github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity
6,186 Commits
34 Branches
230 Tags
23 MiB
Commit Graph

1178 Commits (master)

Author SHA1 Message Date
Sergey G. Brester 7bac839603
Merge pull request #4069 from sebres/init-param-to-cond-section 
Setting of blocktype="DROP" via jail doesn't apply for IPv6 chain
 2025-09-24 18:23:44 +02:00
Sergey G. Brester d0b94c147e
Update ChangeLog 2025-09-24 18:22:06 +02:00
para-do-x ad9aba5871
Update ChangeLog gh4075 2025-09-24 18:43:39 +04:00
sebres 65668b8ed8 `filter.d/postfix.conf` - modes `ddos` and `aggressive` extended to match `rate limit exceeded` for connection or message delivery request rates; 
closes gh-3265;
closes gh-4073;
 2025-09-23 12:18:45 +02:00
sebres 2856092709 `filter.d/postfix.conf` - use common prefix instead of NOQUEUE for all modes, outside of `mdpr-<mode>` in `prefregex` (amend to gh-4072) 2025-09-18 15:01:05 +02:00
Ulrich Müller 0fee8dbe92 filter.d/postfix.conf: Add optional "NOQUEUE:" to mdpr-ddos 
The current regex doesn't match the following log entry, seen with
Postfix 3.10.2:

Sep 17 18:19:20 mxhost postfix/smtpd[12345]: NOQUEUE: lost connection after CONNECT from unknown[192.0.2.25]
Sep 17 18:19:20 mxhost postfix/smtpd[12345]: disconnect from unknown[192.0.2.25] commands=0/0
 2025-09-18 08:23:45 +02:00
Sergey G. Brester 6c47bf6461
Merge pull request #4068 from billfor/xarf 
fix `dig` to filter out warnings and prevent them from being injected as emails
 2025-09-15 17:23:32 +02:00
sebres 9534bdac37 `filter.d/nginx-http-auth.conf`: filter rewritten and extended: 
- with `prefregex` to capture content of error only (bypass common prefix and suffix, like server, request, host, referrer);
  - to match PAM authentication failures (gh-4071)
 2025-09-15 16:14:22 +02:00
Sergey G. Brester 4539e6719c
Update ChangeLog 2025-09-10 20:19:34 +02:00
bill 9e72e78f34 filter.d/sendmail-reject.conf: support BSD log format. match user unknown messages. add aggressive mode for lost input channel and relaying denied messages 2025-09-01 22:34:53 -04:00
sebres 002719dca4 ChangeLog update 2025-08-23 20:18:59 +02:00
Sergey G. Brester bf4903538d
update ChangeLog (enhancement from #3291) 2025-08-08 10:29:02 +02:00
Sergey G. Brester e16e982a45
Merge pull request #4047 from billfor/nginx 
Update nginx-limit-req filter (extended to ban hosts failed by limit connection in ngx_http_limit_conn_module);
closes gh-3674
 2025-08-04 11:34:35 +02:00
Sergey G. Brester dd58d440bc
Update ChangeLog 2025-08-04 11:32:10 +02:00
sebres ff3eca1d61 * Merge pull request #3527 from vafgoettlich/master 
(partial merge, only postfix-backend)
 2025-07-24 11:17:05 +02:00
sebres 0b255a8723 Merge pull request #3527 from vafgoettlich/master 
(partial merge, only postfix-backend)
 2025-07-24 11:14:03 +02:00
Sergey G. Brester 7bb86822d0
Update ChangeLog 2025-07-20 15:15:38 +02:00
sebres b710d5b6c7 `filter.d/sendmail-reject.conf` - also recognize "Domain of sender address ... does not resolve"; 
closes gh-4035
 2025-07-13 01:03:53 +02:00
Nic Boet 646832d5bd dovecot 2.4 into changelog 
Signed-off-by: Nic Boet <nic@boet.cc>
 2025-06-13 17:00:47 -05:00
sebres 4254d6bcd3 man and changelog 2025-06-03 22:19:54 +02:00
sebres 0d4a926029 ChangeLog (enhancement and compat entries) 2025-04-16 17:13:58 +02:00
sebres c76e90fbb1 * Merge pull request #3940 from exim-pr-mode-more 
`filter.d/exim.conf` - fewer REs by default, introduces mode `more`
 2025-04-02 15:11:38 +02:00
Sergey G. Brester 6538d43a8e
Update ChangeLog 2025-04-02 14:57:03 +02:00
Sergey G. Brester 70ce1cef08
Update ChangeLog 2025-04-02 14:40:04 +02:00
sebres 767c89f863 satisfy spellcheck 2025-03-31 01:27:52 +02:00
sebres d5718503ad update changelog and documentation (new features and handling) 2025-03-31 01:13:02 +02:00
sebres ee421dfbd6 `filter.d/apache-noscript.conf` - consider new log-format with "AH02811: stderr from /..."; 
closes gh-3900
 2025-03-28 22:52:51 +01:00
sebres 8ae6eaf39a `filter.d/postfix.conf` - default `_daemon` in prefix-line is loosened - can match everything starting with word postfix, like `postfix-example.com/smtpd`; 
closes gh-3297
 2025-03-10 22:35:26 +01:00
Sergey G. Brester c035428535
Merge pull request #3954 from luckylittle/feature/systemd-journal-vsftpd 
`filter.d/vsftpd.conf` - fixed regex (if failures generated by systemd-journal)
 2025-03-04 14:20:01 +01:00
sebres 79346e4f2c updated ChangeLog 2025-03-04 14:15:14 +01:00
Sergey G. Brester 3e9a4b4a48
Update ChangeLog 2025-03-04 13:20:54 +01:00
sebres 7233edd0bf amend ChangeLog updated: `ignoreip` extended with `file:...` syntax to ignore IPs from file-ip-set; 
+ silence codespell
 2025-03-03 20:07:05 +01:00
sebres 882e6d5e00 `filter.d/exim.conf` - mode `aggressive` extended to catch dropped by ACL failures, e.g. "ACL: Country is banned" 2025-02-10 17:30:07 +01:00
sebres a1268f37c3 amend (move ChangeLog entry) 2025-01-30 14:04:00 +01:00
sebres b55c20594e `paths-common.conf`: changed default `mysql_log` path (default `logpath` of `mysqld-auth` jail without maintainer overrides); adjusted comments (`log_error_verbosity = 3` instead of `log-warnings = 2`) 
closes gh-3932
 2025-01-30 14:00:43 +01:00
Philipp Burndorfer 95710e9dac Adapted changelog. 2025-01-30 01:13:47 +01:00
sebres a796cc9b91 `filter.d/dropbear.conf`: failregex extended to match different format of "Exit before auth" message; 
closes gh-3791
 2024-12-27 16:43:33 +01:00
Sergey G. Brester b7b1fff53c
Update ChangeLog 2024-12-27 14:00:35 +07:00
sebres 89b5f3bb1e `filter.d/sshd.conf`: `ddos` and `aggressive` modes, regex extended for timeout before authentication (optional connection from part); 
closes gh-3907
 2024-12-26 14:24:15 +01:00
Sergey G. Brester 51358e1587
Merge pull request #3636 from szepeviktor/typos 
Fix more typos
 2024-12-21 19:31:54 +01:00
sebres 91c27d0600 `filter.d/freeswitch.conf`: bypass some new info in prefix before [WARNING] (changed default `_pref_line`); 
closes gh-3143
 2024-12-04 16:56:23 +01:00
sebres 78af48862f new jail option `skip_if_nologs` to ignore jail if no `logpath` matches found, fail2ban continue to start with warnings/errors, thus other jails become running; 
closes gh-2756
 2024-08-23 12:16:08 +02:00
sebres 2749109f10 ChangeLog 2024-08-10 13:23:28 +02:00
sebres d4663e8941 `action.d/firewallcmd-rich-*.conf`: fixed incorrect quoting, disabling port variable expansion by substitution of rich rule; closes gh-3815 2024-08-07 22:43:42 +02:00
sebres 4a87802c59 ChangeLog 2024-07-30 19:19:24 +02:00
sebres 93810fff75 consider CONNECT and other rejected commands as a valid `_pref`; 
closes gh-3800
 2024-07-26 19:25:36 +02:00
Sergey G. Brester 216622adb2
Update ChangeLog 2024-07-03 19:42:19 +02:00
sebres 59c5e78ce9 `filter.d/apache-overflows.conf` - consider AH10244: invalid URI path; 
closes gh-3778
 2024-06-28 12:50:14 +02:00
sebres a7f3a04b0e `filter.d/recidive.conf` - restore possibility to set jail name in the filter, _jailname is positive now (but by default it uses now negative lookahead to exclude recidive jail); 
closes gh-3769
 2024-06-21 13:24:46 +02:00
sebres 2533526827 extend ipset actions with new parameter `ipsettype` for the type of set (gh-3760), affected actions: 
`action.d/firewallcmd-ipset.conf`, `action.d/iptables-ipset.conf`, `action.d/shorewall-ipset-proto6.conf`
 2024-06-09 23:38:58 +02:00