Commit Graph

426 Commits (8b984a0135be5ea284a2345cce0e3458dfb95d7b)

Author SHA1 Message Date
sebres 63acc862b1 `action.d/nginx-block-map.conf`: reload nginx only if it is running (also avoid error in nginx-errorlog, gh-2949) and better test coverage for the action
4 years ago
sebres 6f4b6ec8cc action.d/badips.* removed (badips.com is no longer active, gh-2889)
4 years ago
Sergey G. Brester 5f3f4d1e2f
action.d/cloudflare.conf: better IPv6 capability
4 years ago
sebres 2817a8144c `action.d/bsd-ipfw.conf`: small amend (gh-2836) simplifying awk condition/code (position starts from `<lowest_rule_num>` and increases whilst used)
4 years ago
sebres 1418bcdf5b `action.d/bsd-ipfw.conf`: fixed selection of rule-no by large list or initial `lowest_rule_num`, exit code can't be larger than 255 (gh-2836)
4 years ago
Sergey G. Brester d977d81ef7
action.d/abuseipdb.conf: removed broken link, simplified usage example, fixed typos
4 years ago
sebres a038fd5dfe `action.d/firewallcmd-*.conf` (multiport only): fixed port range selector, replacing `:` with `-`;
4 years ago
sebres 9100d07c03 Merge branch '0.10-ipset-tout' into 0.10, amend to #2703: resolves names conflict (command action timeout and ipset timeout); closes #2790
4 years ago
sebres 73a8175bb0 resolves names conflict (command action timeout and ipset timeout); closes gh-2790
4 years ago
sebres 309c8dddd7 action.d/nftables.conf (type=multiport only): fixed port range selector (replacing `:` with `-`)
5 years ago
Sergey G. Brester 01e92ce4a6 added fallback using tr and sed (jq is optional now)
5 years ago
Sergey G. Brester 1c1b671c74 Update cloudflare.conf
5 years ago
Sergey G. Brester 5b8fc3b51a cloudflare: fixes ip to id conversion by unban using jq
5 years ago
Viktor Szépe 852670bc99 CloudFlare started to indent their API responses
5 years ago
Ilya 8b3b9addd1 Change tool from 'cut' to 'sed'
5 years ago
Ilya 5da2422f61 Fix actionunban
5 years ago
sebres 87a1a2f1a1 action.d/*-ipset*.conf: several ipset actions fixed (no timeout per default anymore), so no discrepancy between ipset and fail2ban (removal from ipset will be managed by fail2ban only)
5 years ago
sebres ec37b1942c action.d/nginx-block-map.conf: fixed backslash substitution (different echo behavior in some shells, gh-2596)
5 years ago
sebres 85ec605358 nftables: amend to gh-2254 - implemented shutdown of action (proper clean-up) - at stop it checks now the last set was deleted and removes table completely (if table does not contain any set);
5 years ago
sebres 51af193402 nftables: add options allowing to specify own table (default `f2b-table`) and chain (default `f2b-chain`)
5 years ago
sebres 955d690e56 regrouping expressions with curly braces, added more escapes (better handling in posix shell)
5 years ago
sebres 8ea00c1d5d fixed mistake in config (semicolon after space as comment in configs?) and coverage, suppress errors by unsupported flush, better space handling in helper _nft_get_handle_id, etc
5 years ago
sebres 492205d30e action.d/nftables.conf: implemented `actionflush` (allows flushing nftables sets resp. fast unban of all jail tickets at all)
5 years ago
sebres abc4d9fe37 allow to use multiple protocols in multiport (single set with multiple rules in chain):
5 years ago
sebres c753ffb11d combine nftables actions to single action:
5 years ago
sebres c59d49da22 nftables-allports: support multiple protocols in single rule;
5 years ago
Ririsoft dde51b4682 fix actionban/unban ip definition syntax
5 years ago
Monson Shao 1cda50ce05 Rewrite nftables variables based on nftables' logic.
5 years ago
benrubson 8b171f7d25 Badips key is only used to retrieve list
6 years ago
sebres e751be2c13 normalize, simplify and fix several mail actions (mail and sendmail actions are more similar now, sendmail is configurable via parameter `mailcmd`, etc);
6 years ago
sebres 22b9304562 action.d/badips.py: fix start of banaction on demand (which may be IP-family related), supplied action info with ticket instead of simulating it with dict;
6 years ago
Sergey G. Brester 7dbd3a07eb cut comment to limit documented on abuseipdb, additionally use curl in quiet mode
6 years ago
Carlos Ferreira 7b73cb7639 Switch to AbuseIPDB API v2
6 years ago
sebres d8d71c5a22 action.d/helpers-common.conf: grep arguments are rewritten - using options `-wF` to match only whole words and fixed string (not as pattern)
6 years ago
chtheis fa727586ff Fix grep pattern to deal with Apache's error log
6 years ago
sebres 23d2281e57 action.d/nginx-block-map.conf: small fix with better RE-rule for removal of ID (token/session) via sed (anchored now)
6 years ago
Sergey G. Brester b318eb7e33
closes gh-2408: prevent execution of action `abuseipdb` for restored tickets
6 years ago
sebres e8401a7e65 action.d/xarf-login-attack.conf: fixes gh-2372, correction for split of addresses, interpolation is shell-independent now, etc;
6 years ago
sebres 5126068099 loglevel and shortloglevel combined to single parameter loglevel, below an example logging summary with NOTICE and rest with DEBUG log-levels:
6 years ago
benrubson 689938ee99 Add a shortloglevel badips.py option
6 years ago
sebres 140243328f coverage: try to avoid sporadic "coverage decreased" in CI
6 years ago
sebres 555b29e8e6 Merge remote-tracking branch 'remotes/gh-upstream/master' into 0.10
6 years ago
dienteperro 0df221b54b
"be" instead of "me" in shorewall.conf
6 years ago
Sergey G. Brester 1752c19b6f
Merge pull request #2205 from benrubson/patch-1
6 years ago
Sergey G. Brester 65676baf8c fixed py3 incompatibility (for some reasons this file seems to be excluded from 2to3), anyway not needed, because int-type is already checked in str2LogLevel
6 years ago
Sergey G. Brester 4b751c84c3
badips.py: Rewrite new bool option "log" as "loglevel" and revert default to log-level (DEBUG).
6 years ago
sebres d01fe9d22a action.d/*.conf: correct comments for actionstart/actionstop
6 years ago
Ben RUBSON 9d7c0e00c1
Also log number of IPs removed/added
6 years ago
Ben RUBSON 70e53b55c5
Typo
6 years ago
Ben RUBSON ec4c4b12c1
Add yes/no log option to badips.py
6 years ago