On 03/12/2021 15:43, Steve Charmer wrote:
oh, ok, I think I understand a little more now.
I was using f2b-regex cmd in console to test it,
but without the host_info alias (as provided by the "before INCLUDE"),
it won't return any matches?
Is it because f2b-regex needs to return a host portion to be considered
a match?
I mean, I can't just use it as a usual regular expression checker to
find a word or phrase, because without the host info, it will not return
any matches form the cmd line?
I am also testing it in a file under filter.d, but I can't find any
matches in the log.
2. UPGRADING
I would like to know if there are instructions how to UPGRADE a f2b
installation, so my custom rules can be used.
I tried to read the manual / doc quickly, but did not see a section on
how to upgrade, but maybe my eyes missed it.
3. COMMENTS INTO LOG
The next thing I will need to learn is how to use an action to
write comments into the log, so instead of just seeing "FOUND [ip
address], I can add comments about the message / domain/ TO, FROM, etc.
Thank you.
F2b needs to be able to identify a host as it uses this information to
create the firewall rule. Without a host, f2b is pointless. If you are
using a file in filter.d then you have a problem.
With respect to upgrading, if you put your changes in a .local file,
this should override a .conf file and you won't lose your changes.
Having said that I had to rework some of my custom jails anyway so they
may not carry across. Otherwise it depends on the packages your distro
provides.
For comments, you'll need a custom action. In Centos/EL you can use a
"logger" function to write to syslog, but I've never tried multiple
actions for a ban. They should, however, work.
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
