The nftables framework replaces iptables. The fail2ban software already
includes support for nftables, so reflect that in the packaging.
Also, no need to `Recommends: iptables`, since is installed by default in every
Debian system. Instead, do `Recommends: nftables`.
Signed-off-by: Arturo Borrero Gonzalez <arturo@debian.org>
* tag '0.10.2': (623 commits)
prepare release: bump version, update ChangeLog, man's and MANIFEST etc.
ChangeLog update
action.d/pf.conf: compatibility fix - recognizes that parameter `port` specified as empty, with or without braces (should be more backwards compatible to 0.9 now).
regex rewritten: a bit fewer vulnerable now and using non-capturing groups, test-cases extended in order to cover trying of injection on user name
nginx-http-auth: match usernames with spaces
regex updated using non-capturing groups
extended test-cases to cover new log-format (http_auth -> mod_auth)
Update lighttpd-auth.conf
file-filter's: provide stop function in order to explicitly delete/stop monitoring of each file.
Remove annoying error-message "rm_watch: cannot remove WD=2, Errno=Invalid argument (EINVAL)", logged from pyinotify-module if rm_watch called with non-existing watch file descriptor (probably multi-threaded issue by dual-remove). Closes gh-1865
should fix sporadic coverage decrease (don't cover "return", because too sporadic to get idle in pyinotify-callback);
fixed restoring sane environment (via stop/start) if invariant check failed: bypass possible errors in stop (if start/check succeeded hereafter); test cases extended to cover such situation. Closes gh-1997
action.d/hostsdeny.conf: actionunban rewritten using sed, also dots in IP were escaped now.
micro-fix: delete temporary file (forgotten in test-case `test_move_dir` by reassign to directory)
Update ChangeLog
stop ban of legitimate users with multiple public keys (e. g. git, etc), thereby differentiate between "invalid user" (going banned earlier) and valid users with public keys, for which the rejects of not valid public keys (failures) will be retarded up to "Too many authentication failures" resp. disconnect without success (accepted public key).
filter.d/sendmail-auth.conf - extended daemon for Fedora 24/RHEL - the daemon name is "sendmail" (gh-1632)
test cases extended in order to cover `firewallcmd-ipset` with `allports`
Update ChangeLog
firewallcmd-ipset-allports: implemented in `action.d/firewallcmd-ipset.conf` now (`action.d/firewallcmd-ipset-allports.conf` removed), usage:
...
I have lighttpd 1.4.45 (Debian 9) and auth error log is different.
Now printing mod_auth and not http_auth.
I think that the change was in Lighttp 1.4.42
differentiate between "invalid user" (going banned earlier) and valid users with public keys, for which the rejects of not valid public keys (failures) will be retarded up to "Too many authentication failures" resp. disconnect without success (accepted public key).
allow to use dual parameter lists (coming through substitutions), e. g.: `name[p1=0, p2="..."][p3='...']`;
simplified explanation: `][` treats as `,` in new version.
cherry-picked from 0.10.