16.05.2018 21:09, Jody Whitesides wrote:
Actually there would be a few other attempts in between line 2 and 6 there. Thus, I’d like to create a filter that can figure out the hex thing before the 'mta event' as that is what ties the first part’s attempt to the fact that its failing. Then I’d like to ban that host, both the IPv4 and IPv6 ones that are doing what ever it is they’re attempting to do.
You can use multiline regular expressions for the hex part. Here's one example of how it is done (__machine, __pid1 and __pid2 all match among the lines): https://github.com/qm2k/burp_integration/blob/master/etc/fail2ban/filter.d/burp-auth.conf
I'd also check your IPv6 connectivity (including ICMPv6) to the client, these timeouts are more likely caused by MTU problems than malicious intent.
-- With Best Regards, Marat Khalili ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Fail2ban-users mailing list Fail2ban-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fail2ban-users
