1 diff -urN fail2ban-0.8.11.orig/config/action.d/iptables-allports.conf fail2ban-0.8.11/config/action.d/iptables-allports.conf
2 --- fail2ban-0.8.11.orig/config/action.d/iptables-allports.conf 2013-11-12 22:06:54.000000000 +0100
3 +++ fail2ban-0.8.11/config/action.d/iptables-allports.conf 2014-01-06 11:20:42.599243574 +0100
6 # Author: Cyril Jaquier
7 # Modified: Yaroslav O. Halchenko <debian@onerussian.com>
8 -# made active on all ports from original iptables.conf
9 +# made active on all ports from original fail2ban-iptables.conf
10 +# Modified by Paul J aka Thanat0s for ipv6 support
15 # Notes.: command executed once at the start of Fail2Ban.
18 -actionstart = iptables -N fail2ban-<name>
19 - iptables -A fail2ban-<name> -j RETURN
20 - iptables -I <chain> -p <protocol> -j fail2ban-<name>
21 +actionstart = fail2ban-iptables -N fail2ban-<name>
22 + fail2ban-iptables -A fail2ban-<name> -j RETURN
23 + fail2ban-iptables -I <chain> -p <protocol> -j fail2ban-<name>
26 # Notes.: command executed once at the end of Fail2Ban
29 -actionstop = iptables -D <chain> -p <protocol> -j fail2ban-<name>
30 - iptables -F fail2ban-<name>
31 - iptables -X fail2ban-<name>
32 +actionstop = fail2ban-iptables -D <chain> -p <protocol> -j fail2ban-<name>
33 + fail2ban-iptables -F fail2ban-<name>
34 + fail2ban-iptables -X fail2ban-<name>
37 # Notes.: command executed once before each actionban command
40 -actioncheck = iptables -n -L <chain> | grep -q 'fail2ban-<name>[ \t]'
41 +actioncheck = fail2ban-iptables -n -L <chain> | grep -q 'fail2ban-<name>[ \t]'
44 # Notes.: command executed when banning an IP. Take care that the
46 # Tags: See jail.conf(5) man page
49 -actionban = iptables -I fail2ban-<name> 1 -s <ip> -j <blocktype>
50 +actionban = fail2ban-iptables -I fail2ban-<name> 1 -s <ip> -j <blocktype>
53 # Notes.: command executed when unbanning an IP. Take care that the
55 # Tags: See jail.conf(5) man page
58 -actionunban = iptables -D fail2ban-<name> -s <ip> -j <blocktype>
59 +actionunban = fail2ban-iptables -D fail2ban-<name> -s <ip> -j <blocktype>
67 -# Notes specifies the iptables chain to which the fail2ban rules should be
68 +# Notes specifies the fail2ban-iptables chain to which the fail2ban rules should be
70 # Values: STRING Default: INPUT
72 diff -urN fail2ban-0.8.11.orig/config/action.d/iptables-blocktype.conf fail2ban-0.8.11/config/action.d/iptables-blocktype.conf
73 --- fail2ban-0.8.11.orig/config/action.d/iptables-blocktype.conf 2013-11-12 22:06:54.000000000 +0100
74 +++ fail2ban-0.8.11/config/action.d/iptables-blocktype.conf 2014-01-06 15:50:20.525793123 +0100
76 # as per the iptables man page (section 8). Common values are DROP
77 # REJECT, REJECT --reject-with icmp-port-unreachable
79 -blocktype = REJECT --reject-with icmp-port-unreachable
82 diff -urN fail2ban-0.8.11.orig/config/action.d/iptables.conf fail2ban-0.8.11/config/action.d/iptables.conf
83 --- fail2ban-0.8.11.orig/config/action.d/iptables.conf 2013-11-12 22:06:54.000000000 +0100
84 +++ fail2ban-0.8.11/config/action.d/iptables.conf 2014-01-06 11:29:00.235906639 +0100
86 # Fail2Ban configuration file
88 # Author: Cyril Jaquier
89 +# Modified by Paul J aka Thanat0s for ipv6 support
94 # Notes.: command executed once at the start of Fail2Ban.
97 -actionstart = iptables -N fail2ban-<name>
98 - iptables -A fail2ban-<name> -j RETURN
99 - iptables -I <chain> -p <protocol> --dport <port> -j fail2ban-<name>
100 +actionstart = fail2ban-iptables -N fail2ban-<name>
101 + fail2ban-iptables -A fail2ban-<name> -j RETURN
102 + fail2ban-iptables -I <chain> -p <protocol> --dport <port> -j fail2ban-<name>
105 # Notes.: command executed once at the end of Fail2Ban
108 -actionstop = iptables -D <chain> -p <protocol> --dport <port> -j fail2ban-<name>
109 - iptables -F fail2ban-<name>
110 - iptables -X fail2ban-<name>
111 +actionstop = fail2ban-iptables -D <chain> -p <protocol> --dport <port> -j fail2ban-<name>
112 + fail2ban-iptables -F fail2ban-<name>
113 + fail2ban-iptables -X fail2ban-<name>
115 # Option: actioncheck
116 # Notes.: command executed once before each actionban command
119 -actioncheck = iptables -n -L <chain> | grep -q 'fail2ban-<name>[ \t]'
120 +actioncheck = fail2ban-iptables -n -L <chain> | grep -q 'fail2ban-<name>[ \t]'
123 # Notes.: command executed when banning an IP. Take care that the
125 # Tags: See jail.conf(5) man page
128 -actionban = iptables -I fail2ban-<name> 1 -s <ip> -j <blocktype>
129 +actionban = fail2ban-iptables -I fail2ban-<name> 1 -s <ip> -j <blocktype>
131 # Option: actionunban
132 # Notes.: command executed when unbanning an IP. Take care that the
134 # Tags: See jail.conf(5) man page
137 -actionunban = iptables -D fail2ban-<name> -s <ip> -j <blocktype>
138 +actionunban = fail2ban-iptables -D fail2ban-<name> -s <ip> -j <blocktype>
146 -# Notes specifies the iptables chain to which the fail2ban rules should be
147 +# Notes specifies the fail2ban-iptables chain to which the fail2ban rules should be
149 # Values: STRING Default: INPUT
151 diff -urN fail2ban-0.8.11.orig/config/action.d/iptables-ipset-proto4.conf fail2ban-0.8.11/config/action.d/iptables-ipset-proto4.conf
152 --- fail2ban-0.8.11.orig/config/action.d/iptables-ipset-proto4.conf 2013-11-12 22:06:54.000000000 +0100
153 +++ fail2ban-0.8.11/config/action.d/iptables-ipset-proto4.conf 2014-01-06 11:38:22.515902568 +0100
157 actionstart = ipset --create fail2ban-<name> iphash
158 - iptables -I INPUT -p <protocol> -m multiport --dports <port> -m set --match-set fail2ban-<name> src -j <blocktype>
159 + fail2ban-iptables -I INPUT -p <protocol> -m multiport --dports <port> -m set --match-set fail2ban-<name> src -j <blocktype>
162 # Notes.: command executed once at the end of Fail2Ban
165 -actionstop = iptables -D INPUT -p <protocol> -m multiport --dports <port> -m set --match-set fail2ban-<name> src -j <blocktype>
166 +actionstop = fail2ban-iptables -D INPUT -p <protocol> -m multiport --dports <port> -m set --match-set fail2ban-<name> src -j <blocktype>
167 ipset --flush fail2ban-<name>
168 ipset --destroy fail2ban-<name>
170 diff -urN fail2ban-0.8.11.orig/config/action.d/iptables-ipset-proto6-allports.conf fail2ban-0.8.11/config/action.d/iptables-ipset-proto6-allports.conf
171 --- fail2ban-0.8.11.orig/config/action.d/iptables-ipset-proto6-allports.conf 2013-11-12 22:06:54.000000000 +0100
172 +++ fail2ban-0.8.11/config/action.d/iptables-ipset-proto6-allports.conf 2014-01-06 11:39:21.855902139 +0100
176 actionstart = ipset create fail2ban-<name> hash:ip timeout <bantime>
177 - iptables -I INPUT -m set --match-set fail2ban-<name> src -j <blocktype>
178 + fail2ban-iptables -I INPUT -m set --match-set fail2ban-<name> src -j <blocktype>
181 # Notes.: command executed once at the end of Fail2Ban
184 -actionstop = iptables -D INPUT -m set --match-set fail2ban-<name> src -j <blocktype>
185 +actionstop = fail2ban-iptables -D INPUT -m set --match-set fail2ban-<name> src -j <blocktype>
186 ipset flush fail2ban-<name>
187 ipset destroy fail2ban-<name>
189 diff -urN fail2ban-0.8.11.orig/config/action.d/iptables-ipset-proto6.conf fail2ban-0.8.11/config/action.d/iptables-ipset-proto6.conf
190 --- fail2ban-0.8.11.orig/config/action.d/iptables-ipset-proto6.conf 2013-11-12 22:06:54.000000000 +0100
191 +++ fail2ban-0.8.11/config/action.d/iptables-ipset-proto6.conf 2014-01-06 11:38:58.449235641 +0100
195 actionstart = ipset create fail2ban-<name> hash:ip timeout <bantime>
196 - iptables -I INPUT -p <protocol> -m multiport --dports <port> -m set --match-set fail2ban-<name> src -j <blocktype>
197 + fail2ban-iptables -I INPUT -p <protocol> -m multiport --dports <port> -m set --match-set fail2ban-<name> src -j <blocktype>
200 # Notes.: command executed once at the end of Fail2Ban
203 -actionstop = iptables -D INPUT -p <protocol> -m multiport --dports <port> -m set --match-set fail2ban-<name> src -j <blocktype>
204 +actionstop = fail2ban-iptables -D INPUT -p <protocol> -m multiport --dports <port> -m set --match-set fail2ban-<name> src -j <blocktype>
205 ipset flush fail2ban-<name>
206 ipset destroy fail2ban-<name>
208 diff -urN fail2ban-0.8.11.orig/config/action.d/iptables-multiport.conf fail2ban-0.8.11/config/action.d/iptables-multiport.conf
209 --- fail2ban-0.8.11.orig/config/action.d/iptables-multiport.conf 2013-11-12 22:06:54.000000000 +0100
210 +++ fail2ban-0.8.11/config/action.d/iptables-multiport.conf 2014-01-06 11:25:24.019241537 +0100
213 # Author: Cyril Jaquier
214 # Modified by Yaroslav Halchenko for multiport banning
215 +# Modified by Paul J aka Thanat0s for ipv6 support
220 # Notes.: command executed once at the start of Fail2Ban.
223 -actionstart = iptables -N fail2ban-<name>
224 - iptables -A fail2ban-<name> -j RETURN
225 - iptables -I <chain> -p <protocol> -m multiport --dports <port> -j fail2ban-<name>
226 +actionstart = fail2ban-iptables -N fail2ban-<name>
227 + fail2ban-iptables -A fail2ban-<name> -j RETURN
228 + fail2ban-iptables -I <chain> -p <protocol> -m multiport --dports <port> -j fail2ban-<name>
231 # Notes.: command executed once at the end of Fail2Ban
234 -actionstop = iptables -D <chain> -p <protocol> -m multiport --dports <port> -j fail2ban-<name>
235 - iptables -F fail2ban-<name>
236 - iptables -X fail2ban-<name>
237 +actionstop = fail2ban-iptables -D <chain> -p <protocol> -m multiport --dports <port> -j fail2ban-<name>
238 + fail2ban-iptables -F fail2ban-<name>
239 + fail2ban-iptables -X fail2ban-<name>
241 # Option: actioncheck
242 # Notes.: command executed once before each actionban command
245 -actioncheck = iptables -n -L <chain> | grep -q 'fail2ban-<name>[ \t]'
246 +actioncheck = fail2ban-iptables -n -L <chain> | grep -q 'fail2ban-<name>[ \t]'
249 # Notes.: command executed when banning an IP. Take care that the
251 # Tags: See jail.conf(5) man page
254 -actionban = iptables -I fail2ban-<name> 1 -s <ip> -j <blocktype>
255 +actionban = fail2ban-iptables -I fail2ban-<name> 1 -s <ip> -j <blocktype>
257 # Option: actionunban
258 # Notes.: command executed when unbanning an IP. Take care that the
260 # Tags: See jail.conf(5) man page
263 -actionunban = iptables -D fail2ban-<name> -s <ip> -j <blocktype>
264 +actionunban = fail2ban-iptables -D fail2ban-<name> -s <ip> -j <blocktype>
272 -# Notes specifies the iptables chain to which the fail2ban rules should be
273 +# Notes specifies the fail2ban-iptables chain to which the fail2ban rules should be
275 # Values: STRING Default: INPUT
277 diff -urN fail2ban-0.8.11.orig/config/action.d/iptables-multiport-log.conf fail2ban-0.8.11/config/action.d/iptables-multiport-log.conf
278 --- fail2ban-0.8.11.orig/config/action.d/iptables-multiport-log.conf 2013-11-12 22:06:54.000000000 +0100
279 +++ fail2ban-0.8.11/config/action.d/iptables-multiport-log.conf 2014-01-06 11:23:13.682575814 +0100
282 # Author: Guido Bozzetto
283 # Modified: Cyril Jaquier
284 +# Modified by Paul J aka Thanat0s for ipv6 support
286 # make "fail2ban-<name>" chain to match drop IP
287 # make "fail2ban-<name>-log" chain to log and drop
289 # Notes.: command executed once at the start of Fail2Ban.
292 -actionstart = iptables -N fail2ban-<name>
293 - iptables -A fail2ban-<name> -j RETURN
294 - iptables -I <chain> 1 -p <protocol> -m multiport --dports <port> -j fail2ban-<name>
295 - iptables -N fail2ban-<name>-log
296 - iptables -I fail2ban-<name>-log -j LOG --log-prefix "$(expr fail2ban-<name> : '\(.\{1,23\}\)'):DROP " --log-level warning -m limit --limit 6/m --limit-burst 2
297 - iptables -A fail2ban-<name>-log -j <blocktype>
298 +actionstart = fail2ban-iptables -N fail2ban-<name>
299 + fail2ban-iptables -A fail2ban-<name> -j RETURN
300 + fail2ban-iptables -I <chain> 1 -p <protocol> -m multiport --dports <port> -j fail2ban-<name>
301 + fail2ban-iptables -N fail2ban-<name>-log
302 + fail2ban-iptables -I fail2ban-<name>-log -j LOG --log-prefix "$(expr fail2ban-<name> : '\(.\{1,23\}\)'):DROP " --log-level warning -m limit --limit 6/m --limit-burst 2
303 + fail2ban-iptables -A fail2ban-<name>-log -j <blocktype>
306 # Notes.: command executed once at the end of Fail2Ban
309 -actionstop = iptables -D <chain> -p <protocol> -m multiport --dports <port> -j fail2ban-<name>
310 - iptables -F fail2ban-<name>
311 - iptables -F fail2ban-<name>-log
312 - iptables -X fail2ban-<name>
313 - iptables -X fail2ban-<name>-log
314 +actionstop = fail2ban-iptables -D <chain> -p <protocol> -m multiport --dports <port> -j fail2ban-<name>
315 + fail2ban-iptables -F fail2ban-<name>
316 + fail2ban-iptables -F fail2ban-<name>-log
317 + fail2ban-iptables -X fail2ban-<name>
318 + fail2ban-iptables -X fail2ban-<name>-log
320 # Option: actioncheck
321 # Notes.: command executed once before each actionban command
324 -actioncheck = iptables -n -L fail2ban-<name>-log >/dev/null
325 +actioncheck = fail2ban-iptables -n -L fail2ban-<name>-log >/dev/null
328 # Notes.: command executed when banning an IP. Take care that the
330 # Tags: See jail.conf(5) man page
333 -actionban = iptables -I fail2ban-<name> 1 -s <ip> -j fail2ban-<name>-log
334 +actionban = fail2ban-iptables -I fail2ban-<name> 1 -s <ip> -j fail2ban-<name>-log
336 # Option: actionunban
337 # Notes.: command executed when unbanning an IP. Take care that the
339 # Tags: See jail.conf(5) man page
342 -actionunban = iptables -D fail2ban-<name> -s <ip> -j fail2ban-<name>-log
343 +actionunban = fail2ban-iptables -D fail2ban-<name> -s <ip> -j fail2ban-<name>-log
351 -# Notes specifies the iptables chain to which the fail2ban rules should be
352 +# Notes specifies the fail2ban-iptables chain to which the fail2ban rules should be
354 # Values: STRING Default: INPUT
356 diff -urN fail2ban-0.8.11.orig/config/action.d/iptables-new.conf fail2ban-0.8.11/config/action.d/iptables-new.conf
357 --- fail2ban-0.8.11.orig/config/action.d/iptables-new.conf 2013-11-12 22:06:54.000000000 +0100
358 +++ fail2ban-0.8.11/config/action.d/iptables-new.conf 2014-01-06 11:27:19.569240701 +0100
360 # Fail2Ban configuration file
362 # Author: Cyril Jaquier
363 -# Copied from iptables.conf and modified by Yaroslav Halchenko
364 +# Copied from fail2ban-iptables.conf and modified by Yaroslav Halchenko
365 # to fullfill the needs of bugreporter dbts#350746.
366 +# Modified by Paul J aka Thanat0s for ipv6 support
371 # Notes.: command executed once at the start of Fail2Ban.
374 -actionstart = iptables -N fail2ban-<name>
375 - iptables -A fail2ban-<name> -j RETURN
376 - iptables -I <chain> -m state --state NEW -p <protocol> --dport <port> -j fail2ban-<name>
377 +actionstart = fail2ban-iptables -N fail2ban-<name>
378 + fail2ban-iptables -A fail2ban-<name> -j RETURN
379 + fail2ban-iptables -I <chain> -m state --state NEW -p <protocol> --dport <port> -j fail2ban-<name>
382 # Notes.: command executed once at the end of Fail2Ban
385 -actionstop = iptables -D <chain> -m state --state NEW -p <protocol> --dport <port> -j fail2ban-<name>
386 - iptables -F fail2ban-<name>
387 - iptables -X fail2ban-<name>
388 +actionstop = fail2ban-iptables -D <chain> -m state --state NEW -p <protocol> --dport <port> -j fail2ban-<name>
389 + fail2ban-iptables -F fail2ban-<name>
390 + fail2ban-iptables -X fail2ban-<name>
392 # Option: actioncheck
393 # Notes.: command executed once before each actionban command
396 -actioncheck = iptables -n -L <chain> | grep -q 'fail2ban-<name>[ \t]'
397 +actioncheck = fail2ban-iptables -n -L <chain> | grep -q 'fail2ban-<name>[ \t]'
400 # Notes.: command executed when banning an IP. Take care that the
402 # Tags: See jail.conf(5) man page
405 -actionban = iptables -I fail2ban-<name> 1 -s <ip> -j <blocktype>
406 +actionban = fail2ban-iptables -I fail2ban-<name> 1 -s <ip> -j <blocktype>
408 # Option: actionunban
409 # Notes.: command executed when unbanning an IP. Take care that the
411 # Tags: See jail.conf(5) man page
414 -actionunban = iptables -D fail2ban-<name> -s <ip> -j <blocktype>
415 +actionunban = fail2ban-iptables -D fail2ban-<name> -s <ip> -j <blocktype>
423 -# Notes specifies the iptables chain to which the fail2ban rules should be
424 +# Notes specifies the fail2ban-iptables chain to which the fail2ban rules should be
426 # Values: STRING Default: INPUT
428 diff -urN fail2ban-0.8.11.orig/config/action.d/iptables-xt_recent-echo.conf fail2ban-0.8.11/config/action.d/iptables-xt_recent-echo.conf
429 --- fail2ban-0.8.11.orig/config/action.d/iptables-xt_recent-echo.conf 2013-11-12 22:06:54.000000000 +0100
430 +++ fail2ban-0.8.11/config/action.d/iptables-xt_recent-echo.conf 2014-01-06 11:40:07.539235142 +0100
432 # own rules. The 3600 second timeout is independent and acts as a
433 # safeguard in case the fail2ban process dies unexpectedly. The
434 # shorter of the two timeouts actually matters.
435 -actionstart = iptables -I INPUT -m recent --update --seconds 3600 --name fail2ban-<name> -j <blocktype>
436 +actionstart = fail2ban-iptables -I INPUT -m recent --update --seconds 3600 --name fail2ban-<name> -j <blocktype>
439 # Notes.: command executed once at the end of Fail2Ban
440 diff -urN fail2ban-0.8.11.orig/config/fail2ban.conf fail2ban-0.8.11/config/fail2ban.conf
441 --- fail2ban-0.8.11.orig/config/fail2ban.conf 2013-11-12 22:06:54.000000000 +0100
442 +++ fail2ban-0.8.11/config/fail2ban.conf 2014-01-06 11:31:27.709238905 +0100
445 pidfile = /var/run/fail2ban/fail2ban.pid
448 +# Notes.: Activate IPv6 support
449 +# Warning : only with iptables action supported
450 +# Values: BOOLEAN Default: disabled
454 diff -urN fail2ban-0.8.11.orig/fail2ban-iptables fail2ban-0.8.11/fail2ban-iptables
455 --- fail2ban-0.8.11.orig/fail2ban-iptables 1970-01-01 01:00:00.000000000 +0100
456 +++ fail2ban-0.8.11/fail2ban-iptables 2014-01-06 11:32:30.559238449 +0100
459 +# This file is part of Fail2Ban.
461 +# Fail2Ban is free software; you can redistribute it and/or modify
462 +# it under the terms of the GNU General Public License as published by
463 +# the Free Software Foundation; either version 2 of the License, or
464 +# (at your option) any later version.
466 +# Fail2Ban is distributed in the hope that it will be useful,
467 +# but WITHOUT ANY WARRANTY; without even the implied warranty of
468 +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
469 +# GNU General Public License for more details.
471 +# You should have received a copy of the GNU General Public License
472 +# along with Fail2Ban; if not, write to the Free Software
473 +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
476 +# Iptable wrapper, call the right iptables depending of the ip proposed
477 +# Author: Paul J Aka "Thanat0s"
479 +import sys, re, subprocess
483 + concat_argv = ' '.join(argv)
484 + regv4 = re.compile('([0-9]{1,3}\.){3}[0-9]{1,3}')
485 + if regv4.search(concat_argv):
486 + # we are facing to a ipv4
487 + ret = subprocess.call(['iptables'] + argv)
490 + # if not, maybe it's a ipv6
491 + regv6 = re.compile('::[A-Fa-f0-9]{1,4}|(:[A-Fa-f0-9]{1,4}){2,}')
492 + if regv6.search(concat_argv):
493 + ret6 = subprocess.call(['ip6tables'] + argv)
496 + # if it's not a ipv6 either, we call both iptables
497 + ret = subprocess.call(['iptables'] + argv)
498 + ret6 = subprocess.call(['ip6tables'] + argv)
499 + # return worst error code
505 +# Main call, pass all variables
506 +if __name__ == "__main__":
508 diff -urN fail2ban-0.8.11.orig/server/failregex.py fail2ban-0.8.11/server/failregex.py
509 --- fail2ban-0.8.11.orig/server/failregex.py 2013-11-12 22:06:54.000000000 +0100
510 +++ fail2ban-0.8.11/server/failregex.py 2014-01-06 11:12:39.602580405 +0100
512 self._matchCache = None
513 # Perform shortcuts expansions.
514 # Replace "<HOST>" with default regular expression for host.
515 - regex = regex.replace("<HOST>", "(?:::f{4,6}:)?(?P<host>[\w\-.^_]*\w)")
516 + regex = regex.replace("<HOST>", "(?:::f{4,6}:)?(?P<host>[\w\-.^_:]*[\w:])")
517 if regex.lstrip() == '':
518 raise RegexException("Cannot add empty regex")
520 diff -urN fail2ban-0.8.11.orig/server/filter.py fail2ban-0.8.11/server/filter.py
521 --- fail2ban-0.8.11.orig/server/filter.py 2013-11-12 22:06:54.000000000 +0100
522 +++ fail2ban-0.8.11/server/filter.py 2014-01-06 12:25:40.509215356 +0100
525 # IP address without CIDR mask
528 + if re.match(":", s[0]):
534 a = DNSUtils.cidr(s[0], s[1])
538 IP_CRE = re.compile("^(?:\d{1,3}\.){3}\d{1,3}$")
539 + IP_CRE6 = re.compile("^(?:[0-9:A-Fa-f]{3,})$")
543 @@ -646,19 +650,31 @@
548 + match = DNSUtils.IP_CRE6.match(text)
550 + """ Right Here, we faced to a ipv6
555 searchIP = staticmethod(searchIP)
558 def isValidIP(string):
559 - """ Return true if str is a valid IP
561 + # Return true if str is a valid IP
562 s = string.split('/', 1)
563 + # try to convert to ipv4
565 socket.inet_aton(s[0])
569 + # if it had failed try to convert ipv6
571 + socket.inet_pton(socket.AF_INET6, s[0])
573 + except socket.error:
574 + # not a valid address in both stacks
576 isValidIP = staticmethod(isValidIP)
579 @@ -687,11 +703,14 @@
583 - """ Convert an IP address string with a CIDR mask into a 32-bit
585 + """ Convert an IP address string with a CIDR mask into an integer.
587 - # 32-bit IPv4 address mask
589 + if re.match(":", i):
590 + # 128-bit IPv6 address mask
591 + MASK = ((1 << 128) - 1)
593 + # 32-bit IPv4 address mask
595 return ~(MASK >> n) & MASK & DNSUtils.addr2bin(i)
596 cidr = staticmethod(cidr)
598 @@ -699,12 +718,21 @@
599 def addr2bin(string):
600 """ Convert a string IPv4 address into an unsigned integer.
602 - return struct.unpack("!L", socket.inet_aton(string))[0]
604 + return struct.unpack("!L", socket.inet_aton(string))[0]
605 + except socket.error:
606 + hi, lo = struct.unpack('!QQ', socket.inet_pton(socket.AF_INET6, string))
607 + return (hi << 64) | lo
608 addr2bin = staticmethod(addr2bin)
612 """ Convert a numeric IPv4 address into string n.n.n.n form.
614 - return socket.inet_ntoa(struct.pack("!L", addr))
616 + return socket.inet_ntoa(struct.pack("!L", addr))
617 + except socket.error:
619 + lo = addr & ((1 << 64) - 1)
620 + return socket.inet_ntop(socket.AF_INET6, struct.pack('!QQ', hi, lo))
621 bin2addr = staticmethod(bin2addr)
622 diff -urN fail2ban-0.8.11.orig/setup.py fail2ban-0.8.11/setup.py
623 --- fail2ban-0.8.11.orig/setup.py 2013-11-12 22:06:54.000000000 +0100
624 +++ fail2ban-0.8.11/setup.py 2014-01-06 11:15:41.519245754 +0100
631 + 'fail2ban-iptables'