diff -urN fail2ban-0.8.11.orig/config/action.d/iptables-allports.conf fail2ban-0.8.11/config/action.d/iptables-allports.conf --- fail2ban-0.8.11.orig/config/action.d/iptables-allports.conf 2013-11-12 22:06:54.000000000 +0100 +++ fail2ban-0.8.11/config/action.d/iptables-allports.conf 2014-01-06 11:20:42.599243574 +0100 @@ -2,7 +2,8 @@ # # Author: Cyril Jaquier # Modified: Yaroslav O. Halchenko -# made active on all ports from original iptables.conf +# made active on all ports from original fail2ban-iptables.conf +# Modified by Paul J aka Thanat0s for ipv6 support # # @@ -17,23 +18,23 @@ # Notes.: command executed once at the start of Fail2Ban. # Values: CMD # -actionstart = iptables -N fail2ban- - iptables -A fail2ban- -j RETURN - iptables -I -p -j fail2ban- +actionstart = fail2ban-iptables -N fail2ban- + fail2ban-iptables -A fail2ban- -j RETURN + fail2ban-iptables -I -p -j fail2ban- # Option: actionstop # Notes.: command executed once at the end of Fail2Ban # Values: CMD # -actionstop = iptables -D -p -j fail2ban- - iptables -F fail2ban- - iptables -X fail2ban- +actionstop = fail2ban-iptables -D -p -j fail2ban- + fail2ban-iptables -F fail2ban- + fail2ban-iptables -X fail2ban- # Option: actioncheck # Notes.: command executed once before each actionban command # Values: CMD # -actioncheck = iptables -n -L | grep -q 'fail2ban-[ \t]' +actioncheck = fail2ban-iptables -n -L | grep -q 'fail2ban-[ \t]' # Option: actionban # Notes.: command executed when banning an IP. Take care that the @@ -41,7 +42,7 @@ # Tags: See jail.conf(5) man page # Values: CMD # -actionban = iptables -I fail2ban- 1 -s -j +actionban = fail2ban-iptables -I fail2ban- 1 -s -j # Option: actionunban # Notes.: command executed when unbanning an IP. Take care that the @@ -49,7 +50,7 @@ # Tags: See jail.conf(5) man page # Values: CMD # -actionunban = iptables -D fail2ban- -s -j +actionunban = fail2ban-iptables -D fail2ban- -s -j [Init] @@ -64,7 +65,7 @@ protocol = tcp # Option: chain -# Notes specifies the iptables chain to which the fail2ban rules should be +# Notes specifies the fail2ban-iptables chain to which the fail2ban rules should be # added # Values: STRING Default: INPUT chain = INPUT diff -urN fail2ban-0.8.11.orig/config/action.d/iptables-blocktype.conf fail2ban-0.8.11/config/action.d/iptables-blocktype.conf --- fail2ban-0.8.11.orig/config/action.d/iptables-blocktype.conf 2013-11-12 22:06:54.000000000 +0100 +++ fail2ban-0.8.11/config/action.d/iptables-blocktype.conf 2014-01-06 15:50:20.525793123 +0100 @@ -18,5 +18,5 @@ # as per the iptables man page (section 8). Common values are DROP # REJECT, REJECT --reject-with icmp-port-unreachable # Values: STRING -blocktype = REJECT --reject-with icmp-port-unreachable +blocktype = REJECT diff -urN fail2ban-0.8.11.orig/config/action.d/iptables.conf fail2ban-0.8.11/config/action.d/iptables.conf --- fail2ban-0.8.11.orig/config/action.d/iptables.conf 2013-11-12 22:06:54.000000000 +0100 +++ fail2ban-0.8.11/config/action.d/iptables.conf 2014-01-06 11:29:00.235906639 +0100 @@ -1,6 +1,7 @@ # Fail2Ban configuration file # # Author: Cyril Jaquier +# Modified by Paul J aka Thanat0s for ipv6 support # # @@ -14,23 +15,23 @@ # Notes.: command executed once at the start of Fail2Ban. # Values: CMD # -actionstart = iptables -N fail2ban- - iptables -A fail2ban- -j RETURN - iptables -I -p --dport -j fail2ban- +actionstart = fail2ban-iptables -N fail2ban- + fail2ban-iptables -A fail2ban- -j RETURN + fail2ban-iptables -I -p --dport -j fail2ban- # Option: actionstop # Notes.: command executed once at the end of Fail2Ban # Values: CMD # -actionstop = iptables -D -p --dport -j fail2ban- - iptables -F fail2ban- - iptables -X fail2ban- +actionstop = fail2ban-iptables -D -p --dport -j fail2ban- + fail2ban-iptables -F fail2ban- + fail2ban-iptables -X fail2ban- # Option: actioncheck # Notes.: command executed once before each actionban command # Values: CMD # -actioncheck = iptables -n -L | grep -q 'fail2ban-[ \t]' +actioncheck = fail2ban-iptables -n -L | grep -q 'fail2ban-[ \t]' # Option: actionban # Notes.: command executed when banning an IP. Take care that the @@ -38,7 +39,7 @@ # Tags: See jail.conf(5) man page # Values: CMD # -actionban = iptables -I fail2ban- 1 -s -j +actionban = fail2ban-iptables -I fail2ban- 1 -s -j # Option: actionunban # Notes.: command executed when unbanning an IP. Take care that the @@ -46,7 +47,7 @@ # Tags: See jail.conf(5) man page # Values: CMD # -actionunban = iptables -D fail2ban- -s -j +actionunban = fail2ban-iptables -D fail2ban- -s -j [Init] @@ -67,7 +68,7 @@ protocol = tcp # Option: chain -# Notes specifies the iptables chain to which the fail2ban rules should be +# Notes specifies the fail2ban-iptables chain to which the fail2ban rules should be # added # Values: STRING Default: INPUT chain = INPUT diff -urN fail2ban-0.8.11.orig/config/action.d/iptables-ipset-proto4.conf fail2ban-0.8.11/config/action.d/iptables-ipset-proto4.conf --- fail2ban-0.8.11.orig/config/action.d/iptables-ipset-proto4.conf 2013-11-12 22:06:54.000000000 +0100 +++ fail2ban-0.8.11/config/action.d/iptables-ipset-proto4.conf 2014-01-06 11:38:22.515902568 +0100 @@ -28,13 +28,13 @@ # Values: CMD # actionstart = ipset --create fail2ban- iphash - iptables -I INPUT -p -m multiport --dports -m set --match-set fail2ban- src -j + fail2ban-iptables -I INPUT -p -m multiport --dports -m set --match-set fail2ban- src -j # Option: actionstop # Notes.: command executed once at the end of Fail2Ban # Values: CMD # -actionstop = iptables -D INPUT -p -m multiport --dports -m set --match-set fail2ban- src -j +actionstop = fail2ban-iptables -D INPUT -p -m multiport --dports -m set --match-set fail2ban- src -j ipset --flush fail2ban- ipset --destroy fail2ban- diff -urN fail2ban-0.8.11.orig/config/action.d/iptables-ipset-proto6-allports.conf fail2ban-0.8.11/config/action.d/iptables-ipset-proto6-allports.conf --- fail2ban-0.8.11.orig/config/action.d/iptables-ipset-proto6-allports.conf 2013-11-12 22:06:54.000000000 +0100 +++ fail2ban-0.8.11/config/action.d/iptables-ipset-proto6-allports.conf 2014-01-06 11:39:21.855902139 +0100 @@ -25,13 +25,13 @@ # Values: CMD # actionstart = ipset create fail2ban- hash:ip timeout - iptables -I INPUT -m set --match-set fail2ban- src -j + fail2ban-iptables -I INPUT -m set --match-set fail2ban- src -j # Option: actionstop # Notes.: command executed once at the end of Fail2Ban # Values: CMD # -actionstop = iptables -D INPUT -m set --match-set fail2ban- src -j +actionstop = fail2ban-iptables -D INPUT -m set --match-set fail2ban- src -j ipset flush fail2ban- ipset destroy fail2ban- diff -urN fail2ban-0.8.11.orig/config/action.d/iptables-ipset-proto6.conf fail2ban-0.8.11/config/action.d/iptables-ipset-proto6.conf --- fail2ban-0.8.11.orig/config/action.d/iptables-ipset-proto6.conf 2013-11-12 22:06:54.000000000 +0100 +++ fail2ban-0.8.11/config/action.d/iptables-ipset-proto6.conf 2014-01-06 11:38:58.449235641 +0100 @@ -25,13 +25,13 @@ # Values: CMD # actionstart = ipset create fail2ban- hash:ip timeout - iptables -I INPUT -p -m multiport --dports -m set --match-set fail2ban- src -j + fail2ban-iptables -I INPUT -p -m multiport --dports -m set --match-set fail2ban- src -j # Option: actionstop # Notes.: command executed once at the end of Fail2Ban # Values: CMD # -actionstop = iptables -D INPUT -p -m multiport --dports -m set --match-set fail2ban- src -j +actionstop = fail2ban-iptables -D INPUT -p -m multiport --dports -m set --match-set fail2ban- src -j ipset flush fail2ban- ipset destroy fail2ban- diff -urN fail2ban-0.8.11.orig/config/action.d/iptables-multiport.conf fail2ban-0.8.11/config/action.d/iptables-multiport.conf --- fail2ban-0.8.11.orig/config/action.d/iptables-multiport.conf 2013-11-12 22:06:54.000000000 +0100 +++ fail2ban-0.8.11/config/action.d/iptables-multiport.conf 2014-01-06 11:25:24.019241537 +0100 @@ -2,6 +2,7 @@ # # Author: Cyril Jaquier # Modified by Yaroslav Halchenko for multiport banning +# Modified by Paul J aka Thanat0s for ipv6 support # [INCLUDES] @@ -14,23 +15,23 @@ # Notes.: command executed once at the start of Fail2Ban. # Values: CMD # -actionstart = iptables -N fail2ban- - iptables -A fail2ban- -j RETURN - iptables -I -p -m multiport --dports -j fail2ban- +actionstart = fail2ban-iptables -N fail2ban- + fail2ban-iptables -A fail2ban- -j RETURN + fail2ban-iptables -I -p -m multiport --dports -j fail2ban- # Option: actionstop # Notes.: command executed once at the end of Fail2Ban # Values: CMD # -actionstop = iptables -D -p -m multiport --dports -j fail2ban- - iptables -F fail2ban- - iptables -X fail2ban- +actionstop = fail2ban-iptables -D -p -m multiport --dports -j fail2ban- + fail2ban-iptables -F fail2ban- + fail2ban-iptables -X fail2ban- # Option: actioncheck # Notes.: command executed once before each actionban command # Values: CMD # -actioncheck = iptables -n -L | grep -q 'fail2ban-[ \t]' +actioncheck = fail2ban-iptables -n -L | grep -q 'fail2ban-[ \t]' # Option: actionban # Notes.: command executed when banning an IP. Take care that the @@ -38,7 +39,7 @@ # Tags: See jail.conf(5) man page # Values: CMD # -actionban = iptables -I fail2ban- 1 -s -j +actionban = fail2ban-iptables -I fail2ban- 1 -s -j # Option: actionunban # Notes.: command executed when unbanning an IP. Take care that the @@ -46,7 +47,7 @@ # Tags: See jail.conf(5) man page # Values: CMD # -actionunban = iptables -D fail2ban- -s -j +actionunban = fail2ban-iptables -D fail2ban- -s -j [Init] @@ -67,7 +68,7 @@ protocol = tcp # Option: chain -# Notes specifies the iptables chain to which the fail2ban rules should be +# Notes specifies the fail2ban-iptables chain to which the fail2ban rules should be # added # Values: STRING Default: INPUT chain = INPUT diff -urN fail2ban-0.8.11.orig/config/action.d/iptables-multiport-log.conf fail2ban-0.8.11/config/action.d/iptables-multiport-log.conf --- fail2ban-0.8.11.orig/config/action.d/iptables-multiport-log.conf 2013-11-12 22:06:54.000000000 +0100 +++ fail2ban-0.8.11/config/action.d/iptables-multiport-log.conf 2014-01-06 11:23:13.682575814 +0100 @@ -2,6 +2,7 @@ # # Author: Guido Bozzetto # Modified: Cyril Jaquier +# Modified by Paul J aka Thanat0s for ipv6 support # # make "fail2ban-" chain to match drop IP # make "fail2ban--log" chain to log and drop @@ -19,28 +20,28 @@ # Notes.: command executed once at the start of Fail2Ban. # Values: CMD # -actionstart = iptables -N fail2ban- - iptables -A fail2ban- -j RETURN - iptables -I 1 -p -m multiport --dports -j fail2ban- - iptables -N fail2ban--log - iptables -I fail2ban--log -j LOG --log-prefix "$(expr fail2ban- : '$.\{1,23\}$'):DROP " --log-level warning -m limit --limit 6/m --limit-burst 2 - iptables -A fail2ban--log -j +actionstart = fail2ban-iptables -N fail2ban- + fail2ban-iptables -A fail2ban- -j RETURN + fail2ban-iptables -I 1 -p -m multiport --dports -j fail2ban- + fail2ban-iptables -N fail2ban--log + fail2ban-iptables -I fail2ban--log -j LOG --log-prefix "$(expr fail2ban- : '$.\{1,23\}$'):DROP " --log-level warning -m limit --limit 6/m --limit-burst 2 + fail2ban-iptables -A fail2ban--log -j # Option: actionstop # Notes.: command executed once at the end of Fail2Ban # Values: CMD # -actionstop = iptables -D -p -m multiport --dports -j fail2ban- - iptables -F fail2ban- - iptables -F fail2ban--log - iptables -X fail2ban- - iptables -X fail2ban--log +actionstop = fail2ban-iptables -D -p -m multiport --dports -j fail2ban- + fail2ban-iptables -F fail2ban- + fail2ban-iptables -F fail2ban--log + fail2ban-iptables -X fail2ban- + fail2ban-iptables -X fail2ban--log # Option: actioncheck # Notes.: command executed once before each actionban command # Values: CMD # -actioncheck = iptables -n -L fail2ban--log >/dev/null +actioncheck = fail2ban-iptables -n -L fail2ban--log >/dev/null # Option: actionban # Notes.: command executed when banning an IP. Take care that the @@ -48,7 +49,7 @@ # Tags: See jail.conf(5) man page # Values: CMD # -actionban = iptables -I fail2ban- 1 -s -j fail2ban--log +actionban = fail2ban-iptables -I fail2ban- 1 -s -j fail2ban--log # Option: actionunban # Notes.: command executed when unbanning an IP. Take care that the @@ -56,7 +57,7 @@ # Tags: See jail.conf(5) man page # Values: CMD # -actionunban = iptables -D fail2ban- -s -j fail2ban--log +actionunban = fail2ban-iptables -D fail2ban- -s -j fail2ban--log [Init] @@ -77,7 +78,7 @@ protocol = tcp # Option: chain -# Notes specifies the iptables chain to which the fail2ban rules should be +# Notes specifies the fail2ban-iptables chain to which the fail2ban rules should be # added # Values: STRING Default: INPUT chain = INPUT diff -urN fail2ban-0.8.11.orig/config/action.d/iptables-new.conf fail2ban-0.8.11/config/action.d/iptables-new.conf --- fail2ban-0.8.11.orig/config/action.d/iptables-new.conf 2013-11-12 22:06:54.000000000 +0100 +++ fail2ban-0.8.11/config/action.d/iptables-new.conf 2014-01-06 11:27:19.569240701 +0100 @@ -1,8 +1,9 @@ # Fail2Ban configuration file # # Author: Cyril Jaquier -# Copied from iptables.conf and modified by Yaroslav Halchenko +# Copied from fail2ban-iptables.conf and modified by Yaroslav Halchenko # to fullfill the needs of bugreporter dbts#350746. +# Modified by Paul J aka Thanat0s for ipv6 support # # @@ -17,23 +18,23 @@ # Notes.: command executed once at the start of Fail2Ban. # Values: CMD # -actionstart = iptables -N fail2ban- - iptables -A fail2ban- -j RETURN - iptables -I -m state --state NEW -p --dport -j fail2ban- +actionstart = fail2ban-iptables -N fail2ban- + fail2ban-iptables -A fail2ban- -j RETURN + fail2ban-iptables -I -m state --state NEW -p --dport -j fail2ban- # Option: actionstop # Notes.: command executed once at the end of Fail2Ban # Values: CMD # -actionstop = iptables -D -m state --state NEW -p --dport -j fail2ban- - iptables -F fail2ban- - iptables -X fail2ban- +actionstop = fail2ban-iptables -D -m state --state NEW -p --dport -j fail2ban- + fail2ban-iptables -F fail2ban- + fail2ban-iptables -X fail2ban- # Option: actioncheck # Notes.: command executed once before each actionban command # Values: CMD # -actioncheck = iptables -n -L | grep -q 'fail2ban-[ \t]' +actioncheck = fail2ban-iptables -n -L | grep -q 'fail2ban-[ \t]' # Option: actionban # Notes.: command executed when banning an IP. Take care that the @@ -41,7 +42,7 @@ # Tags: See jail.conf(5) man page # Values: CMD # -actionban = iptables -I fail2ban- 1 -s -j +actionban = fail2ban-iptables -I fail2ban- 1 -s -j # Option: actionunban # Notes.: command executed when unbanning an IP. Take care that the @@ -49,7 +50,7 @@ # Tags: See jail.conf(5) man page # Values: CMD # -actionunban = iptables -D fail2ban- -s -j +actionunban = fail2ban-iptables -D fail2ban- -s -j [Init] @@ -70,7 +71,7 @@ protocol = tcp # Option: chain -# Notes specifies the iptables chain to which the fail2ban rules should be +# Notes specifies the fail2ban-iptables chain to which the fail2ban rules should be # added # Values: STRING Default: INPUT chain = INPUT diff -urN fail2ban-0.8.11.orig/config/action.d/iptables-xt_recent-echo.conf fail2ban-0.8.11/config/action.d/iptables-xt_recent-echo.conf --- fail2ban-0.8.11.orig/config/action.d/iptables-xt_recent-echo.conf 2013-11-12 22:06:54.000000000 +0100 +++ fail2ban-0.8.11/config/action.d/iptables-xt_recent-echo.conf 2014-01-06 11:40:07.539235142 +0100 @@ -33,7 +33,7 @@ # own rules. The 3600 second timeout is independent and acts as a # safeguard in case the fail2ban process dies unexpectedly. The # shorter of the two timeouts actually matters. -actionstart = iptables -I INPUT -m recent --update --seconds 3600 --name fail2ban- -j +actionstart = fail2ban-iptables -I INPUT -m recent --update --seconds 3600 --name fail2ban- -j # Option: actionstop # Notes.: command executed once at the end of Fail2Ban diff -urN fail2ban-0.8.11.orig/config/fail2ban.conf fail2ban-0.8.11/config/fail2ban.conf --- fail2ban-0.8.11.orig/config/fail2ban.conf 2013-11-12 22:06:54.000000000 +0100 +++ fail2ban-0.8.11/config/fail2ban.conf 2014-01-06 11:31:27.709238905 +0100 @@ -47,3 +47,10 @@ # pidfile = /var/run/fail2ban/fail2ban.pid +# Option: ipv6 +# Notes.: Activate IPv6 support +# Warning : only with iptables action supported +# Values: BOOLEAN Default: disabled +# +ipv6 = enabled + diff -urN fail2ban-0.8.11.orig/fail2ban-iptables fail2ban-0.8.11/fail2ban-iptables --- fail2ban-0.8.11.orig/fail2ban-iptables 1970-01-01 01:00:00.000000000 +0100 +++ fail2ban-0.8.11/fail2ban-iptables 2014-01-06 11:32:30.559238449 +0100 @@ -0,0 +1,50 @@ +#!/usr/bin/python +# This file is part of Fail2Ban. +# +# Fail2Ban is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# Fail2Ban is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Fail2Ban; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. + + +# Iptable wrapper, call the right iptables depending of the ip proposed +# Author: Paul J Aka "Thanat0s" + +import sys, re, subprocess + +# Main procedure +def main(argv): + concat_argv = ' '.join(argv) + regv4 = re.compile('([0-9]{1,3}\.){3}[0-9]{1,3}') + if regv4.search(concat_argv): + # we are facing to a ipv4 + ret = subprocess.call(['iptables'] + argv) + sys.exit(ret) + else: + # if not, maybe it's a ipv6 + regv6 = re.compile('::[A-Fa-f0-9]{1,4}|(:[A-Fa-f0-9]{1,4}){2,}') + if regv6.search(concat_argv): + ret6 = subprocess.call(['ip6tables'] + argv) + sys.exit(ret6) + else: + # if it's not a ipv6 either, we call both iptables + ret = subprocess.call(['iptables'] + argv) + ret6 = subprocess.call(['ip6tables'] + argv) + # return worst error code + if ret > ret6: + sys.exit(ret) + else: + sys.exit(ret6) + +# Main call, pass all variables +if __name__ == "__main__": + main(sys.argv[1:]) diff -urN fail2ban-0.8.11.orig/server/failregex.py fail2ban-0.8.11/server/failregex.py --- fail2ban-0.8.11.orig/server/failregex.py 2013-11-12 22:06:54.000000000 +0100 +++ fail2ban-0.8.11/server/failregex.py 2014-01-06 11:12:39.602580405 +0100 @@ -41,7 +41,7 @@ self._matchCache = None # Perform shortcuts expansions. # Replace "" with default regular expression for host. - regex = regex.replace("", "(?:::f{4,6}:)?(?P[\w\-.^_]*\w)") + regex = regex.replace("", "(?:::f{4,6}:)?(?P[\w\-.^_:]*[\w:])") if regex.lstrip() == '': raise RegexException("Cannot add empty regex") try: diff -urN fail2ban-0.8.11.orig/server/filter.py fail2ban-0.8.11/server/filter.py --- fail2ban-0.8.11.orig/server/filter.py 2013-11-12 22:06:54.000000000 +0100 +++ fail2ban-0.8.11/server/filter.py 2014-01-06 12:25:40.509215356 +0100 @@ -267,7 +267,10 @@ s = i.split('/', 1) # IP address without CIDR mask if len(s) == 1: - s.insert(1, '32') + if re.match(":", s[0]): + s.insert(1, '128') + else: + s.insert(1, '32') s[1] = long(s[1]) try: a = DNSUtils.cidr(s[0], s[1]) @@ -623,6 +626,7 @@ class DNSUtils: IP_CRE = re.compile("^(?:\d{1,3}\.){3}\d{1,3}$") + IP_CRE6 = re.compile("^(?:[0-9:A-Fa-f]{3,})$") #@staticmethod def dnsToIp(dns): @@ -646,19 +650,31 @@ if match: return match else: - return None + match = DNSUtils.IP_CRE6.match(text) + if match: + """ Right Here, we faced to a ipv6 + """ + return match + else: + return None searchIP = staticmethod(searchIP) #@staticmethod def isValidIP(string): - """ Return true if str is a valid IP - """ + # Return true if str is a valid IP s = string.split('/', 1) + # try to convert to ipv4 try: socket.inet_aton(s[0]) return True except socket.error: - return False + # if it had failed try to convert ipv6 + try: + socket.inet_pton(socket.AF_INET6, s[0]) + return True + except socket.error: + # not a valid address in both stacks + return False isValidIP = staticmethod(isValidIP) #@staticmethod @@ -687,11 +703,14 @@ #@staticmethod def cidr(i, n): - """ Convert an IP address string with a CIDR mask into a 32-bit - integer. + """ Convert an IP address string with a CIDR mask into an integer. """ - # 32-bit IPv4 address mask - MASK = 0xFFFFFFFFL + if re.match(":", i): + # 128-bit IPv6 address mask + MASK = ((1 << 128) - 1) + else: + # 32-bit IPv4 address mask + MASK = 0xFFFFFFFFL return ~(MASK >> n) & MASK & DNSUtils.addr2bin(i) cidr = staticmethod(cidr) @@ -699,12 +718,21 @@ def addr2bin(string): """ Convert a string IPv4 address into an unsigned integer. """ - return struct.unpack("!L", socket.inet_aton(string))[0] + try: + return struct.unpack("!L", socket.inet_aton(string))[0] + except socket.error: + hi, lo = struct.unpack('!QQ', socket.inet_pton(socket.AF_INET6, string)) + return (hi << 64) | lo addr2bin = staticmethod(addr2bin) #@staticmethod def bin2addr(addr): """ Convert a numeric IPv4 address into string n.n.n.n form. """ - return socket.inet_ntoa(struct.pack("!L", addr)) + try: + return socket.inet_ntoa(struct.pack("!L", addr)) + except socket.error: + hi = addr >> 64 + lo = addr & ((1 << 64) - 1) + return socket.inet_ntop(socket.AF_INET6, struct.pack('!QQ', hi, lo)) bin2addr = staticmethod(bin2addr) diff -urN fail2ban-0.8.11.orig/setup.py fail2ban-0.8.11/setup.py --- fail2ban-0.8.11.orig/setup.py 2013-11-12 22:06:54.000000000 +0100 +++ fail2ban-0.8.11/setup.py 2014-01-06 11:15:41.519245754 +0100 @@ -48,7 +48,8 @@ scripts = [ 'fail2ban-client', 'fail2ban-server', - 'fail2ban-regex' + 'fail2ban-regex', + 'fail2ban-iptables' ], packages = [ 'common',