github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity
6,805 Commits
32 Branches
229 Tags
18 MiB
Commit Graph

521 Commits (e0e228ae91737e009397aef883fffcc9f055f9cd)

Author SHA1 Message Date
Logic-32 b161e55ca7 Adding STARTTLS test with the help of aiosmtp. Make sure SMTP specifies host/port in addition to connect() due to bug with starttls. 2023-12-30 16:42:31 +01:00
Sergey G. Brester 6fb3198a41 attempt to fix action for 2.x 
self.host cannot be supplied to SMTP because it can contain port (but `connect` takes place few lines below)
 2023-12-30 16:42:27 +01:00
Logic-32 6a1da5e164 Removing logging in favor of just throwing. Removing user from message as it doesn't add any value. 2023-12-30 16:42:23 +01:00
Logic-32 419e380870 Add support for TLS SMTP connections. 2023-12-30 16:42:18 +01:00
repcsi 199759f0ba added pf[protocol=all] options as recommended by sebres 2023-12-10 11:20:39 +01:00
Yaroslav Halchenko 8ef0d3c7a9 [DATALAD RUNCMD] run codespell throughout fixing typo automagically 
=== Do not change lines below ===
{
 "chain": [],
 "cmd": "codespell -w",
 "exit": 0,
 "extra_inputs": [],
 "inputs": [],
 "outputs": [],
 "pwd": "."
}
^^^ Do not change lines above ^^^
 2023-11-18 10:04:04 -05:00
nodiscc 77f80e8c3f
action.d/*ipset*: make maxelem ipset option configurable through banaction arguments 
- previously there was no way to override this value and ipsets would stop being updated when full (Hash is full, cannot add more elements)
- preserve ipset's default value of 65536
- update tests
- Closes #3549
 2023-08-23 12:19:07 +02:00
Sergey G. Brester e73748c442
Merge branch 'master' into mikrotik 2023-04-13 19:09:00 +02:00
Sergey G. Brester c7f8b75e7e
action.d/cloudflare-token.conf: fixes #3479, url-encode args by unban 2023-03-15 15:03:48 +01:00
Duncan Bellamy 7dc32971f8 changed missed names 2023-03-08 12:16:35 +00:00
Duncan Bellamy 9b1417a169 apply suggestions 2023-03-08 09:29:03 +00:00
Sergey G. Brester d46ec3a555 add jail boundary to flush command for more precise targeting of jail (if some name may be equal to prefix of other name) 2023-03-08 09:17:13 +00:00
Duncan Bellamy 5781675a7d change startcomment and comment so correct rules are flushed 2023-03-08 09:17:13 +00:00
Duncan Bellamy ac2076ef4f change unban back to find comment so correct entry always deleted 2023-03-08 09:17:13 +00:00
Duncan Bellamy 0e3e9b1d7f Add flushaction 
Change unban to find by ip address not comment
 2023-03-08 09:17:13 +00:00
Duncan Bellamy 9997807fb3 Add action for mikrotik routerOS 2023-03-08 09:17:13 +00:00
Jeff Johnson f9f78ed9d2
IPThreat integration (#3349) 
new IPThreat action
 2022-09-13 11:01:46 +02:00
Logic-32 d11ad3b90f Adding jail name to notes to disambiguate between jails. 2022-05-07 20:52:39 -06:00
Logic-32 e89b2c0ff7 Moving inet6 family block to the end so other config doesn't get added to it. 2022-05-07 20:41:33 -06:00
Logic-32 7e7b9f4a35 Adding support for Cloudflare Token API. 
Closes #3080
 2022-04-27 14:19:18 -06:00
sebres 06d2623c5e iptables and iptables-ipset actions extended to support multiple protocols with single action for multiport or oneport type (back-ported from nftables action); 
amend to gh-980 fixing several actions (correctly supporting new enhancements now)
 2022-01-26 21:51:11 +01:00
sebres b639c8869c make several iptables actions more breakdown-safe: start wouldn't fail if chain or rule already exists (e. g. created by previous instance and doesn't get purged properly); 
ultimately closes gh-980
 2022-01-25 00:35:14 +01:00
sebres 3d7e3bc2fb make ipset actions more breakdown-safe: start wouldn't fail if set with this name already exists (e. g. created by previous instance and don't deleted properly) 2022-01-24 22:56:16 +01:00
sebres 7db1c97a3e Merge remote-tracking branch 'remotes/sebres/1.0-breakdown-safe-actions' with master; 
conflicts resolved
 2022-01-24 22:31:51 +01:00
sebres 80805cabfc Merge branch '0.11' 2021-11-03 16:01:00 +01:00
sebres 0b3ad780fe Merge branch '0.10' into 0.11 2021-11-03 15:48:21 +01:00
sebres 4b54a07d71 Revert "`action.d/firewallcmd-*.conf` (multiport only): fixed port range selector, replacing `:` with `-`;" 
This reverts the incompatibility #3047 introduced by commit a038fd5dfe (#2821).
 2021-11-01 11:45:40 +01:00
sebres 10cd815525 merge 0.11 to 1.0 (GHSA-m985-3f3v-cwmm) 2021-07-07 12:06:06 +02:00
sebres c03fe6682c merge 0.10 to 0.11 (GHSA-m985-3f3v-cwmm) 2021-07-07 12:04:46 +02:00
sebres 410a6ce5c8 fixed possible RCE vulnerability, unset escape variable (default tilde) stops consider "~" char after new-line as composing escape sequence 2021-06-21 17:12:53 +02:00
Sergey G. Brester bbfff18280
action.d/ufw.conf: amend to #3018: parameter `kill-mode` extended with conntrack 2021-06-03 12:02:08 +02:00
sebres c7a86b4616 action.d/firewallcmd-ipset.conf: amend to #2620: 
- combines actions `firewallcmd-ipset` and `firewallcmd-ipset-native` (parameter `ipsettype=firewalld`);
- IPv6-capability for firewalld ipset;
- no internal timeout handling by default;
- no permanent rules yet
 2021-05-29 22:59:55 +02:00
Sergey G. Brester 2a508da5a0
Merge pull request #2620 from mspolitaev/master 
Using native firewalld ipset implementation
 2021-05-29 21:30:55 +02:00
usernamepi 4f8427178a
Missing comment "#" (#3022) 
Missed this ... but the logs showed it.
 2021-05-07 18:23:40 +02:00
usernamepi 88f779ed24
ufw.conf, amend to #3018 - add missing option for comment (#3019) 2021-05-06 23:23:39 +02:00
Sergey G. Brester 8f6a8df3a4
added new options `kill-mode` and `kill`, which makes the drop of all connections optional 2021-05-06 21:47:06 +02:00
Sergey G. Brester 5debaa4cac
option "add", can be set to "insert <num>" instead of prepend (customization or backwards compat) 2021-05-06 20:23:58 +02:00
usernamepi e4e7a83cff
Update ufw.conf 
Prerequisites:
* The ss command is available, kernel is compiled with option CONFIG_INET_DIAG_DESTROY.
* Ufw version is => 0.36 (released in 2018)

* Now using "prepend" instead of "insert" to be able to handle IPv6 addresses correctly. The current action will fail for IPv6 addresses.
* Now application names containing a space should handled correctly, solves https://github.com/fail2ban/fail2ban/pull/1532
* Now closing IPv4 and IPv6 connections (if any) from the ip that is being banned. The current action will leave them open.
   Using ss to accomplish this. For this to work the kernel needs to be compiled with the CONFIG_INET_DIAG_DESTROY option.
   My system apparently is compiled that way.
 2021-05-06 13:44:36 +02:00
Sergey G. Brester d74dd9321b
Merge pull request #2565 from caronc/0.11 
Add Apprise Support (50+ Notifications)
 2021-04-04 00:24:21 +02:00
sebres 3eaefe8da0 Merge branch '0.10' into 0.11 2021-03-03 18:16:47 +01:00
sebres 63acc862b1 `action.d/nginx-block-map.conf`: reload nginx only if it is running (also avoid error in nginx-errorlog, gh-2949) and better test coverage for the action 2021-02-24 18:21:42 +01:00
sebres fb6315ea5e Merge branch '0.10' into 0.11 2021-02-24 13:16:36 +01:00
sebres 6f4b6ec8cc action.d/badips.* removed (badips.com is no longer active, gh-2889) 2021-02-24 13:05:04 +01:00
sebres dbc77c47c3 Merge branch '0.10' into 0.11 2021-01-21 19:11:01 +01:00
Sergey G. Brester 5f3f4d1e2f
action.d/cloudflare.conf: better IPv6 capability 
closes gh-2891
 2021-01-11 15:23:40 +01:00
sebres 6ef69b48ca Merge branch '0.10' into 0.11 2020-11-05 16:12:31 +01:00
sebres 2817a8144c `action.d/bsd-ipfw.conf`: small amend (gh-2836) simplifying awk condition/code (position starts from `<lowest_rule_num>` and increases whilst used) 2020-09-29 13:33:40 +02:00
sebres 1418bcdf5b `action.d/bsd-ipfw.conf`: fixed selection of rule-no by large list or initial `lowest_rule_num`, exit code can't be larger than 255 (gh-2836) 2020-09-29 12:35:49 +02:00
sebres d253e60a8b Merge branch '0.10' into 0.11 2020-09-23 19:39:50 +02:00
Sergey G. Brester d977d81ef7
action.d/abuseipdb.conf: removed broken link, simplified usage example, fixed typos 2020-09-17 12:39:08 +02:00