b5e031f3c3
some documentation for multiport use in pf.conf
2016-05-17 21:32:21 +02:00
482e1abe9c
Merge pull request #1431 from sebres/0.10-muti-option-groups
...
jailreader: support multiple option groups (brackets)
2016-05-17 21:17:12 +02:00
1e7fd26f5f
rename `actionoptions` to `actiontype` in pf-action (multiport) + fixed test cases
2016-05-17 20:51:12 +02:00
25af11215b
test case for generic common moved to `./fail2ban/tests/config/filter.d/zzz-generic-example.conf` to prevent shipping it with fail2ban installations
2016-05-17 20:08:46 +02:00
af1cc41053
Merge pull request #1426 from koeppea/0.10-freebsd-fix-shebang
...
no hardcoded python interpreter path
2016-05-17 13:50:26 -04:00
e74047ae49
revert to common config for PF covering multi and allports
2016-05-17 18:19:40 +02:00
3e1328c83b
split PF config files between all- and multi port
2016-05-17 18:19:27 +02:00
c6f63c7263
jailreader: support multiple option groups, syntax `action = act[p1=...][p2=...]` + test case for it
...
(see gh-1425, gh-1429)
2016-05-17 18:06:46 +02:00
5e06e8be62
removed shebang and changed mode for fail2banregex.py
2016-05-17 16:42:23 +02:00
06dcad7650
fixed mixed indentation (spaces through tabs), duplicate code removed
2016-05-17 12:27:01 +02:00
d7ff7d18cd
RF+ENH: @with_kill_srv fixture to kill_srv in the tests
2016-05-17 12:26:58 +02:00
e57321ab1e
BF+ENH: import signal used in the code, withtmpdir -> with_tmpdir (more readable)
...
case shows how evil except Exception can be ;)
2016-05-17 12:26:56 +02:00
6353de8b0f
possibility to increase verbosity up to heavy debug (command line parameter `-vvv`)
2016-05-17 12:26:54 +02:00
cb4f9be8b2
the date brackets removed from filters using `__prefix_line`, because `__prefix_line` already contains the date ambit;
2016-05-17 11:55:02 +02:00
de813acf51
extends generic `__prefix_line` with optional brackets for the date ambit (gh-1421), added new parameter `__date_ambit` + test case added;
2016-05-17 11:54:43 +02:00
975608dfb6
no hardcoded python interpreter path
2016-05-15 21:08:32 +02:00
be3e95b76d
Merge branch '0.10-fwcmd-fix-test' into 0.10
2016-05-14 15:05:21 +02:00
0c44ecfc77
action.d/firewallcmd-ipset.conf: different name of the match set's for IPv4/IPv6, using conditional <ipmset>, analog to the iptables-ipset;
...
test cases for 3 firewallcmd extended;
2016-05-14 15:01:35 +02:00
0d0e1853c4
Merge pull request #1424 from TorontoMedia/firewallcmd
...
ENH: Branch 0.10 - updated firewallcmd actions
2016-05-14 13:34:23 +02:00
e0da359a5a
Merge pull request #1423 from yarikoptic/0.10
...
ENH: version Fail2Ban in this branch as 0.10.0 alpha 1
2016-05-14 13:26:23 +02:00
d742bc2834
Merge pull request #1422 from sebres/0.10-fix-multi-set
...
0.10 fix multi-set and database binding parameters
2016-05-14 13:25:14 +02:00
ffebde68e0
Update firewallcmd-multiport.conf
2016-05-13 22:38:36 -04:00
07de83e04a
Update firewallcmd-common.conf
2016-05-13 22:38:10 -04:00
810d5996b5
Update firewallcmd-rich-logging.conf
2016-05-13 22:10:25 -04:00
7e54cee8d6
updated firewallcmd actions
2016-05-13 21:36:27 -04:00
2b6f8737a7
ENH: version Fail2Ban in this branch as 0.10.0 alpha 1
2016-05-13 17:17:46 -04:00
d420148055
database: always explicit convert `ip` to `str`, because may be an IPAddr, that will be unsupported type by bind parameter (as long as we've found any default wrapper handler for sqlite3)
2016-05-13 22:53:57 +02:00
cb280b817f
csocket multi-set fix: prevent to convert `list`, `dict`, `set` during transfer (send), this offers a sending of 'multi-set' arrays
...
(missed by cherry-picking from multi-set branch)
2016-05-13 22:43:02 +02:00
e0924e0d1b
test case fix (always sort result of `DNSUtils.textToIp`, because order of result from `socket.getaddrinfo` is undefined (system depended)
2016-05-13 21:44:07 +02:00
3e49522b7a
fixes unexpected extra regex-space in generic `__prefix_line` (gh-1405, misleadingly committed in d2a9537568);
...
all optional spaces normalized in generic include `common.conf` + test cases are extended (using new example pseudo-filter and test log `zzz-generic-example`);
2016-05-13 20:26:37 +02:00
d6eae28eb5
Merge pull request #1419 from sebres/gh-1417
...
fixes gh-1417 Grave tags substitution bug. [part. cherry-picked from 0.10]
2016-05-13 10:28:29 -04:00
cce63926ce
ChangeLog entry added
2016-05-13 16:11:38 +02:00
a4b8f6e49e
[part. cherry-picked from 0.10] invalid recursion check in substituteRecursiveTags: for example action `bsd-ipfw` produced ValueError('properties contain self referencing definitions and cannot be resolved...')
...
test cases extended for exactly this case;
closes gh-1417
2016-05-13 14:12:17 +02:00
3d3735706b
invalid recursion check in substituteRecursiveTags: for example action `bsd-ipfw` produced ValueError('properties contain self referencing definitions and cannot be resolved...')
...
test cases extended for exactly this case and for all stock actions;
closes gh-1417
2016-05-13 13:53:29 +02:00
1791fd59f2
Merge pull request #1418 from yarikoptic/pr-1415
...
DOC: minor PEP8ing and comments enhancements
2016-05-13 12:49:35 +02:00
a9c563fed2
Merge pull request #1415 from sebres/0.10-fixes
...
0.10 fixes
2016-05-12 18:54:33 -04:00
14c31d8c58
DOC: minor PEP8ing and comments enhancements
2016-05-12 18:52:20 -04:00
ec6032d934
prevent to fail stock configs test case, if any jail custom config does not have own test log-file (perhaps not clean copy)
2016-05-12 18:15:22 +02:00
4b5b16cd9f
allow using of IPv6 address style mask (analog to the IPv4), for example: `2606:28ff::/ffff:ff80::` -> `2606:2880::/25`
...
fast calculating of maskplen using map table MAP_ADDR2MASKPLEN, with pre-calculated addr->maskplen values;
test cases extended;
2016-05-12 18:15:05 +02:00
0c2eeee8c7
BF: fail2ban-client can't unserialize IPAddr objects - added IPAddr pickle-handler, that simple wrap IPAddr to the str
2016-05-12 12:54:25 +02:00
53956501da
increase readability and details level by increased verbosity
2016-05-12 11:53:12 +02:00
060ea085f4
reader bug fix: prevent to silent "load" of not existing jail;
...
coverage of test cases increased;
2016-05-12 11:52:08 +02:00
22576d7150
code review, timeout fix, better tracing (and test coverage) by start of server/client (with or without fork)
2016-05-12 11:52:05 +02:00
0b4143730d
some compatibility fixes (prevent forking of testcase-process, code review), wait 4 server ready, test cases fixed (py2/py3)
2016-05-12 11:52:02 +02:00
2fcb6358ff
several bug fixed: fork in client-server test cases prohibited, all worker threads daemonized (to prevent hanging on exit).
2016-05-12 11:51:59 +02:00
afa1cdc3ae
client/server (bin) test cases introduced, ultimate closes #1121 , closes #1139
...
small code review and fixing of some bugs during client-server communication process (in the test cases);
2016-05-12 11:51:56 +02:00
5a053f4b74
starting of the server (and client/server communication behavior during start and daemonize) completely rewritten:
...
- client/server functionality moved away from bin and using now the common interface (introduced in fail2bancmdline);
- start in foreground fixed;
- server can act as client corresponding command line;
- command "restart" added: in opposite to "reload" in reality restarts the server (new process);
- several client/server bugs during starting process fixed.
2016-05-12 11:51:53 +02:00
556ddaabd7
temporary commit (move client/server from bin)
2016-05-12 11:51:50 +02:00
4ce240ed40
try to start server in foreground
...
# Conflicts:
# fail2ban/server/server.py
2016-05-12 11:51:47 +02:00
bdc2d07946
fix suhosin_log in common paths - log files should be separated using "\n":
...
prevents to throw an error "File option must be 'head' or 'tail'", if jail suhosin will be enabled.
2016-05-11 18:49:04 +02:00
Alexander Koeppe