sebres
970573d1cb
Merge branch '0.11'
2022-01-18 16:17:49 +01:00
sebres
35d73d9758
Merge branch '0.10' into 0.11
2022-01-18 16:17:07 +01:00
sebres
bf689c27b8
filter.d/sshd.conf: `ddos` mode extended - recognizes messages "kex_exchange_identification: Connection closed / reset by pear" (fixed possible regression of f77398c49d
);
...
closes gh-3086
2022-01-18 15:42:35 +01:00
sebres
8bf15db688
filter.d/sshd.conf: `ddos` mode extended - recognizes new message "banner exchange: invalid format" generated by port scanner, https payload on ssh port;
...
closes gh-3169
2022-01-18 15:41:27 +01:00
sebres
80805cabfc
Merge branch '0.11'
2021-11-03 16:01:00 +01:00
sebres
0b3ad780fe
Merge branch '0.10' into 0.11
2021-11-03 15:48:21 +01:00
sebres
4b54a07d71
Revert "`action.d/firewallcmd-*.conf` (multiport only): fixed port range selector, replacing `:` with `-`;"
...
This reverts the incompatibility #3047 introduced by commit a038fd5dfe
(#2821 ).
2021-11-01 11:45:40 +01:00
Sylvestre Ledru
3245b8018b
Add the Debian path to roundcube error logs
2021-10-23 17:38:20 +02:00
Sergey G. Brester
ba839af8ad
filter.d/lighttpd-auth.conf: adjusted to the current source code + avoiding catch-all's, etc (gh-3116)
2021-10-01 15:03:24 +02:00
sebres
10cd815525
merge 0.11 to 1.0 (GHSA-m985-3f3v-cwmm)
2021-07-07 12:06:06 +02:00
sebres
c03fe6682c
merge 0.10 to 0.11 (GHSA-m985-3f3v-cwmm)
2021-07-07 12:04:46 +02:00
sebres
410a6ce5c8
fixed possible RCE vulnerability, unset escape variable (default tilde) stops consider "~" char after new-line as composing escape sequence
2021-06-21 17:12:53 +02:00
sebres
579c6a94af
filter.d/postfix.conf: mode `ddos` (and `aggressive`) extended to consider abusive handling of clients hitting command limit (gh-3040)
2021-06-10 15:23:24 +02:00
sebres
43f2923fbd
filter.d/postfix.conf: matches rejects with "undeliverable address" (sender/recipient verification, gh-3039) additionally to "Unknown user";
...
both are configurable now via extended parameter and can be disabled using `exre-user=` supplied in filter parameters
2021-06-10 15:06:54 +02:00
Sergey G. Brester
bbfff18280
action.d/ufw.conf: amend to #3018 : parameter `kill-mode` extended with conntrack
2021-06-03 12:02:08 +02:00
sebres
c7a86b4616
action.d/firewallcmd-ipset.conf: amend to #2620 :
...
- combines actions `firewallcmd-ipset` and `firewallcmd-ipset-native` (parameter `ipsettype=firewalld`);
- IPv6-capability for firewalld ipset;
- no internal timeout handling by default;
- no permanent rules yet
2021-05-29 22:59:55 +02:00
Sergey G. Brester
2a508da5a0
Merge pull request #2620 from mspolitaev/master
...
Using native firewalld ipset implementation
2021-05-29 21:30:55 +02:00
sebres
38535b0cca
Merge branch '0.11' into master
2021-05-29 21:25:24 +02:00
sebres
d2f5c7de09
Merge branch '0.10' into 0.11
2021-05-29 21:24:11 +02:00
sebres
92f90038fa
filter.d/dovecot.conf: extended to match prefix like `conn unix:auth-worker (uid=143): auth-worker<13247>:` (authenticate from external service like exim), gh-2553
2021-05-29 21:12:34 +02:00
sebres
8b984a0135
filter.d\exim-common.conf: pid-prefix extended to match `mx1 exim[...]:` (gh-2553)
2021-05-29 20:47:56 +02:00
sebres
6be1a5a0b1
filter.d/dovecot.conf: fixed "Authentication failure" regex, matches "Password mismatch" in title case (gh-2880)
2021-05-29 20:25:28 +02:00
sebres
8afea37494
filter.d/sendmail-auth.conf: covering several "authentication failure" messages, sendmail 8.16.1 (gh-2757)
2021-05-29 20:09:57 +02:00
sebres
c5f1598a21
filter.d/postfix.conf: extended to cover new vectors:
...
- reject: BDAT/DATA from (gh-2927)
- (since regex is more precise now) token selector changed to `[A-Z]{4}`, e. g. no matter what a command is supplied now (RCPT, EHLO, VRFY, DATA, BDAT or something else)
- matches "Command rejected" and "Data command rejected" now
2021-05-29 19:48:24 +02:00
sebres
ae3e9b9149
filter.d/postfix.conf: extended to cover 2 new vectors:
...
- RCPT from unknown, 504 5.5.2, need fully-qualified hostname, gh-2995
- 550 5.7.25 Client host rejected, gh-2996
review combining several regex to single one
2021-05-29 19:21:27 +02:00
sebres
87f717e0e0
filter.d/sendmail-reject.conf: fix reverse DNS for ... (gh-3012)
2021-05-29 18:45:59 +02:00
Sergey G. Brester
3d52fe3e4e
Merge pull request #2679 from mikaku/updated-to-latest-jail.conf
...
Add new jail (and filter) Monitorix
2021-05-27 12:17:16 +02:00
sebres
0a05dbdbfc
Merge branch '0.11' into master
2021-05-25 23:19:25 +02:00
sebres
3312b8cb95
Merge branch '0.10' into 0.11
2021-05-25 23:18:33 +02:00
sebres
1627d4f573
filter.d/sendmail-auth.conf: user not found, closes gh-3030
2021-05-25 23:16:29 +02:00
Sergey G. Brester
f07e0f7ade
Merge pull request #2984 from j-marz/zoneminder_filter_update
...
Zoneminder filter update
2021-05-21 13:03:33 +02:00
Sergey G. Brester
ec4e0dd65b
padding with space, prefregex, regex review (simplifying, capture user name, consider possible space char in user name)
2021-05-21 13:00:24 +02:00
j-marz
2367ad115c
fixed typo in comment
2021-05-20 09:15:45 +10:00
Sergey G. Brester
3f9cf27853
filter.d/apache-fakegooglebot.conf: better, more precise regex and datepattern (closes possible weakness like #3013 )
2021-05-11 13:47:48 +02:00
usernamepi
4f8427178a
Missing comment "#" ( #3022 )
...
Missed this ... but the logs showed it.
2021-05-07 18:23:40 +02:00
usernamepi
88f779ed24
ufw.conf, amend to #3018 - add missing option for comment ( #3019 )
2021-05-06 23:23:39 +02:00
Sergey G. Brester
8f6a8df3a4
added new options `kill-mode` and `kill`, which makes the drop of all connections optional
2021-05-06 21:47:06 +02:00
Sergey G. Brester
5debaa4cac
option "add", can be set to "insert <num>" instead of prepend (customization or backwards compat)
2021-05-06 20:23:58 +02:00
usernamepi
e4e7a83cff
Update ufw.conf
...
Prerequisites:
* The ss command is available, kernel is compiled with option CONFIG_INET_DIAG_DESTROY.
* Ufw version is => 0.36 (released in 2018)
* Now using "prepend" instead of "insert" to be able to handle IPv6 addresses correctly. The current action will fail for IPv6 addresses.
* Now application names containing a space should handled correctly, solves https://github.com/fail2ban/fail2ban/pull/1532
* Now closing IPv4 and IPv6 connections (if any) from the ip that is being banned. The current action will leave them open.
Using ss to accomplish this. For this to work the kernel needs to be compiled with the CONFIG_INET_DIAG_DESTROY option.
My system apparently is compiled that way.
2021-05-06 13:44:36 +02:00
sebres
71ce548117
Merge branch '0.11'
2021-04-27 14:05:53 +02:00
sebres
b5b615731e
Merge branch '0.10' into 0.11
2021-04-27 14:03:49 +02:00
sebres
f0214b3d36
filter.d/sendmail-reject.conf: fixed regex to consider "Connection rate limit exceeded" with different combination of arguments
2021-04-20 18:13:40 +02:00
Sergey G. Brester
ab0847e2d5
more precise anchored RE (also combining all 3 REs in a single regex)
2021-04-14 13:06:58 +02:00
Jordi Sanfeliu
7d173b7ce0
Merge branch 'master' into updated-to-latest-jail.conf
2021-04-13 20:24:08 +02:00
sebres
6893d5a8b7
Merge remote-tracking branch 'remotes/gh-upstream/0.11' into master
2021-04-11 19:05:02 +02:00
Sergey G. Brester
d74dd9321b
Merge pull request #2565 from caronc/0.11
...
Add Apprise Support (50+ Notifications)
2021-04-04 00:24:21 +02:00
Sergey G. Brester
b2f6a3a658
remove unneeded substitution
...
it is enough to add `apprise` to action
2021-04-04 00:21:59 +02:00
Sergey G. Brester
dda70d60c0
Merge branch 'master' into master
2021-04-04 00:04:08 +02:00
Michele Mondelli
7579072e3b
docs: fix typos
2021-04-03 23:49:23 +02:00
Sergey G. Brester
4eba9f2a4b
Merge pull request #2950 from sunweaver/pr/scanlogd-filter
...
Add support for filtering out detected port scans via scanlogd.
2021-04-03 23:36:14 +02:00
Sergey G. Brester
2d51240b3e
correction for default log interpolation and added allports banaction
2021-04-03 23:33:49 +02:00
Sergey G. Brester
977dfe4bd7
small amend: sport after saddr is optional
...
format of message: saddr[:sport] to daddr [and others,] ports port[, port...], ..., flags[, TOS TOS][, TTL TTL] @HH:MM:SS
2021-04-03 23:29:16 +02:00
Sergey G. Brester
14edeed310
fixed regex (don't need to match whole line, e. g. every port etc)
2021-04-03 23:24:55 +02:00
Sergey G. Brester
080dd12288
Merge pull request #2965 from oukb/patch-1
...
nsd.conf: fix for the current log format
2021-04-03 21:02:03 +02:00
Sergey G. Brester
a838deba7f
restore anchor (e. g. catch all in the middle), dot is optional now, RE rewritten a bit more precise
2021-04-03 21:00:14 +02:00
sebres
7f38b80d35
precise regex (left anchor and fewer catch-all's); fixed tests (added failJSON and more tests for some corner-cases around new RE)
2021-04-03 20:16:47 +02:00
Rüdiger Olschewsky
9eaa2322b0
Filter and Defaults for Microsoft SQL Server
2021-04-03 19:30:29 +02:00
Markus Felten
5aa20c30d8
fix: add journalmatch to nginx filters
2021-04-03 19:20:50 +02:00
j-marz
5d8f500471
updated formatting to pass tests
2021-03-29 08:36:53 +11:00
j-marz
2686811593
Updated zoneminder filter
...
Support new log format, ERR instead of WAR. Add detection of non-existent user login attempts
2021-03-28 21:19:10 +11:00
oukb
529866b2bb
nsd.conf: fix for the current log format
...
New nsd 4.3.5 log format:
| [2021-03-05 05:25:14.562] nsd[160800]: info: axfr for example.com. from 192.35.168.32 refused, no acl matches
| [2021-03-06 05:24:33.223] nsd[356033]: info: axfr for localhost. from 192.35.168.160 refused, no acl matches
| [2021-03-07 05:23:26.641] nsd[547893]: info: axfr for example.com. from 192.35.168.64 refused, no acl matches
| [2021-03-08 05:18:54.067] nsd[739606]: info: axfr for example.com. from 192.35.168.32 refused, no acl matches
2021-03-08 19:14:28 +03:00
Mike Gabriel
f15ed35619
config/: Add support for filtering out detected port scans via scanlogd.
2021-03-05 16:35:13 +01:00
sebres
fb08534ed7
Merge branch '0.11'
2021-03-03 18:17:35 +01:00
sebres
3eaefe8da0
Merge branch '0.10' into 0.11
2021-03-03 18:16:47 +01:00
sebres
a45b1c974c
filter.d/ignorecommands/apache-fakegooglebot: added timeout parameter (default 55 seconds) - avoid fail with timeout (default 1 minute) by reverse lookup on some slow DNS services (googlebots must be resolved fast);
...
closes gh-2951
2021-03-02 19:35:27 +01:00
sebres
63acc862b1
`action.d/nginx-block-map.conf`: reload nginx only if it is running (also avoid error in nginx-errorlog, gh-2949) and better test coverage for the action
2021-02-24 18:21:42 +01:00
sebres
fb6315ea5e
Merge branch '0.10' into 0.11
2021-02-24 13:16:36 +01:00
sebres
6f4b6ec8cc
action.d/badips.* removed (badips.com is no longer active, gh-2889)
2021-02-24 13:05:04 +01:00
Sergey G. Brester
a2f0dbad87
Merge pull request #2742 from aresxc/patch-1
...
Update drupal-auth.conf
2021-02-11 19:10:55 +01:00
Sergey G. Brester
d678440658
more precise RE (avoids weakness with catch-all's and is injection safe)
2021-02-11 18:32:32 +01:00
sebres
ea26509594
Merge branch '0.11'
2021-02-03 14:59:00 +01:00
sebres
6198b4566c
Merge branch '0.10' into 0.11
2021-02-03 14:47:56 +01:00
Brian J. Murrell
dc4ee5aa47
Add transport to asterisk RE
...
Call rejection messages from Asterisk can have the transport prefixed to the IP address.
Signed-off-by: Brian J. Murrell <brian@interlinx.bc.ca>
2021-01-31 15:22:16 +01:00
sebres
c75748c5d3
fail2ban.conf: added new fail2ban configuration option "allowipv6" (default auto), can be used to allow or disallow IPv6 interface in fail2ban immediately by start (e. g. if fail2ban starts before network interfaces).
...
closes gh-2804
2021-01-27 17:06:14 +01:00
sebres
21dd317870
Merge branch '0.11'
2021-01-21 19:13:13 +01:00
sebres
dbc77c47c3
Merge branch '0.10' into 0.11
2021-01-21 19:11:01 +01:00
Sergey G. Brester
5f3f4d1e2f
action.d/cloudflare.conf: better IPv6 capability
...
closes gh-2891
2021-01-11 15:23:40 +01:00
sebres
9df332fdef
filter.d/apache-overflows.conf: extended to match AH00126 error (Invalid URI ...);
...
closes gh-2908
2021-01-11 15:10:53 +01:00
sebres
2c60d08b28
Merge '0.11' (fix gh-2899) into master
2020-12-29 21:27:02 +01:00
sebres
fe334590cd
Merge branch '0.10' into 0.11
2020-12-29 21:25:09 +01:00
sebres
73b39e0894
filter.d/named-refused.conf: fixes prefix for messages from systemd journal (no mandatory space ahead, because don't have timestamp)
...
closes gh-2899
2020-12-29 21:22:47 +01:00
defanor
ba7daef86c
Handle postscreen's PREGREET and HANGUP messages
...
Provoking those seems to be a popular activity among spammers.
2020-12-24 17:29:09 +03:00
stepodev
cecc3d62ff
add mode explanation to nginx-http-auth in jail.conf
2020-11-30 12:26:32 +01:00
stepodev
d0ba27cf46
move nginx-tls-fallback rules to nginx-http-auth
2020-11-30 12:14:49 +01:00
Sergey G. Brester
d959f6d199
Update nginx-tls-fallback.conf
...
more precise and conclusive regex without catch-all's
2020-11-26 12:25:32 +01:00
stepodev
c0256724a7
fix monitoring wrong error log. was access log, should be error.log
2020-11-25 21:30:21 +01:00
stepodev
27c40a77a3
add nginx-tls-downgrade
2020-11-25 20:59:43 +01:00
sebres
a03109d096
Merge branch '0.11' into master (0.11.2 released)
2020-11-24 12:41:10 +01:00
sebres
b78d1e439a
Merge branch '0.10' into 0.11
2020-11-23 21:35:32 +01:00
Sergey G. Brester
753fff9c15
amend to #2750 , add jail for new filter nginx-bad-request
2020-11-23 18:38:41 +01:00
Sergey G. Brester
071048b8f2
Merge pull request #2750 from janprzy/master
...
Added filter nginx-bad-request
2020-11-23 18:28:07 +01:00
sebres
7965d652a1
filter.d/dovecot.conf: allow more verbose logging
...
closes #2573
2020-11-23 18:17:29 +01:00
sebres
a6de9459fc
typo
2020-11-23 18:08:38 +01:00
RyuaNerin
bba8844af8
typo
2020-11-23 18:07:49 +01:00
mpoliwczak834
595ee7ed74
add submission
2020-11-23 17:42:12 +01:00
mpoliwczak834
0c12cb7970
add managesieve support dovecot filter
2020-11-23 17:42:11 +01:00
sebres
cc64ef25f6
filter.d/apache-noscript.conf: extended to match "script not found" with error AH02811 (and cgi-bin path segment in script)
...
closes gh-2805
2020-11-23 17:25:41 +01:00
sebres
adbfdc222d
Merge branch '0.10' into 0.11
2020-11-11 11:17:15 +01:00
Sergey G. Brester
1c1a9b868c
no catch-alls, user name and error message stored in ticket
2020-11-09 15:36:30 +01:00
benrubson
840f0ff10a
Add Grafana jail
2020-11-09 15:31:06 +01:00
sebres
25e006e137
review and small tweaks (more precise and safe RE)
2020-11-09 13:43:59 +01:00
Mart124
df659a0cbc
Add Bitwarden syslog support
2020-11-09 13:34:39 +01:00
Sergey G. Brester
472bdc437b
Merge pull request #2723 from benrubson/softether
...
Add SoftEtherVPN jail
2020-11-09 13:23:25 +01:00
Sergey G. Brester
010e76406f
small tweaks (both 2nd time and facility are optional, avoid catch-all, etc)
2020-11-09 13:19:25 +01:00
sebres
66ff90408f
Merge branch '0.10' into 0.11
2020-11-09 12:45:29 +01:00
sebres
d4adec7797
Merge branch '0.9' into 0.10
2020-11-09 12:44:07 +01:00
sebres
5430091acb
jail `counter-strike`: removed link to site with redirect to malicious page (gh-2868)
2020-11-09 12:43:34 +01:00
benrubson
ec873e2dc3
Add SoftEtherVPN jail
2020-11-05 23:56:30 +01:00
sebres
6ef69b48ca
Merge branch '0.10' into 0.11
2020-11-05 16:12:31 +01:00
sebres
02525d7b6f
filter.d/sshd.conf: mode `ddos` (and `aggressive`) extended with new rule closing flood attack vector, matching:
...
error: kex_exchange_identification: Connection closed by remote host
(gh-2850)
2020-10-08 21:07:51 +02:00
sebres
2817a8144c
`action.d/bsd-ipfw.conf`: small amend (gh-2836) simplifying awk condition/code (position starts from `<lowest_rule_num>` and increases whilst used)
2020-09-29 13:33:40 +02:00
sebres
1418bcdf5b
`action.d/bsd-ipfw.conf`: fixed selection of rule-no by large list or initial `lowest_rule_num`, exit code can't be larger than 255 (gh-2836)
2020-09-29 12:35:49 +02:00
sebres
d253e60a8b
Merge branch '0.10' into 0.11
2020-09-23 19:39:50 +02:00
Sergey G. Brester
d977d81ef7
action.d/abuseipdb.conf: removed broken link, simplified usage example, fixed typos
2020-09-17 12:39:08 +02:00
sebres
74b73bce8a
Merge branch '0.10' into 0.11
2020-09-04 13:09:47 +02:00
sebres
a038fd5dfe
`action.d/firewallcmd-*.conf` (multiport only): fixed port range selector, replacing `:` with `-`;
...
small optimizations on `firewallcmd-rich-rules.conf` and `firewallcmd-rich-logging.conf` simplifying both and provide a dependency (rich-logging is a derivative of rich-rules);
closes gh-2821
2020-09-03 16:41:23 +02:00
Sergey G. Brester
70c601e9e5
involve config parameter (replaces hard-coded path); fixed typo in actionban (looks like copy&paste from trimmed tty)
2020-09-02 20:47:05 +02:00
sebres
4d2734dd86
Merge branch '0.10' into 0.11
2020-09-02 20:23:07 +02:00
sebres
ed20d457b2
jail.conf: removed action parameter `name` that set on jail-name (`name=%(__name__)s` is default in action reader)
2020-09-02 20:14:31 +02:00
sebres
db1f3477cc
amend to 3f04cba9f92a1827d0cb3dcb51e57d9f60900b4a: sendmail-auth has 2 failregex now, so rewritten with prefregex
2020-08-27 18:07:42 +02:00
sebres
3f04cba9f9
filter `sendmail-auth` extended to follow new authentication failure message introduced in sendmail 8.16.1, AUTH_FAIL_LOG_USER (gh-2757)
2020-08-27 17:44:25 +02:00
sebres
07fa9f2912
fixes gh-2787: allow to match `did not issue MAIL/EXPN/VRFY/ETRN during connection` non-anchored with extra mode (default names may deviate);
...
additionally provides common addr-tag for IPv4/IPv6 (`(?:IPv6:<IP6>|<IP4>)`) and test-coverage for IPv6
2020-08-27 17:04:19 +02:00
sebres
e9071b642a
Merge branch '0.10' into 0.11
2020-08-25 18:28:18 +02:00
benrubson
1707560df8
Enhance Guacamole jail
2020-08-25 13:01:50 +02:00
Chris Caron
2216fd8da4
Add Apprise Support (50+ Notifications)
2020-08-04 19:04:05 -04:00
sebres
067b76fc9e
Merge branch '0.10' into 0.11
2020-08-04 15:40:59 +02:00
sebres
9100d07c03
Merge branch '0.10-ipset-tout' into 0.10, amend to #2703 : resolves names conflict (command action timeout and ipset timeout); closes #2790
2020-08-04 13:53:21 +02:00
sebres
62a6771b33
Merge remote-tracking branch 'sebres:0.10' into 0.10; closes gh-2763
...
action.d/nftables.conf (type=multiport only): fixed port range selector (replacing `:` with `-`)
2020-08-04 13:51:20 +02:00
sebres
73a8175bb0
resolves names conflict (command action timeout and ipset timeout); closes gh-2790
2020-08-04 13:22:02 +02:00
Sergey G. Brester
08dbe4abd5
fixed comment for loglevel, default is INFO
2020-07-03 13:45:29 +02:00
sebres
309c8dddd7
action.d/nftables.conf (type=multiport only): fixed port range selector (replacing `:` with `-`)
2020-06-24 19:20:36 +02:00
Jan Przybylak
a5ab4406d8
Removed unnecessary escape sequence
...
This commit also contains changes to match requests that are 100% empty (by using "*" instead of "+" in the regex)
2020-06-21 18:24:09 +02:00
Jan Przybylak
d7ef5d166d
Removed vulnerable catchall & anchor
2020-06-11 16:44:48 +02:00
sebres
1da9ab78be
Merge branch '0.10' into 0.11
2020-06-11 12:52:13 +02:00
sebres
5a0edf61c9
filter.d/sshd.conf: normalizing of user pattern in all RE's, allowing empty user (gh-2749)
2020-06-08 14:38:26 +02:00
Jan Przybylak
3c83c19070
Added filter nginx-bad-request
2020-06-06 19:51:46 +02:00
aresdr
412120ac3c
Update drupal-auth.conf
...
Small fix for Drupal 8. D8 uses "Login attempt failed from" while D7 uses "Login attempt failed for".
The referer part is a must currently, but some requests did not have one and are not failing.
2020-05-30 15:25:31 -07:00
sebres
1588200274
Merge branch '0.10' into 0.11
2020-05-25 18:58:05 +02:00
Sergey G. Brester
43f699b872
grammar / typos
2020-05-06 17:32:13 +02:00
Sergey G. Brester
368aa9e775
Merge pull request #2689 from benrubson/gitlab
...
New Gitlab jail
2020-05-04 19:19:13 +02:00
Sergey G. Brester
01e92ce4a6
added fallback using tr and sed (jq is optional now)
2020-04-27 19:26:46 +02:00
Sergey G. Brester
1c1b671c74
Update cloudflare.conf
2020-04-27 19:26:44 +02:00
Sergey G. Brester
5b8fc3b51a
cloudflare: fixes ip to id conversion by unban using jq
...
normalized URIs and parameters, notes gets a jail-name (should be possible to differentiate the same IP across several jails)
2020-04-27 19:26:43 +02:00
Viktor Szépe
852670bc99
CloudFlare started to indent their API responses
...
We need to use https://github.com/stedolan/jq to parse it.
2020-04-27 19:26:39 +02:00
Ilya
8b3b9addd1
Change tool from 'cut' to 'sed'
...
Sed regex was tested - it works.
2020-04-27 19:12:36 +02:00
Ilya
5da2422f61
Fix actionunban
...
Add command to remove new line character. Needed for working removing rule from cloudflare firewall.
2020-04-27 19:12:35 +02:00
sebres
87a1a2f1a1
action.d/*-ipset*.conf: several ipset actions fixed (no timeout per default anymore), so no discrepancy between ipset and fail2ban (removal from ipset will be managed by fail2ban only)
2020-04-25 14:52:38 +02:00
sebres
6b90ca820f
filter.d/traefik-auth.conf: filter extended with parameter mode (`normal`, `ddos`, `aggressive`) to handle the match of username differently:
...
- `normal`: matches 401 with supplied username only
- `ddos`: matches 401 without supplied username only
- `aggressive`: matches 401 and any variant (with and without username)
closes gh-2693
2020-04-23 13:08:24 +02:00
sebres
affd9cef5f
filter.d/courier-smtp.conf: prefregex extended to consider port in log-message (closes gh-2697)
2020-04-21 13:32:17 +02:00
sebres
06b46e92eb
jail.conf: don't specify `action` directly in jails (use `action_` or `banaction` instead);
...
no mails-action added per default anymore (e. g. to allow that `action = %(action_mw)s` should be specified per jail or in default section in jail.local), closes gh-2357;
ensure we've unique action name per jail (also if parameter `actname` is not set but name deviates from standard name, gh-2686);
don't use %(banaction)s interpolation because it can be complex value (containing `[...]`), so would bother the action interpolation.
2020-04-15 19:00:49 +02:00