Filter (or failregex
) internal capture-groups:
failregex
or custom filters using conditional match (?P=host)
, you should
rewrite the regex like in example below resp. using (?:(?P=ip4)|(?P=ip6)
instead of (?P=host)
(or (?:(?P=ip4)|(?P=ip6)|(?P=dns))
corresponding your usedns
and raw
settings).Of course you can always define your own capture-group (like below _cond_ip_
) to do this.
testln="1500000000 failure from 192.0.2.1: bad host 192.0.2.1"
fail2ban-regex "$testln" "^\s*failure from (?P<_cond_ip_><HOST>): bad host (?P=_cond_ip_)$"
* New internal groups (currently reserved for internal usage):
ip4
, ip6
, dns
, fid
, fport
, additionally user
and another captures in lower case if
mapping from tag <F-*>
used in failregex (e. g. user
by <F-USER>
).
v.0.10 and 0.11 use more precise date template handling, that can be theoretically incompatible to some
user configurations resp. datepattern
.
Since v0.10 fail2ban supports the matching of IPv6 addresses, but not all ban actions are IPv6-capable now.
bips
with entries from table bans
(allows restore
current bans after upgrade from version <= 0.10)<bancount>
- ban count of this offender if known as bad (started by 1 for unknown)<bantime>
- current ban-time of the ticket (prolongation can be retarded up to 10 sec.)actionprolong
to prolong ban-time (e. g. set new timeout if expected);
Several actions (like ipset, etc.) rewritten using net logic with actionprolong
.
Note: because ban-time is dynamic, it was removed from jail.conf as timeout argument (check jail.local).--without-tests
to skip building and installing of tests files (gh-2287).fail2ban-client get <JAIL> banip ?sep-char|--with-time?
to get the banned ip addresses (gh-1916).Include selinux policy in package
Please login to add feedback.
This update has been submitted for testing by orion.
This update's test gating status has been changed to 'waiting'.
This update's test gating status has been changed to 'ignored'.
This update has been pushed to testing.
This update can be pushed to stable now if the maintainer wishes
Works for me
This update's test gating status has been changed to 'greenwave_failed'.
This update's test gating status has been changed to 'ignored'.
This update has been obsoleted by fail2ban-0.11.1-6.fc31.