I hope someone can help me with this as this I'm struggling with. I wish to implement an immediate ban on this type of event:
2021-08-26 00:52:21.681 The connection with the client (IP address 157.245.59.23, Port number 59420) has been disconnected. 2021-08-26 01:28:34.121 On the TCP Listener (Port 443), a Client (IP address 128.14.209.162, Host name "zl-dal-us-gp3-wk107.internet-census.org", Port number 38470) has connected. 2021-08-26 01:28:34.121 For the client (IP address: 128.14.209.162, host name: "zl-dal-us-gp3-wk107.internet-census.org", port number: 38470), connection "CID-584" has been created. 2021-08-26 01:28:34.959 SSL communication for connection "CID-584" has been started. The encryption algorithm name is "RC4-MD5". 2021-08-26 01:28:41.847 Connection "CID-584" terminated by the cause "A client which is non-SoftEther VPN software has connected to the port." (code 5). 2021-08-26 01:28:41.857 Connection "CID-584" has been terminated. I am not sure on how to construct a fail2ban to ban filter to, in this example, ban 128.14.209.162 when the string "(code 5)" is recorded by SoftEther. [I'm also still trying to wrap my head round RegEx. I'm finding it not easy to put together.]
_______________________________________________ Fail2ban-users mailing list Fail2ban-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fail2ban-users
