mirror of https://github.com/fail2ban/fail2ban
61 lines
2.9 KiB
Plaintext
61 lines
2.9 KiB
Plaintext
fail2ban (0.8.11-1) unstable; urgency=low
|
|
|
|
* retroactive for 0.8.9: by default iptables-* actions do not simply
|
|
DROP packets from offending IP but rather reject with
|
|
icmp-port-unreachable. If DROP behaviour is preferable, provide
|
|
config/action.d/iptables-blocktype.local with [Init] section defining
|
|
blocktype = DROP or override action definition to provide
|
|
blocktype=DROP option in jail.local
|
|
* Many failregex's were tight-up in this release which could
|
|
theoretically effect operation in comparison to previous release(s).
|
|
|
|
-- Yaroslav Halchenko <debian@onerussian.com> Sat, 16 Nov 2013 22:27:50 -0500
|
|
|
|
fail2ban (0.8.4-3) unstable; urgency=low
|
|
|
|
* Jail named-refused-udp is unsafe and opens possibility for easy DoS,
|
|
thus discouraged to be used, and commented out (see #583364 for more
|
|
information).
|
|
|
|
-- Yaroslav Halchenko <debian@onerussian.com> Mon, 28 Jun 2010 22:12:22 -0400
|
|
|
|
fail2ban (0.7.1-0.2) unstable; urgency=low
|
|
|
|
fail2ban 0.7 is a complete rewrite of the 0.6 version, and if you
|
|
customized any of provided configuration or startup files
|
|
(/etc/default/fail2ban, /etc/fail2ban.conf, /etc/init.d/fail2ban),
|
|
please read further. The configuration scheme has changed upstream:
|
|
0.7 ignores /etc/fail2ban.conf and instead uses a split configuration
|
|
under /etc/fail2ban/. To retain your customizations, for example to
|
|
monitor anything other than sshd, you will need to set them under that
|
|
new directory; use *.local files for customizations. Please see
|
|
/usr/share/doc/fail2ban/README.Debian.gz and
|
|
http://fail2ban.sourceforge.net for further description of new
|
|
configuration scheme. Detailed documentation is under development (see
|
|
#400416). When you are satisfied with the new settings, please delete
|
|
/etc/fail2ban.conf to avoid confusion.
|
|
|
|
Fail2ban 0.7 uses client/server architecture and fail2ban-client is to
|
|
substitute fail2ban command to provide an interface between the user and
|
|
fail2ban-server. That is why some command line parameters present in
|
|
fail2ban 0.6 are invalid in fail2ban-client. Such change affects
|
|
/etc/default/fail2ban; you should review that file if you customized it.
|
|
Please enable sections as directed in README.Debian.gz mentioned above.
|
|
You must use newly shipped init.d/fail2ban, or otherwise fail2ban will
|
|
not start.
|
|
|
|
This note was rewritten in release 0.7.5-2 to clarify its meaning.
|
|
|
|
-- Yaroslav Halchenko <debian@onerussian.com> Sat, 9 Dec 2006 18:24:36 -0500
|
|
|
|
fail2ban (0.6.0-4) unstable; urgency=low
|
|
|
|
In this version the new section ApacheAttacks was introduced to ban IPs
|
|
which are found to run some known attack on the host. For now it captures
|
|
just awstats and mambo related attacks. To make this feature work, the bug of
|
|
wrongly specified timeregexp for Apache's access.log file was fixed.
|
|
Besides that group of log files has changed to be adm, and now they are
|
|
readable by the group.
|
|
|
|
-- Yaroslav Halchenko <debian@onerussian.com> Fri, 10 Feb 2006 13:05:07 -0500
|