github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity
6,114 Commits
34 Branches
230 Tags
19 MiB
Commit Graph

544 Commits (fix-pythonic-build-install)

Author SHA1 Message Date
Sergey G. Brester 52d239483d
typo 2025-04-16 17:18:36 +02:00
sebres cbe14c70c5 iptables.conf rewritten to affect all derivative actions (multiple chains are also supported by `iptables-ipset` etc); 
iptables-xt_recent-echo.conf adjusted to be compatible to new syntax of inherited iptables.conf;
test coverage fixed to new handling
 2025-04-16 16:56:46 +02:00
Arnaud 37f72f88ef Reverting chains to chain in order to preserve backward compatibilityu 
backing to the option named "chain", using "iteredchain" a new variable to iterate over.
 2025-04-16 16:06:29 +02:00
Arnaud 139151ec81 Update iptables.conf - allow bans to be efective on multiple chains at the same time 
This patch allows the ban to be applied on the INPUT and the FORWARD chain at the time. May be useful at least on routing devices and on docker hosting machines.
 2025-04-16 16:06:28 +02:00
Sergey G. Brester c9b5e845ba
`action.d/cloudflare-token.conf`: fixes `actionunban` retrieving of CF-ID from IP: 
force adding parameters to URL as query string (add `-G` to curl);
closes gh-3952
 2025-03-01 20:19:35 +01:00
Sergey G. Brester e5199aee92
action.d/ufw.conf: update comment: 
fix syntax in example, because `dst` as command parameter doesn't have precedence over or-expression, so second `sport` would ignore `dst` and kill any connection for https regardless the IP
 2025-03-01 00:23:55 +01:00
sebres 155a0855f2 silence codespell 2025-01-29 21:59:35 +01:00
Sergey G. Brester 51358e1587
Merge pull request #3636 from szepeviktor/typos 
Fix more typos
 2024-12-21 19:31:54 +01:00
sebres eb4731d8b1 action.d/*-ipset.conf: workaround sporadic failures by stop if destroying ipset too fast (sleep a bit in error case and repeat); 
closes gh-3624
 2024-11-07 19:28:53 +01:00
Sergey G. Brester 89970d2e3e
Merge pull request #1351 from AntagonistHQ/csf 
add support for the CSF firewall
 2024-09-29 10:01:58 +02:00
Sergey G. Brester 363c0d5fd0
nftables.conf: fixed comment (since 7f1b578af4, gh-488 actioncheck would be never invoked in regular case) 2024-09-07 13:15:45 +02:00
thomas-333 44bd87951e
Update apprise.conf 
Correct typo. "as" should read "has"
 2024-09-02 10:17:10 +01:00
sebres d4663e8941 `action.d/firewallcmd-rich-*.conf`: fixed incorrect quoting, disabling port variable expansion by substitution of rich rule; closes gh-3815 2024-08-07 22:43:42 +02:00
sebres 2533526827 extend ipset actions with new parameter `ipsettype` for the type of set (gh-3760), affected actions: 
`action.d/firewallcmd-ipset.conf`, `action.d/iptables-ipset.conf`, `action.d/shorewall-ipset-proto6.conf`
 2024-06-09 23:38:58 +02:00
sebres 17daf0ec78 `action.d/firewallcmd-ipset.conf`: rename `ipsettype` to `ipsetbackend` (`ipsettype` will be used now to the real set type); 
amend to #2620
 2024-06-09 23:32:03 +02:00
by 21bf636056
Update abuseipdb.conf 
Corrected link for HP helper (see https://shaunc.com/blog/article/reporting-to-abuseipdb.com-with-fail2ban~kDoa-Hml95wW)
 2024-05-20 15:34:24 +02:00
sebres c04e12dd8d Merge remote-tracking branch 'remotes/gh-upstream/0.11' 2024-04-29 11:03:33 +02:00
Sergey G. Brester 1434e3089c
Merge pull request #2455 from Thermi/improved-action-blocklist-de 
Improved blocklist_de action to not resend bans that were already reported
 2024-04-28 21:12:49 +02:00
Logic-32 b161e55ca7 Adding STARTTLS test with the help of aiosmtp. Make sure SMTP specifies host/port in addition to connect() due to bug with starttls. 2023-12-30 16:42:31 +01:00
Sergey G. Brester 6fb3198a41 attempt to fix action for 2.x 
self.host cannot be supplied to SMTP because it can contain port (but `connect` takes place few lines below)
 2023-12-30 16:42:27 +01:00
Logic-32 6a1da5e164 Removing logging in favor of just throwing. Removing user from message as it doesn't add any value. 2023-12-30 16:42:23 +01:00
Logic-32 419e380870 Add support for TLS SMTP connections. 2023-12-30 16:42:18 +01:00
repcsi 199759f0ba added pf[protocol=all] options as recommended by sebres 2023-12-10 11:20:39 +01:00
Viktor Szépe 1427625528 Fix more typos 2023-11-22 16:32:05 +00:00
Yaroslav Halchenko 8ef0d3c7a9 [DATALAD RUNCMD] run codespell throughout fixing typo automagically 
=== Do not change lines below ===
{
 "chain": [],
 "cmd": "codespell -w",
 "exit": 0,
 "extra_inputs": [],
 "inputs": [],
 "outputs": [],
 "pwd": "."
}
^^^ Do not change lines above ^^^
 2023-11-18 10:04:04 -05:00
nodiscc 77f80e8c3f
action.d/*ipset*: make maxelem ipset option configurable through banaction arguments 
- previously there was no way to override this value and ipsets would stop being updated when full (Hash is full, cannot add more elements)
- preserve ipset's default value of 65536
- update tests
- Closes #3549
 2023-08-23 12:19:07 +02:00
Sergey G. Brester e73748c442
Merge branch 'master' into mikrotik 2023-04-13 19:09:00 +02:00
Sergey G. Brester c7f8b75e7e
action.d/cloudflare-token.conf: fixes #3479, url-encode args by unban 2023-03-15 15:03:48 +01:00
Duncan Bellamy 7dc32971f8 changed missed names 2023-03-08 12:16:35 +00:00
Duncan Bellamy 9b1417a169 apply suggestions 2023-03-08 09:29:03 +00:00
Sergey G. Brester d46ec3a555 add jail boundary to flush command for more precise targeting of jail (if some name may be equal to prefix of other name) 2023-03-08 09:17:13 +00:00
Duncan Bellamy 5781675a7d change startcomment and comment so correct rules are flushed 2023-03-08 09:17:13 +00:00
Duncan Bellamy ac2076ef4f change unban back to find comment so correct entry always deleted 2023-03-08 09:17:13 +00:00
Duncan Bellamy 0e3e9b1d7f Add flushaction 
Change unban to find by ip address not comment
 2023-03-08 09:17:13 +00:00
Duncan Bellamy 9997807fb3 Add action for mikrotik routerOS 2023-03-08 09:17:13 +00:00
Jeff Johnson f9f78ed9d2
IPThreat integration (#3349) 
new IPThreat action
 2022-09-13 11:01:46 +02:00
Logic-32 d11ad3b90f Adding jail name to notes to disambiguate between jails. 2022-05-07 20:52:39 -06:00
Logic-32 e89b2c0ff7 Moving inet6 family block to the end so other config doesn't get added to it. 2022-05-07 20:41:33 -06:00
Logic-32 7e7b9f4a35 Adding support for Cloudflare Token API. 
Closes #3080
 2022-04-27 14:19:18 -06:00
sebres 06d2623c5e iptables and iptables-ipset actions extended to support multiple protocols with single action for multiport or oneport type (back-ported from nftables action); 
amend to gh-980 fixing several actions (correctly supporting new enhancements now)
 2022-01-26 21:51:11 +01:00
sebres b639c8869c make several iptables actions more breakdown-safe: start wouldn't fail if chain or rule already exists (e. g. created by previous instance and doesn't get purged properly); 
ultimately closes gh-980
 2022-01-25 00:35:14 +01:00
sebres 3d7e3bc2fb make ipset actions more breakdown-safe: start wouldn't fail if set with this name already exists (e. g. created by previous instance and don't deleted properly) 2022-01-24 22:56:16 +01:00
sebres 7db1c97a3e Merge remote-tracking branch 'remotes/sebres/1.0-breakdown-safe-actions' with master; 
conflicts resolved
 2022-01-24 22:31:51 +01:00
sebres 80805cabfc Merge branch '0.11' 2021-11-03 16:01:00 +01:00
sebres 0b3ad780fe Merge branch '0.10' into 0.11 2021-11-03 15:48:21 +01:00
sebres 4b54a07d71 Revert "`action.d/firewallcmd-*.conf` (multiport only): fixed port range selector, replacing `:` with `-`;" 
This reverts the incompatibility #3047 introduced by commit a038fd5dfe (#2821).
 2021-11-01 11:45:40 +01:00
sebres 10cd815525 merge 0.11 to 1.0 (GHSA-m985-3f3v-cwmm) 2021-07-07 12:06:06 +02:00
sebres c03fe6682c merge 0.10 to 0.11 (GHSA-m985-3f3v-cwmm) 2021-07-07 12:04:46 +02:00
sebres 410a6ce5c8 fixed possible RCE vulnerability, unset escape variable (default tilde) stops consider "~" char after new-line as composing escape sequence 2021-06-21 17:12:53 +02:00
Sergey G. Brester bbfff18280
action.d/ufw.conf: amend to #3018: parameter `kill-mode` extended with conntrack 2021-06-03 12:02:08 +02:00