13563fd09b
combine both REs to single RE, no prefregex needed here
2025-09-24 16:23:05 +02:00
a9401233dd
code review, make it backwards compatible to logging type=1 (as suggested in https://github.com/fail2ban/fail2ban/issues/2926#issuecomment-774780120 ); use by default type=2
2025-09-24 16:09:42 +02:00
1379a262f6
Update froxlor-auth testfile
2025-09-24 15:59:19 +02:00
abdd0d4b25
Update jail.conf for froxlor-auth
...
Changed logpath to syslog_user for froxlor-auth
2025-09-24 15:59:18 +02:00
897b21a4c5
Update froxlor-auth.conf
...
updated the regex to the new logging situation for froxlor.
2025-09-24 15:59:17 +02:00
65668b8ed8
`filter.d/postfix.conf` - modes `ddos` and `aggressive` extended to match `rate limit exceeded` for connection or message delivery request rates;
...
closes gh-3265;
closes gh-4073;
2025-09-23 12:18:45 +02:00
2856092709
`filter.d/postfix.conf` - use common prefix instead of NOQUEUE for all modes, outside of `mdpr-<mode>` in `prefregex` (amend to gh-4072)
2025-09-18 15:01:05 +02:00
2ac7e1284f
Merge pull request #4072 from ulm/postfix-ddos
...
filter.d/postfix.conf: Add optional "NOQUEUE:" to mdpr-ddos
2025-09-18 14:35:35 +02:00
0fee8dbe92
filter.d/postfix.conf: Add optional "NOQUEUE:" to mdpr-ddos
...
The current regex doesn't match the following log entry, seen with
Postfix 3.10.2:
Sep 17 18:19:20 mxhost postfix/smtpd[12345]: NOQUEUE: lost connection after CONNECT from unknown[192.0.2.25]
Sep 17 18:19:20 mxhost postfix/smtpd[12345]: disconnect from unknown[192.0.2.25] commands=0/0
2025-09-18 08:23:45 +02:00
6c47bf6461
Merge pull request #4068 from billfor/xarf
...
fix `dig` to filter out warnings and prevent them from being injected as emails
2025-09-15 17:23:32 +02:00
9534bdac37
`filter.d/nginx-http-auth.conf`: filter rewritten and extended:
...
- with `prefregex` to capture content of error only (bypass common prefix and suffix, like server, request, host, referrer);
- to match PAM authentication failures (gh-4071)
2025-09-15 16:14:22 +02:00
a8875c36b8
Merge pull request #4070 from yizhao1/fix
...
clientreadertestcase.py: set correct config dir for testReadStockJailFilterComplete
2025-09-12 14:51:14 +02:00
9f26da3cf8
clientreadertestcase.py: set correct config dir for testReadStockJailFilterComplete
...
In test case testReadStockJailFilterComplete, set configuration
directory to CONFIG_DIR (/etc/fail2ban/filter.d on the target) instead
of the hardcoded "config" directory. Otherwise, the config files will
not be found during runtime testing.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
2025-09-12 12:53:45 +08:00
4539e6719c
Update ChangeLog
2025-09-10 20:19:34 +02:00
85cfb81782
lets see an error (with debug messages) in debug case
2025-09-10 20:04:10 +02:00
3d23a44bb1
fix `dig` to filter out warnings from email address capture
2025-09-10 13:27:30 -04:00
77efe3b40c
Merge pull request #4020 from billfor/sendmail
...
Update sendmail-reject.conf
2025-09-02 19:46:57 +02:00
26b91862fc
introduces a parameter `mta_dname` (default `\S+`) to allow more complex REs to match custom MTA daemon names (e.g. with spaces etc)
2025-09-02 19:41:40 +02:00
10b12e8c57
reorder 2 tests belonging together
2025-09-02 19:11:05 +02:00
13876e93ad
fixes the inconsistency with F-MLFID ("ID" matched by `(?:\w{14,20}: )?` is optional in message); simplify PR
2025-09-02 19:11:04 +02:00
70d7fd0fdd
update the test for lost input channel with real ip
2025-09-02 12:54:42 -04:00
9e72e78f34
filter.d/sendmail-reject.conf: support BSD log format. match user unknown messages. add aggressive mode for lost input channel and relaying denied messages
2025-09-01 22:34:53 -04:00
912e3c81a2
removes mistaken return in quiet case for set jail attempt command
2025-09-01 20:12:07 +02:00
c54d505dea
small amend (info with date pattern before debug message with regex)
2025-09-01 18:10:43 +02:00
6ac181f559
improve logging of date pattern (count of default templates added, info if it's filtered or used pre-match)
2025-09-01 18:03:09 +02:00
52399e6ef1
amend to #2351 : providing the attempt via fail2bans protocol (Pickle, client command, etc) must follow ignore facilities (shall be ignored if matches ignoreip, ignoreself, ignorecommand etc)
2025-08-26 18:03:46 +02:00
c9e1a1b087
silence warning "Unknown distribution option: 'test_suite'", seems not work anymore (2.x only?) - test suite shall be invoked using `bin/fail2ban-testcases`
2025-08-23 22:22:20 +02:00
a055568500
GHA: update python 3.14.0-rc.2
2025-08-23 22:10:55 +02:00
0265df854e
silence skipping tests output for python versions that basically can not have the modules
2025-08-23 22:00:03 +02:00
a3d181c973
`filter.d/dovecot.conf`: new matches in `aggressive` mode:
...
- new variant for `no auth attempts in X secs` with `Login aborted` and `(no_auth_attempts)`;
- covered `disconnected during TLS handshake` with `no application protocol` and `no shared cipher`.
2025-08-23 20:22:08 +02:00
002719dca4
ChangeLog update
2025-08-23 20:18:59 +02:00
c26fda9dbb
`filter.d/dovecot.conf`: new matches in `aggressive` mode:
...
- new variant for `no auth attempts in X secs` with `Login aborted` and `(no_auth_attempts)`;
- covered `disconnected during TLS handshake` with `no application protocol` and `no shared cipher`.
2025-08-23 20:16:40 +02:00
bdb5d99906
Log `Repeal Ban` instead of `Unban` on stop action, jail or fail2ban, because the tickets are "unbanned" temporary (till restart);
...
closes gh-4057
2025-08-19 11:37:01 +02:00
4e22c20559
fixes `ignoreip` prefix `file://` - it shall resolve absolute file name (starting with `/`) unless it starts with `./`;
...
relative paths are based relative the working dir;
to use it relative current config root (normally `/etc/fail2ban`), one can use interpolation `%(fail2ban_confpath)s`, e.g.:
file://%(fail2ban_confpath)s/ignore-ipaddr-file
2025-08-12 23:46:10 +02:00
3ce6f344e3
fixes beautifier `get` `ignoreip` (explicit convert to string)
2025-08-12 23:26:42 +02:00
bf4903538d
update ChangeLog (enhancement from #3291 )
2025-08-08 10:29:02 +02:00
77ba28bae1
Merge pull request #3291 from ttyS4/patch-1
...
nftables.conf - add support for cidr notation and address ranges
2025-08-08 10:23:08 +02:00
dc3268ce5d
servertestcase.py: adjust test coverage
2025-08-08 10:16:01 +02:00
eb80b895d1
provides flags interval as `addr_options` now
2025-08-08 10:10:40 +02:00
6120a731d9
update nginx limit-req filter again ( #4048 )
...
amend to #4047 - removes unused ngx_limit_con_zones parameter.
2025-08-04 21:16:26 +02:00
e16e982a45
Merge pull request #4047 from billfor/nginx
...
Update nginx-limit-req filter (extended to ban hosts failed by limit connection in ngx_http_limit_conn_module);
closes gh-3674
2025-08-04 11:34:35 +02:00
dd58d440bc
Update ChangeLog
2025-08-04 11:32:10 +02:00
e6516fd2b3
combine 2 REs to single regex
...
closes gh-3674
2025-08-04 11:24:51 +02:00
0a91bf69a5
add filter for delayed requests and connection limiting
2025-08-04 00:27:45 -04:00
d86a7aecca
amend to #3979 : removed mistaken double pipes in group matches
2025-07-31 17:38:28 +02:00
ff3eca1d61
* Merge pull request #3527 from vafgoettlich/master
...
(partial merge, only postfix-backend)
2025-07-24 11:17:05 +02:00
0b255a8723
Merge pull request #3527 from vafgoettlich/master
...
(partial merge, only postfix-backend)
2025-07-24 11:14:03 +02:00
793d0c6555
Merge pull request #4037 from kusaka-0107/fix/asterisk-conf-regex
...
filter.d/asterisk: fix regex to match "No matching endpoint found" with retry info (like `after X tries in Y ms`)
2025-07-20 15:17:17 +02:00
7bb86822d0
Update ChangeLog
2025-07-20 15:15:38 +02:00
6d3bfa8781
revert RE back, but relive the end-anchor a bit (ignore any text without single quote, so also preventing false match by injection on foreign data)
2025-07-20 15:04:15 +02:00
sebres