summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* failregex.py: resolve deprecation warning for sre_constantsHEADmasterSergey G. Brester2023-05-031-2/+1
| | | closes gh-3508
* GHA: update python-versions, 3.11 is releasedSergey G. Brester2023-05-031-1/+1
|
* avoid confusion of path as failure ID with IP/CIDR notation, improve IP/CIDR ↵sebres2023-04-264-10/+53
| | | | | | | parsing; wrong CIDR notation or invalid plen always causes a fallback to raw string now; fixes recognition of `::` and `::/32`
* README.md: code status - switch from travis-ci to GHASergey G. Brester2023-04-241-5/+1
|
* Merge pull request #3502 from fail2ban/gh-3497Sergey G. Brester2023-04-243-1/+6
|\ | | | | filter.d/exim.conf: fixes "dropped: too many ..." regex (also matches unrecognized commands)
| * Update ChangeLoggh-3497Sergey G. Brester2023-04-241-0/+1
| |
| * filter.d/exim.conf: fixes "dropped: too many ..." regex and also matches ↵Sergey G. Brester2023-04-241-1/+1
| | | | | | | | unrecognized commands new vector
| * new test messages for exim (gh-3497)Sergey G. Brester2023-04-241-0/+4
|/
* Merge pull request #2860 from a16bitsysop/mikrotikSergey G. Brester2023-04-132-0/+85
|\ | | | | Add action for mikrotik routerOS
| * Merge branch 'master' into mikrotikSergey G. Brester2023-04-138-34/+81
| |\ | |/ |/|
* | fail2banregextestcase: compatibility fix for testWrongRESergey G. Brester2023-04-041-1/+1
| |
* | filtertestcase.py: byte related copy of lines in tests (locale independent); ↵sebres2023-04-042-27/+37
| | | | | | | | closes gh-2936
* | Merge pull request #2226 from mbologna/nginx-forbiddenSergey G. Brester2023-03-234-0/+35
|\ \ | | | | | | Feat: ban nginx forbidden accesses
| * | anchored datepattern and added journalmatch (if monitoring systemd journal)Sergey G. Brester2023-03-231-0/+4
| | |
| * | update changeLog, nginx-forbidden, gh-2226Sergey G. Brester2023-03-231-0/+1
| | |
| * | Merge branch 'master' into nginx-forbiddenSergey G. Brester2023-03-23241-3983/+9989
| |\ \ | |/ / |/| |
* | | Merge fix #3479:sebres2023-03-152-5/+7
|\ \ \ | | | | | | | | | | | | | | | | action.d/cloudflare-token.conf: url-encode args by unban closes 'gh-3479'
| * | | changelog entry (gh-3479)Sergey G. Brester2023-03-151-0/+1
| | | |
| * | | action.d/cloudflare-token.conf: fixes #3479, url-encode args by unbanSergey G. Brester2023-03-151-5/+6
|/ / /
| * | Feat: add forbidden to jail.confMichele Bologna2018-09-141-0/+5
| | |
| * | Feat: ban nginx forbidden accessesMichele Bologna2018-09-142-0/+26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If you have configured nginx to forbid some paths in your webserver, e.g.: location ~ /\. { deny all; } if a client tries to access https://yoursite/.user.ini then you will see in nginx error log: 2018/09/14 19:03:05 [error] 2035#2035: *9134 access forbidden by rule, client: 10.20.30.40, server: www.example.net, request: "GET /.user.ini HTTP/1.1", host: "www.example.net", referrer: "https://www.example.net" By carefully setting this filter we ban every IP that tries too many times to access forbidden resources. Author: Michele Bologna https://www.michelebologna.net/
| | * changed missed namesDuncan Bellamy2023-03-081-7/+7
| | |
| | * apply suggestionsDuncan Bellamy2023-03-081-13/+13
| | |
| | * move new comment in changelogDuncan Bellamy2023-03-081-7/+1
| | |
| | * add jail boundary to flush command for more precise targeting of jail (if ↵Sergey G. Brester2023-03-081-1/+1
| | | | | | | | | | | | some name may be equal to prefix of other name)
| | * change startcomment and comment so correct rules are flushedDuncan Bellamy2023-03-081-2/+2
| | |
| | * change unban back to find comment so correct entry always deletedDuncan Bellamy2023-03-081-2/+2
| | |
| | * Add flushactionDuncan Bellamy2023-03-081-4/+9
| | | | | | | | | | | | Change unban to find by ip address not comment
| | * Add action for mikrotik routerOSDuncan Bellamy2023-03-082-0/+86
| |/ |/|
* | CI-workflow: remove 3.5 (seems to have a bug in GHA now)Sergey G. Brester2023-02-281-1/+1
| |
* | readme: amendSergey G. Brester2023-02-281-3/+3
| |
* | readme: update versionSergey G. Brester2023-02-281-2/+2
| |
* | Merge pull request #3460 from Trotyl84/patch-1Sergey G. Brester2023-02-201-0/+1
|\ \ | | | | | | .gitignore: ignore `.venv/`
| * | Update .gitignoreŁukasz Turon2023-02-181-0/+1
|/ / | | | | Please add this entry for virtual python interpreter. This directory name is needed in the PyCharm environment.
* | gh-3447: fix careless mistake arisen in ↵sebres2023-01-171-2/+1
| | | | | | | | b12a3acb06fed4f240e1cea20f4b07f913edf221 by attempt to implement new reload capacity (rewritten latter): causing error "'noduplicates' is not defined" by double jail configuration
* | Merge branch 'fix-gh-3438':sebres2023-01-113-26/+279
|\ \ | | | | | | | | | | | | | | | * circumvent SEGFAULT in a python's socket module by getaddrinfo with disabled IPv6 (gh-3438) * improve auto-detection of IPv6 support (`allowipv6 = auto` by default) * improve `ignoreself` by considering all local addresses from network interfaces additionally to IPs from hostnames (gh-3132)
| * | changelog entries (gh-3438, gh-3132)sebres2023-01-111-0/+5
| | |
| * | don't add subnets to local addresses of `ignoreself` from network ↵sebres2023-01-112-23/+41
| | | | | | | | | | | | interfaces, use only IPs instead (subnets may be too heavy and not wanted, todo: make it configurable later)
| * | amend with few improvements, IPv6IsAllowed prefers IPs from network ↵sebres2023-01-102-100/+139
| | | | | | | | | | | | interfaces (if available for platform) and uses DNS (socket.getaddrinfo) as a fallback only
| * | try to obtain local addresses from network interfaces before DNS to IP ↵sebres2023-01-092-23/+173
| | | | | | | | | | | | | | | | | | lookup (closes gh-3132); DNSUtils.getSelfIP returns IPAddrSet now (because own IPs may be the subnets now, so the check `ignoreself` must check whether any of subnets contains the IP)
| * | improve auto detection of IPv6 - try to check sysctl ↵sebres2023-01-091-0/+7
| | | | | | | | | | | | net.ipv6.conf.all.disable_ipv6 (prefer value read from `/proc/sys/net/ipv6/conf/all/disable_ipv6`)
| * | better auto-detection for IPv6 support (`allowipv6 = auto` by default); ↵sebres2023-01-061-4/+38
|/ / | | | | | | circumvent SF in some python's socket module by getaddrinfo with disabled IPv6 (closes gh-3438)
* | no warning if no config value but default (debug message now)Sergey G. Brester2022-11-281-1/+1
| | | | | | closes #3420
* | Merge pull request #2112 from al42and/danteSergey G. Brester2022-11-183-0/+27
|\ \ | | | | | | Create filter for Dante SOCKS server
| * | non capturing groupSergey G. Brester2022-11-181-1/+1
| | |
| * | review, simplify regex and capture user nameSergey G. Brester2022-11-181-1/+1
| | |
| * | Dante SOCKS server: handle "1 byte/second" caseAndrey Alekseenko2022-11-172-1/+3
| | | | | | | | | | | | Thanks to @Loriowar and @sebres for pointing it out
| * | Create filter for Dante SOCKS serverAndrey Alekseenko2022-11-173-0/+25
|/ /
* | amend to #3405, eliminate catch-allSergey G. Brester2022-11-151-1/+1
| |
* | Merge branch 'gh-3405'sebres2022-11-153-2/+7
|\ \
View Lorry Controller Status