]> git.pld-linux.org Git - packages/fail2ban.git/commitdiff
- added ipv6 support based on https://github.com/fail2ban/fail2ban/pull/88
authorJan Rękorajski <baggins@pld-linux.org>
Mon, 6 Jan 2014 17:49:39 +0000 (18:49 +0100)
committerJan Rękorajski <baggins@pld-linux.org>
Mon, 6 Jan 2014 17:49:39 +0000 (18:49 +0100)
fail2ban.spec
ipv6.patch [new file with mode: 0644]

index de60bf9af5a5ae8ccd99569b2f8cf2ea1594235b..93d6c7fda0de52fcf3019a7109d7e5b93f8b1f7e 100644 (file)
@@ -2,13 +2,14 @@ Summary:      Ban IPs that make too many password failures
 Summary(pl.UTF-8):     Blokowanie IP powodujących zbyt dużo prób logowań z błędnym hasłem
 Name:          fail2ban
 Version:       0.8.11
-Release:       2
+Release:       2.3
 License:       GPL
 Group:         Daemons
 Source0:       http://download.sourceforge.net/fail2ban/%{name}-%{version}.tar.gz
 # Source0-md5: 2182a21c7efd885f373ffc941d11914d
 Source1:       %{name}.init
 Source2:       %{name}.tmpfiles
+Patch0:                ipv6.patch
 URL:           http://fail2ban.sourceforge.net/
 BuildRequires: python-devel
 BuildRequires: python-modules
@@ -35,6 +36,7 @@ z sshd czy plikami logów serwera WWW Apache.
 
 %prep
 %setup -q
+%patch0 -p1
 rm setup.cfg
 
 %build
diff --git a/ipv6.patch b/ipv6.patch
new file mode 100644 (file)
index 0000000..1abc27e
--- /dev/null
@@ -0,0 +1,634 @@
+diff -urN fail2ban-0.8.11.orig/config/action.d/iptables-allports.conf fail2ban-0.8.11/config/action.d/iptables-allports.conf
+--- fail2ban-0.8.11.orig/config/action.d/iptables-allports.conf        2013-11-12 22:06:54.000000000 +0100
++++ fail2ban-0.8.11/config/action.d/iptables-allports.conf     2014-01-06 11:20:42.599243574 +0100
+@@ -2,7 +2,8 @@
+ #
+ # Author: Cyril Jaquier
+ # Modified: Yaroslav O. Halchenko <debian@onerussian.com>
+-#                     made active on all ports from original iptables.conf
++#                     made active on all ports from original fail2ban-iptables.conf
++# Modified by Paul J aka Thanat0s for ipv6 support
+ #
+ #
+@@ -17,23 +18,23 @@
+ # Notes.:  command executed once at the start of Fail2Ban.
+ # Values:  CMD
+ #
+-actionstart = iptables -N fail2ban-<name>
+-              iptables -A fail2ban-<name> -j RETURN
+-              iptables -I <chain> -p <protocol> -j fail2ban-<name>
++actionstart = fail2ban-iptables -N fail2ban-<name>
++              fail2ban-iptables -A fail2ban-<name> -j RETURN
++              fail2ban-iptables -I <chain> -p <protocol> -j fail2ban-<name>
+ # Option:  actionstop
+ # Notes.:  command executed once at the end of Fail2Ban
+ # Values:  CMD
+ #
+-actionstop = iptables -D <chain> -p <protocol> -j fail2ban-<name>
+-             iptables -F fail2ban-<name>
+-             iptables -X fail2ban-<name>
++actionstop = fail2ban-iptables -D <chain> -p <protocol> -j fail2ban-<name>
++             fail2ban-iptables -F fail2ban-<name>
++             fail2ban-iptables -X fail2ban-<name>
+ # Option:  actioncheck
+ # Notes.:  command executed once before each actionban command
+ # Values:  CMD
+ #
+-actioncheck = iptables -n -L <chain> | grep -q 'fail2ban-<name>[ \t]'
++actioncheck = fail2ban-iptables -n -L <chain> | grep -q 'fail2ban-<name>[ \t]'
+ # Option:  actionban
+ # Notes.:  command executed when banning an IP. Take care that the
+@@ -41,7 +42,7 @@
+ # Tags:    See jail.conf(5) man page
+ # Values:  CMD
+ #
+-actionban = iptables -I fail2ban-<name> 1 -s <ip> -j <blocktype>
++actionban = fail2ban-iptables -I fail2ban-<name> 1 -s <ip> -j <blocktype>
+ # Option:  actionunban
+ # Notes.:  command executed when unbanning an IP. Take care that the
+@@ -49,7 +50,7 @@
+ # Tags:    See jail.conf(5) man page
+ # Values:  CMD
+ #
+-actionunban = iptables -D fail2ban-<name> -s <ip> -j <blocktype>
++actionunban = fail2ban-iptables -D fail2ban-<name> -s <ip> -j <blocktype>
+ [Init]
+@@ -64,7 +65,7 @@
+ protocol = tcp
+ # Option:  chain
+-# Notes    specifies the iptables chain to which the fail2ban rules should be
++# Notes    specifies the fail2ban-iptables chain to which the fail2ban rules should be
+ #          added
+ # Values:  STRING  Default: INPUT
+ chain = INPUT
+diff -urN fail2ban-0.8.11.orig/config/action.d/iptables-blocktype.conf fail2ban-0.8.11/config/action.d/iptables-blocktype.conf
+--- fail2ban-0.8.11.orig/config/action.d/iptables-blocktype.conf       2013-11-12 22:06:54.000000000 +0100
++++ fail2ban-0.8.11/config/action.d/iptables-blocktype.conf    2014-01-06 15:50:20.525793123 +0100
+@@ -18,5 +18,5 @@
+ #          as per the iptables man page (section 8). Common values are DROP
+ #          REJECT, REJECT --reject-with icmp-port-unreachable
+ # Values:  STRING
+-blocktype = REJECT --reject-with icmp-port-unreachable
++blocktype = REJECT
+diff -urN fail2ban-0.8.11.orig/config/action.d/iptables.conf fail2ban-0.8.11/config/action.d/iptables.conf
+--- fail2ban-0.8.11.orig/config/action.d/iptables.conf 2013-11-12 22:06:54.000000000 +0100
++++ fail2ban-0.8.11/config/action.d/iptables.conf      2014-01-06 11:29:00.235906639 +0100
+@@ -1,6 +1,7 @@
+ # Fail2Ban configuration file
+ #
+ # Author: Cyril Jaquier
++# Modified by Paul J aka Thanat0s for ipv6 support
+ #
+ #
+@@ -14,23 +15,23 @@
+ # Notes.:  command executed once at the start of Fail2Ban.
+ # Values:  CMD
+ #
+-actionstart = iptables -N fail2ban-<name>
+-              iptables -A fail2ban-<name> -j RETURN
+-              iptables -I <chain> -p <protocol> --dport <port> -j fail2ban-<name>
++actionstart = fail2ban-iptables -N fail2ban-<name>
++              fail2ban-iptables -A fail2ban-<name> -j RETURN
++              fail2ban-iptables -I <chain> -p <protocol> --dport <port> -j fail2ban-<name>
+ # Option:  actionstop
+ # Notes.:  command executed once at the end of Fail2Ban
+ # Values:  CMD
+ #
+-actionstop = iptables -D <chain> -p <protocol> --dport <port> -j fail2ban-<name>
+-             iptables -F fail2ban-<name>
+-             iptables -X fail2ban-<name>
++actionstop = fail2ban-iptables -D <chain> -p <protocol> --dport <port> -j fail2ban-<name>
++             fail2ban-iptables -F fail2ban-<name>
++             fail2ban-iptables -X fail2ban-<name>
+ # Option:  actioncheck
+ # Notes.:  command executed once before each actionban command
+ # Values:  CMD
+ #
+-actioncheck = iptables -n -L <chain> | grep -q 'fail2ban-<name>[ \t]'
++actioncheck = fail2ban-iptables -n -L <chain> | grep -q 'fail2ban-<name>[ \t]'
+ # Option:  actionban
+ # Notes.:  command executed when banning an IP. Take care that the
+@@ -38,7 +39,7 @@
+ # Tags:    See jail.conf(5) man page
+ # Values:  CMD
+ #
+-actionban = iptables -I fail2ban-<name> 1 -s <ip> -j <blocktype>
++actionban = fail2ban-iptables -I fail2ban-<name> 1 -s <ip> -j <blocktype>
+ # Option:  actionunban
+ # Notes.:  command executed when unbanning an IP. Take care that the
+@@ -46,7 +47,7 @@
+ # Tags:    See jail.conf(5) man page
+ # Values:  CMD
+ #
+-actionunban = iptables -D fail2ban-<name> -s <ip> -j <blocktype>
++actionunban = fail2ban-iptables -D fail2ban-<name> -s <ip> -j <blocktype>
+ [Init]
+@@ -67,7 +68,7 @@
+ protocol = tcp
+ # Option:  chain
+-# Notes    specifies the iptables chain to which the fail2ban rules should be
++# Notes    specifies the fail2ban-iptables chain to which the fail2ban rules should be
+ #          added
+ # Values:  STRING  Default: INPUT
+ chain = INPUT
+diff -urN fail2ban-0.8.11.orig/config/action.d/iptables-ipset-proto4.conf fail2ban-0.8.11/config/action.d/iptables-ipset-proto4.conf
+--- fail2ban-0.8.11.orig/config/action.d/iptables-ipset-proto4.conf    2013-11-12 22:06:54.000000000 +0100
++++ fail2ban-0.8.11/config/action.d/iptables-ipset-proto4.conf 2014-01-06 11:38:22.515902568 +0100
+@@ -28,13 +28,13 @@
+ # Values:  CMD
+ #
+ actionstart = ipset --create fail2ban-<name> iphash
+-              iptables -I INPUT -p <protocol> -m multiport --dports <port> -m set --match-set fail2ban-<name> src -j <blocktype>
++              fail2ban-iptables -I INPUT -p <protocol> -m multiport --dports <port> -m set --match-set fail2ban-<name> src -j <blocktype>
+ # Option:  actionstop
+ # Notes.:  command executed once at the end of Fail2Ban
+ # Values:  CMD
+ #
+-actionstop = iptables -D INPUT -p <protocol> -m multiport --dports <port> -m set --match-set fail2ban-<name> src -j <blocktype>
++actionstop = fail2ban-iptables -D INPUT -p <protocol> -m multiport --dports <port> -m set --match-set fail2ban-<name> src -j <blocktype>
+              ipset --flush fail2ban-<name>
+              ipset --destroy fail2ban-<name>
+diff -urN fail2ban-0.8.11.orig/config/action.d/iptables-ipset-proto6-allports.conf fail2ban-0.8.11/config/action.d/iptables-ipset-proto6-allports.conf
+--- fail2ban-0.8.11.orig/config/action.d/iptables-ipset-proto6-allports.conf   2013-11-12 22:06:54.000000000 +0100
++++ fail2ban-0.8.11/config/action.d/iptables-ipset-proto6-allports.conf        2014-01-06 11:39:21.855902139 +0100
+@@ -25,13 +25,13 @@
+ # Values:  CMD
+ #
+ actionstart = ipset create fail2ban-<name> hash:ip timeout <bantime>
+-              iptables -I INPUT -m set --match-set fail2ban-<name> src -j <blocktype>
++              fail2ban-iptables -I INPUT -m set --match-set fail2ban-<name> src -j <blocktype>
+ # Option:  actionstop
+ # Notes.:  command executed once at the end of Fail2Ban
+ # Values:  CMD
+ #
+-actionstop = iptables -D INPUT -m set --match-set fail2ban-<name> src -j <blocktype>
++actionstop = fail2ban-iptables -D INPUT -m set --match-set fail2ban-<name> src -j <blocktype>
+              ipset flush fail2ban-<name>
+              ipset destroy fail2ban-<name>
+diff -urN fail2ban-0.8.11.orig/config/action.d/iptables-ipset-proto6.conf fail2ban-0.8.11/config/action.d/iptables-ipset-proto6.conf
+--- fail2ban-0.8.11.orig/config/action.d/iptables-ipset-proto6.conf    2013-11-12 22:06:54.000000000 +0100
++++ fail2ban-0.8.11/config/action.d/iptables-ipset-proto6.conf 2014-01-06 11:38:58.449235641 +0100
+@@ -25,13 +25,13 @@
+ # Values:  CMD
+ #
+ actionstart = ipset create fail2ban-<name> hash:ip timeout <bantime>
+-              iptables -I INPUT -p <protocol> -m multiport --dports <port> -m set --match-set fail2ban-<name> src -j <blocktype>
++              fail2ban-iptables -I INPUT -p <protocol> -m multiport --dports <port> -m set --match-set fail2ban-<name> src -j <blocktype>
+ # Option:  actionstop
+ # Notes.:  command executed once at the end of Fail2Ban
+ # Values:  CMD
+ #
+-actionstop = iptables -D INPUT -p <protocol> -m multiport --dports <port> -m set --match-set fail2ban-<name> src -j <blocktype>
++actionstop = fail2ban-iptables -D INPUT -p <protocol> -m multiport --dports <port> -m set --match-set fail2ban-<name> src -j <blocktype>
+              ipset flush fail2ban-<name>
+              ipset destroy fail2ban-<name>
+diff -urN fail2ban-0.8.11.orig/config/action.d/iptables-multiport.conf fail2ban-0.8.11/config/action.d/iptables-multiport.conf
+--- fail2ban-0.8.11.orig/config/action.d/iptables-multiport.conf       2013-11-12 22:06:54.000000000 +0100
++++ fail2ban-0.8.11/config/action.d/iptables-multiport.conf    2014-01-06 11:25:24.019241537 +0100
+@@ -2,6 +2,7 @@
+ #
+ # Author: Cyril Jaquier
+ # Modified by Yaroslav Halchenko for multiport banning
++# Modified by Paul J aka Thanat0s for ipv6 support
+ #
+ [INCLUDES]
+@@ -14,23 +15,23 @@
+ # Notes.:  command executed once at the start of Fail2Ban.
+ # Values:  CMD
+ #
+-actionstart = iptables -N fail2ban-<name>
+-              iptables -A fail2ban-<name> -j RETURN
+-              iptables -I <chain> -p <protocol> -m multiport --dports <port> -j fail2ban-<name>
++actionstart = fail2ban-iptables -N fail2ban-<name>
++              fail2ban-iptables -A fail2ban-<name> -j RETURN
++              fail2ban-iptables -I <chain> -p <protocol> -m multiport --dports <port> -j fail2ban-<name>
+ # Option:  actionstop
+ # Notes.:  command executed once at the end of Fail2Ban
+ # Values:  CMD
+ #
+-actionstop = iptables -D <chain> -p <protocol> -m multiport --dports <port> -j fail2ban-<name>
+-             iptables -F fail2ban-<name>
+-             iptables -X fail2ban-<name>
++actionstop = fail2ban-iptables -D <chain> -p <protocol> -m multiport --dports <port> -j fail2ban-<name>
++             fail2ban-iptables -F fail2ban-<name>
++             fail2ban-iptables -X fail2ban-<name>
+ # Option:  actioncheck
+ # Notes.:  command executed once before each actionban command
+ # Values:  CMD
+ #
+-actioncheck = iptables -n -L <chain> | grep -q 'fail2ban-<name>[ \t]'
++actioncheck = fail2ban-iptables -n -L <chain> | grep -q 'fail2ban-<name>[ \t]'
+ # Option:  actionban
+ # Notes.:  command executed when banning an IP. Take care that the
+@@ -38,7 +39,7 @@
+ # Tags:    See jail.conf(5) man page
+ # Values:  CMD
+ #
+-actionban = iptables -I fail2ban-<name> 1 -s <ip> -j <blocktype>
++actionban = fail2ban-iptables -I fail2ban-<name> 1 -s <ip> -j <blocktype>
+ # Option:  actionunban
+ # Notes.:  command executed when unbanning an IP. Take care that the
+@@ -46,7 +47,7 @@
+ # Tags:    See jail.conf(5) man page
+ # Values:  CMD
+ #
+-actionunban = iptables -D fail2ban-<name> -s <ip> -j <blocktype>
++actionunban = fail2ban-iptables -D fail2ban-<name> -s <ip> -j <blocktype>
+ [Init]
+@@ -67,7 +68,7 @@
+ protocol = tcp
+ # Option:  chain
+-# Notes    specifies the iptables chain to which the fail2ban rules should be
++# Notes    specifies the fail2ban-iptables chain to which the fail2ban rules should be
+ #          added
+ # Values:  STRING  Default: INPUT
+ chain = INPUT
+diff -urN fail2ban-0.8.11.orig/config/action.d/iptables-multiport-log.conf fail2ban-0.8.11/config/action.d/iptables-multiport-log.conf
+--- fail2ban-0.8.11.orig/config/action.d/iptables-multiport-log.conf   2013-11-12 22:06:54.000000000 +0100
++++ fail2ban-0.8.11/config/action.d/iptables-multiport-log.conf        2014-01-06 11:23:13.682575814 +0100
+@@ -2,6 +2,7 @@
+ #
+ # Author: Guido Bozzetto
+ # Modified: Cyril Jaquier
++# Modified by Paul J aka Thanat0s for ipv6 support
+ #
+ # make "fail2ban-<name>" chain to match drop IP
+ # make "fail2ban-<name>-log" chain to log and drop
+@@ -19,28 +20,28 @@
+ # Notes.:  command executed once at the start of Fail2Ban.
+ # Values:  CMD
+ #
+-actionstart = iptables -N fail2ban-<name>
+-              iptables -A fail2ban-<name> -j RETURN
+-              iptables -I <chain> 1 -p <protocol> -m multiport --dports <port> -j fail2ban-<name>
+-              iptables -N fail2ban-<name>-log
+-              iptables -I fail2ban-<name>-log -j LOG --log-prefix "$(expr fail2ban-<name> : '\(.\{1,23\}\)'):DROP " --log-level warning -m limit --limit 6/m --limit-burst 2
+-              iptables -A fail2ban-<name>-log -j <blocktype>
++actionstart = fail2ban-iptables -N fail2ban-<name>
++              fail2ban-iptables -A fail2ban-<name> -j RETURN
++              fail2ban-iptables -I <chain> 1 -p <protocol> -m multiport --dports <port> -j fail2ban-<name>
++              fail2ban-iptables -N fail2ban-<name>-log
++              fail2ban-iptables -I fail2ban-<name>-log -j LOG --log-prefix "$(expr fail2ban-<name> : '\(.\{1,23\}\)'):DROP " --log-level warning -m limit --limit 6/m --limit-burst 2
++              fail2ban-iptables -A fail2ban-<name>-log -j <blocktype>
+ # Option:  actionstop
+ # Notes.:  command executed once at the end of Fail2Ban
+ # Values:  CMD
+ #
+-actionstop = iptables -D <chain> -p <protocol> -m multiport --dports <port> -j fail2ban-<name>
+-             iptables -F fail2ban-<name>
+-             iptables -F fail2ban-<name>-log
+-             iptables -X fail2ban-<name>
+-             iptables -X fail2ban-<name>-log
++actionstop = fail2ban-iptables -D <chain> -p <protocol> -m multiport --dports <port> -j fail2ban-<name>
++             fail2ban-iptables -F fail2ban-<name>
++             fail2ban-iptables -F fail2ban-<name>-log
++             fail2ban-iptables -X fail2ban-<name>
++             fail2ban-iptables -X fail2ban-<name>-log
+ # Option:  actioncheck
+ # Notes.:  command executed once before each actionban command
+ # Values:  CMD
+ #
+-actioncheck = iptables -n -L fail2ban-<name>-log >/dev/null
++actioncheck = fail2ban-iptables -n -L fail2ban-<name>-log >/dev/null
+ # Option:  actionban
+ # Notes.:  command executed when banning an IP. Take care that the
+@@ -48,7 +49,7 @@
+ # Tags:    See jail.conf(5) man page
+ # Values:  CMD
+ #
+-actionban = iptables -I fail2ban-<name> 1 -s <ip> -j fail2ban-<name>-log
++actionban = fail2ban-iptables -I fail2ban-<name> 1 -s <ip> -j fail2ban-<name>-log
+ # Option:  actionunban
+ # Notes.:  command executed when unbanning an IP. Take care that the
+@@ -56,7 +57,7 @@
+ # Tags:    See jail.conf(5) man page
+ # Values:  CMD
+ #
+-actionunban = iptables -D fail2ban-<name> -s <ip> -j fail2ban-<name>-log
++actionunban = fail2ban-iptables -D fail2ban-<name> -s <ip> -j fail2ban-<name>-log
+ [Init]
+@@ -77,7 +78,7 @@
+ protocol = tcp
+ # Option:  chain
+-# Notes    specifies the iptables chain to which the fail2ban rules should be
++# Notes    specifies the fail2ban-iptables chain to which the fail2ban rules should be
+ #          added
+ # Values:  STRING  Default: INPUT
+ chain = INPUT
+diff -urN fail2ban-0.8.11.orig/config/action.d/iptables-new.conf fail2ban-0.8.11/config/action.d/iptables-new.conf
+--- fail2ban-0.8.11.orig/config/action.d/iptables-new.conf     2013-11-12 22:06:54.000000000 +0100
++++ fail2ban-0.8.11/config/action.d/iptables-new.conf  2014-01-06 11:27:19.569240701 +0100
+@@ -1,8 +1,9 @@
+ # Fail2Ban configuration file
+ #
+ # Author: Cyril Jaquier
+-# Copied from iptables.conf and modified by Yaroslav Halchenko 
++# Copied from fail2ban-iptables.conf and modified by Yaroslav Halchenko 
+ #  to fullfill the needs of bugreporter dbts#350746.
++# Modified by Paul J aka Thanat0s for ipv6 support
+ #
+ #
+@@ -17,23 +18,23 @@
+ # Notes.:  command executed once at the start of Fail2Ban.
+ # Values:  CMD
+ #
+-actionstart = iptables -N fail2ban-<name>
+-              iptables -A fail2ban-<name> -j RETURN
+-              iptables -I <chain> -m state --state NEW -p <protocol> --dport <port> -j fail2ban-<name>
++actionstart = fail2ban-iptables -N fail2ban-<name>
++              fail2ban-iptables -A fail2ban-<name> -j RETURN
++              fail2ban-iptables -I <chain> -m state --state NEW -p <protocol> --dport <port> -j fail2ban-<name>
+ # Option:  actionstop
+ # Notes.:  command executed once at the end of Fail2Ban
+ # Values:  CMD
+ #
+-actionstop = iptables -D <chain> -m state --state NEW -p <protocol> --dport <port> -j fail2ban-<name>
+-             iptables -F fail2ban-<name>
+-             iptables -X fail2ban-<name>
++actionstop = fail2ban-iptables -D <chain> -m state --state NEW -p <protocol> --dport <port> -j fail2ban-<name>
++             fail2ban-iptables -F fail2ban-<name>
++             fail2ban-iptables -X fail2ban-<name>
+ # Option:  actioncheck
+ # Notes.:  command executed once before each actionban command
+ # Values:  CMD
+ #
+-actioncheck = iptables -n -L <chain> | grep -q 'fail2ban-<name>[ \t]'
++actioncheck = fail2ban-iptables -n -L <chain> | grep -q 'fail2ban-<name>[ \t]'
+ # Option:  actionban
+ # Notes.:  command executed when banning an IP. Take care that the
+@@ -41,7 +42,7 @@
+ # Tags:    See jail.conf(5) man page
+ # Values:  CMD
+ #
+-actionban = iptables -I fail2ban-<name> 1 -s <ip> -j <blocktype>
++actionban = fail2ban-iptables -I fail2ban-<name> 1 -s <ip> -j <blocktype>
+ # Option:  actionunban
+ # Notes.:  command executed when unbanning an IP. Take care that the
+@@ -49,7 +50,7 @@
+ # Tags:    See jail.conf(5) man page
+ # Values:  CMD
+ #
+-actionunban = iptables -D fail2ban-<name> -s <ip> -j <blocktype>
++actionunban = fail2ban-iptables -D fail2ban-<name> -s <ip> -j <blocktype>
+ [Init]
+@@ -70,7 +71,7 @@
+ protocol = tcp
+ # Option:  chain
+-# Notes    specifies the iptables chain to which the fail2ban rules should be
++# Notes    specifies the fail2ban-iptables chain to which the fail2ban rules should be
+ #          added
+ # Values:  STRING  Default: INPUT
+ chain = INPUT
+diff -urN fail2ban-0.8.11.orig/config/action.d/iptables-xt_recent-echo.conf fail2ban-0.8.11/config/action.d/iptables-xt_recent-echo.conf
+--- fail2ban-0.8.11.orig/config/action.d/iptables-xt_recent-echo.conf  2013-11-12 22:06:54.000000000 +0100
++++ fail2ban-0.8.11/config/action.d/iptables-xt_recent-echo.conf       2014-01-06 11:40:07.539235142 +0100
+@@ -33,7 +33,7 @@
+ #    own rules. The 3600 second timeout is independent and acts as a
+ #    safeguard in case the fail2ban process dies unexpectedly. The
+ #    shorter of the two timeouts actually matters.
+-actionstart = iptables -I INPUT -m recent --update --seconds 3600 --name fail2ban-<name> -j <blocktype>
++actionstart = fail2ban-iptables -I INPUT -m recent --update --seconds 3600 --name fail2ban-<name> -j <blocktype>
+ # Option:  actionstop
+ # Notes.:  command executed once at the end of Fail2Ban
+diff -urN fail2ban-0.8.11.orig/config/fail2ban.conf fail2ban-0.8.11/config/fail2ban.conf
+--- fail2ban-0.8.11.orig/config/fail2ban.conf  2013-11-12 22:06:54.000000000 +0100
++++ fail2ban-0.8.11/config/fail2ban.conf       2014-01-06 11:31:27.709238905 +0100
+@@ -47,3 +47,10 @@
+ #
+ pidfile = /var/run/fail2ban/fail2ban.pid
++# Option: ipv6
++# Notes.: Activate IPv6 support
++#         Warning : only with iptables action supported
++# Values: BOOLEAN Default:  disabled
++#
++ipv6 = enabled
++
+diff -urN fail2ban-0.8.11.orig/fail2ban-iptables fail2ban-0.8.11/fail2ban-iptables
+--- fail2ban-0.8.11.orig/fail2ban-iptables     1970-01-01 01:00:00.000000000 +0100
++++ fail2ban-0.8.11/fail2ban-iptables  2014-01-06 11:32:30.559238449 +0100
+@@ -0,0 +1,50 @@
++#!/usr/bin/python
++# This file is part of Fail2Ban.
++#
++# Fail2Ban is free software; you can redistribute it and/or modify
++# it under the terms of the GNU General Public License as published by
++# the Free Software Foundation; either version 2 of the License, or
++# (at your option) any later version.
++#
++# Fail2Ban is distributed in the hope that it will be useful,
++# but WITHOUT ANY WARRANTY; without even the implied warranty of
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++# GNU General Public License for more details.
++#
++# You should have received a copy of the GNU General Public License
++# along with Fail2Ban; if not, write to the Free Software
++# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
++
++
++# Iptable wrapper, call the right iptables depending of the ip proposed
++# Author: Paul J Aka "Thanat0s"
++
++import sys, re, subprocess
++
++# Main procedure
++def main(argv):
++      concat_argv = ' '.join(argv)
++      regv4 = re.compile('([0-9]{1,3}\.){3}[0-9]{1,3}')
++      if regv4.search(concat_argv):
++              # we are facing to a ipv4
++              ret = subprocess.call(['iptables'] + argv)
++              sys.exit(ret)
++      else:
++              # if not, maybe it's a ipv6
++              regv6 = re.compile('::[A-Fa-f0-9]{1,4}|(:[A-Fa-f0-9]{1,4}){2,}')
++              if regv6.search(concat_argv):
++                      ret6 = subprocess.call(['ip6tables'] + argv)
++                      sys.exit(ret6)
++              else:
++                      # if it's not a ipv6 either, we call both iptables
++                      ret = subprocess.call(['iptables'] + argv)
++                      ret6 = subprocess.call(['ip6tables'] + argv)
++                      # return worst error code
++                      if ret > ret6:
++                              sys.exit(ret)
++                      else:
++                              sys.exit(ret6)
++
++# Main call, pass all variables
++if __name__ == "__main__":
++      main(sys.argv[1:])
+diff -urN fail2ban-0.8.11.orig/server/failregex.py fail2ban-0.8.11/server/failregex.py
+--- fail2ban-0.8.11.orig/server/failregex.py   2013-11-12 22:06:54.000000000 +0100
++++ fail2ban-0.8.11/server/failregex.py        2014-01-06 11:12:39.602580405 +0100
+@@ -41,7 +41,7 @@
+               self._matchCache = None
+               # Perform shortcuts expansions.
+               # Replace "<HOST>" with default regular expression for host.
+-              regex = regex.replace("<HOST>", "(?:::f{4,6}:)?(?P<host>[\w\-.^_]*\w)")
++              regex = regex.replace("<HOST>", "(?:::f{4,6}:)?(?P<host>[\w\-.^_:]*\w)")
+               if regex.lstrip() == '':
+                       raise RegexException("Cannot add empty regex")
+               try:
+diff -urN fail2ban-0.8.11.orig/server/filter.py fail2ban-0.8.11/server/filter.py
+--- fail2ban-0.8.11.orig/server/filter.py      2013-11-12 22:06:54.000000000 +0100
++++ fail2ban-0.8.11/server/filter.py   2014-01-06 12:25:40.509215356 +0100
+@@ -267,7 +267,10 @@
+                       s = i.split('/', 1)
+                       # IP address without CIDR mask
+                       if len(s) == 1:
+-                              s.insert(1, '32')
++                              if re.match(":", s[0]):
++                                      s.insert(1, '128')
++                              else:
++                                      s.insert(1, '32')
+                       s[1] = long(s[1])
+                       try:
+                               a = DNSUtils.cidr(s[0], s[1])
+@@ -623,6 +626,7 @@
+ class DNSUtils:
+       IP_CRE = re.compile("^(?:\d{1,3}\.){3}\d{1,3}$")
++      IP_CRE6 = re.compile("^(?:[0-9:A-Fa-f]{3,})$")
+       #@staticmethod
+       def dnsToIp(dns):
+@@ -646,19 +650,31 @@
+               if match:
+                       return match
+               else:
+-                      return None
++                      match = DNSUtils.IP_CRE6.match(text)
++                      if match:
++                              """ Right Here, we faced to a ipv6
++                              """
++                              return match
++                      else:
++                              return None
+       searchIP = staticmethod(searchIP)
+       #@staticmethod
+       def isValidIP(string):
+-              """ Return true if str is a valid IP
+-              """
++              # Return true if str is a valid IP
+               s = string.split('/', 1)
++              # try to convert to ipv4
+               try:
+                       socket.inet_aton(s[0])
+                       return True
+               except socket.error:
+-                      return False
++                      # if it had failed try to convert ipv6
++                      try:  
++                              socket.inet_pton(socket.AF_INET6, s[0])
++                              return True
++                      except socket.error: 
++                              # not a valid address in both stacks
++                              return False
+       isValidIP = staticmethod(isValidIP)
+       #@staticmethod
+@@ -687,11 +703,14 @@
+       #@staticmethod
+       def cidr(i, n):
+-              """ Convert an IP address string with a CIDR mask into a 32-bit
+-                      integer.
++              """ Convert an IP address string with a CIDR mask into an integer.
+               """
+-              # 32-bit IPv4 address mask
+-              MASK = 0xFFFFFFFFL
++              if re.match(":", i):
++                      # 128-bit IPv6 address mask
++                      MASK = ((1 << 128) - 1)
++              else:
++                      # 32-bit IPv4 address mask
++                      MASK = 0xFFFFFFFFL
+               return ~(MASK >> n) & MASK & DNSUtils.addr2bin(i)
+       cidr = staticmethod(cidr)
+@@ -699,12 +718,21 @@
+       def addr2bin(string):
+               """ Convert a string IPv4 address into an unsigned integer.
+               """
+-              return struct.unpack("!L", socket.inet_aton(string))[0]
++              try:
++                      return struct.unpack("!L", socket.inet_aton(string))[0]
++              except socket.error:
++                      hi, lo = struct.unpack('!QQ', socket.inet_pton(socket.AF_INET6, string))
++                      return (hi << 64) | lo
+       addr2bin = staticmethod(addr2bin)
+       #@staticmethod
+       def bin2addr(addr):
+               """ Convert a numeric IPv4 address into string n.n.n.n form.
+               """
+-              return socket.inet_ntoa(struct.pack("!L", addr))
++              try:
++                      return socket.inet_ntoa(struct.pack("!L", addr))
++              except socket.error:
++                      hi = addr >> 64
++                      lo = addr & ((1 << 64) - 1)
++                      return socket.inet_ntop(socket.AF_INET6, struct.pack('!QQ', hi, lo))
+       bin2addr = staticmethod(bin2addr)
+diff -urN fail2ban-0.8.11.orig/setup.py fail2ban-0.8.11/setup.py
+--- fail2ban-0.8.11.orig/setup.py      2013-11-12 22:06:54.000000000 +0100
++++ fail2ban-0.8.11/setup.py   2014-01-06 11:15:41.519245754 +0100
+@@ -48,7 +48,8 @@
+       scripts =       [
+                                       'fail2ban-client',
+                                       'fail2ban-server',
+-                                      'fail2ban-regex'
++                                      'fail2ban-regex',
++                                      'fail2ban-iptables'
+                               ],
+       packages =      [
+                                       'common',
This page took 0.18088 seconds and 4 git commands to generate.