Viktor Szépe
c8b3ee10a0
Limit the number of log lines in *-lines.conf actions
2015-07-27 02:35:21 +02:00
Thomas Mayer
a19cb1b2b9
Merge 923d807ef8
into cf2feea987
2015-07-25 01:23:39 +00:00
Yaroslav Halchenko
3c0d7f5a4c
BF: do not wrap iptables into itself. Thanks Lee
2015-07-24 11:59:53 -04:00
Viktor Szépe
ebdfbae559
Added a space between IP address and the following colon
2015-07-24 09:33:47 +02:00
Yaroslav Halchenko
749d3c160c
BF: symbiosis-blacklist-allports now also requires iptables-common.conf
2015-07-23 21:53:37 -04:00
Yaroslav Halchenko
916937bb6a
RF: use <iptables> to take effect of it being a parameter
2015-07-23 21:38:10 -04:00
Yaroslav Halchenko
31dc4e2263
ENH: added lockingopt option for iptables actions, made iptables cmd itself a parameter
2015-07-23 21:34:20 -04:00
Viktor Szépe
5b7e1de2f4
Instead of allow-iptables-multiport actions swap blocktype and (new) returntype
2015-07-11 18:20:09 +02:00
Viktor Szépe
5d60700c0c
Added pass2allow (knocking with fail2ban)
2015-07-10 16:22:43 +02:00
Yaroslav Halchenko
8c4c17a880
Merge pull request #1004 from tsabi/fix-lc_time
...
Fix of LC_TIME usage, it should be LC_ALL
2015-07-05 21:36:37 -04:00
Lee Clemens
fdc3172aec
Fix PEP8 E302 expected 2 blank lines, found X
2015-07-04 13:47:40 -04:00
Viktor Szépe
b65a8b065d
Other actions do not dive into this gory descriptions, but we do.
2015-07-03 19:17:50 +02:00
Viktor Szépe
2063ce4b23
All the arguments must be listed in [Init]
2015-07-01 14:48:44 +02:00
Viktor Szépe
79457112e9
Updated CF action
2015-07-01 09:38:36 +02:00
Aaron Brice
7ae0ef2408
Fix actions in ufw.conf
...
On Ubuntu 15.04 the ufw action was not working.
- With empty <application>, receiving errors:
2015-04-24 16:28:35,204 fail2ban.filter [8527]: INFO [sshd] Found 43.255.190.157
2015-04-24 16:28:35,695 fail2ban.actions [8527]: NOTICE [sshd] Ban 43.255.190.157
2015-04-24 16:28:35,802 fail2ban.action [8527]: ERROR [ -n "" ] && app="app " -- stdout: b''
2015-04-24 16:28:35,803 fail2ban.action [8527]: ERROR [ -n "" ] && app="app " -- stderr: b''
2015-04-24 16:28:35,803 fail2ban.action [8527]: ERROR [ -n "" ] && app="app " -- returned 1
- With action = ufw[application=OpenSSH], it was silently not doing
anything (no errors after "Ban x.x.x.x", but no IP addresses in ufw
status).
Re-arranged the bash commands on two lines, and it works with or without
<application>.
2015-04-28 11:39:00 -07:00
Thomas Mayer
923d807ef8
use human-readable variable names (issue #1003 )
2015-03-29 18:18:30 +02:00
Thomas Mayer
675c3a7c95
use printf instead of echo for POSIX compatibility (issue #1003 )
2015-03-29 18:08:47 +02:00
Thomas Mayer
ac1e41ea70
Revert "remove '-ne' option as it's not interpreted any way (issue #1003 )"
...
This reverts commit 4a598070c8
.
2015-03-29 17:54:25 +02:00
Thomas Mayer
4a598070c8
remove '-ne' option as it's not interpreted any way (issue #1003 )
2015-03-28 06:58:01 +01:00
Thomas Mayer
80f11a4d28
Add empty Init Section to pass tests (issue #1003 )
2015-03-27 18:36:09 +01:00
Thomas Mayer
c9b24839e4
Character detection heuristics for whois output via optional setting in mail-whois*.conf ( Closes #1003 )
...
when set by user,
- detects character set of whois output (which is undefined by RFC 3912) via heuristics of the file command
- converts whois data to UTF-8 character set with iconv
- sends the whois output in UTF-8 character set to mail program
- avoids that heirloom mailx creates binary attachment for input with unknown character set
2015-03-27 14:27:41 +01:00
Csaba Tóth
0720c831b7
Fix of LC_TIME usage, it should be LC_ALL
2015-03-26 03:02:02 +01:00
ediazrod
5fdd1d1ded
Update shorewall-ipset-proto6.conf
2015-03-23 00:56:37 +01:00
ediazrod
e26a1ad6b6
Update shorewall-ipset-proto6.conf
2015-03-23 00:55:06 +01:00
Yaroslav Halchenko
56aacf872c
Merge pull request #952 from ache/master
...
Update bsd-ipfw.conf
2015-03-21 21:46:54 -04:00
ediazrod
d0887f3234
This is a especific configuration for shorewall ipset proto6
...
Use ipset proto6 in shorewall. You must follow the rules to enable ipset in you blacklist
if you have a lot of spam (my case) is better use ipset rather than shorewall command line (is my firewall)
stop fail2ban with shorewall on one list of 1000 Ips takes 5 min with ipset in shorewall 10 sec.
2015-02-26 18:48:31 +01:00
Yaroslav Halchenko
e788e3823e
Merge pull request #965 from TorontoMedia/master
...
Split output of firewallcmd list into separate lines for grepping (Close #908 )
2015-02-14 16:06:10 -05:00
TorontoMedia
b4f1f613bb
Update firewallcmd-allports.conf
2015-02-14 12:32:36 -05:00
TorontoMedia
0fac7e40b6
Update firewallcmd-multiport.conf
2015-02-14 12:31:33 -05:00
Yaroslav Halchenko
07b0ab07ad
Merge branch 'master' of https://github.com/rumple010/fail2ban
...
* 'master' of https://github.com/rumple010/fail2ban :
Changed default TTL value to 60 seconds.
Added a reminder to create an nsupdate.local file to set required options.
Modified the ChangeLog and THANKS files to reflect the addition of action.d/nsupdate.conf.
add nsupdate action
Conflicts:
ChangeLog
2015-02-14 09:32:05 -05:00
Yaroslav Halchenko
d5e68abf95
ENH: check badips.com response on presence of "categories" in it
...
As https://travis-ci.org/fail2ban/fail2ban/jobs/50609529 query might fail in
that response would not contain "categories". With this change we will handle
it explicitly and will spit out ValueError, providing information about
the response so it could be troubleshooted
2015-02-13 08:55:35 -05:00
Ache
ae1451b29f
Update bsd-ipfw.conf
...
Deleting not existent is not error.
Adding already present is not error.
Otherwise all those entries becomes stale forever, not removed and its number increases over time.
2015-02-08 15:55:32 +03:00
Luke Hollins
549ab24e70
Fixed grammatical error in emails sent
2015-02-06 11:47:03 -05:00
Yaroslav Halchenko
119a7bbb16
Merge pull request #939 from szepeviktor/geoip
...
Added sendmail-geoip-lines.conf
2015-02-06 11:32:41 -05:00
Viktor Szépe
4c88a00c28
Line notes implemented
2015-02-06 17:22:30 +01:00
Viktor Szépe
1619ab3145
Added sendmail-geoip-lines.conf
2015-02-01 00:06:56 +01:00
Andrew St. Jean
6bdfe756cf
Changed default TTL value to 60 seconds.
2015-01-28 22:46:43 -05:00
Andrew St. Jean
43732acae1
Added a reminder to create an nsupdate.local file to set required options.
2015-01-26 21:48:16 -05:00
Yaroslav Halchenko
085d0f72ed
ENH: use non-UTC date invocation (without -u) and report offset for localzone (%z)
2015-01-26 09:19:44 -05:00
rumple010
eb76dcd5a0
add nsupdate action
...
Adds a new action file that uses nsupdate to dynamically update a BIND
zone file with a TXT resource record representing a banned IP address.
Resource record is deleted from the zone when the ban expires.
2015-01-25 23:15:07 -05:00
Yaroslav Halchenko
083031524d
BF: adding missing Definition section header to firewallcmd-allports
2015-01-08 21:14:50 -05:00
TorontoMedia
d7b7f4bc91
Update firewallcmd-allports.conf
2015-01-08 21:06:43 -05:00
TorontoMedia
7eed55266b
Created firewallcmd-multiport
2015-01-01 12:46:48 -05:00
TorontoMedia
9f91cb2fd8
Created firewallcmd-allports
2015-01-01 12:44:34 -05:00
TorontoMedia
50e5fd9ed7
Create firewallcmd-multiport.conf
2015-01-01 05:32:41 -05:00
TorontoMedia
591e444753
Create firewallcmd-allports.conf
2015-01-01 05:32:06 -05:00
Yaroslav Halchenko
967485c2d0
improving grepping
2014-10-29 23:14:47 -04:00
Yaroslav Halchenko
efbf5064a1
Merge pull request #807 from xslidian/patch-1
...
grep IP at the start of lines
2014-10-29 23:07:10 -04:00
Orion Poplawski
01b2673e34
Use multiport for firewallcmd-new
2014-10-29 16:27:37 -06:00
Dean Lee
ba44ff312b
grep IP at the start of lines
...
I'm not sure if this regex works best, so I'm patching this single file as a sample.
Don't forget to update `mail-whois-lines.conf` after this patch got merged.
For the following logs, `grep '[^0-9]199.48.161.87[^0-9]'` will output nothing, while `grep '\([^0-9]\|^\)199.48.161.87[^0-9]'` works:
<pre>199.48.161.87 - - [09/Sep/2014:13:38:54 +0800] "POST /wp-login.php HTTP/1.1" 403 4674 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:38:56 +0800] "POST /wp-login.php HTTP/1.1" 403 4674 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:38:58 +0800] "POST /wp-login.php HTTP/1.1" 403 4674 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:39:00 +0800] "POST /wp-login.php HTTP/1.1" 403 4674 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:39:05 +0800] "POST /wp-login.php HTTP/1.1" 403 4674 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:39:05 +0800] "POST /wp-login.php HTTP/1.1" 403 4674 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:39:13 +0800] "POST /wp-login.php HTTP/1.1" 403 4674 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:39:21 +0800] "POST /wp-login.php HTTP/1.1" 403 4674 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:39:32 +0800] "POST /wp-login.php HTTP/1.1" 403 4674 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:39:34 +0800] "POST /wp-login.php HTTP/1.1" 403 4674 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:39:34 +0800] "POST /wp-login.php HTTP/1.1" 403 168 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:39:34 +0800] "POST /wp-login.php HTTP/1.1" 403 168 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:39:35 +0800] "POST /wp-login.php HTTP/1.1" 403 168 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:39:35 +0800] "POST /wp-login.php HTTP/1.1" 403 168 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com
199.48.161.87 - - [09/Sep/2014:13:39:35 +0800] "POST /wp-login.php HTTP/1.1" 403 168 "-" "Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0" - hitsjapan.com</pre>
2014-09-09 14:55:34 +08:00
Yaroslav Halchenko
0d9cfb84e3
Merge pull request #778 from yarikoptic/enh/symbiosis
...
ENH: symbiosis-blacklist-allports action
2014-08-20 23:00:11 -04:00
Yaroslav Halchenko
93243e7d57
ENH: Ignore errors while unbaning in symbiosis firewall
...
Fail2Ban at times "interfers" with the firewall reflashing thus leading
to the sporadic errors. IMHO should be safe to ignore
2014-08-12 11:57:07 -04:00
Yaroslav Halchenko
818dd59d65
ENH: symbiosis-blacklist-allports action
2014-08-08 11:57:30 -04:00
Markus Amalthea Magnuson
7b76322898
Fix typos.
2014-08-02 12:21:59 +02:00
leftyfb
6dbd449f77
Changed to Cloudflare JSON API
2014-07-28 11:10:50 -04:00
leftyfb
cba570cabd
Updated comments
2014-07-17 23:49:35 -04:00
leftyfb
5471e99ebe
Added cloudflare action
2014-07-17 22:54:30 -04:00
Yaroslav Halchenko
0adb10f653
Merge branch 'ainfo-copy' of https://github.com/kwirk/fail2ban
...
* 'ainfo-copy' of https://github.com/kwirk/fail2ban :
TST: actions modifying aInfo test more robust
TST: Test for actions modifying (un)ban aInfo
BF: aInfo could be modified by actions, causing unexpected behaviour
2014-06-22 10:53:30 -04:00
SATO Kentaro
65ff3e9604
ENH: Introduce iptables-common.conf.
2014-06-18 19:04:57 +09:00
Steven Hiscocks
8268c1641f
BF: aInfo could be modified by actions, causing unexpected behaviour
...
A separate copy of aInfo is passed to each action
2014-06-17 23:24:23 +01:00
SATO Kentaro
1e1c4ac62a
ENH: Add <chain> to iptables-ipsets.
2014-06-16 21:30:13 +09:00
Steven Hiscocks
db023be09b
BF: Fix bad syntax in badips.py action
...
Taken from https://bugzilla.redhat.com/attachment.cgi?id=895966&action=diff
2014-06-07 20:51:53 +01:00
Yaroslav Halchenko
596b819bdc
DOC: minor -- tabify docstring in badips.py action
2014-04-23 10:04:17 -04:00
Steven Hiscocks
9fcb92524e
BF: badips.py action logging of exc_info on debug typo
2014-04-12 11:21:52 +01:00
yungchin
3a155ed2e0
Update comments in shorewall.conf for new settings
2014-04-01 16:52:21 +01:00
Ruben Kerkhof
1c36da9df9
Fix 2 more typos that codespell didn't catch
2014-03-25 10:57:20 +00:00
Ruben Kerkhof
1695d5c076
Fix a few typos
...
Found with https://github.com/lucasdemarchi/codespell
Signed-off-by: Ruben Kerkhof <ruben@rubenkerkhof.com>
2014-03-24 13:16:52 +00:00
Steven Hiscocks
41cbbbc248
BF: Remove unused imports and variables.
...
All highlighted by using pyflakes.
2014-03-16 14:31:34 +00:00
Steven Hiscocks
16125ec81a
BF: badips.py action methods not static due to use of self._logSys
2014-03-16 14:18:19 +00:00
Steven Hiscocks
9e374b159e
ENH: Allow setting of badips.py key for reporting and blacklisting
2014-03-13 22:45:10 +00:00
Steven Hiscocks
de43d1d6d5
ENH: Change badips.py default score to "3"
...
As per recommendation from Amy from badips.com
2014-03-13 22:05:50 +00:00
Steven Hiscocks
0222ff4677
Merge branch 'badips-blacklist' into 0.9
...
Conflicts:
ChangeLog
- entires added in both branches.
Change:
config/action.d/badips.py
- jail.getName() changed to jail.name
2014-03-13 20:01:15 +00:00
Steven Hiscocks
0c63d0061a
DOC: Add documentation for badips.py action
2014-03-13 19:58:32 +00:00
Steven Hiscocks
dfb46cfda6
BF: Require Python 2.7+ for badips.py action
2014-03-12 21:54:15 +00:00
Daniel Black
cc8ec826c5
MRG: from master 2014-03-02
2014-03-02 14:33:45 +11:00
Steven Hiscocks
df8d700d17
RF: Refactor Jail and JailThread
...
Includes:
- documentation to new format and use of properties
- change isActive->is_active as former no longer documented for
python3, and later introduction and documented in python2.6
- status formatter in beautifier somewhat more automatically
formatted; no changes are required for additional status elements
- JailThread now set to active within `start` method, complimenting
`stop` method
2014-02-23 17:41:14 +00:00
Daniel Black
9be22a96a6
Merge pull request #614 from kwirk/complain-abusix
...
BF: Use abusix Abuse Contact DB to get more accurate abuse addresses
2014-02-20 09:17:23 +11:00
Daniel Black
cc463aa60d
Merge pull request #620 from kwirk/xarf-tweaks
...
BF: Fix misplaced ";", and duplicate {ip,}matches
2014-02-20 09:16:11 +11:00
Daniel Black
a044517cb7
MRG: from master to 0.9 2014-02-20
2014-02-20 08:35:24 +11:00
Steven Hiscocks
8c5525163b
BF: Fix misplaced ";", and duplicate {ip,}matches
2014-02-18 15:13:02 +00:00
Steven Hiscocks
997729e274
BF: Fix complain action for multiple recipients and misplaced ";"
2014-02-18 15:05:06 +00:00
Steven Hiscocks
7c76f7f204
BF: $EUID not avilable in all shells, replaced with `id -u` in xt_recent
2014-02-16 17:56:06 +00:00
Steven Hiscocks
2a37ee2fb7
ENH: Add root user check in xt_recent, and add missing actionstop
...
Thanks to Helmut Grohne on IRC for suggestion
2014-02-16 16:52:30 +00:00
Steven Hiscocks
5c7630c4be
ENH: Allow separate blacklist category for badips.py action
2014-02-14 17:45:08 +00:00
Steven Hiscocks
cf81ddd8e2
BF: Add error handling in badips.py action
2014-02-14 17:10:34 +00:00
Steven Hiscocks
31f4ea59cb
BF: Use abusix Abuse Contact DB to get more accurate abuse addresses
...
Taken from xarf-login-attack action from 0.9 branch by Daniel Black
2014-02-13 22:00:33 +00:00
Steven Hiscocks
dff8909473
ENH: Add badips.com reporting and blacklisting action (python based)
2014-02-09 12:23:14 +00:00
Daniel Black
1e1261ccb4
MRG: from master 2014-01-23
2014-01-23 17:45:18 +11:00
Daniel Black
ca57427080
BF: firewallcmd-ipset had non-working actioncheck
2014-01-23 17:41:13 +11:00
Steven Hiscocks
8221c7ca71
TST+BF: Add tests for python actions, including test for smtp.py
...
Also fix bug when specifying multiple recipients for smtp.py action
2014-01-20 23:10:43 +00:00
Daniel Black
a650178bd1
MRG: merge from master 2014-01-19
2014-01-19 14:48:29 +11:00
Daniel Black
f566cab766
Merge branch 'master' into badips
2014-01-15 09:37:11 +11:00
Daniel Black
cd3e94140c
MRG: complete merge
2014-01-12 21:16:55 +11:00
Yaroslav Halchenko
9a8b449086
DOC: some typos, fixes from Vincent Lefevre
2014-01-06 23:38:52 -05:00
Daniel Black
76468942f9
MRG: complete merge from master
2014-01-07 10:24:23 +11:00
Daniel Black
ab3ded2205
Merge pull request #549 from kwirk/python-actions
...
ENH: Python actions
2014-01-06 02:58:45 -08:00
Steven Hiscocks
69a850d226
DOC: Update docstrings for smtp.py action
2014-01-04 22:46:57 +00:00
Steven Hiscocks
6e63f0ea5a
RF: Change Jails and Actions to Mapping types
2014-01-04 16:57:08 +00:00
Daniel Black
3d1a1afca4
MRG: to more recent 0.9
2014-01-04 09:31:05 +11:00
Daniel Black
5fe75436cc
DOC: DEV NOTES before author names
2014-01-04 08:53:45 +11:00
Steven Hiscocks
80d6f74ee8
RF: Refactor actions further, include removing server proxy interface
...
This allows direct setting of action properties and calling of methods
from the fail2ban-client if so required.
2014-01-03 17:04:49 +00:00
Daniel Black
a0c2de3e4d
DOC: document incompatiblity between APF and iptables-* actions. Closes gh-510
2014-01-03 16:51:38 +11:00
Steven Hiscocks
98bf511443
BF: Incorrect number of arguments in smtp.py action connect log
2014-01-01 23:50:44 +00:00
Steven Hiscocks
5b2b59d752
ENH: python actions use initOpts as **kwargs
...
Adds an easy way to handle case where mandatory arguments are missed, or
not valid arguments are passed
2014-01-01 23:18:11 +00:00
Steven Hiscocks
6ef911185d
ENH: Add matches to smtp.py action
2014-01-01 12:27:49 +00:00
Daniel Black
391b5fc883
MRG: from master again 2014-01-01
2014-01-01 19:28:38 +11:00
Steven Hiscocks
f37c90cdba
ENH: Python based actions
...
Python actions are imported from action.d config folder, which have .py
file extension. This imports and creates an instance of the Action class
(Action can be a variable that points to a class of another name).
fail2ban.server.action.ActionBase is a base class which can be inherited
from or as a minimum has a subclass hook which is used to ensure any
imported actions implements the methods required.
All calls to the execAction are also wrapped in a try except such that
any errors won't cripple the jail.
Action is renamed CommandAction, to clearly distinguish it from other
actions.
Include is an example smtp.py python action for sending emails via smtp.
This is work in progress, as looking to add the <matches> and whois
elements, and also SSL/TLS support.
2013-12-31 18:54:34 +00:00
Daniel Black
be382dae4d
MRG: ufw changelog conflicts
2013-12-29 05:45:06 +00:00
Daniel Black
1f6ece2a40
Merge pull request #490 from grooverdan/firewallcmd-ipset
...
ENH: add firewallcmd-ipset
2013-12-28 21:43:49 -08:00
Daniel Black
a1a219189f
Merge pull request #493 from grooverdan/xarf-ipmatch
...
ENH: use ipmatches for action xarf-login-attack
2013-12-19 01:28:49 -08:00
Daniel Black
7c0efc8ec8
MRG: merge so far - flushLogs not working yet
2013-12-16 15:08:34 +00:00
Daniel Black
4eedf9d4e1
ENH: use ipmatches for action xarf-login-attack
2013-12-15 23:49:38 +00:00
Daniel Black
a398c51d6c
ENH: simplify actioncheck on firewallcmd-new a little more
2013-12-15 22:36:47 +00:00
Daniel Black
772def1095
Merge pull request #491 from kwirk/ipmatches
...
ENH: Add <ipmatches> and <ipjailmatches> tags + sendmail implementations
2013-12-15 14:29:02 -08:00
Steven Hiscocks
40007abc1d
ENH: Refactor and add database matches and failures for sendmail actions
2013-12-15 21:41:43 +00:00
Daniel Black
1c6c011154
EHH missed trailing .
2013-12-14 21:22:46 +00:00
Daniel Black
868a4ea470
ENH: full abusix disclaimer in action xarf-login-attack
2013-12-14 21:18:20 +00:00
Daniel Black
9fe0a69852
ENH: add firewallcmd-ipset
2013-12-14 09:06:01 +00:00
Daniel Black
4ffc57e14f
ENH: simplify firewallcmd-new actioncheck and provide output samples
2013-12-14 07:11:29 +00:00
Daniel Black
ed816afbcd
ENH: add badips action
2013-12-14 01:41:28 +00:00
Daniel Black
1ff52dfe4d
DOC: document ufw a bit more. Change insertpos default to 1 to allow it to work if the user run ufw enable
2013-12-14 00:40:47 +00:00
Daniel Black
f35345ecaa
ENH: add ufw action based off Guilhem Lettron's work in lp-#701522. Closes gh-455
2013-12-14 00:34:12 +00:00
Daniel Black
13ccebe78f
BF: fix actioncheck in firewallcmd
2013-12-13 23:40:51 +00:00
Steven Hiscocks
0bcff771b8
ENH: Add <ipmatches> and <ipjailmatches> tags
...
Example use filter also added for sendmail-whois with ipmatches rather
than grepped lines
2013-12-13 22:40:11 +00:00
Daniel Black
f385439a41
MRG: ChangeLog merge
2013-12-09 09:28:42 +11:00
Daniel Black
36917d7517
BF: action.d/complain - match IP at beginning and end of lines
2013-12-09 09:21:55 +11:00
Daniel Black
135c759dbb
Merge pull request #477 from kwirk/blocklist.de
...
ENH: Added blocklist.de reporting API action
2013-12-06 16:16:39 -08:00
Steven Hiscocks
630dd91dcd
BF: Add [Init] section to blocklist.de action
2013-12-07 00:09:31 +00:00
Steven Hiscocks
b3c173795e
ENH: blocklist.de action error on HTTP response code 4xx
2013-12-06 08:22:21 +00:00
Daniel Black
51f2619878
Merge pull request #473 from grooverdan/whois-missing
...
ENH: Whois missing in actions? Include output to say so
2013-12-05 12:44:35 -08:00
Steven Hiscocks
a19b33cc72
ENH: blocklist.de action added fail2ban version as user agent
2013-12-05 18:12:15 +00:00
Steven Hiscocks
f742ed0e4b
DOC: when to use blocklist.de reporting
...
Taken from commit 1846056606
2013-12-05 18:06:53 +00:00
Steven Hiscocks
e810ec009d
ENH: Added blocklist.de reporting API action
2013-12-05 08:22:20 +00:00
Daniel Black
4dc51e5def
BF: put notice in email if whois program could not provide more information. Closes gh-471
2013-12-04 22:43:06 +11:00
Daniel Black
97d7f46bb7
DOC: correct grammar - s/Here are more information/Here is more information/
2013-12-04 22:40:48 +11:00
Daniel Black
8aead9ab79
BF: escape quotes when splitting addresses for xarf
2013-12-04 08:19:05 +11:00
Daniel Black
1846056606
DOC: when to use xarf messages to network owner
2013-12-03 20:40:42 +11:00
Daniel Black
8c37d2e4de
ENH: remove dependency on querycontacts
2013-12-03 20:34:21 +11:00
Daniel Black
dd356c3cef
BF: fixed for sendmail and tested the MTA aspects of this action
2013-12-01 19:08:28 +11:00
Daniel Black
9df5f4eec8
BF: remove debugging tee command on xarf-login-attack
2013-12-01 17:53:34 +11:00
Daniel Black
d015f7f4fc
BF/ENH: fixed so xarf-login-attack works
2013-12-01 17:49:35 +11:00
Daniel Black
0495aa098e
BF: grep matches on <ip> shouldn't include other IPs
2013-11-30 18:01:45 +11:00
Daniel Black
95845b7b65
BF: complain action could match too many IP addresses
2013-11-30 17:47:10 +11:00
Daniel Black
5cc7173fd4
ENH: add xarf email sender for login-attack type
2013-11-30 14:16:26 +11:00
Daniel Black
56b6bf7d25
ENH: reduce firewalld-cmd-new -> firewallcmd-new
2013-11-30 10:30:29 +11:00
Daniel Black
86a0a5962a
BF: revert to fail2ban- prefix as f2b- was intended for 0.9
2013-11-30 08:05:20 +11:00
Daniel Black
9e53892708
BF: did remove instead of move
2013-11-29 19:26:24 +11:00
Daniel Black
af4feb0c92
Actions to have f2b- as prefix instead of fail2ban- as per #462
2013-11-29 19:08:38 +11:00
Daniel Black
fb666b69ff
BF: firewall-cmd-direct-new was too long. Thanks Joel.
2013-11-28 23:35:05 +11:00
Daniel Black
dc154c792e
BF: add init section with name for action.d/apf. Closes #398
2013-11-25 08:08:20 +11:00