mirrors/fail2ban
1
0
Fork 0
mirror of https://github.com/fail2ban/fail2ban.git synced 2025-11-26 14:20:19 +08:00
Code Issues Packages Projects Releases Wiki Activity
6,187 Commits 34 Branches 230 Tags
master
Commit Graph

6187 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Sergey G. Brester
7c2bda4977 Fix image size for IPv6 logo in README 
Updated image tag in README to use 'style' attribute.
 2025-11-24 23:14:47 +01:00
sebres
3f78f1520b fixed typo in comparison by build of stream from filter options (see #4066) 2025-10-28 21:34:00 +01:00
Sergey G. Brester
7bac839603 Merge pull request #4069 from sebres/init-param-to-cond-section 
Setting of blocktype="DROP" via jail doesn't apply for IPv6 chain
 2025-09-24 18:23:44 +02:00
Sergey G. Brester
d0b94c147e Update ChangeLog 2025-09-24 18:22:06 +02:00
Sergey G. Brester
070d49e09c man/jail.conf.5 - update docu 2025-09-24 18:18:38 +02:00
Sergey G. Brester
dda4aa7d2d Merge pull request #4075 from para-do-x/froxlor-auth 
Froxlor auth update
 2025-09-24 16:58:27 +02:00
para-do-x
ad9aba5871 Update ChangeLog gh4075 2025-09-24 18:43:39 +04:00
sebres
13563fd09b combine both REs to single RE, no prefregex needed here 2025-09-24 16:23:05 +02:00
sebres
a9401233dd code review, make it backwards compatible to logging type=1 (as suggested in https://github.com/fail2ban/fail2ban/issues/2926#issuecomment-774780120); use by default type=2 2025-09-24 16:09:42 +02:00
para-do-x
1379a262f6 Update froxlor-auth testfile 2025-09-24 15:59:19 +02:00
para-do-x
abdd0d4b25 Update jail.conf for froxlor-auth 
Changed logpath to syslog_user for froxlor-auth
 2025-09-24 15:59:18 +02:00
para-do-x
897b21a4c5 Update froxlor-auth.conf 
updated the regex to the new logging situation for froxlor.
 2025-09-24 15:59:17 +02:00
sebres
65668b8ed8 filter.d/postfix.conf - modes ddos and aggressive extended to match rate limit exceeded for connection or message delivery request rates; 
closes gh-3265;
closes gh-4073;
 2025-09-23 12:18:45 +02:00
sebres
2856092709 filter.d/postfix.conf - use common prefix instead of NOQUEUE for all modes, outside of mdpr-<mode> in prefregex (amend to gh-4072) 2025-09-18 15:01:05 +02:00
Sergey G. Brester
2ac7e1284f Merge pull request #4072 from ulm/postfix-ddos 
filter.d/postfix.conf: Add optional "NOQUEUE:" to mdpr-ddos
 2025-09-18 14:35:35 +02:00
Ulrich Müller
0fee8dbe92 filter.d/postfix.conf: Add optional "NOQUEUE:" to mdpr-ddos 
The current regex doesn't match the following log entry, seen with
Postfix 3.10.2:

Sep 17 18:19:20 mxhost postfix/smtpd[12345]: NOQUEUE: lost connection after CONNECT from unknown[192.0.2.25]
Sep 17 18:19:20 mxhost postfix/smtpd[12345]: disconnect from unknown[192.0.2.25] commands=0/0
 2025-09-18 08:23:45 +02:00
Sergey G. Brester
6c47bf6461 Merge pull request #4068 from billfor/xarf 
fix `dig` to filter out warnings and prevent them from being injected as emails
 2025-09-15 17:23:32 +02:00
sebres
9534bdac37 filter.d/nginx-http-auth.conf: filter rewritten and extended: 
- with `prefregex` to capture content of error only (bypass common prefix and suffix, like server, request, host, referrer);
  - to match PAM authentication failures (gh-4071)
 2025-09-15 16:14:22 +02:00
Sergey G. Brester
a8875c36b8 Merge pull request #4070 from yizhao1/fix 
clientreadertestcase.py: set correct config dir for testReadStockJailFilterComplete
 2025-09-12 14:51:14 +02:00
Yi Zhao
9f26da3cf8 clientreadertestcase.py: set correct config dir for testReadStockJailFilterComplete 
In test case testReadStockJailFilterComplete, set configuration
directory to CONFIG_DIR (/etc/fail2ban/filter.d on the target) instead
of the hardcoded "config" directory. Otherwise, the config files will
not be found during runtime testing.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
 2025-09-12 12:53:45 +08:00
sebres
5beee494a3 allow to overwrite conditional parameters only direct from jail, for example 
`banaction = iptables-ipset[blocktype="...", blocktype?family=inet6="..."]`
 2025-09-11 23:11:45 +02:00
sebres
3fd3454146 if parameter supplied to the config, overwrite also conditional init options (from init?... section) 2025-09-11 19:39:06 +02:00
sebres
ce8cc5d261 test illustrating the issue with blocktype="DROP" for IPv6 chain (supplying init parameter to action doesn't overwrite the value in conditional section) 2025-09-11 16:44:06 +02:00
Sergey G. Brester
4539e6719c Update ChangeLog 2025-09-10 20:19:34 +02:00
Sergey G. Brester
85cfb81782 lets see an error (with debug messages) in debug case 2025-09-10 20:04:10 +02:00
bill
3d23a44bb1 fix dig to filter out warnings from email address capture 2025-09-10 13:27:30 -04:00
Sergey G. Brester
77efe3b40c Merge pull request #4020 from billfor/sendmail 
Update sendmail-reject.conf
 2025-09-02 19:46:57 +02:00
sebres
26b91862fc introduces a parameter mta_dname (default \S+) to allow more complex REs to match custom MTA daemon names (e.g. with spaces etc) 2025-09-02 19:41:40 +02:00
sebres
10b12e8c57 reorder 2 tests belonging together 2025-09-02 19:11:05 +02:00
sebres
13876e93ad fixes the inconsistency with F-MLFID ("ID" matched by (?:\w{14,20}: )? is optional in message); simplify PR 2025-09-02 19:11:04 +02:00
bill
70d7fd0fdd update the test for lost input channel with real ip 2025-09-02 12:54:42 -04:00
bill
9e72e78f34 filter.d/sendmail-reject.conf: support BSD log format. match user unknown messages. add aggressive mode for lost input channel and relaying denied messages 2025-09-01 22:34:53 -04:00
sebres
912e3c81a2 removes mistaken return in quiet case for set jail attempt command 2025-09-01 20:12:07 +02:00
sebres
c54d505dea small amend (info with date pattern before debug message with regex) 2025-09-01 18:10:43 +02:00
sebres
6ac181f559 improve logging of date pattern (count of default templates added, info if it's filtered or used pre-match) 2025-09-01 18:03:09 +02:00
sebres
52399e6ef1 amend to #2351: providing the attempt via fail2bans protocol (Pickle, client command, etc) must follow ignore facilities (shall be ignored if matches ignoreip, ignoreself, ignorecommand etc) 2025-08-26 18:03:46 +02:00
sebres
c9e1a1b087 silence warning "Unknown distribution option: 'test_suite'", seems not work anymore (2.x only?) - test suite shall be invoked using bin/fail2ban-testcases 2025-08-23 22:22:20 +02:00
sebres
a055568500 GHA: update python 3.14.0-rc.2 2025-08-23 22:10:55 +02:00
sebres
0265df854e silence skipping tests output for python versions that basically can not have the modules 2025-08-23 22:00:03 +02:00
sebres
a3d181c973 filter.d/dovecot.conf: new matches in aggressive mode: 
- new variant for `no auth attempts in X secs` with `Login aborted` and `(no_auth_attempts)`;
- covered `disconnected during TLS handshake` with `no application protocol` and `no shared cipher`.
 2025-08-23 20:22:08 +02:00
sebres
002719dca4 ChangeLog update 2025-08-23 20:18:59 +02:00
sebres
c26fda9dbb filter.d/dovecot.conf: new matches in aggressive mode: 
- new variant for `no auth attempts in X secs` with `Login aborted` and `(no_auth_attempts)`;
- covered `disconnected during TLS handshake` with `no application protocol` and `no shared cipher`.
 2025-08-23 20:16:40 +02:00
sebres
bdb5d99906 Log Repeal Ban instead of Unban on stop action, jail or fail2ban, because the tickets are "unbanned" temporary (till restart); 
closes gh-4057
 2025-08-19 11:37:01 +02:00
sebres
4e22c20559 fixes ignoreip prefix file:// - it shall resolve absolute file name (starting with /) unless it starts with ./; 
relative paths are based relative the working dir;
to use it relative current config root (normally `/etc/fail2ban`), one can use interpolation `%(fail2ban_confpath)s`, e.g.:
  file://%(fail2ban_confpath)s/ignore-ipaddr-file
 2025-08-12 23:46:10 +02:00
sebres
3ce6f344e3 fixes beautifier get ignoreip (explicit convert to string) 2025-08-12 23:26:42 +02:00
Sergey G. Brester
bf4903538d update ChangeLog (enhancement from #3291) 2025-08-08 10:29:02 +02:00
Sergey G. Brester
77ba28bae1 Merge pull request #3291 from ttyS4/patch-1 
nftables.conf - add support for cidr notation and address ranges
 2025-08-08 10:23:08 +02:00
Sergey G. Brester
dc3268ce5d servertestcase.py: adjust test coverage 2025-08-08 10:16:01 +02:00
Sergey G. Brester
eb80b895d1 provides flags interval as addr_options now 2025-08-08 10:10:40 +02:00
Bill
6120a731d9 update nginx limit-req filter again (#4048) 
amend to #4047 - removes unused ngx_limit_con_zones parameter.
 2025-08-04 21:16:26 +02:00