Commit graph

278 commits

Author SHA1 Message Date
Serg G. Brester
fe14c8fa05 Merge pull request #1292 from albel727/master
Add nftables actions
2016-01-24 23:55:50 +01:00
Alexander Belykh
985e8938a4 Refactor nftables actionstop into smaller parts 2016-01-06 17:39:54 +06:00
Alexander Belykh
9779eeb986 Add nftables_type/family/table parameters 2016-01-06 17:33:14 +06:00
Alexander Belykh
260c30535d Escape curly braces in nftables actions 2016-01-06 17:13:30 +06:00
Alexander Belykh
1983e15580 Add empty line between parameters in nftables-common.conf 2016-01-06 16:55:29 +06:00
Alexander Belykh
f7f91a8bd4 Refactor common code out of nftables-multiport/allports.conf 2016-01-05 19:03:47 +06:00
sebres
69f5623f83 code simplifying (remove duplication): agent will be always supplied as parameter from jail.conf 2016-01-04 09:30:32 +01:00
Alexander Belykh
618e97bce8 Add nftables actions 2016-01-04 01:36:28 +06:00
sebres
ac31121432 amend to fix fail2ban-version: correct user-agent for badips.py "Fail2Ban/ver", changeable within jail/config now; 2015-12-31 02:32:17 +01:00
sebres
cf334421bd Provides fail2ban version to jail (as interpolation variable during parse of jail.conf);
BF: use `fail2ban_agent` as user-agent in actions badips, blocklist_de, etc. (closes #1271, closes #1272)
2015-12-31 01:38:25 +01:00
agentmoller001
617302fcc2 Updated route.conf to clear warnings
Does not throw warnings when starting/restarting by adding three lines of code.
2015-10-09 18:16:36 -07:00
Viktor Szépe
0d8968daa9 Added CloudFlare API error codes URL 2015-09-30 16:07:45 +02:00
M. Maraun
2895d981fa Set Timeout at urlopen to 3 seconds 2015-09-26 21:26:55 +02:00
Yaroslav Halchenko
c37009aec7 Merge branch 'grep-m1k' of github.com:szepeviktor/fail2ban
* 'grep-m1k' of github.com:szepeviktor/fail2ban:
  Limit the number of log lines in *-lines.conf actions

Conflicts:
  ChangeLog -- took both versions and adjusted the new one
  for -n 1000 change
2015-07-27 22:37:46 -04:00
Yaroslav Halchenko
38c320798d Merge pull request #1127 from yarikoptic/enh-iptables-w-close-1122
WIP ENH Add <lockingopt> (Close: #1122) and <iptables> to define the iptables call
2015-07-27 22:30:54 -04:00
Yaroslav Halchenko
0041bc3770 DOC: Changelog for shorewall-ipset-proto6.conf + adjusted its description 2015-07-26 23:10:08 -04:00
Yaroslav Halchenko
de2f9504c0 Merge pull request #978 from ediazrod/patch-2
shorewall-ipset-proto6.conf for shorewall
2015-07-26 23:00:58 -04:00
Yaroslav Halchenko
65cd218e10 Merge remote-tracking branch 'origin/master'
* origin/master:
  ipjailmatches is on one line with its description in man jail.conf
  Added a space between IP address and the following colon
2015-07-26 22:47:43 -04:00
Viktor Szépe
c8b3ee10a0 Limit the number of log lines in *-lines.conf actions 2015-07-27 02:35:21 +02:00
Thomas Mayer
a19cb1b2b9 Merge 923d807ef8 into cf2feea987 2015-07-25 01:23:39 +00:00
Yaroslav Halchenko
3c0d7f5a4c BF: do not wrap iptables into itself. Thanks Lee 2015-07-24 11:59:53 -04:00
Viktor Szépe
ebdfbae559 Added a space between IP address and the following colon 2015-07-24 09:33:47 +02:00
Yaroslav Halchenko
749d3c160c BF: symbiosis-blacklist-allports now also requires iptables-common.conf 2015-07-23 21:53:37 -04:00
Yaroslav Halchenko
916937bb6a RF: use <iptables> to take effect of it being a parameter 2015-07-23 21:38:10 -04:00
Yaroslav Halchenko
31dc4e2263 ENH: added lockingopt option for iptables actions, made iptables cmd itself a parameter 2015-07-23 21:34:20 -04:00
Viktor Szépe
5b7e1de2f4 Instead of allow-iptables-multiport actions swap blocktype and (new) returntype 2015-07-11 18:20:09 +02:00
Viktor Szépe
5d60700c0c Added pass2allow (knocking with fail2ban) 2015-07-10 16:22:43 +02:00
Yaroslav Halchenko
8c4c17a880 Merge pull request #1004 from tsabi/fix-lc_time
Fix of LC_TIME usage, it should be LC_ALL
2015-07-05 21:36:37 -04:00
Lee Clemens
fdc3172aec Fix PEP8 E302 expected 2 blank lines, found X 2015-07-04 13:47:40 -04:00
Viktor Szépe
b65a8b065d Other actions do not dive into this gory descriptions, but we do. 2015-07-03 19:17:50 +02:00
Viktor Szépe
2063ce4b23 All the arguments must be listed in [Init] 2015-07-01 14:48:44 +02:00
Viktor Szépe
79457112e9 Updated CF action 2015-07-01 09:38:36 +02:00
Aaron Brice
7ae0ef2408 Fix actions in ufw.conf
On Ubuntu 15.04 the ufw action was not working.
- With empty <application>, receiving errors:

2015-04-24 16:28:35,204 fail2ban.filter         [8527]: INFO    [sshd] Found 43.255.190.157
2015-04-24 16:28:35,695 fail2ban.actions        [8527]: NOTICE  [sshd] Ban 43.255.190.157
2015-04-24 16:28:35,802 fail2ban.action         [8527]: ERROR   [ -n "" ] && app="app " -- stdout: b''
2015-04-24 16:28:35,803 fail2ban.action         [8527]: ERROR   [ -n "" ] && app="app " -- stderr: b''
2015-04-24 16:28:35,803 fail2ban.action         [8527]: ERROR   [ -n "" ] && app="app " -- returned 1

- With action = ufw[application=OpenSSH], it was silently not doing
  anything (no errors after "Ban x.x.x.x", but no IP addresses in ufw
  status).

Re-arranged the bash commands on two lines, and it works with or without
<application>.
2015-04-28 11:39:00 -07:00
Thomas Mayer
923d807ef8 use human-readable variable names (issue #1003) 2015-03-29 18:18:30 +02:00
Thomas Mayer
675c3a7c95 use printf instead of echo for POSIX compatibility (issue #1003) 2015-03-29 18:08:47 +02:00
Thomas Mayer
ac1e41ea70 Revert "remove '-ne' option as it's not interpreted any way (issue #1003)"
This reverts commit 4a598070c8.
2015-03-29 17:54:25 +02:00
Thomas Mayer
4a598070c8 remove '-ne' option as it's not interpreted any way (issue #1003) 2015-03-28 06:58:01 +01:00
Thomas Mayer
80f11a4d28 Add empty Init Section to pass tests (issue #1003) 2015-03-27 18:36:09 +01:00
Thomas Mayer
c9b24839e4 Character detection heuristics for whois output via optional setting in mail-whois*.conf (Closes #1003)
when set by user,
 - detects character set of whois output (which is undefined by RFC 3912) via heuristics of the file command
 - converts whois data to UTF-8 character set with iconv
 - sends the whois output in UTF-8 character set to mail program
 - avoids that heirloom mailx creates binary attachment for input with unknown character set
2015-03-27 14:27:41 +01:00
Csaba Tóth
0720c831b7 Fix of LC_TIME usage, it should be LC_ALL 2015-03-26 03:02:02 +01:00
ediazrod
5fdd1d1ded Update shorewall-ipset-proto6.conf 2015-03-23 00:56:37 +01:00
ediazrod
e26a1ad6b6 Update shorewall-ipset-proto6.conf 2015-03-23 00:55:06 +01:00
Yaroslav Halchenko
56aacf872c Merge pull request #952 from ache/master
Update bsd-ipfw.conf
2015-03-21 21:46:54 -04:00
ediazrod
d0887f3234 This is a especific configuration for shorewall ipset proto6
Use ipset proto6 in shorewall. You must follow the rules to enable ipset in you blacklist

if you have a lot of spam (my case) is better use ipset rather than shorewall command line (is my firewall)
stop fail2ban with shorewall on one list of 1000 Ips takes 5 min with ipset in shorewall 10 sec.
2015-02-26 18:48:31 +01:00
Yaroslav Halchenko
e788e3823e Merge pull request #965 from TorontoMedia/master
Split output of firewallcmd list into separate lines for grepping (Close #908)
2015-02-14 16:06:10 -05:00
TorontoMedia
b4f1f613bb Update firewallcmd-allports.conf 2015-02-14 12:32:36 -05:00
TorontoMedia
0fac7e40b6 Update firewallcmd-multiport.conf 2015-02-14 12:31:33 -05:00
Yaroslav Halchenko
07b0ab07ad Merge branch 'master' of https://github.com/rumple010/fail2ban
* 'master' of https://github.com/rumple010/fail2ban:
  Changed default TTL value to 60 seconds.
  Added a reminder to create an nsupdate.local file to set required options.
  Modified the ChangeLog and THANKS files to reflect the addition of action.d/nsupdate.conf.
  add nsupdate action

Conflicts:
	ChangeLog
2015-02-14 09:32:05 -05:00
Yaroslav Halchenko
d5e68abf95 ENH: check badips.com response on presence of "categories" in it
As https://travis-ci.org/fail2ban/fail2ban/jobs/50609529 query might fail in
that response would not contain "categories".  With this change we will handle
it explicitly and will spit out ValueError, providing information about
the response so it could be troubleshooted
2015-02-13 08:55:35 -05:00
Ache
ae1451b29f Update bsd-ipfw.conf
Deleting not existent is not error.
Adding already present is not error.
Otherwise all those entries becomes stale forever, not removed and its number increases over time.
2015-02-08 15:55:32 +03:00