
index 00000000..d82cbb12
--- /dev/null
+++ b/config/action.d/pf.conf
@@ -0,0 +1,62 @@
+# Fail2Ban configuration file
+#
+# OpenBSD pf ban/unban
+#
+# Author: Nick Hilliard <nick@foobar.org>
+#
+#
+
+[Definition]
+
+# Option:  actionstart
+# Notes.:  command executed once at the start of Fail2Ban.
+# Values:  CMD
+#
+# we don't enable PF automatically, as it will be enabled elsewhere
+actionstart = 
+
+
+# Option:  actionstop
+# Notes.:  command executed once at the end of Fail2Ban
+# Values:  CMD
+#
+# we don't disable PF automatically either
+actionstop = 
+
+
+# Option:  actioncheck
+# Notes.:  command executed once before each actionban command
+# Values:  CMD
+#
+actioncheck = 
+
+
+# Option:  actionban
+# Notes.:  command executed when banning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    <ip>  IP address
+#          <failures>  number of failures
+#          <time>  unix timestamp of the ban time
+# Values:  CMD
+#
+actionban = /sbin/pfctl -t <tablename> -T add <ip>/32
+
+
+# Option:  actionunban
+# Notes.:  command executed when unbanning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    <ip>  IP address
+#          <failures>  number of failures
+#          <time>  unix timestamp of the ban time
+# Values:  CMD
+#
+# note -r option used to remove matching rule
+actionunban = /sbin/pfctl -t <tablename> -T delete <ip>/32
+
+[Init]
+# Option:  tablename
+# Notes.:  The pf table name.
+# Values:  [ STRING ]  Default: fail2ban
+#
+tablename = fail2ban
+
diff --git a/config/action.d/route.conf b/config/action.d/route.conf
index ec940b74..bb4ec8e1 100644
--- a/config/action.d/route.conf
+++ b/config/action.d/route.conf
@@ -15,11 +15,10 @@
 #   - Blocking is per IP and NOT per service, but ideal as action against ssh password bruteforcing hosts
 
 [Definition]
-actionban   = ip route add <type> <ip>
-actionunban = ip route del <type> <ip>
+actionban   = ip route add <blocktype> <ip>
+actionunban = ip route del <blocktype> <ip>
 
-# Type of blocking
-#
-# Type can be blackhole, unreachable and prohibit. Unreachable and prohibit correspond to the ICMP reject messages.
-
-type = blackhole
+# Option:  blocktype
+# Note:    Type can be blackhole, unreachable and prohibit. Unreachable and prohibit correspond to the ICMP reject messages.
+# Values:  STRING
+blocktype = unreachable
diff --git a/config/action.d/sendmail-buffered.conf b/config/action.d/sendmail-buffered.conf
index ce4479e8..bec1e91c 100644
--- a/config/action.d/sendmail-buffered.conf
+++ b/config/action.d/sendmail-buffered.conf
@@ -2,7 +2,6 @@
 #
 # Author: Cyril Jaquier
 #
-# $Revision$
 #
 
 [Definition]
diff --git a/config/action.d/sendmail-whois-lines.conf b/config/action.d/sendmail-whois-lines.conf
index 30cd84b8..bc5074c6 100644
--- a/config/action.d/sendmail-whois-lines.conf
+++ b/config/action.d/sendmail-whois-lines.conf
@@ -2,7 +2,6 @@
 #
 # Author: Cyril Jaquier
 #
-# $Revision$
 #
 
 [Definition]
diff --git a/config/action.d/sendmail-whois.conf b/config/action.d/sendmail-whois.conf
index 6b7b9383..0d1fd97e 100644
--- a/config/action.d/sendmail-whois.conf
+++ b/config/action.d/sendmail-whois.conf
@@ -2,7 +2,6 @@
 #
 # Author: Cyril Jaquier
 #
-# $Revision$
 #
 
 [Definition]
diff --git a/config/action.d/sendmail.conf b/config/action.d/sendmail.conf
index db619a87..8054050d 100644
--- a/config/action.d/sendmail.conf
+++ b/config/action.d/sendmail.conf
@@ -2,7 +2,6 @@
 #
 # Author: Cyril Jaquier
 #
-# $Revision$
 #
 
 [Definition]
diff --git a/config/action.d/shorewall.conf b/config/action.d/shorewall.conf
index aca3a256..b165c701 100644
--- a/config/action.d/shorewall.conf
+++ b/config/action.d/shorewall.conf
@@ -2,7 +2,6 @@
 #
 # Author: Cyril Jaquier
 #
-# $Revision$
 #
 # The default Shorewall configuration is with "BLACKLISTNEWONLY=Yes" (see
 # file /etc/shorewall/shorewall.conf). This means that when Fail2ban adds a
@@ -39,7 +38,7 @@ actioncheck =
 # Tags:    See jail.conf(5) man page
 # Values:  CMD
 #
-actionban = shorewall drop <ip>
+actionban = shorewall <blocktype> <ip>
 
 # Option:  actionunban
 # Notes.:  command executed when unbanning an IP. Take care that the
@@ -48,3 +47,9 @@ actionban = shorewall drop <ip>
 # Values:  CMD
 #
 actionunban = shorewall allow <ip>
+
+# Option:  blocktype
+# Note:    This is what the action does with rules.
+#          See man page of shorewall for options that include drop, logdrop, reject, or logreject
+# Values:  STRING
+blocktype = reject
diff --git a/config/filter.d/apache-auth.conf b/config/filter.d/apache-auth.conf
index 962fb2e3..66f6a1d6 100644
--- a/config/filter.d/apache-auth.conf
+++ b/config/filter.d/apache-auth.conf
@@ -2,7 +2,6 @@
 #
 # Author: Cyril Jaquier
 #
-# $Revision$
 #
 
 [Definition]
diff --git a/config/filter.d/apache-badbots.conf b/config/filter.d/apache-badbots.conf
index 1c60676d..f9c79472 100644
--- a/config/filter.d/apache-badbots.conf
+++ b/config/filter.d/apache-badbots.conf
@@ -5,7 +5,6 @@
 #
 # Author: Yaroslav Halchenko
 #
-# $Revision$
 #
 
 [Definition]
diff --git a/config/filter.d/apache-nohome.conf b/config/filter.d/apache-nohome.conf
index b6a00005..6e738c68 100644
--- a/config/filter.d/apache-nohome.conf
+++ b/config/filter.d/apache-nohome.conf
@@ -2,7 +2,6 @@
 #
 # Author: Yaroslav O. Halchenko <debian@onerussian.com>
 #
-# $Revision$
 #
 
 [Definition]
diff --git a/config/filter.d/apache-noscript.conf b/config/filter.d/apache-noscript.conf
index 4746fbfb..5b48cb32 100644
--- a/config/filter.d/apache-noscript.conf
+++ b/config/filter.d/apache-noscript.conf
@@ -2,7 +2,6 @@
 #
 # Author: Cyril Jaquier
 #
-# $Revision$
 #
 
 [Definition]
diff --git a/config/filter.d/apache-overflows.conf b/config/filter.d/apache-overflows.conf
index 4567f7da..e25b79a4 100644
--- a/config/filter.d/apache-overflows.conf
+++ b/config/filter.d/apache-overflows.conf
@@ -2,7 +2,6 @@
 #
 # Author: Tim Connors
 #
-# $Revision$
 #
 
 [Definition]
diff --git a/config/filter.d/assp.conf b/config/filter.d/assp.conf
new file mode 100644
index 00000000..b1bfc082
--- /dev/null
+++ b/config/filter.d/assp.conf
@@ -0,0 +1,33 @@
+# Fail2Ban configuration file
+# for Anti-Spam SMTP Proxy Server also known as ASSP
+#    Honmepage:   http://www.magicvillage.de/~Fritz_Borgstedt/assp/0003D91C-8000001C/
+#    ProjektSite: http://sourceforge.net/projects/assp/?source=directory
+#
+# Author: Enrico Labedzki (enrico.labedzki@deiwos.de)
+#
+
+[Definition] 
+
+# Option:  failregex
+# Notes.:  regex to match the SMTP failure messages in the logfile. The
+#          host must be matched by a group named "host". The tag "<HOST>" can
+#          be used for standard IP/hostname matching and is only an alias for
+#          (?:::f{4,6}:)?(?P<host>\S+)
+# Values:  TEXT
+#
+# Examples: Apr-27-13 02:33:09 Blocking 217.194.197.97 - too much AUTH errors (41);
+#           Dec-29-12 17:10:31 [SSL-out] 200.247.87.82 SSL negotiation with client failed: SSL accept attempt failed with unknown errorerror:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol;
+#           Dec-30-12 04:01:47 [SSL-out] 81.82.232.66 max sender authentication errors (5) exceeded 
+__assp_actions = (dropping|refusing)
+
+failregex = <HOST> max sender authentication errors \(\d{,3}\) exceeded -- %(__assp_actions)s connection - after reply: \d{3} \d{1}\.\d{1}.\d{1} Error: authentication failed: [a-zA-Z0-9]+;$
+			<HOST> SSL negotiation with client failed: SSL accept attempt failed with unknown error.*:unknown protocol;$
+			Blocking <HOST> - too much AUTH errors \(\d{,3}\);$
+
+
+# Option:  ignoreregex
+# Notes.:  regex to ignore. If this regex matches, the line is ignored.
+# Values:  TEXT
+#
+ignoreregex = 
+
diff --git a/config/filter.d/asterisk.conf b/config/filter.d/asterisk.conf
index 73947a67..9ed69804 100644
--- a/config/filter.d/asterisk.conf
+++ b/config/filter.d/asterisk.conf
@@ -2,7 +2,6 @@
 #
 # Author: Xavier Devlamynck
 #
-# $Revision$
 #
 
 
diff --git a/config/filter.d/common.conf b/config/filter.d/common.conf
index 18bf41c5..aafeb5ca 100644
--- a/config/filter.d/common.conf
+++ b/config/filter.d/common.conf
@@ -3,7 +3,6 @@
 #
 # Author: Yaroslav Halchenko
 #
-# $Revision$
 #
 
 [INCLUDES]
@@ -28,6 +27,10 @@ __pid_re = (?:\[\d+\])
 # EXAMPLES: pam_rhosts_auth, [sshd], pop(pam_unix)
 __daemon_re = [\[\(]?%(_daemon)s(?:\(\S+\))?[\]\)]?:?
 
+# extra daemon info
+# EXAMPLE: [ID 800047 auth.info]
+__daemon_extra_re = (?:\[ID \d+ \S+\])
+
 # Combinations of daemon name and PID
 # EXAMPLES: sshd[31607], pop(pam_unix)[4920]
 __daemon_combs_re = (?:%(__pid_re)s?:\s+%(__daemon_re)s|%(__daemon_re)s%(__pid_re)s?:)
@@ -38,10 +41,16 @@ __kernel_prefix = kernel: \[\d+\.\d+\]
 
 __hostname = \S+
 
+
+# bsdverbose is where syslogd is started with -v or -vv and results in <4.3> or
+# <auth.info> appearing before the host as per testcases/files/logs/bsd/*.
+__bsd_syslog_verbose = (<[^.]+\.[^.]+>)
+
 #
 # Common line prefixes (beginnings) which could be used in filters
 #
-#       [hostname] [vserver tag] daemon_id spaces
-# this can be optional (for instance if we match named native log files)
-__prefix_line = \s*(?:%(__hostname)s )?(?:%(__kernel_prefix)s )?(?:@vserver_\S+ )?%(__daemon_combs_re)s?\s*
+#      [bsdverbose]? [hostname] [vserver tag] daemon_id spaces
+#
+# This can be optional (for instance if we match named native log files)
+__prefix_line = \s*%(__bsd_syslog_verbose)s?\s*(?:%(__hostname)s )?(?:%(__kernel_prefix)s )?(?:@vserver_\S+ )?%(__daemon_combs_re)s?\s%(__daemon_extra_re)s?\s*
 
diff --git a/config/filter.d/courier-auth.conf b/config/filter.d/courier-auth.conf
index b8710ac3..20731e5d 100644
--- a/config/filter.d/courier-auth.conf
+++ b/config/filter.d/courier-auth.conf
@@ -3,7 +3,6 @@
 # Author: Christoph Haas
 # Modified by: Cyril Jaquier
 #
-# $Revision$
 #
 
 [Definition]
diff --git a/config/filter.d/courier-smtp.conf b/config/filter.d/courier-smtp.conf
index f0d696ff..6c0cf5ff 100644
--- a/config/filter.d/courier-smtp.conf
+++ b/config/filter.d/courier-smtp.conf
@@ -2,7 +2,6 @@
 #
 # Author: Cyril Jaquier
 #
-# $Revision$
 #
 
 [Definition]
diff --git a/config/filter.d/cyrus-imap.conf b/config/filter.d/cyrus-imap.conf
index 3a8734ee..758f75de 100644
--- a/config/filter.d/cyrus-imap.conf
+++ b/config/filter.d/cyrus-imap.conf
@@ -2,7 +2,6 @@
 #
 # Author: Jan Wagner <waja@cyconet.org>
 #
-# $Revision$
 #
 
 [Definition]
diff --git a/config/filter.d/dovecot.conf b/config/filter.d/dovecot.conf
index 18451e42..d7fb6e6d 100644
--- a/config/filter.d/dovecot.conf
+++ b/config/filter.d/dovecot.conf
@@ -2,7 +2,6 @@
 #
 # Author: Martin Waschbuesch
 #
-# $Revision$
 #
 
 [Definition]
diff --git a/config/filter.d/dropbear.conf b/config/filter.d/dropbear.conf
index 1309cc41..c822d08c 100644
--- a/config/filter.d/dropbear.conf
+++ b/config/filter.d/dropbear.conf
@@ -3,7 +3,6 @@
 # Author: Francis Russell
 #         Zak B. Elep
 #
-# $Revision$
 #
 # More information: http://bugs.debian.org/546913
 
diff --git a/config/filter.d/exim.conf b/config/filter.d/exim.conf
index 8bf4fc5f..b846e992 100644
--- a/config/filter.d/exim.conf
+++ b/config/filter.d/exim.conf
@@ -2,7 +2,6 @@
 #
 # Author: Cyril Jaquier
 #
-# $Revision$
 #
 
 [Definition]
diff --git a/config/filter.d/gssftpd.conf b/config/filter.d/gssftpd.conf
index 8c166309..e6c2e84a 100644
--- a/config/filter.d/gssftpd.conf
+++ b/config/filter.d/gssftpd.conf
@@ -2,7 +2,6 @@
 #
 # Author: Kevin Zembower (copied from wsftpd.conf)
 #
-# $Revision$
 #
 
 [Definition]
diff --git a/config/filter.d/named-refused.conf b/config/filter.d/named-refused.conf
index 64f7d685..1cdc626e 100644
--- a/config/filter.d/named-refused.conf
+++ b/config/filter.d/named-refused.conf
@@ -4,7 +4,6 @@
 #
 # Author: Yaroslav Halchenko
 #
-# $Revision$
 #
 
 [Definition]
diff --git a/config/filter.d/pam-generic.conf b/config/filter.d/pam-generic.conf
index 702f8ab0..eaeb122f 100644
--- a/config/filter.d/pam-generic.conf
+++ b/config/filter.d/pam-generic.conf
@@ -2,7 +2,6 @@
 #
 # Author: Yaroslav Halchenko
 #
-# $Revision$
 #
 
 [Definition]
diff --git a/config/filter.d/postfix.conf b/config/filter.d/postfix.conf
index d2dc4a0c..f92c3619 100644
--- a/config/filter.d/postfix.conf
+++ b/config/filter.d/postfix.conf
@@ -2,7 +2,6 @@
 #
 # Author: Cyril Jaquier
 #
-# $Revision$
 #
 
 [Definition]
diff --git a/config/filter.d/proftpd.conf b/config/filter.d/proftpd.conf
index 55a15da9..f28e2d4b 100644
--- a/config/filter.d/proftpd.conf
+++ b/config/filter.d/proftpd.conf
@@ -2,7 +2,6 @@
 #
 # Author: Yaroslav Halchenko
 #
-# $Revision$
 #
 
 [Definition]
diff --git a/config/filter.d/pure-ftpd.conf b/config/filter.d/pure-ftpd.conf
index 8066ae00..de46461d 100644
--- a/config/filter.d/pure-ftpd.conf
+++ b/config/filter.d/pure-ftpd.conf
@@ -3,7 +3,6 @@
 # Author: Cyril Jaquier
 # Modified: Yaroslav Halchenko for pure-ftpd
 #
-# $Revision$
 #
 
 [Definition]
diff --git a/config/filter.d/qmail.conf b/config/filter.d/qmail.conf
index 4d7acd6f..04feb2b7 100644
--- a/config/filter.d/qmail.conf
+++ b/config/filter.d/qmail.conf
@@ -2,7 +2,6 @@
 #
 # Author: Cyril Jaquier
 #
-# $Revision$
 #
 
 [Definition]
diff --git a/config/filter.d/sasl.conf b/config/filter.d/sasl.conf
index 4be847ee..6c4aeba7 100644
--- a/config/filter.d/sasl.conf
+++ b/config/filter.d/sasl.conf
@@ -2,7 +2,6 @@
 #
 # Author: Yaroslav Halchenko
 #
-# $Revision$
 #
 
 [Definition]
diff --git a/config/filter.d/sieve.conf b/config/filter.d/sieve.conf
index 00e9daf1..866b4228 100644
--- a/config/filter.d/sieve.conf
+++ b/config/filter.d/sieve.conf
@@ -2,7 +2,6 @@
 #
 # Author: Jan Wagner <waja@cyconet.org>
 #
-# $Revision$
 #
 
 [Definition]
diff --git a/config/filter.d/sshd.conf b/config/filter.d/sshd.conf
index b4e645c4..18ac6668 100644
--- a/config/filter.d/sshd.conf
+++ b/config/filter.d/sshd.conf
@@ -2,7 +2,6 @@
 #
 # Author: Cyril Jaquier
 #
-# $Revision$
 #
 
 [INCLUDES]
@@ -23,7 +22,7 @@ _daemon = sshd
 #          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
 # Values:  TEXT
 #
-failregex = ^%(__prefix_line)s(?:error: PAM: )?Authentication failure for .* from <HOST>\s*$
+failregex = ^%(__prefix_line)s(?:error: PAM: )?[aA]uthentication (?:failure|error) for .* from <HOST>( via \S+)?\s*$
             ^%(__prefix_line)s(?:error: PAM: )?User not known to the underlying authentication module for .* from <HOST>\s*$
             ^%(__prefix_line)sFailed \S+ for .* from <HOST>(?: port \d*)?(?: ssh\d*)?\s*$
             ^%(__prefix_line)sROOT LOGIN REFUSED.* FROM <HOST>\s*$
diff --git a/config/filter.d/vsftpd.conf b/config/filter.d/vsftpd.conf
index 4fc25777..259e2c82 100644
--- a/config/filter.d/vsftpd.conf
+++ b/config/filter.d/vsftpd.conf
@@ -2,7 +2,6 @@
 #
 # Author: Cyril Jaquier
 #
-# $Revision$
 #
 
 [Definition]
diff --git a/config/filter.d/webmin-auth.conf b/config/filter.d/webmin-auth.conf
index b1df45dc..67f6e73f 100644
--- a/config/filter.d/webmin-auth.conf
+++ b/config/filter.d/webmin-auth.conf
@@ -3,7 +3,6 @@
 # Author: Cyril Jaquier
 # Rule by : Delvit Guillaume
 #
-# $Revision$
 #
 
 [Definition]
diff --git a/config/filter.d/wuftpd.conf b/config/filter.d/wuftpd.conf
index 6f266fb5..3351d258 100644
--- a/config/filter.d/wuftpd.conf
+++ b/config/filter.d/wuftpd.conf
@@ -2,7 +2,6 @@
 #
 # Author: Yaroslav Halchenko
 #
-# $Revision$
 #
 
 [Definition]
diff --git a/config/filter.d/xinetd-fail.conf b/config/filter.d/xinetd-fail.conf
index e1c1e108..4ff5bfde 100644
--- a/config/filter.d/xinetd-fail.conf
+++ b/config/filter.d/xinetd-fail.conf
@@ -2,7 +2,6 @@
 #
 # Author: Guido Bozzetto
 #
-# $Revision$
 #
 
 [Definition]
diff --git a/config/jail.conf b/config/jail.conf
index 1e663a22..af21167a 100644
--- a/config/jail.conf
+++ b/config/jail.conf
@@ -182,6 +182,13 @@ maxretry  = 2
 
 # .. custom jails
 
+# ASSP SMTP Proxy Jail
+[assp]
+enabled  = false
+filter   = assp
+action = iptables-multiport[name=assp,port="25,465,587"]
+logpath  = /root/path/to/assp/logs/maillog.txt
+
 # Here we use TCP-Wrappers instead of Netfilter/Iptables. "ignoreregex" is
 # used to avoid banning the user "myuser".
 
@@ -223,7 +230,6 @@ logpath  = /var/log/sshd.log
 # option is overridden in this jail. Moreover, the action "mail-whois" defines
 # the variable "name" which contains a comma using "". The characters '' are
 # valid too.
-
 [sshd-ipfw]
 
 filter   = sshd
@@ -232,6 +238,16 @@ action   = ipfw[localhost=192.168.0.1]
 logpath  = /var/log/auth.log
 ignoreip = 168.192.0.1
 
+# bsd-ipfw is ipfw used by BSD. It uses ipfw tables.
+# table number must be unique.
+#
+# This will create a deny rule for that table ONLY if a rule
+# for the table doesn't ready exist.
+#
+[ssh-bsd-ipfw]
+filter   = sshd
+action   = bsd-ipfw[port=ssh,table=1]
+logpath  = /var/log/auth.log
 
 #
 # HTTP servers
@@ -493,3 +509,14 @@ action   = iptables-allports[name=recidive]
 bantime  = 604800  ; 1 week
 findtime = 86400   ; 1 day
 maxretry = 5
+
+# PF is a BSD based firewall
+[ssh-pf]
+
+enabled=false
+filter = sshd
+action = pf
+logpath  = /var/log/sshd.log
+maxretry=5
+
+
diff --git a/fail2ban/__init__.py b/fail2ban/__init__.py
index c448827b..3de9058c 100644
--- a/fail2ban/__init__.py
+++ b/fail2ban/__init__.py
@@ -19,7 +19,6 @@
 
 # Author: Cyril Jaquier
 # 
-# $Revision$
 
 __author__ = "Cyril Jaquier"
 __version__ = "$Revision$"
diff --git a/fail2ban/client/__init__.py b/fail2ban/client/__init__.py
index c448827b..3de9058c 100644
--- a/fail2ban/client/__init__.py
+++ b/fail2ban/client/__init__.py
@@ -19,7 +19,6 @@
 
 # Author: Cyril Jaquier
 # 
-# $Revision$
 
 __author__ = "Cyril Jaquier"
 __version__ = "$Revision$"
diff --git a/fail2ban/client/actionreader.py b/fail2ban/client/actionreader.py
index 01616967..b2573031 100644
--- a/fail2ban/client/actionreader.py
+++ b/fail2ban/client/actionreader.py
@@ -19,7 +19,6 @@
 
 # Author: Cyril Jaquier
 # 
-# $Revision$
 
 __author__ = "Cyril Jaquier"
 __version__ = "$Revision$"
diff --git a/fail2ban/client/configparserinc.py b/fail2ban/client/configparserinc.py
index de38c32b..a7f0fea3 100644
--- a/fail2ban/client/configparserinc.py
+++ b/fail2ban/client/configparserinc.py
@@ -19,7 +19,6 @@
 
 # Author: Yaroslav Halchenko
 # Modified: Cyril Jaquier
-# $Revision$
 
 __author__ = 'Yaroslav Halhenko'
 __revision__ = '$Revision$'
diff --git a/fail2ban/client/configreader.py b/fail2ban/client/configreader.py
index 5d2e8bf1..47b2f336 100644
--- a/fail2ban/client/configreader.py
+++ b/fail2ban/client/configreader.py
@@ -19,7 +19,6 @@
 
 # Author: Cyril Jaquier
 # Modified by: Yaroslav Halchenko (SafeConfigParserWithIncludes)
-# $Revision$
 
 __author__ = "Cyril Jaquier"
 __version__ = "$Revision$"
diff --git a/fail2ban/client/configurator.py b/fail2ban/client/configurator.py
index 23ee88c6..474d62eb 100644
--- a/fail2ban/client/configurator.py
+++ b/fail2ban/client/configurator.py
@@ -19,7 +19,6 @@
 
 # Author: Cyril Jaquier
 # 
-# $Revision$
 
 __author__ = "Cyril Jaquier"
 __version__ = "$Revision$"
diff --git a/fail2ban/client/csocket.py b/fail2ban/client/csocket.py
index 346c7a90..28a2711f 100644
--- a/fail2ban/client/csocket.py
+++ b/fail2ban/client/csocket.py
@@ -19,7 +19,6 @@
 
 # Author: Cyril Jaquier
 # 
-# $Revision$
 
 __author__ = "Cyril Jaquier"
 __version__ = "$Revision$"
diff --git a/fail2ban/client/fail2banreader.py b/fail2ban/client/fail2banreader.py
index e388f9ae..73240b71 100644
--- a/fail2ban/client/fail2banreader.py
+++ b/fail2ban/client/fail2banreader.py
@@ -19,7 +19,6 @@
 
 # Author: Cyril Jaquier
 # 
-# $Revision$
 
 __author__ = "Cyril Jaquier"
 __version__ = "$Revision$"
diff --git a/fail2ban/client/filterreader.py b/fail2ban/client/filterreader.py
index 5369bc5f..293a0aba 100644
--- a/fail2ban/client/filterreader.py
+++ b/fail2ban/client/filterreader.py
@@ -19,7 +19,6 @@
 
 # Author: Cyril Jaquier
 # 
-# $Revision$
 
 __author__ = "Cyril Jaquier"
 __version__ = "$Revision$"
diff --git a/fail2ban/client/jailreader.py b/fail2ban/client/jailreader.py
index 9943b697..2d92cdc5 100644
--- a/fail2ban/client/jailreader.py
+++ b/fail2ban/client/jailreader.py
@@ -19,7 +19,6 @@
 
 # Author: Cyril Jaquier
 # 
-# $Revision$
 
 __author__ = "Cyril Jaquier"
 __version__ = "$Revision$"
diff --git a/fail2ban/client/jailsreader.py b/fail2ban/client/jailsreader.py
index 345a225f..4d0ab6b6 100644
--- a/fail2ban/client/jailsreader.py
+++ b/fail2ban/client/jailsreader.py
@@ -19,7 +19,6 @@
 
 # Author: Cyril Jaquier
 # 
-# $Revision$
 
 __author__ = "Cyril Jaquier"
 __version__ = "$Revision$"
diff --git a/fail2ban/helpers.py b/fail2ban/helpers.py
index 6115b971..3c830138 100644
--- a/fail2ban/helpers.py
+++ b/fail2ban/helpers.py
@@ -20,7 +20,6 @@
 # Author: Cyril Jaquier
 # Author: Arturo 'Buanzo' Busleiman
 # 
-# $Revision$
 
 __author__ = "Cyril Jaquier"
 __version__ = "$Revision$"
diff --git a/fail2ban/protocol.py b/fail2ban/protocol.py
index dda5c21d..4d07fb0e 100644
--- a/fail2ban/protocol.py
+++ b/fail2ban/protocol.py
@@ -19,7 +19,6 @@
 
 # Author: Cyril Jaquier
 # 
-# $Revision$
 
 __author__ = "Cyril Jaquier"
 __version__ = "$Revision$"
diff --git a/fail2ban/server/__init__.py b/fail2ban/server/__init__.py
index c448827b..2b76f4b6 100644
--- a/fail2ban/server/__init__.py
+++ b/fail2ban/server/__init__.py
@@ -19,10 +19,7 @@
 
 # Author: Cyril Jaquier
 # 
-# $Revision$
 
 __author__ = "Cyril Jaquier"
-__version__ = "$Revision$"
-__date__ = "$Date$"
 __copyright__ = "Copyright (c) 2004 Cyril Jaquier"
 __license__ = "GPL"
diff --git a/fail2ban/server/actions.py b/fail2ban/server/actions.py
index 0f7e6b72..520886af 100644
--- a/fail2ban/server/actions.py
+++ b/fail2ban/server/actions.py
@@ -19,11 +19,8 @@
 
 # Author: Cyril Jaquier
 # 
-# $Revision$
 
 __author__ = "Cyril Jaquier"
-__version__ = "$Revision$"
-__date__ = "$Date$"
 __copyright__ = "Copyright (c) 2004 Cyril Jaquier"
 __license__ = "GPL"
 
diff --git a/fail2ban/server/asyncserver.py b/fail2ban/server/asyncserver.py
index e6af4b26..86c161c9 100644
--- a/fail2ban/server/asyncserver.py
+++ b/fail2ban/server/asyncserver.py
@@ -19,11 +19,8 @@
 
 # Author: Cyril Jaquier
 # 
-# $Revision$
 
 __author__ = "Cyril Jaquier"
-__version__ = "$Revision$"
-__date__ = "$Date$"
 __copyright__ = "Copyright (c) 2004 Cyril Jaquier"
 __license__ = "GPL"
 
diff --git a/fail2ban/server/banmanager.py b/fail2ban/server/banmanager.py
index 9c81f252..ef3bf204 100644
--- a/fail2ban/server/banmanager.py
+++ b/fail2ban/server/banmanager.py
@@ -19,11 +19,8 @@
 
 # Author: Cyril Jaquier
 # 
-# $Revision$
 
 __author__ = "Cyril Jaquier"
-__version__ = "$Revision$"
-__date__ = "$Date$"
 __copyright__ = "Copyright (c) 2004 Cyril Jaquier"
 __license__ = "GPL"
 
diff --git a/fail2ban/server/datedetector.py b/fail2ban/server/datedetector.py
index 6b66253b..46dbd358 100644
--- a/fail2ban/server/datedetector.py
+++ b/fail2ban/server/datedetector.py
@@ -161,6 +161,12 @@ class DateDetector:
 			template.setRegex("\S{3}\s{1,2}\d{1,2}, \d{4} \d{1,2}:\d{2}:\d{2} [AP]M")
 			template.setPattern("%b %d, %Y %I:%M:%S %p")
 			self._appendTemplate(template)
+			# ASSP: Apr-27-13 02:33:06
+			template = DateStrptime()
+			template.setName("Month-Day-Year Hour:Minute:Second")
+			template.setRegex("^[a-zA-Z]{3}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}")
+			template.setPattern("%b-%d-%y %H:%M:%S")
+			self._appendTemplate(template)
 		finally:
 			self.__lock.release()
 	
diff --git a/fail2ban/server/datetemplate.py b/fail2ban/server/datetemplate.py
index 94523fba..4e7562bc 100644
--- a/fail2ban/server/datetemplate.py
+++ b/fail2ban/server/datetemplate.py
@@ -19,11 +19,8 @@
 
 # Author: Cyril Jaquier
 # 
-# $Revision$
 
 __author__ = "Cyril Jaquier"
-__version__ = "$Revision$"
-__date__ = "$Date$"
 __copyright__ = "Copyright (c) 2004 Cyril Jaquier"
 __license__ = "GPL"
 
@@ -218,3 +215,4 @@ class DateISO8601(DateTemplate):
 			value = dateMatch.group()
 			date = list(iso8601.parse_date(value).timetuple())
 		return date
+
diff --git a/fail2ban/server/faildata.py b/fail2ban/server/faildata.py
index efda51e1..232a492d 100644
--- a/fail2ban/server/faildata.py
+++ b/fail2ban/server/faildata.py
@@ -19,11 +19,8 @@
 
 # Author: Cyril Jaquier
 # 
-# $Revision$
 
 __author__ = "Cyril Jaquier"
-__version__ = "$Revision$"
-__date__ = "$Date$"
 __copyright__ = "Copyright (c) 2004 Cyril Jaquier"
 __license__ = "GPL"
 
diff --git a/fail2ban/server/failmanager.py b/fail2ban/server/failmanager.py
index 60e71c7b..f021a46d 100644
--- a/fail2ban/server/failmanager.py
+++ b/fail2ban/server/failmanager.py
@@ -19,11 +19,8 @@
 
 # Author: Cyril Jaquier
 # 
-# $Revision$
 
 __author__ = "Cyril Jaquier"
-__version__ = "$Revision$"
-__date__ = "$Date$"
 __copyright__ = "Copyright (c) 2004 Cyril Jaquier"
 __license__ = "GPL"
 
diff --git a/fail2ban/server/filterpoll.py b/fail2ban/server/filterpoll.py
index 191b95b3..3ca6ded0 100644
--- a/fail2ban/server/filterpoll.py
+++ b/fail2ban/server/filterpoll.py
@@ -21,8 +21,6 @@
 #
 
 __author__ = "Cyril Jaquier, Yaroslav Halchenko"
-__version__ = "$Revision$"
-__date__ = "$Date$"
 __copyright__ = "Copyright (c) 2004 Cyril Jaquier; 2012 Yaroslav Halchenko"
 __license__ = "GPL"
 
diff --git a/fail2ban/server/jailthread.py b/fail2ban/server/jailthread.py
index 98fd4066..c786712f 100644
--- a/fail2ban/server/jailthread.py
+++ b/fail2ban/server/jailthread.py
@@ -19,11 +19,8 @@
 
 # Author: Cyril Jaquier
 # 
-# $Revision$
 
 __author__ = "Cyril Jaquier"
-__version__ = "$Revision$"
-__date__ = "$Date$"
 __copyright__ = "Copyright (c) 2004 Cyril Jaquier"
 __license__ = "GPL"
 
diff --git a/fail2ban/server/server.py b/fail2ban/server/server.py
index cd393dd6..0ed6292d 100644
--- a/fail2ban/server/server.py
+++ b/fail2ban/server/server.py
@@ -19,11 +19,8 @@
 
 # Author: Cyril Jaquier
 # 
-# $Revision$
 
 __author__ = "Cyril Jaquier"
-__version__ = "$Revision$"
-__date__ = "$Date$"
 __copyright__ = "Copyright (c) 2004 Cyril Jaquier"
 __license__ = "GPL"
 
diff --git a/fail2ban/server/ticket.py b/fail2ban/server/ticket.py
index 95643d15..02576d29 100644
--- a/fail2ban/server/ticket.py
+++ b/fail2ban/server/ticket.py
@@ -19,11 +19,8 @@
 
 # Author: Cyril Jaquier
 # 
-# $Revision$
 
 __author__ = "Cyril Jaquier"
-__version__ = "$Revision$"
-__date__ = "$Date$"
 __copyright__ = "Copyright (c) 2004 Cyril Jaquier"
 __license__ = "GPL"
 
diff --git a/fail2ban/server/transmitter.py b/fail2ban/server/transmitter.py
index a3ae1980..22681bf7 100644
--- a/fail2ban/server/transmitter.py
+++ b/fail2ban/server/transmitter.py
@@ -19,11 +19,8 @@
 
 # Author: Cyril Jaquier
 # 
-# $Revision$
 
 __author__ = "Cyril Jaquier"
-__version__ = "$Revision$"
-__date__ = "$Date$"
 __copyright__ = "Copyright (c) 2004 Cyril Jaquier"
 __license__ = "GPL"
 
diff --git a/fail2ban/tests/__init__.py b/fail2ban/tests/__init__.py
index c448827b..3de9058c 100644
--- a/fail2ban/tests/__init__.py
+++ b/fail2ban/tests/__init__.py
@@ -19,7 +19,6 @@
 
 # Author: Cyril Jaquier
 # 
-# $Revision$
 
 __author__ = "Cyril Jaquier"
 __version__ = "$Revision$"
diff --git a/fail2ban/tests/actiontestcase.py b/fail2ban/tests/actiontestcase.py
index c1e3c81d..e0aaee56 100644
--- a/fail2ban/tests/actiontestcase.py
+++ b/fail2ban/tests/actiontestcase.py
@@ -19,7 +19,6 @@
 
 # Author: Cyril Jaquier
 # 
-# $Revision$
 
 __author__ = "Cyril Jaquier"
 __version__ = "$Revision$"
@@ -89,6 +88,9 @@ class ExecuteAction(unittest.TestCase):
 			'ABC': "123",
 			'xyz': "890",
 		}
+		self.assertEqual(
+			self.__action.replaceTag("Text<br>text", aInfo),
+			"Text\ntext")
 		self.assertEqual(
 			self.__action.replaceTag("Text <HOST> text", aInfo),
 			"Text 192.0.2.0 text")
diff --git a/fail2ban/tests/banmanagertestcase.py b/fail2ban/tests/banmanagertestcase.py
index 8d0f1929..408c72e6 100644
--- a/fail2ban/tests/banmanagertestcase.py
+++ b/fail2ban/tests/banmanagertestcase.py
@@ -19,7 +19,6 @@
 
 # Author: Cyril Jaquier
 # 
-# $Revision$
 
 __author__ = "Cyril Jaquier"
 __version__ = "$Revision$"
diff --git a/fail2ban/tests/datedetectortestcase.py b/fail2ban/tests/datedetectortestcase.py
index 534abdbb..f6415907 100644
--- a/fail2ban/tests/datedetectortestcase.py
+++ b/fail2ban/tests/datedetectortestcase.py
@@ -19,7 +19,6 @@
 
 # Author: Cyril Jaquier
 # 
-# $Revision$
 
 __author__ = "Cyril Jaquier"
 __version__ = "$Revision$"
@@ -90,6 +89,7 @@ class DateDetectorTest(unittest.TestCase):
 			"<01/23/05@21:59:59>",
 			"050123 21:59:59", # MySQL
 			"Jan 23, 2005 9:59:59 PM", # Apache Tomcat
+			"Jan-23-05 21:59:59", # ASSP like
 			):
 			log = sdate + "[sshd] error: PAM: Authentication failure"
 			# exclude
diff --git a/fail2ban/tests/failmanagertestcase.py b/fail2ban/tests/failmanagertestcase.py
index 7a714122..7661079e 100644
--- a/fail2ban/tests/failmanagertestcase.py
+++ b/fail2ban/tests/failmanagertestcase.py
@@ -19,7 +19,6 @@
 
 # Author: Cyril Jaquier
 # 
-# $Revision$
 
 __author__ = "Cyril Jaquier"
 __version__ = "$Revision$"
diff --git a/fail2ban/tests/files/logs/sshd b/fail2ban/tests/files/logs/sshd
index 8e6c1273..5dab1606 100644
--- a/fail2ban/tests/files/logs/sshd
+++ b/fail2ban/tests/files/logs/sshd
@@ -1,6 +1,6 @@
 #1
 Jun 21 16:47:48 digital-mlhhyiqscv sshd[13709]: error: PAM: Authentication failure for myhlj1374 from 192.030.0.6
-May 29 20:56:52 imago sshd[28732]: error: PAM: Authentication failure for stefanor from www.onerussian.com
+May 29 20:56:52 imago sshd[28732]: error: PAM: Authentication failure for stefanor from example.com
 
 #2
 Feb 25 14:34:10 belka sshd[31602]: Failed password for invalid user ROOT from 194.117.26.69 port 50273 ssh2
@@ -13,10 +13,10 @@ Jan  5 01:31:41 www sshd[1643]: ROOT LOGIN REFUSED FROM ::ffff:1.2.3.4
 #4
 Jul 20 14:42:11 localhost sshd[22708]: Invalid user ftp from 211.114.51.213
 
-
 #5 new filter introduced after looking at 44087D8C.9090407@bluewin.ch
-Mar  3 00:17:22 [sshd] User root from 210.188.220.49 not allowed because not listed in AllowUsers
-Feb 25 14:34:11 belka sshd[31607]: User root from ferrari.inescn.pt not allowed because not listed in AllowUsers
+# yoh: added ':' after [sshd] since the case without is not really common any more
+Mar  3 00:17:22 [sshd]: User root from 211.188.220.49 not allowed because not listed in AllowUsers
+Feb 25 14:34:11 belka sshd[31607]: User root from example.com not allowed because not listed in AllowUsers
 
 #6 ew filter introduced thanks to report Guido Bozzetto <reportbug@G-B.it>
 Nov 11 23:33:27 Server sshd[5174]: refused connect from _U2FsdGVkX19P3BCJmFBHhjLza8BcMH06WCUVwttMHpE=_@::ffff:218.249.210.161 (::ffff:218.249.210.161)
@@ -29,5 +29,20 @@ Oct 15 19:51:35 server sshd[7592]: Address 1.2.3.4 maps to 1234.bbbbbb.com, but
 #8 DenyUsers https://github.com/fail2ban/fail2ban/issues/47
 Apr 16 22:01:15 al-ribat sshd[5154]: User root from 46.45.128.3 not allowed because listed in DenyUsers
 
-# http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=648020
-Nov  8 11:19:38 bar sshd[25427]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=1.2.3.6
+#9 OpenSolaris patch - pull https://github.com/fail2ban/fail2ban/pull/182
+Mar 29 05:59:23 dusky sshd[20878]: [ID 800047 auth.info] Failed keyboard-interactive for <invalid username> from 205.186.180.55 port 42742 ssh2
+Mar 29 05:20:09 dusky sshd[19558]: [ID 800047 auth.info] Failed keyboard-interactive for james from 205.186.180.30 port 54520 ssh2
+
+#10 OSX syslog error
+Apr 29 17:16:20 Jamess-iMac.local sshd[62312]: error: PAM: authentication error for james from example.com via 192.168.1.201
+Apr 29 20:11:08 Jamess-iMac.local sshd[63814]: [ID 800047 auth.info] Failed keyboard-interactive for <invalid username> from 205.186.180.35 port 42742 ssh2
+Apr 29 20:12:08 Jamess-iMac.local sshd[63814]: [ID 800047 auth.info] Failed keyboard-interactive for james from 205.186.180.22 port 54520 ssh2
+Apr 29 20:13:08 Jamess-iMac.local sshd[63814]: Failed keyboard-interactive for james from 205.186.180.42 port 54520 ssh2
+Apr 29 20:14:08 Jamess-iMac.local sshd[63814]: Failed keyboard-interactive for <invalid username> from 205.186.180.44 port 42742 ssh2
+Apr 30 01:42:12 Jamess-iMac.local sshd[2554]: Failed keyboard-interactive/pam for invalid user jamedds from 205.186.180.77 port 33723 ssh2
+Apr 29 12:53:38 Jamess-iMac.local sshd[47831]: error: PAM: authentication failure for james from 205.186.180.88 via 192.168.1.201
+Apr 29 13:53:38 Jamess-iMac.local sshd[47831]: error: PAM: Authentication failure for james from 205.186.180.99 via 192.168.1.201
+Apr 29 15:53:38 Jamess-iMac.local sshd[47831]: error: PAM: Authentication error for james from 205.186.180.100 via 192.168.1.201
+Apr 29 16:53:38 Jamess-iMac.local sshd[47831]: error: PAM: authentication error for james from 205.186.180.101 via 192.168.1.201
+Apr 29 17:53:38 Jamess-iMac.local sshd[47831]: error: PAM: authentication error for james from 205.186.180.102
+Apr 29 18:53:38 Jamess-iMac.local sshd[47831]: error: PAM: authentication error for james from 205.186.180.103
diff --git a/fail2ban/tests/servertestcase.py b/fail2ban/tests/servertestcase.py
index 8a549e8a..b7e080e2 100644
--- a/fail2ban/tests/servertestcase.py
+++ b/fail2ban/tests/servertestcase.py
@@ -19,7 +19,6 @@
 
 # Author: Cyril Jaquier
 # 
-# $Revision$
 
 __author__ = "Cyril Jaquier"
 __version__ = "$Revision$"
diff --git a/fail2ban/tests/sockettestcase.py b/fail2ban/tests/sockettestcase.py
index bbca8dde..8693a5cd 100644
--- a/fail2ban/tests/sockettestcase.py
+++ b/fail2ban/tests/sockettestcase.py
@@ -19,7 +19,6 @@
 
 # Author: Steven Hiscocks
 # 
-# $Revision$
 
 __author__ = "Steven Hiscocks"
 __version__ = "$Revision$"
diff --git a/fail2ban/version.py b/fail2ban/version.py
index a4499b21..10ec17ee 100644
--- a/fail2ban/version.py
+++ b/fail2ban/version.py
@@ -19,7 +19,6 @@
 
 # Author: Cyril Jaquier
 # 
-# $Revision$
 
 __author__ = "Cyril Jaquier, Yaroslav Halchenko"
 __copyright__ = "Copyright (c) 2004 Cyril Jaquier, 2011-2013 Yaroslav Halchenko"
diff --git a/files/bash-completion b/files/bash-completion
new file mode 100644
index 00000000..7a42bd1e
--- /dev/null
+++ b/files/bash-completion
@@ -0,0 +1,149 @@
+# fail2ban bash-completion                                 -*- shell-script -*-
+#
+# This file is part of Fail2Ban.
+#
+# Fail2Ban is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# Fail2Ban is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Fail2Ban; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+
+__fail2ban_jails () {
+    "$1" status 2>/dev/null | awk -F"\t+" '/Jail list/{print $2}' | sed 's/, / /g'
+}
+
+_fail2ban () {
+    local cur prev words cword
+    _init_completion || return 
+
+    case $prev in
+        -V|--version|-h|--help)
+            return 0 # No further completion valid
+            ;;
+        -c)
+            _filedir -d # Directories
+            return 0
+            ;;
+        -s|-p)
+            _filedir # Files
+            return 0
+            ;;
+        *)
+            if [[ "$cur" == "-"* ]];then
+                COMPREPLY=( $( compgen -W \
+                    "$( _parse_help "$1" --help 2>/dev/null) -V" \
+                     -- "$cur") )
+                return 0
+            fi
+            ;;
+    esac
+
+    if [[ "$1" == *"fail2ban-regex" ]];then
+        _filedir
+        return 0
+    elif [[ "$1" == *"fail2ban-client" ]];then
+        local cmd jail
+        case $prev in
+            "$1")
+                COMPREPLY=( $( compgen -W \
+                    "$( "$1" --help 2>/dev/null | awk '/^    [a-z]+/{print $1}')" \
+                    -- "$cur") )
+                return 0
+                ;;
+            start|reload|stop|status)
+                COMPREPLY=( $(compgen -W "$(__fail2ban_jails "$1")" -- "$cur" ) )
+                return 0
+                ;;
+            set|get)
+                COMPREPLY=( $( compgen -W \
+                    "$( "$1" --help 2>/dev/null | awk '/^    '$prev' [^<]/{print $2}')" \
+                    -- "$cur") )
+                COMPREPLY+=( $(compgen -W "$(__fail2ban_jails "$1")" -- "$cur" ) )
+                return 0
+                ;;
+            *)
+                if [[ "${words[$cword-2]}" == "add" ]];then
+                    COMPREPLY=( $( compgen -W "auto polling gamin pyinotify" -- "$cur" ) )
+                    return 0
+                elif [[ "${words[$cword-2]}" == "set" ||  "${words[$cword-2]}" == "get" ]];then
+                    cmd="${words[cword-2]}"
+                    # Handle in section below
+                elif [[ "${words[$cword-3]}" == "set" || "${words[$cword-3]}" == "get" ]];then
+                    cmd="${words[$cword-3]}"
+                    jail="${words[$cword-2]}"
+                    # Handle in section below
+                fi
+            ;;
+        esac
+
+        if [[ -z "$jail" && -n "$cmd" ]];then
+            case $prev in
+                loglevel)
+                    if [[ "$cmd" == "set" ]];then
+                        COMPREPLY=( $( compgen -W "0 1 2 3 4" -- "$cur" ) )
+                    fi
+                    return 0
+                    ;;
+                logtarget)
+                    if [[ "$cmd" == "set" ]];then
+                        COMPREPLY=( $( compgen -W "STDOUT STDERR SYSLOG" -- "$cur" ) )
+                        _filedir # And files
+                    fi
+                    return 0
+                    ;;
+                *) # Jail name
+                    COMPREPLY=( $( compgen -W \
+                        "$( "$1" --help 2>/dev/null | awk '/^    '${cmd}' <JAIL>/{print $3}')" \
+                        -- "$cur") )
+                    return 0
+                    ;;
+            esac
+        elif [[ -n "$jail" && "$cmd" == "set" ]];then
+            case $prev in
+                addlogpath)
+                    _filedir
+                    return 0
+                    ;;
+                dellogpath|delignoreip)
+                    COMPREPLY=( $( compgen -W \
+                        "$( "$1" get "$jail" "${prev/del/}" 2>/dev/null | awk -F- '{print $2}')" \
+                    -- "$cur" ) )
+                    if [[ -z "$COMPREPLY" && "$prev" == "dellogpath" ]];then
+                        _filedir
+                    fi
+                    return 0
+                    ;;
+                delfailregex|delignoregex)
+                    COMPREPLY=( $( compgen -W \
+                        "$( "$1" get "$jail" "${prev/del/}" 2>/dev/null | awk -F"[][]" '{print $2}')" \
+                    -- "$cur" ) )
+                    return 0
+                    ;;
+                unbanip)
+                    COMPREPLY=( $( compgen -W \
+                        "$( "$1" status "$jail" 2>/dev/null | awk -F"\t+" '/IP list:/{print $2}')" \
+                    -- "$cur" ) )
+                    return 0
+                    ;;
+                idle)
+                    COMPREPLY=( $( compgen -W "on off" -- "$cur" ) )
+                    return 0
+                    ;;
+                usedns)
+                    COMPREPLY=( $( compgen -W "yes no warn" -- "$cur" ) )
+                    return 0
+                    ;;
+            esac
+        fi
+
+    fi # fail2ban-client
+} &&
+complete -F _fail2ban fail2ban-client fail2ban-server fail2ban-regex
diff --git a/files/cacti/fail2ban_stats.sh b/files/cacti/fail2ban_stats.sh
index 4d29854f..2c2e368a 100644
--- a/files/cacti/fail2ban_stats.sh
+++ b/files/cacti/fail2ban_stats.sh
@@ -25,7 +25,6 @@
 #
 # Author: Cyril Jaquier
 # 
-# $Revision$
 
 FAIL2BAN="fail2ban-client"
 
diff --git a/files/fail2ban-logrotate b/files/fail2ban-logrotate
new file mode 100644
index 00000000..67c6364a
--- /dev/null
+++ b/files/fail2ban-logrotate
@@ -0,0 +1,18 @@
+#
+# Gentoo:
+# http://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/net-analyzer/fail2ban/files/fail2ban-logrotate?view=markup
+#
+# Debian:
+# https://github.com/fail2ban/fail2ban/blob/debian/debian/fail2ban.logrotate
+#
+# Fedora view:
+#  http://pkgs.fedoraproject.org/cgit/fail2ban.git/tree/fail2ban-logrotate
+
+/var/log/fail2ban.log {
+    rotate 7
+    missingok
+    compress
+    postrotate
+      /usr/bin/fail2ban-client set logtarget /var/log/fail2ban.log 1>/dev/null || true
+    endscript
+}
diff --git a/files/gentoo-initd b/files/gentoo-initd
index 4f4486ca..b56d4bdb 100755
--- a/files/gentoo-initd
+++ b/files/gentoo-initd
@@ -17,7 +17,6 @@
 #
 # Author: Sireyessire, Cyril Jaquier
 #
-# $Revision$
 
 extra_started_commands="reload showlog"
 
diff --git a/files/solaris-svc-fail2ban b/files/solaris-svc-fail2ban
old mode 100644
new mode 100755
index 9f75f9f6..e397474b
--- a/files/solaris-svc-fail2ban
+++ b/files/solaris-svc-fail2ban
@@ -17,8 +17,26 @@ fi
 
 ENV="/usr/bin/env -i LANG=C PATH=/usr/local/bin:/usr/bin:/bin:/opt/sfw/bin:/usr/sfw/bin"
 
+# get socket/pid conf and check dir exists
+# sock and pid default dirs are currently the same
+# mkdir if it doesn't exist
+SOCK_FILE=$(sed "/^\#/d" "$F2B_CONF" | grep "socket"  | tail -1 | cut -d "=" -f2-)
+SOCK_DIR=$(dirname $SOCK_FILE)
+if [ -n "$SOCK_DIR" ]; then
+	if [ ! -d "$SOCK_DIR" ]; then
+		mkdir "$SOCK_DIR" || exit 1
+	fi
+fi
+
 case $1 in
 	start)
+		# remove any lingering sockets
+		# don't quote the var for the -e test
+		if [ -n "$SOCK_FILE" ]; then
+			if [ -e $SOCK_FILE ]; then
+				rm -f $SOCK_FILE || exit 1
+			fi
+		fi
 		[ -f /etc/fail2ban.conf ] || touch /etc/fail2ban.conf
 		echo "Starting fail2ban-server with $F2B_CONF"
 		eval $ENV /usr/local/bin/fail2ban-client start &
diff --git a/testcases/files/logs/assp b/testcases/files/logs/assp
new file mode 100644
index 00000000..99363001
--- /dev/null
+++ b/testcases/files/logs/assp
@@ -0,0 +1,13 @@
+Apr-07-13 07:08:36 [SSL-out] 68.171.223.68 SSL negotiation with client failed: SSL accept attempt failed with unknown errorerror:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol;
+Apr-07-13 07:08:36 [SSL-out] 68.171.223.68 SSL negotiation with client failed: SSL accept attempt failed with unknown errorerror:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol;
+Apr-07-13 07:10:37 [SSL-out] 68.171.223.68 SSL negotiation with client failed: SSL accept attempt failed with unknown errorerror:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol;
+Apr-07-13 07:12:37 [SSL-out] 68.171.223.68 SSL negotiation with client failed: SSL accept attempt failed with unknown errorerror:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol;
+Apr-07-13 07:14:36 [SSL-out] 68.171.223.68 SSL negotiation with client failed: SSL accept attempt failed with unknown errorerror:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol;
+Apr-27-13 02:25:09 Blocking 217.194.197.97 - too much AUTH errors (8);
+Apr-27-13 02:25:09 Blocking 217.194.197.97 - too much AUTH errors (9);
+Apr-27-13 02:25:09 Blocking 217.194.197.97 - too much AUTH errors (10);
+Apr-27-13 02:25:10 [SSL-out] 217.194.197.97 max sender authentication errors (5) exceeded -- dropping connection - after reply: 535 5.7.8 Error: authentication failed: UGFzc3dvcmQ6;
+Apr-27-13 02:25:10 [SSL-out] 217.194.197.97 max sender authentication errors (5) exceeded -- dropping connection - after reply: 535 5.7.8 Error: authentication failed: UGFzc3dvcmQ6;
+Apr-27-13 02:25:10 [SSL-out] 217.194.197.97 max sender authentication errors (5) exceeded -- dropping connection - after reply: 535 5.7.8 Error: authentication failed: UGFzc3dvcmQ6;
+Apr-27-13 02:25:11 [SSL-out] 217.194.197.97 max sender authentication errors (5) exceeded -- dropping connection - after reply: 535 5.7.8 Error: authentication failed: UGFzc3dvcmQ6;
+
diff --git a/testcases/files/logs/bsd/syslog-plain.txt b/testcases/files/logs/bsd/syslog-plain.txt
new file mode 100644
index 00000000..575d8b89
--- /dev/null
+++ b/testcases/files/logs/bsd/syslog-plain.txt
@@ -0,0 +1,3 @@
+Apr  2 17:52:55 pancake sshd[55657]: Invalid user oracle from 192.0.2.100
+Apr  2 17:53:01 pancake sshd[55657]: error: PAM: authentication error for illegal user oracle from example.com
+Apr  2 17:53:01 pancake sshd[55657]: Failed keyboard-interactive/pam for invalid user oracle from 192.0.2.100 port 48856 ssh2
diff --git a/testcases/files/logs/bsd/syslog-v.txt b/testcases/files/logs/bsd/syslog-v.txt
new file mode 100644
index 00000000..a8db3d77
--- /dev/null
+++ b/testcases/files/logs/bsd/syslog-v.txt
@@ -0,0 +1,10 @@
+Apr  2 17:51:27 <4.3> pancake sshd[55624]: error: PAM: authentication error for nick from example.com
+Apr  2 17:51:32 <4.6> pancake sshd[55628]: Invalid user r00t from 192.0.2.100
+Apr  2 17:51:33 <4.3> pancake sshd[55628]: error: PAM: authentication error for illegal user r00t from example.com
+Apr  2 17:51:33 <4.6> pancake sshd[55628]: Failed keyboard-interactive/pam for invalid user r00t from 192.0.2.100 port 46050 ssh2
+Apr  2 17:51:34 <4.3> pancake sshd[55628]: error: PAM: authentication error for illegal user r00t from example.com
+Apr  2 17:51:34 <4.6> pancake sshd[55628]: Failed keyboard-interactive/pam for invalid user r00t from 192.0.2.100 port 46050 ssh2
+Apr  2 17:51:36 <4.3> pancake sshd[55628]: error: PAM: authentication error for illegal user r00t from example.com
+Apr  2 17:51:36 <4.6> pancake sshd[55628]: Failed keyboard-interactive/pam for invalid user r00t from 192.0.2.100 port 46050 ssh2
+Apr  2 17:52:06 <4.6> pancake sshd[55647]: Invalid user oracle from 192.0.2.100
+Apr  2 17:52:07 <4.3> pancake sshd[55647]: error: PAM: authentication error for illegal user oracle from example.com
diff --git a/testcases/files/logs/bsd/syslog-vv.txt b/testcases/files/logs/bsd/syslog-vv.txt
new file mode 100644
index 00000000..74143226
--- /dev/null
+++ b/testcases/files/logs/bsd/syslog-vv.txt
@@ -0,0 +1,5 @@
+Mar 19 23:48:18 <auth.info> pancake sshd[55517]: Invalid user r00t from 183.60.159.20
+Mar 19 23:48:20 <auth.info> pancake sshd[55519]: Invalid user r00t from 183.60.159.20
+Mar 19 23:50:03 <auth.info> pancake sshd[55604]: Invalid user http from 183.60.159.20
+Mar 19 23:50:05 <auth.info> pancake sshd[55606]: Invalid user kylix from 183.60.159.20
+Mar 19 23:50:08 <auth.info> pancake sshd[55608]: Invalid user nagios from 183.60.159.20