github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity
5,787 Commits
34 Branches
230 Tags
19 MiB
Commit Graph

5787 Commits (7bfa13320815b20a7511f15a35b4a43e68fde134)

Author SHA1 Message Date
Sergey G. Brester 7bfa133208
small amend: lets use lower level API for restored tickets too 2023-06-22 13:36:18 +02:00
Laurent Desausoi 3546071aa5 Restore bans from the database with full ticket information 
In the case where we use the `ignoreCommand` with information from the
ticket, we want these informations to also be included when restoring
the bans from the database (the ticket may no longer be required to be
banned).
 2023-06-22 09:50:43 +02:00
Sergey G. Brester 5d9603c104
failregex.py: resolve deprecation warning for sre_constants 
closes gh-3508
 2023-05-03 12:00:24 +02:00
Sergey G. Brester baf8330214
GHA: update python-versions, 3.11 is released 2023-05-03 11:55:00 +02:00
sebres ca4af85cd7 avoid confusion of path as failure ID with IP/CIDR notation, improve IP/CIDR parsing; 
wrong CIDR notation or invalid plen always causes a fallback to raw string now;
fixes recognition of `::` and `::/32`
 2023-04-26 17:10:39 +02:00
Sergey G. Brester de0ed85fb8
README.md: code status - switch from travis-ci to GHA 2023-04-24 23:10:47 +02:00
Sergey G. Brester 871101c3c1
Merge pull request #3502 from fail2ban/gh-3497 
filter.d/exim.conf: fixes "dropped: too many ..." regex (also matches unrecognized commands)
 2023-04-24 22:59:00 +02:00
Sergey G. Brester 3c8d5fd4ef
Update ChangeLog 2023-04-24 17:11:04 +02:00
Sergey G. Brester 809b904106
filter.d/exim.conf: fixes "dropped: too many ..." regex and also matches unrecognized commands new vector 2023-04-24 15:40:53 +02:00
Sergey G. Brester 7544e969d5
new test messages for exim (gh-3497) 2023-04-24 15:36:21 +02:00
Sergey G. Brester 2b98f461bb
Merge pull request #2860 from a16bitsysop/mikrotik 
Add action for mikrotik routerOS
 2023-04-13 19:10:30 +02:00
Sergey G. Brester e73748c442
Merge branch 'master' into mikrotik 2023-04-13 19:09:00 +02:00
Sergey G. Brester 27294c4b9e
fail2banregextestcase: compatibility fix for testWrongRE 2023-04-04 13:30:12 +02:00
sebres 56485c8548 filtertestcase.py: byte related copy of lines in tests (locale independent); closes gh-2936 2023-04-04 12:48:12 +02:00
Sergey G. Brester a9b30eb86e
Merge pull request #2226 from mbologna/nginx-forbidden 
Feat: ban nginx forbidden accesses
 2023-03-23 12:33:32 +01:00
Sergey G. Brester 9cbf59c827
anchored datepattern and added journalmatch (if monitoring systemd journal) 2023-03-23 12:16:13 +01:00
Sergey G. Brester 212a4c236a
update changeLog, nginx-forbidden, gh-2226 2023-03-23 12:12:55 +01:00
Sergey G. Brester 2c0360d178
Merge branch 'master' into nginx-forbidden 2023-03-23 12:01:50 +01:00
sebres d1d1730de0 Merge fix #3479: 
action.d/cloudflare-token.conf: url-encode args by unban
closes 'gh-3479'
 2023-03-15 15:14:43 +01:00
Sergey G. Brester 3d4bed50c2
changelog entry (gh-3479) 2023-03-15 15:08:45 +01:00
Sergey G. Brester c7f8b75e7e
action.d/cloudflare-token.conf: fixes #3479, url-encode args by unban 2023-03-15 15:03:48 +01:00
Duncan Bellamy 7dc32971f8 changed missed names 2023-03-08 12:16:35 +00:00
Duncan Bellamy 9b1417a169 apply suggestions 2023-03-08 09:29:03 +00:00
Duncan Bellamy b892133d51 move new comment in changelog 2023-03-08 09:20:51 +00:00
Sergey G. Brester d46ec3a555 add jail boundary to flush command for more precise targeting of jail (if some name may be equal to prefix of other name) 2023-03-08 09:17:13 +00:00
Duncan Bellamy 5781675a7d change startcomment and comment so correct rules are flushed 2023-03-08 09:17:13 +00:00
Duncan Bellamy ac2076ef4f change unban back to find comment so correct entry always deleted 2023-03-08 09:17:13 +00:00
Duncan Bellamy 0e3e9b1d7f Add flushaction 
Change unban to find by ip address not comment
 2023-03-08 09:17:13 +00:00
Duncan Bellamy 9997807fb3 Add action for mikrotik routerOS 2023-03-08 09:17:13 +00:00
Sergey G. Brester 234660e94d
CI-workflow: remove 3.5 (seems to have a bug in GHA now) 2023-02-28 11:39:00 +01:00
Sergey G. Brester 17f060526e
readme: amend 2023-02-28 11:36:34 +01:00
Sergey G. Brester 92fae68071
readme: update version 2023-02-28 11:32:28 +01:00
Sergey G. Brester 06e3dea062
Merge pull request #3460 from Trotyl84/patch-1 
.gitignore: ignore `.venv/`
 2023-02-20 08:42:53 +01:00
Łukasz Turon 5dcbc0dd55
Update .gitignore 
Please add this entry for virtual python interpreter. This directory name is needed in the PyCharm environment.
 2023-02-18 23:49:28 +01:00
sebres f93a538693 gh-3447: fix careless mistake arisen in b12a3acb06 by attempt to implement new reload capacity (rewritten latter): causing error "'noduplicates' is not defined" by double jail configuration 2023-01-17 12:53:39 +01:00
sebres a3a3fffa54 Merge branch 'fix-gh-3438': 
* circumvent SEGFAULT in a python's socket module by getaddrinfo with disabled IPv6 (gh-3438)
* improve auto-detection of IPv6 support (`allowipv6 = auto` by default)
* improve `ignoreself` by considering all local addresses from network interfaces additionally to IPs from hostnames (gh-3132)
 2023-01-11 18:41:15 +01:00
sebres ed135b6a93 changelog entries (gh-3438, gh-3132) 2023-01-11 18:30:37 +01:00
sebres 582436aadf don't add subnets to local addresses of `ignoreself` from network interfaces, use only IPs instead (subnets may be too heavy and not wanted, todo: make it configurable later) 2023-01-11 18:27:44 +01:00
sebres cb8674e68a amend with few improvements, IPv6IsAllowed prefers IPs from network interfaces (if available for platform) and uses DNS (socket.getaddrinfo) as a fallback only 2023-01-10 12:20:48 +01:00
sebres 09c23fd5b8 try to obtain local addresses from network interfaces before DNS to IP lookup (closes gh-3132); 
DNSUtils.getSelfIP returns IPAddrSet now (because own IPs may be the subnets now, so the check `ignoreself` must check whether any of subnets contains the IP)
 2023-01-09 21:52:12 +01:00
sebres d8a9812adc improve auto detection of IPv6 - try to check sysctl net.ipv6.conf.all.disable_ipv6 (prefer value read from `/proc/sys/net/ipv6/conf/all/disable_ipv6`) 2023-01-09 16:21:36 +01:00
sebres 58834b6734 better auto-detection for IPv6 support (`allowipv6 = auto` by default); circumvent SF in some python's socket module by getaddrinfo with disabled IPv6 (closes gh-3438) 2023-01-06 14:50:25 +01:00
Sergey G. Brester 432e7e1e93
no warning if no config value but default (debug message now) 
closes #3420
 2022-11-28 13:21:15 +01:00
Sergey G. Brester bd6e7aeff0
Merge pull request #2112 from al42and/dante 
Create filter for Dante SOCKS server
 2022-11-18 12:43:44 +01:00
Sergey G. Brester efbbcb41ea
non capturing group 2022-11-18 12:32:15 +01:00
Sergey G. Brester 996553f330
review, simplify regex and capture user name 2022-11-18 12:31:11 +01:00
Andrey Alekseenko df91b047d2 Dante SOCKS server: handle "1 byte/second" case 
Thanks to @Loriowar and @sebres for pointing it out
 2022-11-17 23:22:56 +01:00
Andrey Alekseenko 05c162ef10 Create filter for Dante SOCKS server 2022-11-17 23:22:55 +01:00
Sergey G. Brester ae5fe2e003
amend to #3405, eliminate catch-all 2022-11-15 14:29:59 +01:00
sebres 36af3f2502 Merge branch 'gh-3405' 2022-11-15 14:23:28 +01:00