Serg G. Brester
7e05976ead
action.d/hostsdeny.conf: actionunban rewritten using sed, also dots in IP were escaped now.
...
Closes #2000
2018-01-11 12:38:34 +01:00
sebres
c30144b37a
Merge branch '0.9' into 0.10
...
# Conflicts:
# config/action.d/firewallcmd-ipset.conf
# config/filter.d/asterisk.conf
# Merge-point after cherry-pick, no changes:
# fail2ban/client/jailreader.py
# fail2ban/helpers.py
2018-01-10 12:05:26 +01:00
sebres
131b94e11e
firewallcmd-ipset-allports: implemented in `action.d/firewallcmd-ipset.conf` now (`action.d/firewallcmd-ipset-allports.conf` removed), usage:
...
banaction = firewallcmd-ipset[actiontype="<allports>"]
2018-01-10 10:58:03 +01:00
Danila Vershinin
c190631f88
New ban action firewallcmd-ipset-allports. Closes #1167
2018-01-10 10:58:01 +01:00
root
79f414c6a2
fix <family> typo
2017-12-09 15:55:45 +01:00
root
7c63eb2378
In the CentOS7 and epel environment, result of "firewall-cmd -direct -get -chains ipv4 filter" is displayed one line
...
Changed to be multiple lines with reference to firewallcmd-multiport.conf
2017-12-09 15:55:45 +01:00
sebres
6ccaa03e00
action.d/firewallcmd-ipset.conf: extended with actionflush to bulk unban resp. flush ipset
2017-12-06 01:10:56 +01:00
sebres
e384acca5f
action.d/firewallcmd-ipset.conf: fixed create of set for ipv6 (missing `family inet6`)
2017-12-05 23:34:03 +01:00
sebres
76f2865883
implemented new action "action.d/nginx-block-map.conf", used in order to ban not IP-related tickets via nginx (session blacklisting in nginx-location with map-file);
2017-11-28 13:42:41 +01:00
sebres
a1b863fcf6
action.d/pf.conf: extended with bulk-unban, command `actionflush` in order to flush all bans at once (by stop jail, resp. shutdown of fail2ban)
2017-10-17 20:12:48 +02:00
sebres
8726c9fb0a
pf.conf: enclose ports in braces, multiple ports expecting this syntax `... any port {http, https}`.
...
Note this would be backwards-incompatible change (for the people already enclosing multiports in braces in jail.local).
closes gh-1915
2017-10-17 13:46:29 +02:00
Łukasz Wąsikowski
a4f94d2619
Update pf.conf
...
Fix comment, because current one won't work:
cat /etc/pf.conf
anchor f2b {
sshd
}
# service pf reload
Reloading pf rules.
/etc/pf.conf:2: syntax error
New version:
cat /etc/pf.conf
anchor f2b {
anchor sshd
}
# service pf reload
Reloading pf rules.
2017-10-17 12:39:25 +02:00
Louis Sautier
152c9d27d5
Fix nftables actions for IPv6 addresses, fixes #1893
...
* add [Init?family=inet6] to nftables-common.conf and make nftable
expressions more modular
* change "ip protocol" to "meta l4proto" in nftables-allports.conf
since the former only works for IPv4
2017-09-11 23:32:53 +02:00
sebres
1d5fbb95ae
Merge remote-tracking branch 'remotes/gh-upstream/master' into 0.10
2017-08-18 15:44:22 +02:00
Serg G. Brester
b0e5efb631
bsd-ipfw.conf: sh-compliant redirect of stderr together with stdout
2017-08-18 15:26:09 +02:00
sebres
3be32adefb
Replace not posix-compliant grep option: fgrep with `-q` option can cause 141 exit code in some cases (see gh-1389).
2017-08-18 14:37:29 +02:00
Jacques Distler
f84e58e769
Tweaks to action.d/pf.conf
...
Document recent changes.
Add an option to customize the pf block rule (surely, what the user
really wants, here, is "block quick").
2017-08-18 13:31:34 +02:00
sebres
33874d6e53
action.d/pf.conf: anchored call arguments combined as `<pfctl>` parameter;
...
test cases fixed;
2017-08-16 17:51:07 +02:00
Alexander Köppe
f6ccede2f1
Update pf.conf fixing #1863
...
Fix #1863
Introduce own PF anchors for fail2ban rules.
2017-08-16 17:51:05 +02:00
sebres
30219b54c4
Merge remote-tracking branch 'remotes/gh-upstream/master' into 0.10
2017-08-09 16:38:29 +02:00
Serg G. Brester
c0eb7752a8
Merge pull request #1651 from szepeviktor/patch-9
...
Introduce Cloudflare API v4
2017-08-09 16:28:52 +02:00
Serg G. Brester
2ed8a38eca
Update cloudflare.conf
...
Switch to API v1 to API v4 per default
2017-08-09 16:27:53 +02:00
Serg G. Brester
5b7375c614
Merge pull request #1638 from roedie/shorewall-ipv6
...
Add shorewall IPv6 support
2017-08-09 15:54:57 +02:00
Bigard Florian
f4551d02c9
Fix empty logfile.log in xarf login attack action
...
Fix empty 3rd MIME part which contains the attack evidence (logfile.log).
2017-07-25 13:44:29 +02:00
Serg G. Brester
6c030c5e10
Merge pull request #1717 from szepeviktor/patch-11
...
Updated xarf-specification repo URL in xarf action
2017-07-12 09:54:15 +02:00
sebres
33fcf8d809
Merge branch 'master' into 0.10
2017-07-03 12:43:48 +02:00
Serg G. Brester
f27e053592
Update bsd-ipfw.conf
...
increased starting rule number (lowest_rule_num = 111)
2017-07-01 17:10:53 +02:00
Serg G. Brester
80cc47b75f
Update helpers-common.conf
...
fixed grep pattern: escape dot-char in search-IP and more restrictive boundaries (IPv6-capable)
2017-05-30 09:14:43 +02:00
Viktor Szépe
5bb6be0163
IPv6 address may overlap
2017-05-30 02:05:38 +02:00
sebres
99344d28c8
Introduces new tags with hostname:
...
- `<fq-hostname>` - fully-qualified name of host (the same as `$(hostname -f)`)
- `<sh-hostname>` - short hostname (the same as `$(uname -n)`)
Execution of `uname -n` replaced in all mail actions with most interesting fully-qualified `<fq-hostname>`.
2017-04-24 21:17:55 +02:00
Peter van der Does
bb79e7f413
Parameter not needed
...
The parameter '-s' causes an error as the <mailcmd> already has the parameter.
2017-04-11 11:13:58 -04:00
sebres
97e8b42d34
dummy action extended with more examples and test-covered now
2017-03-30 13:02:37 +02:00
sebres
d03872fbbf
bulk unban: add new command `actionflush` default for several iptables/iptables-ipset actions (and common include):
...
iptables-common
iptables
iptables-allports
iptables-multiport-log
iptables-multiport
iptables-new
iptables-ipset-proto4
iptables-ipset-proto6
iptables-ipset-proto6-allports
executing `actionflush` command covered for this actions now
2017-03-29 23:24:11 +02:00
sebres
8bf79fa483
implemented execution of `actionstart` on demand, if action depends on `family` (closes gh-1741);
...
new action parameter "actionstart_on_demand" (bool) can be set to prevent/allow starting action on demand (default retrieved automatically, if some conditional parameter `param?family=...` presents in action properties);
2017-03-29 17:44:15 +02:00
Viktor Szépe
d79267c424
Updated xarf-specification repo URL in xarf action
2017-03-14 20:47:31 +01:00
Serg G. Brester
d042981954
Merge pull request #1655 from ajcollett/0.10
...
Added config for AbuseIPDB
2017-03-09 15:15:26 +01:00
Serg G. Brester
b1f5ac9484
Update abuseipdb.conf
2017-03-09 13:33:11 +01:00
sebres
6a2c95da95
`action.d/sendmail-geoip-lines.conf` fixed using new tag `<ip-host>` (dns-cache and without external command execution);
...
changelog updated;
2017-03-08 16:51:08 +01:00
sebres
d2a3d093c6
rewritten CallingMap: performance optimized, immutable, self-referencing, template possibility (used in new ActionInfo objects);
...
new ActionInfo handling: saves content between actions, without interim copying (save original on demand, recoverable via reset);
test cases extended
2017-02-24 11:54:24 +01:00
Serg G. Brester
2fa18a74c4
Merge branch 'master' into master
2017-02-17 09:06:09 +01:00
sebres
4bf09bf297
provides new tag `<ip-rev>` for PTR reversed representation of IP address;
...
[action.d/complain.conf] fixed using this new tag;
2017-02-16 13:38:20 +01:00
Christoph Theis
861ce4177c
#1689 : Make lowest rule number in action.d/bsd-ipfw.conf configurable
2017-02-14 18:31:42 +01:00
Jan Grewe
58c68b75f0
Remove double-quotes from email addresses
2017-02-08 14:16:13 +01:00
Jan Grewe
1bcf0de7c1
Update complain.conf
2017-02-07 21:39:46 +01:00
Jan Grewe
901eeff53d
Make Abusix lookup compatible with Dash
2017-02-06 22:04:36 +01:00
sebres
e8a1556562
Merge remote-tracking branch 'master' into 0.10
...
# Conflicts:
# fail2ban/tests/samplestestcase.py
2017-01-21 16:59:41 +01:00
Juliano Jeziorny
1fe554dd25
Introduced Citrix Netscaler action
2017-01-19 14:30:25 +01:00
sebres
74a6afadd5
Mail-actions switched to use new option "norestored" instead of checking of variable `restored` during shell execution (prevents executing of such actions at all).
2017-01-16 09:40:48 +01:00
sebres
ee3c787cc6
Recognize restored (from database) tickets after restart (tell action restored state of the ticket);
...
Prevent executing of several actions (e.g. mail, send-mail etc) on restart (bans were already notified).
Test cases extended (smtp and by restart in ServerReloadTest).
Closes gh-1141
Closes gh-921
2017-01-13 19:06:17 +01:00
sebres
c9f32f75e6
Merge branch '0.9-fix-regex-using-journal' into 0.10-fix-regex-using-journal (merge point against 0.9 after back-porting gh-1660 from 0.10)
2017-01-10 11:25:41 +01:00
Andrew James Collett
1c41390f7c
Restructured the way the catagories work.
...
Jail.conf is cleaner and abuseipdb.conf is more flexible.
2017-01-08 09:26:11 +02:00
Andrew James Collett
55e107310f
Added config for AbuseIPDB, ony tested on Ubuntu 16.04
2017-01-07 14:24:54 +02:00
Viktor Szépe
81c1810f10
Introduce Cloudflare API v4
...
In the cloudflare action everyone is suggested to use API v4.
And I don't dare to contribute any actual change.
2016-12-31 21:30:57 +01:00
roedie
3adc16d266
Shorewall IPv6 suggested changes.
...
Change files as suggested by sebres.
2016-12-12 20:53:58 +01:00
Yaroslav Halchenko
31a1560eaa
minor typos (thanks Vincent Lefevre, Debian #847785 )
2016-12-11 15:13:11 -05:00
roedie
6e18508a07
Add shorewall IPv6 support
...
Small patch which allow fail2ban to use shorewall for IPv6 bans.
2016-12-11 20:44:54 +01:00
sebres
a2af19c9f0
fixed several actions, that could not work with jails using multiple logpath; additionally repaired execution in default shell (bad substitution by `${x//...}` executing in `/bin/sh`);
...
added helper "action.d/helpers-common.conf", and `_grep_logs` part-command for actions needed grep logs from multiple log-files
test cases: executing of some complex actions covered
2016-11-25 19:27:26 +01:00
sebres
c809c3e61e
Merge branch 'master' into 0.10
2016-10-13 19:01:13 +02:00
Nils
d08db22b92
Create npf.conf for the NPF packet filter
...
This file adds support for the NPF packet filter, available on NetBSD since version 6.0
2016-10-13 18:50:54 +02:00
sebres
8b0f6c5413
badips test cases check availability of badips service (and skip this tests if it not available)
2016-09-30 12:03:27 +02:00
sebres
d71a525a85
Merge branch 'master' into 0.10 (resolve conflicts and cleaning tree points after back-porting gh-1508 0.10 -> 0.9)
2016-08-12 18:51:56 +02:00
Yaroslav Halchenko
c0994b0c6c
DOC: minor typo (thanks John Bernard) Closes #1496
2016-08-04 10:23:05 -04:00
Serg G. Brester
af8b650a37
badip timeout option introduced, set to 30 seconds in our test cases ( #1463 )
...
cherry-picked from 0.10 (little bit modified in test_badips.py, because no --fast option in test cases)
2016-06-13 12:56:53 +02:00
sebres
e39126f630
badip timeout option introduced, set to 30 seconds in our test cases
2016-06-10 13:15:46 +02:00
sebres
0fdc56546f
Fixed misunderstanding of port in (ban)action: port will be always specified in jail config ([DEFAULT] or jail)
2016-05-19 17:45:41 +02:00
Yaroslav Halchenko
1ebc3facb1
BF: maintain previous default beh for pf -- ban a port (ssh) only
2016-05-19 17:14:33 +02:00
sebres
4d51c591c1
pf.conf: warranted consistently echoing for the pf actiontype if actiontype or multiport tags will be customized;
2016-05-19 14:50:41 +02:00
Alexander Koeppe
b5e031f3c3
some documentation for multiport use in pf.conf
2016-05-17 21:32:21 +02:00
sebres
1e7fd26f5f
rename `actionoptions` to `actiontype` in pf-action (multiport) + fixed test cases
2016-05-17 20:51:12 +02:00
Alexander Koeppe
e74047ae49
revert to common config for PF covering multi and allports
2016-05-17 18:19:40 +02:00
Alexander Koeppe
3e1328c83b
split PF config files between all- and multi port
2016-05-17 18:19:27 +02:00
sebres
0c44ecfc77
action.d/firewallcmd-ipset.conf: different name of the match set's for IPv4/IPv6, using conditional <ipmset>, analog to the iptables-ipset;
...
test cases for 3 firewallcmd extended;
2016-05-14 15:01:35 +02:00
TorontoMedia
ffebde68e0
Update firewallcmd-multiport.conf
2016-05-13 22:38:36 -04:00
TorontoMedia
07de83e04a
Update firewallcmd-common.conf
2016-05-13 22:38:10 -04:00
TorontoMedia
810d5996b5
Update firewallcmd-rich-logging.conf
2016-05-13 22:10:25 -04:00
TorontoMedia
7e54cee8d6
updated firewallcmd actions
2016-05-13 21:36:27 -04:00
sebres
504e5ba6f2
actions support IPv6 now:
...
- introduced "conditional" sections, see for example `[Init?family=inet6]`;
- iptables-common and other iptables config(s) made IPv6 capable;
- several small code optimizations;
* all test cases passed (py3.x compatible);
2016-05-11 16:54:28 +02:00
sebres
75028585c0
test cases extended for verifying ipv4/ipv6, normalized pf-action with test case
2016-05-11 16:54:25 +02:00
Alexander Koeppe
ed2f3ef77d
improve PF action and make IPv6 aware
2016-05-11 16:54:22 +02:00
TorontoMedia
3d239215cd
Two new firewalld actions with rich rules for firewalld-0.3.1+ (gh-1367)
...
closes #1367
2016-03-25 17:28:30 +01:00
Serg G. Brester
fe14c8fa05
Merge pull request #1292 from albel727/master
...
Add nftables actions
2016-01-24 23:55:50 +01:00
Alexander Belykh
985e8938a4
Refactor nftables actionstop into smaller parts
2016-01-06 17:39:54 +06:00
Alexander Belykh
9779eeb986
Add nftables_type/family/table parameters
2016-01-06 17:33:14 +06:00
Alexander Belykh
260c30535d
Escape curly braces in nftables actions
2016-01-06 17:13:30 +06:00
Alexander Belykh
1983e15580
Add empty line between parameters in nftables-common.conf
2016-01-06 16:55:29 +06:00
Alexander Belykh
f7f91a8bd4
Refactor common code out of nftables-multiport/allports.conf
2016-01-05 19:03:47 +06:00
sebres
69f5623f83
code simplifying (remove duplication): agent will be always supplied as parameter from jail.conf
2016-01-04 09:30:32 +01:00
Alexander Belykh
618e97bce8
Add nftables actions
2016-01-04 01:36:28 +06:00
sebres
ac31121432
amend to fix fail2ban-version: correct user-agent for badips.py "Fail2Ban/ver", changeable within jail/config now;
2015-12-31 02:32:17 +01:00
sebres
cf334421bd
Provides fail2ban version to jail (as interpolation variable during parse of jail.conf);
...
BF: use `fail2ban_agent` as user-agent in actions badips, blocklist_de, etc. (closes #1271 , closes #1272 )
2015-12-31 01:38:25 +01:00
agentmoller001
617302fcc2
Updated route.conf to clear warnings
...
Does not throw warnings when starting/restarting by adding three lines of code.
2015-10-09 18:16:36 -07:00
Viktor Szépe
0d8968daa9
Added CloudFlare API error codes URL
2015-09-30 16:07:45 +02:00
M. Maraun
2895d981fa
Set Timeout at urlopen to 3 seconds
2015-09-26 21:26:55 +02:00
Yaroslav Halchenko
c37009aec7
Merge branch 'grep-m1k' of github.com:szepeviktor/fail2ban
...
* 'grep-m1k' of github.com:szepeviktor/fail2ban:
Limit the number of log lines in *-lines.conf actions
Conflicts:
ChangeLog -- took both versions and adjusted the new one
for -n 1000 change
2015-07-27 22:37:46 -04:00
Yaroslav Halchenko
38c320798d
Merge pull request #1127 from yarikoptic/enh-iptables-w-close-1122
...
WIP ENH Add <lockingopt> (Close : #1122 ) and <iptables> to define the iptables call
2015-07-27 22:30:54 -04:00
Yaroslav Halchenko
0041bc3770
DOC: Changelog for shorewall-ipset-proto6.conf + adjusted its description
2015-07-26 23:10:08 -04:00
Yaroslav Halchenko
de2f9504c0
Merge pull request #978 from ediazrod/patch-2
...
shorewall-ipset-proto6.conf for shorewall
2015-07-26 23:00:58 -04:00
Yaroslav Halchenko
65cd218e10
Merge remote-tracking branch 'origin/master'
...
* origin/master:
ipjailmatches is on one line with its description in man jail.conf
Added a space between IP address and the following colon
2015-07-26 22:47:43 -04:00
Viktor Szépe
c8b3ee10a0
Limit the number of log lines in *-lines.conf actions
2015-07-27 02:35:21 +02:00
Thomas Mayer
a19cb1b2b9
Merge 923d807ef8
into cf2feea987
2015-07-25 01:23:39 +00:00