fail2ban

Commit Graph

Author	SHA1	Message	Date
sebres	71ce548117	Merge branch '0.11'	4 years ago
sebres	b5b615731e	Merge branch '0.10' into 0.11	4 years ago
sebres	f0214b3d36	filter.d/sendmail-reject.conf: fixed regex to consider "Connection rate limit exceeded" with different combination of arguments	4 years ago
Sergey G. Brester	ab0847e2d5	more precise anchored RE (also combining all 3 REs in a single regex)	4 years ago
Jordi Sanfeliu	7d173b7ce0	Merge branch 'master' into updated-to-latest-jail.conf	4 years ago
sebres	6893d5a8b7	Merge remote-tracking branch 'remotes/gh-upstream/0.11' into master	4 years ago
Sergey G. Brester	d74dd9321b	Merge pull request #2565 from caronc/0.11 Add Apprise Support (50+ Notifications)	4 years ago
Sergey G. Brester	b2f6a3a658	remove unneeded substitution it is enough to add `apprise` to action	4 years ago
Sergey G. Brester	dda70d60c0	Merge branch 'master' into master	4 years ago
Michele Mondelli	7579072e3b	docs: fix typos	4 years ago
Sergey G. Brester	4eba9f2a4b	Merge pull request #2950 from sunweaver/pr/scanlogd-filter Add support for filtering out detected port scans via scanlogd.	4 years ago
Sergey G. Brester	2d51240b3e	correction for default log interpolation and added allports banaction	4 years ago
Sergey G. Brester	977dfe4bd7	small amend: sport after saddr is optional format of message: saddr[:sport] to daddr [and others,] ports port[, port...], ..., flags[, TOS TOS][, TTL TTL] @HH:MM:SS	4 years ago
Sergey G. Brester	14edeed310	fixed regex (don't need to match whole line, e. g. every port etc)	4 years ago
Sergey G. Brester	080dd12288	Merge pull request #2965 from oukb/patch-1 nsd.conf: fix for the current log format	4 years ago
Sergey G. Brester	a838deba7f	restore anchor (e. g. catch all in the middle), dot is optional now, RE rewritten a bit more precise	4 years ago
sebres	7f38b80d35	precise regex (left anchor and fewer catch-all's); fixed tests (added failJSON and more tests for some corner-cases around new RE)	4 years ago
Rüdiger Olschewsky	9eaa2322b0	Filter and Defaults for Microsoft SQL Server	4 years ago
Markus Felten	5aa20c30d8	fix: add journalmatch to nginx filters	4 years ago
j-marz	5d8f500471	updated formatting to pass tests	4 years ago
j-marz	2686811593	Updated zoneminder filter Support new log format, ERR instead of WAR. Add detection of non-existent user login attempts	4 years ago
oukb	529866b2bb	nsd.conf: fix for the current log format New nsd 4.3.5 log format: \| [2021-03-05 05:25:14.562] nsd[160800]: info: axfr for example.com. from 192.35.168.32 refused, no acl matches \| [2021-03-06 05:24:33.223] nsd[356033]: info: axfr for localhost. from 192.35.168.160 refused, no acl matches \| [2021-03-07 05:23:26.641] nsd[547893]: info: axfr for example.com. from 192.35.168.64 refused, no acl matches \| [2021-03-08 05:18:54.067] nsd[739606]: info: axfr for example.com. from 192.35.168.32 refused, no acl matches	4 years ago
Mike Gabriel	f15ed35619	config/: Add support for filtering out detected port scans via scanlogd.	4 years ago
sebres	fb08534ed7	Merge branch '0.11'	4 years ago
sebres	3eaefe8da0	Merge branch '0.10' into 0.11	4 years ago
sebres	a45b1c974c	filter.d/ignorecommands/apache-fakegooglebot: added timeout parameter (default 55 seconds) - avoid fail with timeout (default 1 minute) by reverse lookup on some slow DNS services (googlebots must be resolved fast); closes gh-2951	4 years ago
sebres	63acc862b1	`action.d/nginx-block-map.conf`: reload nginx only if it is running (also avoid error in nginx-errorlog, gh-2949) and better test coverage for the action	4 years ago
sebres	fb6315ea5e	Merge branch '0.10' into 0.11	4 years ago
sebres	6f4b6ec8cc	action.d/badips.* removed (badips.com is no longer active, gh-2889)	4 years ago
Sergey G. Brester	a2f0dbad87	Merge pull request #2742 from aresxc/patch-1 Update drupal-auth.conf	4 years ago
Sergey G. Brester	d678440658	more precise RE (avoids weakness with catch-all's and is injection safe)	4 years ago
sebres	ea26509594	Merge branch '0.11'	4 years ago
sebres	6198b4566c	Merge branch '0.10' into 0.11	4 years ago
Brian J. Murrell	dc4ee5aa47	Add transport to asterisk RE Call rejection messages from Asterisk can have the transport prefixed to the IP address. Signed-off-by: Brian J. Murrell <brian@interlinx.bc.ca>	4 years ago
sebres	c75748c5d3	fail2ban.conf: added new fail2ban configuration option "allowipv6" (default auto), can be used to allow or disallow IPv6 interface in fail2ban immediately by start (e. g. if fail2ban starts before network interfaces). closes gh-2804	4 years ago
sebres	21dd317870	Merge branch '0.11'	4 years ago
sebres	dbc77c47c3	Merge branch '0.10' into 0.11	4 years ago
Sergey G. Brester	5f3f4d1e2f	action.d/cloudflare.conf: better IPv6 capability closes gh-2891	4 years ago
sebres	9df332fdef	filter.d/apache-overflows.conf: extended to match AH00126 error (Invalid URI ...); closes gh-2908	4 years ago
sebres	2c60d08b28	Merge '0.11' (fix gh-2899) into master	4 years ago
sebres	fe334590cd	Merge branch '0.10' into 0.11	4 years ago
sebres	73b39e0894	filter.d/named-refused.conf: fixes prefix for messages from systemd journal (no mandatory space ahead, because don't have timestamp) closes gh-2899	4 years ago
defanor	ba7daef86c	Handle postscreen's PREGREET and HANGUP messages Provoking those seems to be a popular activity among spammers.	4 years ago
stepodev	cecc3d62ff	add mode explanation to nginx-http-auth in jail.conf	4 years ago
stepodev	d0ba27cf46	move nginx-tls-fallback rules to nginx-http-auth	4 years ago
Sergey G. Brester	d959f6d199	Update nginx-tls-fallback.conf more precise and conclusive regex without catch-all's	4 years ago
stepodev	c0256724a7	fix monitoring wrong error log. was access log, should be error.log	4 years ago
stepodev	27c40a77a3	add nginx-tls-downgrade	4 years ago
sebres	a03109d096	Merge branch '0.11' into master (0.11.2 released)	4 years ago
sebres	b78d1e439a	Merge branch '0.10' into 0.11	4 years ago
Sergey G. Brester	753fff9c15	amend to #2750 , add jail for new filter nginx-bad-request	4 years ago
Sergey G. Brester	071048b8f2	Merge pull request #2750 from janprzy/master Added filter nginx-bad-request	4 years ago
sebres	7965d652a1	filter.d/dovecot.conf: allow more verbose logging closes #2573	4 years ago
sebres	a6de9459fc	typo	4 years ago
RyuaNerin	bba8844af8	typo	4 years ago
mpoliwczak834	595ee7ed74	add submission	4 years ago
mpoliwczak834	0c12cb7970	add managesieve support dovecot filter	4 years ago
sebres	cc64ef25f6	filter.d/apache-noscript.conf: extended to match "script not found" with error AH02811 (and cgi-bin path segment in script) closes gh-2805	4 years ago
sebres	adbfdc222d	Merge branch '0.10' into 0.11	4 years ago
Sergey G. Brester	1c1a9b868c	no catch-alls, user name and error message stored in ticket	4 years ago
benrubson	840f0ff10a	Add Grafana jail	4 years ago
sebres	25e006e137	review and small tweaks (more precise and safe RE)	4 years ago
Mart124	df659a0cbc	Add Bitwarden syslog support	4 years ago
Sergey G. Brester	472bdc437b	Merge pull request #2723 from benrubson/softether Add SoftEtherVPN jail	4 years ago
Sergey G. Brester	010e76406f	small tweaks (both 2nd time and facility are optional, avoid catch-all, etc)	4 years ago
sebres	66ff90408f	Merge branch '0.10' into 0.11	4 years ago
sebres	d4adec7797	Merge branch '0.9' into 0.10	4 years ago
sebres	5430091acb	jail `counter-strike`: removed link to site with redirect to malicious page (gh-2868)	4 years ago
benrubson	ec873e2dc3	Add SoftEtherVPN jail	4 years ago
sebres	6ef69b48ca	Merge branch '0.10' into 0.11	4 years ago
sebres	02525d7b6f	filter.d/sshd.conf: mode `ddos` (and `aggressive`) extended with new rule closing flood attack vector, matching: error: kex_exchange_identification: Connection closed by remote host (gh-2850)	4 years ago
sebres	2817a8144c	`action.d/bsd-ipfw.conf`: small amend (gh-2836) simplifying awk condition/code (position starts from `<lowest_rule_num>` and increases whilst used)	4 years ago
sebres	1418bcdf5b	`action.d/bsd-ipfw.conf`: fixed selection of rule-no by large list or initial `lowest_rule_num`, exit code can't be larger than 255 (gh-2836)	4 years ago
sebres	d253e60a8b	Merge branch '0.10' into 0.11	4 years ago
Sergey G. Brester	d977d81ef7	action.d/abuseipdb.conf: removed broken link, simplified usage example, fixed typos	4 years ago
sebres	74b73bce8a	Merge branch '0.10' into 0.11	4 years ago
sebres	a038fd5dfe	`action.d/firewallcmd-*.conf` (multiport only): fixed port range selector, replacing `:` with `-`; small optimizations on `firewallcmd-rich-rules.conf` and `firewallcmd-rich-logging.conf` simplifying both and provide a dependency (rich-logging is a derivative of rich-rules); closes gh-2821	4 years ago
Sergey G. Brester	70c601e9e5	involve config parameter (replaces hard-coded path); fixed typo in actionban (looks like copy&paste from trimmed tty)	4 years ago
sebres	4d2734dd86	Merge branch '0.10' into 0.11	4 years ago
sebres	ed20d457b2	jail.conf: removed action parameter `name` that set on jail-name (`name=%(__name__)s` is default in action reader)	4 years ago
sebres	db1f3477cc	amend to 3f04cba9f92a1827d0cb3dcb51e57d9f60900b4a: sendmail-auth has 2 failregex now, so rewritten with prefregex	4 years ago
sebres	3f04cba9f9	filter `sendmail-auth` extended to follow new authentication failure message introduced in sendmail 8.16.1, AUTH_FAIL_LOG_USER (gh-2757)	4 years ago
sebres	07fa9f2912	fixes gh-2787: allow to match `did not issue MAIL/EXPN/VRFY/ETRN during connection` non-anchored with extra mode (default names may deviate); additionally provides common addr-tag for IPv4/IPv6 (`(?:IPv6:<IP6>\|<IP4>)`) and test-coverage for IPv6	4 years ago
sebres	e9071b642a	Merge branch '0.10' into 0.11	4 years ago
benrubson	1707560df8	Enhance Guacamole jail	4 years ago
Chris Caron	2216fd8da4	Add Apprise Support (50+ Notifications)	4 years ago
sebres	067b76fc9e	Merge branch '0.10' into 0.11	4 years ago
sebres	9100d07c03	Merge branch '0.10-ipset-tout' into 0.10, amend to #2703 : resolves names conflict (command action timeout and ipset timeout); closes #2790	4 years ago
sebres	62a6771b33	Merge remote-tracking branch 'sebres:0.10' into 0.10; closes gh-2763 action.d/nftables.conf (type=multiport only): fixed port range selector (replacing `:` with `-`)	4 years ago
sebres	73a8175bb0	resolves names conflict (command action timeout and ipset timeout); closes gh-2790	4 years ago
Sergey G. Brester	08dbe4abd5	fixed comment for loglevel, default is INFO	4 years ago
sebres	309c8dddd7	action.d/nftables.conf (type=multiport only): fixed port range selector (replacing `:` with `-`)	4 years ago
Jan Przybylak	a5ab4406d8	Removed unnecessary escape sequence This commit also contains changes to match requests that are 100% empty (by using "*" instead of "+" in the regex)	4 years ago
Jan Przybylak	d7ef5d166d	Removed vulnerable catchall & anchor	5 years ago
sebres	1da9ab78be	Merge branch '0.10' into 0.11	5 years ago
sebres	5a0edf61c9	filter.d/sshd.conf: normalizing of user pattern in all RE's, allowing empty user (gh-2749)	5 years ago
Jan Przybylak	3c83c19070	Added filter nginx-bad-request	5 years ago
aresdr	412120ac3c	Update drupal-auth.conf Small fix for Drupal 8. D8 uses "Login attempt failed from" while D7 uses "Login attempt failed for". The referer part is a must currently, but some requests did not have one and are not failing.	5 years ago
sebres	1588200274	Merge branch '0.10' into 0.11	5 years ago
Sergey G. Brester	43f699b872	grammar / typos	5 years ago
Sergey G. Brester	368aa9e775	Merge pull request #2689 from benrubson/gitlab New Gitlab jail	5 years ago
Sergey G. Brester	01e92ce4a6	added fallback using tr and sed (jq is optional now)	5 years ago
Sergey G. Brester	1c1b671c74	Update cloudflare.conf	5 years ago
Sergey G. Brester	5b8fc3b51a	cloudflare: fixes ip to id conversion by unban using jq normalized URIs and parameters, notes gets a jail-name (should be possible to differentiate the same IP across several jails)	5 years ago
Viktor Szépe	852670bc99	CloudFlare started to indent their API responses We need to use https://github.com/stedolan/jq to parse it.	5 years ago
Ilya	8b3b9addd1	Change tool from 'cut' to 'sed' Sed regex was tested - it works.	5 years ago
Ilya	5da2422f61	Fix actionunban Add command to remove new line character. Needed for working removing rule from cloudflare firewall.	5 years ago
sebres	87a1a2f1a1	action.d/-ipset.conf: several ipset actions fixed (no timeout per default anymore), so no discrepancy between ipset and fail2ban (removal from ipset will be managed by fail2ban only)	5 years ago
sebres	6b90ca820f	filter.d/traefik-auth.conf: filter extended with parameter mode (`normal`, `ddos`, `aggressive`) to handle the match of username differently: - `normal`: matches 401 with supplied username only - `ddos`: matches 401 without supplied username only - `aggressive`: matches 401 and any variant (with and without username) closes gh-2693	5 years ago
sebres	affd9cef5f	filter.d/courier-smtp.conf: prefregex extended to consider port in log-message (closes gh-2697)	5 years ago
sebres	06b46e92eb	jail.conf: don't specify `action` directly in jails (use `action_` or `banaction` instead); no mails-action added per default anymore (e. g. to allow that `action = %(action_mw)s` should be specified per jail or in default section in jail.local), closes gh-2357; ensure we've unique action name per jail (also if parameter `actname` is not set but name deviates from standard name, gh-2686); don't use %(banaction)s interpolation because it can be complex value (containing `[...]`), so would bother the action interpolation.	5 years ago
benrubson	2912bc640b	New Gitlab jail	5 years ago
sebres	136781d627	filter.d/sshd.conf: fixed regex for mode `extra` - "No authentication methods available" (supported seems to be optional now, gh-2682)	5 years ago
Jordi Sanfeliu	ede2009708	added new jail (and filter) Monitorix	5 years ago
sebres	38b32a9a72	Merge branch '0.10' into 0.11	5 years ago
sebres	22a04dae05	Merge branch '0.9' into 0.10 (gh-2246)	5 years ago
Sergey G. Brester	b1e1cab4b7	Merge pull request #2246 from shaneforsythe/shaneforsythe-patch-2 Improve regex in proftpd.conf	5 years ago
sebres	606bf110c9	filter.d/sshd.conf (mode `ddos`): fixed "connection reset" regex (seems to have same syntax now as closed), so both regex's combined now to single RE (closes gh-2662)	5 years ago
sebres	32f02ef3b3	Merge branch '0.10' into 0.11	5 years ago
sebres	42714d0849	filter.d/common.conf: closes gh-2650, avoid substitute of default values in related `lt_*` section, `__prefix_line` should be interpolated in definition section (after the config considers all sections that can overwrite it); amend to `62b1712d22` (PR #2387, backend-related option `logtype`); testSampleRegexsZZZ-GENERIC-EXAMPLE covering now negative case also (other daemon in prefix line)	5 years ago
sebres	e6ca04ca9d	Merge branch '0.10' into 0.11 + version bump (back to dev)	5 years ago
sebres	ab3a7fc6d2	filter.d/sshd.conf: mode `ddos` (and aggressive) extended to detect port scanner sending unexpected ident string after connect	5 years ago
Brian J. Murrell	2fd6b478a9	FreeIPA renames named to named-pkcs11 FreeIPA renames the BIND9 named daemon to named-pkcs11, so extend the REGEX match to look for either variant. Signed-off-by: Brian J. Murrell <brian@interlinx.bc.ca>	5 years ago
sebres	ceeba99f25	replace internals of several iptables-ipset actions using internals of iptables include: - better check mechanism (using `-C`, option `--check` is available long time); - additionally iptables-ipset is a common action for iptables-ipset-proto6-* now (which become obsolete now); - many features of different iptables actions are combinable as single chain/rule (can be supplied to action as parameters); - tests adjusted.	5 years ago
sebres	d26209e2c6	first attempt to make certain standard actions breakdown safe starting with iptables: - better check mechanism (using `-C`, option `--check` is available long time); - additionally iptables is a replacement for iptables-common now, several actions using this as include now become obsolete; - many features of different iptables actions are combinable as single chain/rule (can be supplied to action as parameters);	5 years ago
sebres	7282cf91b0	Merge branch '0.10' into 0.11	5 years ago
sebres	9137c7bb23	filter processing: - avoid duplicates in "matches" (previously always added matches of pending failures to every next real failure, or nofail-helper recognized IP, now first failure only); - several optimizations of merge mechanism (multi-line parsing); fail2ban-regex: better output handling, extended with tag substitution (ex.: `-o 'fail <ip>, user <F-USER>: <msg>'`); consider a string containing new-line as multi-line log-excerpt (not as a single log-line) filter.d/sshd.conf: introduced parameter `publickey` (allowing change behavior of "Failed publickey" failures): - `nofail` (default) - consider failed publickey (legitimate users) as no failure (helper to get IP and user-name only) - `invalid` - consider failed publickey for invalid users only; - `any` - consider failed publickey for valid users too; - `ignore` - ignore "Failed publickey ..." failures (don't consider failed publickey at all) tests/samplestestcase.py: SampleRegexsFactory gets new failJSON option `constraint` to allow ignore of some tests depending on filter name, options and test parameters	5 years ago
sebres	1492ab2247	improve processing of pending failures (lines without ID/IP) - fail2ban-regex would show those in matched lines now (as well as increase count of matched RE); avoid overwrite of data with empty tags by ticket constructed from multi-line failures; amend to d1b7e2b5fb2b389d04845369d7d29db65425dcf2: better output (as well as ignoring of pending lines) using `--out msg`; filter.d/sshd.conf: don't forget mlf-cache on "disconnecting: too many authentication failures" - message does not have IP (must be followed by "closed [preauth]" to obtain host-IP).	5 years ago
Sergey G. Brester	774dda6105	filter.d/postfix.conf: extended mode ddos and aggressive covering multiple disconnects without auth	5 years ago
Sergey G. Brester	34d63fccfe	close gh-2629 - jail.conf (action_blocklist_de interpolation): replace service parameter (use jail name instead of filter, which can be empty)	5 years ago
Mihail Politaev	303861d7c7	Using native firewalld ipset implementation By creating additional action file firewallcmd-ipset-native.conf	5 years ago
sebres	a7c68ea19f	Merge branch '0.10' into 0.11	5 years ago
sebres	569dea2b19	filter.d/mysqld-auth.conf: capture user name in filter (can be more strict if user switched, used in action or fail2ban-regex output); also add coverage for mariadb 10.4 log format (gh-2611)	5 years ago
sebres	70e47c9621	Merge branch '0.10' into 0.11	5 years ago
sebres	ec37b1942c	action.d/nginx-block-map.conf: fixed backslash substitution (different echo behavior in some shells, gh-2596)	5 years ago
sebres	4860d69909	Merge branch '0.10' into 0.11	5 years ago
sebres	f77398c49d	filter.d/sshd.conf: captures `Disconnected from ... [preauth]`, preauth phase only, different handling by `extra` (with supplied user only) and `ddos`/`aggressive` mode (`normal` mode is not affected, used there just as a helper with `<F-NOFAIL>` to capture IP for multiline failures without IP); closes gh-2115, gh-2362.	5 years ago
sebres	587e4ff573	Merge branch '0.10' into 0.11 (conflicts resolved)	5 years ago
sebres	67fd75c88e	pass2allow-ftp: inverted handling - action should prohibit access per default for any IP, so reset start on demand parameter for this action (will be started immediately).	5 years ago
sebres	8f6ba15325	avoid unhandled exception during flush, better invariant check (and repair), avoid repair by unban/stop etc...	5 years ago
Mart124	e763c657c4	Let's get back to WRN	5 years ago
Mart124	d7b707b09d	Update bitwarden.conf	5 years ago
Mart124	869327e9b1	Update bitwarden.conf	5 years ago
Mart124	79caeaa520	Create bitwarden.conf	5 years ago
Mart124	30e742a849	Update jail.conf	5 years ago
Mart124	ef394b3cf0	Update jail.conf	5 years ago
sebres	24d1ea9aa2	Merge branch '0.10' into 0.11	5 years ago
Sergey G. Brester	e4c2f303bd	Merge pull request #2550 from CPbN/centreonjail Add Centreon jail	5 years ago
sebres	0e8a8edb5e	filter.d/sendmail-*.conf: both filters have same `__prefix_line` now (and same RE for ID, 14-20 chars long, optional) + adjusted test cases (gh-2563)	5 years ago
Henry van Megen	548e2e0054	sendmail-auth.conf: filter updated for longer mail IDs (up to 20, see gh-2562)	5 years ago
sebres	5cf064a112	monit: accepting both logpath's: monit and monit.log, closes gh-2495	5 years ago
CPbN	9e699646f8	Add Centreon jail	5 years ago
CPbN	18ba714f97	Add Centreon jail	5 years ago
sebres	3515d06979	Merge branch '0.10' into 0.11	5 years ago
sebres	85ec605358	nftables: amend to gh-2254 - implemented shutdown of action (proper clean-up) - at stop it checks now the last set was deleted and removes table completely (if table does not contain any set); this is avoided if some sets were added manually or can be avoided via overwriting of parameter `_nft_shutdown_table`, for example: banaction = nftables[_nft_shutdown_table=''][...]	5 years ago
sebres	51af193402	nftables: add options allowing to specify own table (default `f2b-table`) and chain (default `f2b-chain`)	5 years ago
sebres	955d690e56	regrouping expressions with curly braces, added more escapes (better handling in posix shell)	5 years ago
sebres	0824ad0d73	Merge branch '0.10' into 0.11	5 years ago
Sergey G. Brester	54298fe761	Merge pull request #2254 Nftables: isolate fail2ban rules into a dedicated table and chain	5 years ago
sebres	d1a73d3004	filter.d/apache-auth.conf: - ignore errors from mod_evasive in `normal` mode (mode-controlled now) (gh-2548); - extended with option `mode` - `normal` (default) and `aggressive` close gh-2548	5 years ago
sebres	8c6a547215	Merge branch '0.10' into 0.11	5 years ago
sebres	50595b70fd	filter.d/mysqld-auth.conf: ISO timestamp format (dual time) within log message (https://serverfault.com/questions/982126/fail2ban-fails-to-recognize-ip)	5 years ago
sebres	9e28b6c65f	filter.d/asterisk.conf: relaxing protocol RE-part before IP in RemoteAddress (gh-2531)	5 years ago
sebres	8ea00c1d5d	fixed mistake in config (semicolon after space as comment in configs?) and coverage, suppress errors by unsupported flush, better space handling in helper _nft_get_handle_id, etc	5 years ago
sebres	492205d30e	action.d/nftables.conf: implemented `actionflush` (allows flushing nftables sets resp. fast unban of all jail tickets at all)	5 years ago
sebres	abc4d9fe37	allow to use multiple protocols in multiport (single set with multiple rules in chain): `banaction = nftables[type=multiport]` with `protocol="tcp,udp,sctp"` in jail replace 3 separate actions. more robust if deleting multiple references to set (rules in chain)	5 years ago
sebres	c753ffb11d	combine nftables actions to single action: - nftables-common is removed - nftables-allports is obsolete, replaced by nftables[type=allports] - nftables-multiport is obsolete, replaced by nftables[type=multiport]	5 years ago
sebres	c59d49da22	nftables-allports: support multiple protocols in single rule; tests/servertestcase.py: added coverage for nftables actions	5 years ago
Ririsoft	dde51b4682	fix actionban/unban ip definition syntax	5 years ago
Monson Shao	1cda50ce05	Rewrite nftables variables based on nftables' logic. Add an example for redirecting.	5 years ago
sebres	990c410877	Merge branch '0.10' into 0.11 # Conflicts (resolved): # fail2ban/client/jailreader.py	5 years ago
sebres	a36b70c7b5	filter.d/znc-adminlog.conf: support logging format of systemd-journal, bypass port after address (optional, removed end-anchor, see gh-2520)	5 years ago
sebres	1cdd618232	Merge branch '0.10' into 0.11	5 years ago
sebres	5d5253dd70	Merge branch '0.10' into 0.11	5 years ago
sebres	91923b5c07	don't need to match identifier exactly (@ is precise enough as prefix), not capturing group; `prefregex` extended, more selective now (denied/NOTAUTH suffix moved from `failregex`, so no catch-all there anymore); update ChangeLog	5 years ago
Joe Horn	4395469226	Update named-refused.conf Log format changed since ver. 9.11.0 Ref. ftp://ftp.isc.org/isc/bind9/9.11.0/RELEASE-NOTES-bind-9.11.0.html "The logging format used for querylog has been altered. It now includes an additional field indicating the address in memory of the client object processing the query."	5 years ago
Sergey G. Brester	a395361de8	Merge pull request #2467 from sebres/logtype-option-rfc5424 New option `logtype` value - `rfc5424`	5 years ago
sebres	581f13c2db	Merge branch '0.10' into 0.11	5 years ago
Sergey G. Brester	0dfd4f1f41	Merge pull request #2404 from benrubson/badprotocol filter.d/sshd.conf: matches "Bad protocol version identification" in ddos and aggressive modes.	5 years ago
Sergey G. Brester	119401fced	Merge pull request #2452 from benrubson/badips Badips key is only used to retrieve list	5 years ago
sebres	af611db859	Merge branch '0.10' into 0.11	5 years ago
sebres	5e980afbb8	filter.d/apache-noscript.conf: closes #2466 - matches "Primary script unknown" without "\n" (optional now)	5 years ago
sebres	62b1712d22	amend to #2387 : - common.conf: rewritten using section-based handling round about option logtype; - option `logtype` extended with `rfc5424` to cover RFC 5424 log-format (see #2309);	5 years ago
Sergey G. Brester	846b3316db	amend, remove NL	5 years ago
Sergey G. Brester	4ae00485b0	revert acktionban back, use norestored option	5 years ago
Noel Kuntze	9327218843	Improved blocklist_de action to not resend bans that were already reported	5 years ago
benrubson	8b171f7d25	Badips key is only used to retrieve list	5 years ago
sebres	80f97eaf02	Merge branch '0.10' into 0.11	5 years ago
sebres	e751be2c13	normalize, simplify and fix several mail actions (mail and sendmail actions are more similar now, sendmail is configurable via parameter `mailcmd`, etc); added test covering sendmail-whois-lines	6 years ago
sebres	5045c4bb00	Merge branch '0.10' into 0.11	6 years ago
girst	a7dc3614c4	znc-adminlog: use `<ADDR>` instead of `<HOST>`	6 years ago
girst	b288ccd6b6	new filter: znc-adminlog	6 years ago
sebres	2e7a600851	Merge branch '0.10' into 0.11	6 years ago
sebres	22b9304562	action.d/badips.py: fix start of banaction on demand (which may be IP-family related), supplied action info with ticket instead of simulating it with dict; (closes gh-2390)	6 years ago
sebres	0ed3a63151	Merge branch '0.10' into 0.11	6 years ago
sebres	e5ae113215	filter.d/postfix.conf: extended with new postfix filter mode `errors` to match "too many errors" (gh-2439), also included within modes `normal`, `more` (`extra` and `aggressive`), since postfix parameter `smtpd_hard_error_limit` is default 20 (additionally consider `maxretry`)	6 years ago
sebres	3b2f75414c	filter.d/postfix.conf: extended regexp's to accept variable suffix code in status of postfix for precise messages (gh-2442)	6 years ago
sebres	3d4044084a	Merge branch '0.10' into 0.11	6 years ago
Sergey G. Brester	7dbd3a07eb	cut comment to limit documented on abuseipdb, additionally use curl in quiet mode	6 years ago
Carlos Ferreira	7b73cb7639	Switch to AbuseIPDB API v2	6 years ago

... 2 3 4 5 6 ...

1951 Commits (54c0effceb998b73545073ac59c479d9d9bf19a4)