oukb
529866b2bb
nsd.conf: fix for the current log format
...
New nsd 4.3.5 log format:
| [2021-03-05 05:25:14.562] nsd[160800]: info: axfr for example.com. from 192.35.168.32 refused, no acl matches
| [2021-03-06 05:24:33.223] nsd[356033]: info: axfr for localhost. from 192.35.168.160 refused, no acl matches
| [2021-03-07 05:23:26.641] nsd[547893]: info: axfr for example.com. from 192.35.168.64 refused, no acl matches
| [2021-03-08 05:18:54.067] nsd[739606]: info: axfr for example.com. from 192.35.168.32 refused, no acl matches
2021-03-08 19:14:28 +03:00
Mike Gabriel
f15ed35619
config/: Add support for filtering out detected port scans via scanlogd.
2021-03-05 16:35:13 +01:00
sebres
fb08534ed7
Merge branch '0.11'
2021-03-03 18:17:35 +01:00
sebres
3eaefe8da0
Merge branch '0.10' into 0.11
2021-03-03 18:16:47 +01:00
sebres
a45b1c974c
filter.d/ignorecommands/apache-fakegooglebot: added timeout parameter (default 55 seconds) - avoid fail with timeout (default 1 minute) by reverse lookup on some slow DNS services (googlebots must be resolved fast);
...
closes gh-2951
2021-03-02 19:35:27 +01:00
sebres
63acc862b1
`action.d/nginx-block-map.conf`: reload nginx only if it is running (also avoid error in nginx-errorlog, gh-2949) and better test coverage for the action
2021-02-24 18:21:42 +01:00
sebres
fb6315ea5e
Merge branch '0.10' into 0.11
2021-02-24 13:16:36 +01:00
sebres
6f4b6ec8cc
action.d/badips.* removed (badips.com is no longer active, gh-2889)
2021-02-24 13:05:04 +01:00
Sergey G. Brester
a2f0dbad87
Merge pull request #2742 from aresxc/patch-1
...
Update drupal-auth.conf
2021-02-11 19:10:55 +01:00
Sergey G. Brester
d678440658
more precise RE (avoids weakness with catch-all's and is injection safe)
2021-02-11 18:32:32 +01:00
sebres
ea26509594
Merge branch '0.11'
2021-02-03 14:59:00 +01:00
sebres
6198b4566c
Merge branch '0.10' into 0.11
2021-02-03 14:47:56 +01:00
Brian J. Murrell
dc4ee5aa47
Add transport to asterisk RE
...
Call rejection messages from Asterisk can have the transport prefixed to the IP address.
Signed-off-by: Brian J. Murrell <brian@interlinx.bc.ca>
2021-01-31 15:22:16 +01:00
sebres
c75748c5d3
fail2ban.conf: added new fail2ban configuration option "allowipv6" (default auto), can be used to allow or disallow IPv6 interface in fail2ban immediately by start (e. g. if fail2ban starts before network interfaces).
...
closes gh-2804
2021-01-27 17:06:14 +01:00
sebres
21dd317870
Merge branch '0.11'
2021-01-21 19:13:13 +01:00
sebres
dbc77c47c3
Merge branch '0.10' into 0.11
2021-01-21 19:11:01 +01:00
Sergey G. Brester
5f3f4d1e2f
action.d/cloudflare.conf: better IPv6 capability
...
closes gh-2891
2021-01-11 15:23:40 +01:00
sebres
9df332fdef
filter.d/apache-overflows.conf: extended to match AH00126 error (Invalid URI ...);
...
closes gh-2908
2021-01-11 15:10:53 +01:00
sebres
2c60d08b28
Merge '0.11' (fix gh-2899) into master
2020-12-29 21:27:02 +01:00
sebres
fe334590cd
Merge branch '0.10' into 0.11
2020-12-29 21:25:09 +01:00
sebres
73b39e0894
filter.d/named-refused.conf: fixes prefix for messages from systemd journal (no mandatory space ahead, because don't have timestamp)
...
closes gh-2899
2020-12-29 21:22:47 +01:00
defanor
ba7daef86c
Handle postscreen's PREGREET and HANGUP messages
...
Provoking those seems to be a popular activity among spammers.
2020-12-24 17:29:09 +03:00
stepodev
cecc3d62ff
add mode explanation to nginx-http-auth in jail.conf
2020-11-30 12:26:32 +01:00
stepodev
d0ba27cf46
move nginx-tls-fallback rules to nginx-http-auth
2020-11-30 12:14:49 +01:00
Sergey G. Brester
d959f6d199
Update nginx-tls-fallback.conf
...
more precise and conclusive regex without catch-all's
2020-11-26 12:25:32 +01:00
stepodev
c0256724a7
fix monitoring wrong error log. was access log, should be error.log
2020-11-25 21:30:21 +01:00
stepodev
27c40a77a3
add nginx-tls-downgrade
2020-11-25 20:59:43 +01:00
sebres
a03109d096
Merge branch '0.11' into master (0.11.2 released)
2020-11-24 12:41:10 +01:00
sebres
b78d1e439a
Merge branch '0.10' into 0.11
2020-11-23 21:35:32 +01:00
Sergey G. Brester
753fff9c15
amend to #2750 , add jail for new filter nginx-bad-request
2020-11-23 18:38:41 +01:00
Sergey G. Brester
071048b8f2
Merge pull request #2750 from janprzy/master
...
Added filter nginx-bad-request
2020-11-23 18:28:07 +01:00
sebres
7965d652a1
filter.d/dovecot.conf: allow more verbose logging
...
closes #2573
2020-11-23 18:17:29 +01:00
sebres
a6de9459fc
typo
2020-11-23 18:08:38 +01:00
RyuaNerin
bba8844af8
typo
2020-11-23 18:07:49 +01:00
mpoliwczak834
595ee7ed74
add submission
2020-11-23 17:42:12 +01:00
mpoliwczak834
0c12cb7970
add managesieve support dovecot filter
2020-11-23 17:42:11 +01:00
sebres
cc64ef25f6
filter.d/apache-noscript.conf: extended to match "script not found" with error AH02811 (and cgi-bin path segment in script)
...
closes gh-2805
2020-11-23 17:25:41 +01:00
sebres
adbfdc222d
Merge branch '0.10' into 0.11
2020-11-11 11:17:15 +01:00
Sergey G. Brester
1c1a9b868c
no catch-alls, user name and error message stored in ticket
2020-11-09 15:36:30 +01:00
benrubson
840f0ff10a
Add Grafana jail
2020-11-09 15:31:06 +01:00
sebres
25e006e137
review and small tweaks (more precise and safe RE)
2020-11-09 13:43:59 +01:00
Mart124
df659a0cbc
Add Bitwarden syslog support
2020-11-09 13:34:39 +01:00
Sergey G. Brester
472bdc437b
Merge pull request #2723 from benrubson/softether
...
Add SoftEtherVPN jail
2020-11-09 13:23:25 +01:00
Sergey G. Brester
010e76406f
small tweaks (both 2nd time and facility are optional, avoid catch-all, etc)
2020-11-09 13:19:25 +01:00
sebres
66ff90408f
Merge branch '0.10' into 0.11
2020-11-09 12:45:29 +01:00
sebres
d4adec7797
Merge branch '0.9' into 0.10
2020-11-09 12:44:07 +01:00
sebres
5430091acb
jail `counter-strike`: removed link to site with redirect to malicious page (gh-2868)
2020-11-09 12:43:34 +01:00
benrubson
ec873e2dc3
Add SoftEtherVPN jail
2020-11-05 23:56:30 +01:00
sebres
6ef69b48ca
Merge branch '0.10' into 0.11
2020-11-05 16:12:31 +01:00
sebres
02525d7b6f
filter.d/sshd.conf: mode `ddos` (and `aggressive`) extended with new rule closing flood attack vector, matching:
...
error: kex_exchange_identification: Connection closed by remote host
(gh-2850)
2020-10-08 21:07:51 +02:00
sebres
2817a8144c
`action.d/bsd-ipfw.conf`: small amend (gh-2836) simplifying awk condition/code (position starts from `<lowest_rule_num>` and increases whilst used)
2020-09-29 13:33:40 +02:00
sebres
1418bcdf5b
`action.d/bsd-ipfw.conf`: fixed selection of rule-no by large list or initial `lowest_rule_num`, exit code can't be larger than 255 (gh-2836)
2020-09-29 12:35:49 +02:00
sebres
d253e60a8b
Merge branch '0.10' into 0.11
2020-09-23 19:39:50 +02:00
Sergey G. Brester
d977d81ef7
action.d/abuseipdb.conf: removed broken link, simplified usage example, fixed typos
2020-09-17 12:39:08 +02:00
sebres
74b73bce8a
Merge branch '0.10' into 0.11
2020-09-04 13:09:47 +02:00
sebres
a038fd5dfe
`action.d/firewallcmd-*.conf` (multiport only): fixed port range selector, replacing `:` with `-`;
...
small optimizations on `firewallcmd-rich-rules.conf` and `firewallcmd-rich-logging.conf` simplifying both and provide a dependency (rich-logging is a derivative of rich-rules);
closes gh-2821
2020-09-03 16:41:23 +02:00
Sergey G. Brester
70c601e9e5
involve config parameter (replaces hard-coded path); fixed typo in actionban (looks like copy&paste from trimmed tty)
2020-09-02 20:47:05 +02:00
sebres
4d2734dd86
Merge branch '0.10' into 0.11
2020-09-02 20:23:07 +02:00
sebres
ed20d457b2
jail.conf: removed action parameter `name` that set on jail-name (`name=%(__name__)s` is default in action reader)
2020-09-02 20:14:31 +02:00
sebres
db1f3477cc
amend to 3f04cba9f92a1827d0cb3dcb51e57d9f60900b4a: sendmail-auth has 2 failregex now, so rewritten with prefregex
2020-08-27 18:07:42 +02:00
sebres
3f04cba9f9
filter `sendmail-auth` extended to follow new authentication failure message introduced in sendmail 8.16.1, AUTH_FAIL_LOG_USER (gh-2757)
2020-08-27 17:44:25 +02:00
sebres
07fa9f2912
fixes gh-2787: allow to match `did not issue MAIL/EXPN/VRFY/ETRN during connection` non-anchored with extra mode (default names may deviate);
...
additionally provides common addr-tag for IPv4/IPv6 (`(?:IPv6:<IP6>|<IP4>)`) and test-coverage for IPv6
2020-08-27 17:04:19 +02:00
sebres
e9071b642a
Merge branch '0.10' into 0.11
2020-08-25 18:28:18 +02:00
benrubson
1707560df8
Enhance Guacamole jail
2020-08-25 13:01:50 +02:00
Chris Caron
2216fd8da4
Add Apprise Support (50+ Notifications)
2020-08-04 19:04:05 -04:00
sebres
067b76fc9e
Merge branch '0.10' into 0.11
2020-08-04 15:40:59 +02:00
sebres
9100d07c03
Merge branch '0.10-ipset-tout' into 0.10, amend to #2703 : resolves names conflict (command action timeout and ipset timeout); closes #2790
2020-08-04 13:53:21 +02:00
sebres
62a6771b33
Merge remote-tracking branch 'sebres:0.10' into 0.10; closes gh-2763
...
action.d/nftables.conf (type=multiport only): fixed port range selector (replacing `:` with `-`)
2020-08-04 13:51:20 +02:00
sebres
73a8175bb0
resolves names conflict (command action timeout and ipset timeout); closes gh-2790
2020-08-04 13:22:02 +02:00
Sergey G. Brester
08dbe4abd5
fixed comment for loglevel, default is INFO
2020-07-03 13:45:29 +02:00
sebres
309c8dddd7
action.d/nftables.conf (type=multiport only): fixed port range selector (replacing `:` with `-`)
2020-06-24 19:20:36 +02:00
Jan Przybylak
a5ab4406d8
Removed unnecessary escape sequence
...
This commit also contains changes to match requests that are 100% empty (by using "*" instead of "+" in the regex)
2020-06-21 18:24:09 +02:00
Jan Przybylak
d7ef5d166d
Removed vulnerable catchall & anchor
2020-06-11 16:44:48 +02:00
sebres
1da9ab78be
Merge branch '0.10' into 0.11
2020-06-11 12:52:13 +02:00
sebres
5a0edf61c9
filter.d/sshd.conf: normalizing of user pattern in all RE's, allowing empty user (gh-2749)
2020-06-08 14:38:26 +02:00
Jan Przybylak
3c83c19070
Added filter nginx-bad-request
2020-06-06 19:51:46 +02:00
aresdr
412120ac3c
Update drupal-auth.conf
...
Small fix for Drupal 8. D8 uses "Login attempt failed from" while D7 uses "Login attempt failed for".
The referer part is a must currently, but some requests did not have one and are not failing.
2020-05-30 15:25:31 -07:00
sebres
1588200274
Merge branch '0.10' into 0.11
2020-05-25 18:58:05 +02:00
Sergey G. Brester
43f699b872
grammar / typos
2020-05-06 17:32:13 +02:00
Sergey G. Brester
368aa9e775
Merge pull request #2689 from benrubson/gitlab
...
New Gitlab jail
2020-05-04 19:19:13 +02:00
Sergey G. Brester
01e92ce4a6
added fallback using tr and sed (jq is optional now)
2020-04-27 19:26:46 +02:00
Sergey G. Brester
1c1b671c74
Update cloudflare.conf
2020-04-27 19:26:44 +02:00
Sergey G. Brester
5b8fc3b51a
cloudflare: fixes ip to id conversion by unban using jq
...
normalized URIs and parameters, notes gets a jail-name (should be possible to differentiate the same IP across several jails)
2020-04-27 19:26:43 +02:00
Viktor Szépe
852670bc99
CloudFlare started to indent their API responses
...
We need to use https://github.com/stedolan/jq to parse it.
2020-04-27 19:26:39 +02:00
Ilya
8b3b9addd1
Change tool from 'cut' to 'sed'
...
Sed regex was tested - it works.
2020-04-27 19:12:36 +02:00
Ilya
5da2422f61
Fix actionunban
...
Add command to remove new line character. Needed for working removing rule from cloudflare firewall.
2020-04-27 19:12:35 +02:00
sebres
87a1a2f1a1
action.d/*-ipset*.conf: several ipset actions fixed (no timeout per default anymore), so no discrepancy between ipset and fail2ban (removal from ipset will be managed by fail2ban only)
2020-04-25 14:52:38 +02:00
sebres
6b90ca820f
filter.d/traefik-auth.conf: filter extended with parameter mode (`normal`, `ddos`, `aggressive`) to handle the match of username differently:
...
- `normal`: matches 401 with supplied username only
- `ddos`: matches 401 without supplied username only
- `aggressive`: matches 401 and any variant (with and without username)
closes gh-2693
2020-04-23 13:08:24 +02:00
sebres
affd9cef5f
filter.d/courier-smtp.conf: prefregex extended to consider port in log-message (closes gh-2697)
2020-04-21 13:32:17 +02:00
sebres
06b46e92eb
jail.conf: don't specify `action` directly in jails (use `action_` or `banaction` instead);
...
no mails-action added per default anymore (e. g. to allow that `action = %(action_mw)s` should be specified per jail or in default section in jail.local), closes gh-2357;
ensure we've unique action name per jail (also if parameter `actname` is not set but name deviates from standard name, gh-2686);
don't use %(banaction)s interpolation because it can be complex value (containing `[...]`), so would bother the action interpolation.
2020-04-15 19:00:49 +02:00
benrubson
2912bc640b
New Gitlab jail
2020-04-09 16:42:08 +02:00
sebres
136781d627
filter.d/sshd.conf: fixed regex for mode `extra` - "No authentication methods available" (supported seems to be optional now, gh-2682)
2020-04-08 12:17:59 +02:00
Jordi Sanfeliu
ede2009708
added new jail (and filter) Monitorix
2020-04-03 12:52:19 +02:00
sebres
38b32a9a72
Merge branch '0.10' into 0.11
2020-03-18 19:53:55 +01:00
sebres
22a04dae05
Merge branch '0.9' into 0.10 (gh-2246)
2020-03-18 16:11:53 +01:00
Sergey G. Brester
b1e1cab4b7
Merge pull request #2246 from shaneforsythe/shaneforsythe-patch-2
...
Improve regex in proftpd.conf
2020-03-18 15:49:18 +01:00
sebres
606bf110c9
filter.d/sshd.conf (mode `ddos`): fixed "connection reset" regex (seems to have same syntax now as closed), so both regex's combined now to single RE
...
(closes gh-2662)
2020-03-16 17:31:39 +01:00
sebres
32f02ef3b3
Merge branch '0.10' into 0.11
2020-03-05 14:01:14 +01:00
sebres
42714d0849
filter.d/common.conf: closes gh-2650, avoid substitute of default values in related `lt_*` section, `__prefix_line` should be interpolated in definition section (after the config considers all sections that can overwrite it);
...
amend to 62b1712d22
(PR #2387 , backend-related option `logtype`);
testSampleRegexsZZZ-GENERIC-EXAMPLE covering now negative case also (other daemon in prefix line)
2020-03-05 13:47:11 +01:00
sebres
e6ca04ca9d
Merge branch '0.10' into 0.11 + version bump (back to dev)
2020-02-25 16:10:31 +01:00
sebres
ab3a7fc6d2
filter.d/sshd.conf: mode `ddos` (and aggressive) extended to detect port scanner sending unexpected ident string after connect
2020-02-17 16:24:42 +01:00
Brian J. Murrell
2fd6b478a9
FreeIPA renames named to named-pkcs11
...
FreeIPA renames the BIND9 named daemon to named-pkcs11, so extend the
REGEX match to look for either variant.
Signed-off-by: Brian J. Murrell <brian@interlinx.bc.ca>
2020-02-16 10:38:36 -05:00
sebres
ceeba99f25
replace internals of several iptables-ipset actions using internals of iptables include:
...
- better check mechanism (using `-C`, option `--check` is available long time);
- additionally iptables-ipset is a common action for iptables-ipset-proto6-* now (which become obsolete now);
- many features of different iptables actions are combinable as single chain/rule (can be supplied to action as parameters);
- tests adjusted.
2020-02-14 12:16:26 +01:00
sebres
d26209e2c6
first attempt to make certain standard actions breakdown safe starting with iptables:
...
- better check mechanism (using `-C`, option `--check` is available long time);
- additionally iptables is a replacement for iptables-common now, several actions using this as include now become obsolete;
- many features of different iptables actions are combinable as single chain/rule (can be supplied to action as parameters);
2020-02-14 12:16:25 +01:00
sebres
7282cf91b0
Merge branch '0.10' into 0.11
2020-02-14 12:13:29 +01:00
sebres
9137c7bb23
filter processing:
...
- avoid duplicates in "matches" (previously always added matches of pending failures to every next real failure, or nofail-helper recognized IP, now first failure only);
- several optimizations of merge mechanism (multi-line parsing);
fail2ban-regex: better output handling, extended with tag substitution (ex.: `-o 'fail <ip>, user <F-USER>: <msg>'`); consider a string containing new-line as multi-line log-excerpt (not as a single log-line)
filter.d/sshd.conf: introduced parameter `publickey` (allowing change behavior of "Failed publickey" failures):
- `nofail` (default) - consider failed publickey (legitimate users) as no failure (helper to get IP and user-name only)
- `invalid` - consider failed publickey for invalid users only;
- `any` - consider failed publickey for valid users too;
- `ignore` - ignore "Failed publickey ..." failures (don't consider failed publickey at all)
tests/samplestestcase.py: SampleRegexsFactory gets new failJSON option `constraint` to allow ignore of some tests depending on filter name, options and test parameters
2020-02-13 12:28:07 +01:00
sebres
1492ab2247
improve processing of pending failures (lines without ID/IP) - fail2ban-regex would show those in matched lines now (as well as increase count of matched RE);
...
avoid overwrite of data with empty tags by ticket constructed from multi-line failures;
amend to d1b7e2b5fb2b389d04845369d7d29db65425dcf2: better output (as well as ignoring of pending lines) using `--out msg`;
filter.d/sshd.conf: don't forget mlf-cache on "disconnecting: too many authentication failures" - message does not have IP (must be followed by "closed [preauth]" to obtain host-IP).
2020-02-11 18:44:36 +01:00
Sergey G. Brester
774dda6105
filter.d/postfix.conf: extended mode ddos and aggressive covering multiple disconnects without auth
2020-02-10 13:29:16 +01:00
Sergey G. Brester
34d63fccfe
close gh-2629 - jail.conf (action_blocklist_de interpolation): replace service parameter (use jail name instead of filter, which can be empty)
2020-02-10 13:03:55 +01:00
Mihail Politaev
303861d7c7
Using native firewalld ipset implementation
...
By creating additional action file firewallcmd-ipset-native.conf
2020-01-30 21:17:32 +02:00
sebres
a7c68ea19f
Merge branch '0.10' into 0.11
2020-01-28 21:47:55 +01:00
sebres
569dea2b19
filter.d/mysqld-auth.conf: capture user name in filter (can be more strict if user switched, used in action or fail2ban-regex output);
...
also add coverage for mariadb 10.4 log format (gh-2611)
2020-01-22 17:24:40 +01:00
sebres
70e47c9621
Merge branch '0.10' into 0.11
2020-01-14 11:44:35 +01:00
sebres
ec37b1942c
action.d/nginx-block-map.conf: fixed backslash substitution (different echo behavior in some shells, gh-2596)
2020-01-14 11:39:13 +01:00
sebres
4860d69909
Merge branch '0.10' into 0.11
2020-01-09 20:55:00 +01:00
sebres
f77398c49d
filter.d/sshd.conf: captures `Disconnected from ... [preauth]`, preauth phase only, different handling by `extra` (with supplied user only) and `ddos`/`aggressive` mode (`normal` mode is not affected, used there just as a helper with `<F-NOFAIL>` to capture IP for multiline failures without IP);
...
closes gh-2115, gh-2362.
2020-01-09 20:53:53 +01:00
sebres
587e4ff573
Merge branch '0.10' into 0.11
...
(conflicts resolved)
2020-01-08 21:27:23 +01:00
sebres
67fd75c88e
pass2allow-ftp: inverted handling - action should prohibit access per default for any IP, so reset start on demand parameter for this action (will be started immediately).
2020-01-06 21:13:40 +01:00
sebres
8f6ba15325
avoid unhandled exception during flush, better invariant check (and repair), avoid repair by unban/stop etc...
2019-12-27 21:30:41 +01:00
Mart124
e763c657c4
Let's get back to WRN
2019-11-27 00:32:10 +01:00
Mart124
d7b707b09d
Update bitwarden.conf
2019-11-27 00:09:22 +01:00
Mart124
869327e9b1
Update bitwarden.conf
2019-11-25 22:17:58 +01:00
Mart124
79caeaa520
Create bitwarden.conf
2019-11-25 22:05:29 +01:00
Mart124
30e742a849
Update jail.conf
2019-11-25 21:57:41 +01:00
Mart124
ef394b3cf0
Update jail.conf
2019-11-25 21:55:45 +01:00
sebres
24d1ea9aa2
Merge branch '0.10' into 0.11
2019-11-25 01:58:55 +01:00
Sergey G. Brester
e4c2f303bd
Merge pull request #2550 from CPbN/centreonjail
...
Add Centreon jail
2019-11-15 01:53:20 +01:00
sebres
0e8a8edb5e
filter.d/sendmail-*.conf: both filters have same `__prefix_line` now (and same RE for ID, 14-20 chars long, optional) + adjusted test cases (gh-2563)
2019-11-08 13:15:40 +01:00
Henry van Megen
548e2e0054
sendmail-auth.conf: filter updated for longer mail IDs (up to 20, see gh-2562)
2019-11-08 12:42:09 +01:00
sebres
5cf064a112
monit: accepting both logpath's: monit and monit.log, closes gh-2495
2019-11-04 12:18:12 +01:00
CPbN
9e699646f8
Add Centreon jail
2019-10-24 14:37:18 +02:00
CPbN
18ba714f97
Add Centreon jail
2019-10-23 09:14:26 +02:00
sebres
3515d06979
Merge branch '0.10' into 0.11
2019-10-18 19:19:21 +02:00
sebres
85ec605358
nftables: amend to gh-2254 - implemented shutdown of action (proper clean-up) - at stop it checks now the last set was deleted and removes table completely (if table does not contain any set);
...
this is avoided if some sets were added manually or can be avoided via overwriting of parameter `_nft_shutdown_table`, for example:
banaction = nftables[_nft_shutdown_table=''][...]
2019-10-18 19:01:16 +02:00
sebres
51af193402
nftables: add options allowing to specify own table (default `f2b-table`) and chain (default `f2b-chain`)
2019-10-18 18:54:02 +02:00
sebres
955d690e56
regrouping expressions with curly braces, added more escapes (better handling in posix shell)
2019-10-18 18:34:48 +02:00
sebres
0824ad0d73
Merge branch '0.10' into 0.11
2019-10-18 12:04:38 +02:00
Sergey G. Brester
54298fe761
Merge pull request #2254
...
Nftables: isolate fail2ban rules into a dedicated table and chain
2019-10-18 11:43:38 +02:00
sebres
d1a73d3004
filter.d/apache-auth.conf:
...
- ignore errors from mod_evasive in `normal` mode (mode-controlled now) (gh-2548);
- extended with option `mode` - `normal` (default) and `aggressive`
close gh-2548
2019-10-18 11:26:19 +02:00
sebres
8c6a547215
Merge branch '0.10' into 0.11
2019-10-11 03:01:46 +02:00
sebres
50595b70fd
filter.d/mysqld-auth.conf: ISO timestamp format (dual time) within log message
...
(https://serverfault.com/questions/982126/fail2ban-fails-to-recognize-ip )
2019-10-11 01:31:07 +02:00
sebres
9e28b6c65f
filter.d/asterisk.conf: relaxing protocol RE-part before IP in RemoteAddress (gh-2531)
2019-09-26 21:46:26 +02:00
sebres
8ea00c1d5d
fixed mistake in config (semicolon after space as comment in configs?) and coverage, suppress errors by unsupported flush, better space handling in helper _nft_get_handle_id, etc
2019-09-25 13:47:29 +02:00
sebres
492205d30e
action.d/nftables.conf: implemented `actionflush` (allows flushing nftables sets resp. fast unban of all jail tickets at all)
2019-09-24 20:00:29 +02:00
sebres
abc4d9fe37
allow to use multiple protocols in multiport (single set with multiple rules in chain):
...
`banaction = nftables[type=multiport]` with `protocol="tcp,udp,sctp"` in jail replace 3 separate actions.
more robust if deleting multiple references to set (rules in chain)
2019-09-24 19:44:59 +02:00
sebres
c753ffb11d
combine nftables actions to single action:
...
- nftables-common is removed
- nftables-allports is obsolete, replaced by nftables[type=allports]
- nftables-multiport is obsolete, replaced by nftables[type=multiport]
2019-09-24 18:53:38 +02:00
sebres
c59d49da22
nftables-allports: support multiple protocols in single rule;
...
tests/servertestcase.py: added coverage for nftables actions
2019-09-24 18:46:41 +02:00
Ririsoft
dde51b4682
fix actionban/unban ip definition syntax
2019-09-24 13:01:14 +02:00
Monson Shao
1cda50ce05
Rewrite nftables variables based on nftables' logic.
...
Add an example for redirecting.
2019-09-24 13:01:13 +02:00
sebres
990c410877
Merge branch '0.10' into 0.11
...
# Conflicts (resolved):
# fail2ban/client/jailreader.py
2019-09-11 16:18:09 +02:00