commit 7037c24e8b96456f4850906a72884736c290eed4 Author: Arkadiusz Miśkiewicz <ar...@maven.pl> Date: Thu Aug 10 12:09:42 2017 +0200
- up to 0.10.0 fail2ban.spec | 12 +- ipv6.patch | 634 ---------------------------------------------------------- 2 files changed, 4 insertions(+), 642 deletions(-) --- diff --git a/fail2ban.spec b/fail2ban.spec index d083ba2..e81a314 100644 --- a/fail2ban.spec +++ b/fail2ban.spec @@ -1,19 +1,16 @@ -# TODO: -# - resurrect ipv6 support Summary: Ban IPs that make too many password failures Summary(pl.UTF-8): Blokowanie IP powodujących zbyt dużo prób logowań z błędnym hasłem Name: fail2ban -Version: 0.9.7 +Version: 0.10.0 Release: 1 License: GPL Group: Daemons Source0: https://github.com/fail2ban/fail2ban/archive/%{version}.tar.gz -# Source0-md5: 5e9deaea5237382940d5d58f22ca607a +# Source0-md5: 0f504ae1f8af0ac0b600e34ff48eb374 Source1: %{name}.init Source2: %{name}.logrotate Source3: paths-pld.conf -Patch0: ipv6.patch -Patch1: logifiles.patch +Patch0: logifiles.patch URL: http://fail2ban.sourceforge.net/ BuildRequires: python-devel BuildRequires: python-modules @@ -43,8 +40,7 @@ z sshd czy plikami logów serwera WWW Apache. %prep %setup -q -#%patch0 -p1 -%patch1 -p1 +%patch0 -p1 rm setup.cfg %build diff --git a/ipv6.patch b/ipv6.patch deleted file mode 100644 index 628e522..0000000 --- a/ipv6.patch +++ /dev/null @@ -1,634 +0,0 @@ -diff -urN fail2ban-0.8.11.orig/config/action.d/iptables-allports.conf fail2ban-0.8.11/config/action.d/iptables-allports.conf ---- fail2ban-0.8.11.orig/config/action.d/iptables-allports.conf 2013-11-12 22:06:54.000000000 +0100 -+++ fail2ban-0.8.11/config/action.d/iptables-allports.conf 2014-01-06 11:20:42.599243574 +0100 -@@ -2,7 +2,8 @@ - # - # Author: Cyril Jaquier - # Modified: Yaroslav O. Halchenko <deb...@onerussian.com> --# made active on all ports from original iptables.conf -+# made active on all ports from original fail2ban-iptables.conf -+# Modified by Paul J aka Thanat0s for ipv6 support - # - # - -@@ -17,23 +18,23 @@ - # Notes.: command executed once at the start of Fail2Ban. - # Values: CMD - # --actionstart = iptables -N fail2ban-<name> -- iptables -A fail2ban-<name> -j RETURN -- iptables -I <chain> -p <protocol> -j fail2ban-<name> -+actionstart = fail2ban-iptables -N fail2ban-<name> -+ fail2ban-iptables -A fail2ban-<name> -j RETURN -+ fail2ban-iptables -I <chain> -p <protocol> -j fail2ban-<name> - - # Option: actionstop - # Notes.: command executed once at the end of Fail2Ban - # Values: CMD - # --actionstop = iptables -D <chain> -p <protocol> -j fail2ban-<name> -- iptables -F fail2ban-<name> -- iptables -X fail2ban-<name> -+actionstop = fail2ban-iptables -D <chain> -p <protocol> -j fail2ban-<name> -+ fail2ban-iptables -F fail2ban-<name> -+ fail2ban-iptables -X fail2ban-<name> - - # Option: actioncheck - # Notes.: command executed once before each actionban command - # Values: CMD - # --actioncheck = iptables -n -L <chain> | grep -q 'fail2ban-<name>[ \t]' -+actioncheck = fail2ban-iptables -n -L <chain> | grep -q 'fail2ban-<name>[ \t]' - - # Option: actionban - # Notes.: command executed when banning an IP. Take care that the -@@ -41,7 +42,7 @@ - # Tags: See jail.conf(5) man page - # Values: CMD - # --actionban = iptables -I fail2ban-<name> 1 -s <ip> -j <blocktype> -+actionban = fail2ban-iptables -I fail2ban-<name> 1 -s <ip> -j <blocktype> - - # Option: actionunban - # Notes.: command executed when unbanning an IP. Take care that the -@@ -49,7 +50,7 @@ - # Tags: See jail.conf(5) man page - # Values: CMD - # --actionunban = iptables -D fail2ban-<name> -s <ip> -j <blocktype> -+actionunban = fail2ban-iptables -D fail2ban-<name> -s <ip> -j <blocktype> - - [Init] - -@@ -64,7 +65,7 @@ - protocol = tcp - - # Option: chain --# Notes specifies the iptables chain to which the fail2ban rules should be -+# Notes specifies the fail2ban-iptables chain to which the fail2ban rules should be - # added - # Values: STRING Default: INPUT - chain = INPUT -diff -urN fail2ban-0.8.11.orig/config/action.d/iptables-blocktype.conf fail2ban-0.8.11/config/action.d/iptables-blocktype.conf ---- fail2ban-0.8.11.orig/config/action.d/iptables-blocktype.conf 2013-11-12 22:06:54.000000000 +0100 -+++ fail2ban-0.8.11/config/action.d/iptables-blocktype.conf 2014-01-06 15:50:20.525793123 +0100 -@@ -18,5 +18,5 @@ - # as per the iptables man page (section 8). Common values are DROP - # REJECT, REJECT --reject-with icmp-port-unreachable - # Values: STRING --blocktype = REJECT --reject-with icmp-port-unreachable -+blocktype = REJECT - -diff -urN fail2ban-0.8.11.orig/config/action.d/iptables.conf fail2ban-0.8.11/config/action.d/iptables.conf ---- fail2ban-0.8.11.orig/config/action.d/iptables.conf 2013-11-12 22:06:54.000000000 +0100 -+++ fail2ban-0.8.11/config/action.d/iptables.conf 2014-01-06 11:29:00.235906639 +0100 -@@ -1,6 +1,7 @@ - # Fail2Ban configuration file - # - # Author: Cyril Jaquier -+# Modified by Paul J aka Thanat0s for ipv6 support - # - # - -@@ -14,23 +15,23 @@ - # Notes.: command executed once at the start of Fail2Ban. - # Values: CMD - # --actionstart = iptables -N fail2ban-<name> -- iptables -A fail2ban-<name> -j RETURN -- iptables -I <chain> -p <protocol> --dport <port> -j fail2ban-<name> -+actionstart = fail2ban-iptables -N fail2ban-<name> -+ fail2ban-iptables -A fail2ban-<name> -j RETURN -+ fail2ban-iptables -I <chain> -p <protocol> --dport <port> -j fail2ban-<name> - - # Option: actionstop - # Notes.: command executed once at the end of Fail2Ban - # Values: CMD - # --actionstop = iptables -D <chain> -p <protocol> --dport <port> -j fail2ban-<name> -- iptables -F fail2ban-<name> -- iptables -X fail2ban-<name> -+actionstop = fail2ban-iptables -D <chain> -p <protocol> --dport <port> -j fail2ban-<name> -+ fail2ban-iptables -F fail2ban-<name> -+ fail2ban-iptables -X fail2ban-<name> - - # Option: actioncheck - # Notes.: command executed once before each actionban command - # Values: CMD - # --actioncheck = iptables -n -L <chain> | grep -q 'fail2ban-<name>[ \t]' -+actioncheck = fail2ban-iptables -n -L <chain> | grep -q 'fail2ban-<name>[ \t]' - - # Option: actionban - # Notes.: command executed when banning an IP. Take care that the -@@ -38,7 +39,7 @@ - # Tags: See jail.conf(5) man page - # Values: CMD - # --actionban = iptables -I fail2ban-<name> 1 -s <ip> -j <blocktype> -+actionban = fail2ban-iptables -I fail2ban-<name> 1 -s <ip> -j <blocktype> - - # Option: actionunban - # Notes.: command executed when unbanning an IP. Take care that the -@@ -46,7 +47,7 @@ - # Tags: See jail.conf(5) man page - # Values: CMD - # --actionunban = iptables -D fail2ban-<name> -s <ip> -j <blocktype> -+actionunban = fail2ban-iptables -D fail2ban-<name> -s <ip> -j <blocktype> - - [Init] - -@@ -67,7 +68,7 @@ - protocol = tcp - - # Option: chain --# Notes specifies the iptables chain to which the fail2ban rules should be -+# Notes specifies the fail2ban-iptables chain to which the fail2ban rules should be - # added - # Values: STRING Default: INPUT - chain = INPUT -diff -urN fail2ban-0.8.11.orig/config/action.d/iptables-ipset-proto4.conf fail2ban-0.8.11/config/action.d/iptables-ipset-proto4.conf ---- fail2ban-0.8.11.orig/config/action.d/iptables-ipset-proto4.conf 2013-11-12 22:06:54.000000000 +0100 -+++ fail2ban-0.8.11/config/action.d/iptables-ipset-proto4.conf 2014-01-06 11:38:22.515902568 +0100 -@@ -28,13 +28,13 @@ - # Values: CMD - # - actionstart = ipset --create fail2ban-<name> iphash -- iptables -I INPUT -p <protocol> -m multiport --dports <port> -m set --match-set fail2ban-<name> src -j <blocktype> -+ fail2ban-iptables -I INPUT -p <protocol> -m multiport --dports <port> -m set --match-set fail2ban-<name> src -j <blocktype> - - # Option: actionstop - # Notes.: command executed once at the end of Fail2Ban - # Values: CMD - # --actionstop = iptables -D INPUT -p <protocol> -m multiport --dports <port> -m set --match-set fail2ban-<name> src -j <blocktype> -+actionstop = fail2ban-iptables -D INPUT -p <protocol> -m multiport --dports <port> -m set --match-set fail2ban-<name> src -j <blocktype> - ipset --flush fail2ban-<name> - ipset --destroy fail2ban-<name> - -diff -urN fail2ban-0.8.11.orig/config/action.d/iptables-ipset-proto6-allports.conf fail2ban-0.8.11/config/action.d/iptables-ipset-proto6-allports.conf ---- fail2ban-0.8.11.orig/config/action.d/iptables-ipset-proto6-allports.conf 2013-11-12 22:06:54.000000000 +0100 -+++ fail2ban-0.8.11/config/action.d/iptables-ipset-proto6-allports.conf 2014-01-06 11:39:21.855902139 +0100 -@@ -25,13 +25,13 @@ - # Values: CMD - # - actionstart = ipset create fail2ban-<name> hash:ip timeout <bantime> -- iptables -I INPUT -m set --match-set fail2ban-<name> src -j <blocktype> -+ fail2ban-iptables -I INPUT -m set --match-set fail2ban-<name> src -j <blocktype> - - # Option: actionstop - # Notes.: command executed once at the end of Fail2Ban - # Values: CMD - # --actionstop = iptables -D INPUT -m set --match-set fail2ban-<name> src -j <blocktype> -+actionstop = fail2ban-iptables -D INPUT -m set --match-set fail2ban-<name> src -j <blocktype> - ipset flush fail2ban-<name> - ipset destroy fail2ban-<name> - -diff -urN fail2ban-0.8.11.orig/config/action.d/iptables-ipset-proto6.conf fail2ban-0.8.11/config/action.d/iptables-ipset-proto6.conf ---- fail2ban-0.8.11.orig/config/action.d/iptables-ipset-proto6.conf 2013-11-12 22:06:54.000000000 +0100 -+++ fail2ban-0.8.11/config/action.d/iptables-ipset-proto6.conf 2014-01-06 11:38:58.449235641 +0100 -@@ -25,13 +25,13 @@ - # Values: CMD - # - actionstart = ipset create fail2ban-<name> hash:ip timeout <bantime> -- iptables -I INPUT -p <protocol> -m multiport --dports <port> -m set --match-set fail2ban-<name> src -j <blocktype> -+ fail2ban-iptables -I INPUT -p <protocol> -m multiport --dports <port> -m set --match-set fail2ban-<name> src -j <blocktype> - - # Option: actionstop - # Notes.: command executed once at the end of Fail2Ban - # Values: CMD - # --actionstop = iptables -D INPUT -p <protocol> -m multiport --dports <port> -m set --match-set fail2ban-<name> src -j <blocktype> -+actionstop = fail2ban-iptables -D INPUT -p <protocol> -m multiport --dports <port> -m set --match-set fail2ban-<name> src -j <blocktype> - ipset flush fail2ban-<name> - ipset destroy fail2ban-<name> - -diff -urN fail2ban-0.8.11.orig/config/action.d/iptables-multiport.conf fail2ban-0.8.11/config/action.d/iptables-multiport.conf ---- fail2ban-0.8.11.orig/config/action.d/iptables-multiport.conf 2013-11-12 22:06:54.000000000 +0100 -+++ fail2ban-0.8.11/config/action.d/iptables-multiport.conf 2014-01-06 11:25:24.019241537 +0100 -@@ -2,6 +2,7 @@ - # - # Author: Cyril Jaquier - # Modified by Yaroslav Halchenko for multiport banning -+# Modified by Paul J aka Thanat0s for ipv6 support - # - - [INCLUDES] -@@ -14,23 +15,23 @@ - # Notes.: command executed once at the start of Fail2Ban. - # Values: CMD - # --actionstart = iptables -N fail2ban-<name> -- iptables -A fail2ban-<name> -j RETURN -- iptables -I <chain> -p <protocol> -m multiport --dports <port> -j fail2ban-<name> -+actionstart = fail2ban-iptables -N fail2ban-<name> -+ fail2ban-iptables -A fail2ban-<name> -j RETURN -+ fail2ban-iptables -I <chain> -p <protocol> -m multiport --dports <port> -j fail2ban-<name> - - # Option: actionstop - # Notes.: command executed once at the end of Fail2Ban - # Values: CMD - # --actionstop = iptables -D <chain> -p <protocol> -m multiport --dports <port> -j fail2ban-<name> -- iptables -F fail2ban-<name> -- iptables -X fail2ban-<name> -+actionstop = fail2ban-iptables -D <chain> -p <protocol> -m multiport --dports <port> -j fail2ban-<name> -+ fail2ban-iptables -F fail2ban-<name> -+ fail2ban-iptables -X fail2ban-<name> - - # Option: actioncheck - # Notes.: command executed once before each actionban command - # Values: CMD - # --actioncheck = iptables -n -L <chain> | grep -q 'fail2ban-<name>[ \t]' -+actioncheck = fail2ban-iptables -n -L <chain> | grep -q 'fail2ban-<name>[ \t]' - - # Option: actionban - # Notes.: command executed when banning an IP. Take care that the -@@ -38,7 +39,7 @@ - # Tags: See jail.conf(5) man page - # Values: CMD - # --actionban = iptables -I fail2ban-<name> 1 -s <ip> -j <blocktype> -+actionban = fail2ban-iptables -I fail2ban-<name> 1 -s <ip> -j <blocktype> - - # Option: actionunban - # Notes.: command executed when unbanning an IP. Take care that the -@@ -46,7 +47,7 @@ - # Tags: See jail.conf(5) man page - # Values: CMD - # --actionunban = iptables -D fail2ban-<name> -s <ip> -j <blocktype> -+actionunban = fail2ban-iptables -D fail2ban-<name> -s <ip> -j <blocktype> - - [Init] - -@@ -67,7 +68,7 @@ - protocol = tcp - - # Option: chain --# Notes specifies the iptables chain to which the fail2ban rules should be -+# Notes specifies the fail2ban-iptables chain to which the fail2ban rules should be - # added - # Values: STRING Default: INPUT - chain = INPUT -diff -urN fail2ban-0.8.11.orig/config/action.d/iptables-multiport-log.conf fail2ban-0.8.11/config/action.d/iptables-multiport-log.conf ---- fail2ban-0.8.11.orig/config/action.d/iptables-multiport-log.conf 2013-11-12 22:06:54.000000000 +0100 -+++ fail2ban-0.8.11/config/action.d/iptables-multiport-log.conf 2014-01-06 11:23:13.682575814 +0100 -@@ -2,6 +2,7 @@ - # - # Author: Guido Bozzetto - # Modified: Cyril Jaquier -+# Modified by Paul J aka Thanat0s for ipv6 support - # - # make "fail2ban-<name>" chain to match drop IP - # make "fail2ban-<name>-log" chain to log and drop -@@ -19,28 +20,28 @@ - # Notes.: command executed once at the start of Fail2Ban. - # Values: CMD - # --actionstart = iptables -N fail2ban-<name> -- iptables -A fail2ban-<name> -j RETURN -- iptables -I <chain> 1 -p <protocol> -m multiport --dports <port> -j fail2ban-<name> -- iptables -N fail2ban-<name>-log -- iptables -I fail2ban-<name>-log -j LOG --log-prefix "$(expr fail2ban-<name> : '\(.\{1,23\}\)'):DROP " --log-level warning -m limit --limit 6/m --limit-burst 2 -- iptables -A fail2ban-<name>-log -j <blocktype> -+actionstart = fail2ban-iptables -N fail2ban-<name> -+ fail2ban-iptables -A fail2ban-<name> -j RETURN -+ fail2ban-iptables -I <chain> 1 -p <protocol> -m multiport --dports <port> -j fail2ban-<name> -+ fail2ban-iptables -N fail2ban-<name>-log -+ fail2ban-iptables -I fail2ban-<name>-log -j LOG --log-prefix "$(expr fail2ban-<name> : '\(.\{1,23\}\)'):DROP " --log-level warning -m limit --limit 6/m --limit-burst 2 -+ fail2ban-iptables -A fail2ban-<name>-log -j <blocktype> - - # Option: actionstop - # Notes.: command executed once at the end of Fail2Ban - # Values: CMD - # --actionstop = iptables -D <chain> -p <protocol> -m multiport --dports <port> -j fail2ban-<name> -- iptables -F fail2ban-<name> -- iptables -F fail2ban-<name>-log -- iptables -X fail2ban-<name> -- iptables -X fail2ban-<name>-log -+actionstop = fail2ban-iptables -D <chain> -p <protocol> -m multiport --dports <port> -j fail2ban-<name> -+ fail2ban-iptables -F fail2ban-<name> -+ fail2ban-iptables -F fail2ban-<name>-log -+ fail2ban-iptables -X fail2ban-<name> -+ fail2ban-iptables -X fail2ban-<name>-log - - # Option: actioncheck - # Notes.: command executed once before each actionban command - # Values: CMD - # --actioncheck = iptables -n -L fail2ban-<name>-log >/dev/null -+actioncheck = fail2ban-iptables -n -L fail2ban-<name>-log >/dev/null - - # Option: actionban - # Notes.: command executed when banning an IP. Take care that the -@@ -48,7 +49,7 @@ - # Tags: See jail.conf(5) man page - # Values: CMD - # --actionban = iptables -I fail2ban-<name> 1 -s <ip> -j fail2ban-<name>-log -+actionban = fail2ban-iptables -I fail2ban-<name> 1 -s <ip> -j fail2ban-<name>-log - - # Option: actionunban - # Notes.: command executed when unbanning an IP. Take care that the -@@ -56,7 +57,7 @@ - # Tags: See jail.conf(5) man page - # Values: CMD - # --actionunban = iptables -D fail2ban-<name> -s <ip> -j fail2ban-<name>-log -+actionunban = fail2ban-iptables -D fail2ban-<name> -s <ip> -j fail2ban-<name>-log - - [Init] - -@@ -77,7 +78,7 @@ - protocol = tcp - - # Option: chain --# Notes specifies the iptables chain to which the fail2ban rules should be -+# Notes specifies the fail2ban-iptables chain to which the fail2ban rules should be - # added - # Values: STRING Default: INPUT - chain = INPUT -diff -urN fail2ban-0.8.11.orig/config/action.d/iptables-new.conf fail2ban-0.8.11/config/action.d/iptables-new.conf ---- fail2ban-0.8.11.orig/config/action.d/iptables-new.conf 2013-11-12 22:06:54.000000000 +0100 -+++ fail2ban-0.8.11/config/action.d/iptables-new.conf 2014-01-06 11:27:19.569240701 +0100 -@@ -1,8 +1,9 @@ - # Fail2Ban configuration file - # - # Author: Cyril Jaquier --# Copied from iptables.conf and modified by Yaroslav Halchenko -+# Copied from fail2ban-iptables.conf and modified by Yaroslav Halchenko - # to fullfill the needs of bugreporter dbts#350746. -+# Modified by Paul J aka Thanat0s for ipv6 support - # - # - -@@ -17,23 +18,23 @@ - # Notes.: command executed once at the start of Fail2Ban. - # Values: CMD - # --actionstart = iptables -N fail2ban-<name> -- iptables -A fail2ban-<name> -j RETURN -- iptables -I <chain> -m state --state NEW -p <protocol> --dport <port> -j fail2ban-<name> -+actionstart = fail2ban-iptables -N fail2ban-<name> -+ fail2ban-iptables -A fail2ban-<name> -j RETURN -+ fail2ban-iptables -I <chain> -m state --state NEW -p <protocol> --dport <port> -j fail2ban-<name> - - # Option: actionstop - # Notes.: command executed once at the end of Fail2Ban - # Values: CMD - # --actionstop = iptables -D <chain> -m state --state NEW -p <protocol> --dport <port> -j fail2ban-<name> -- iptables -F fail2ban-<name> -- iptables -X fail2ban-<name> -+actionstop = fail2ban-iptables -D <chain> -m state --state NEW -p <protocol> --dport <port> -j fail2ban-<name> -+ fail2ban-iptables -F fail2ban-<name> -+ fail2ban-iptables -X fail2ban-<name> - - # Option: actioncheck - # Notes.: command executed once before each actionban command - # Values: CMD - # --actioncheck = iptables -n -L <chain> | grep -q 'fail2ban-<name>[ \t]' -+actioncheck = fail2ban-iptables -n -L <chain> | grep -q 'fail2ban-<name>[ \t]' - - # Option: actionban - # Notes.: command executed when banning an IP. Take care that the -@@ -41,7 +42,7 @@ - # Tags: See jail.conf(5) man page - # Values: CMD - # --actionban = iptables -I fail2ban-<name> 1 -s <ip> -j <blocktype> -+actionban = fail2ban-iptables -I fail2ban-<name> 1 -s <ip> -j <blocktype> - - # Option: actionunban - # Notes.: command executed when unbanning an IP. Take care that the -@@ -49,7 +50,7 @@ - # Tags: See jail.conf(5) man page - # Values: CMD - # --actionunban = iptables -D fail2ban-<name> -s <ip> -j <blocktype> -+actionunban = fail2ban-iptables -D fail2ban-<name> -s <ip> -j <blocktype> - - [Init] - -@@ -70,7 +71,7 @@ - protocol = tcp - - # Option: chain --# Notes specifies the iptables chain to which the fail2ban rules should be -+# Notes specifies the fail2ban-iptables chain to which the fail2ban rules should be - # added - # Values: STRING Default: INPUT - chain = INPUT -diff -urN fail2ban-0.8.11.orig/config/action.d/iptables-xt_recent-echo.conf fail2ban-0.8.11/config/action.d/iptables-xt_recent-echo.conf ---- fail2ban-0.8.11.orig/config/action.d/iptables-xt_recent-echo.conf 2013-11-12 22:06:54.000000000 +0100 -+++ fail2ban-0.8.11/config/action.d/iptables-xt_recent-echo.conf 2014-01-06 11:40:07.539235142 +0100 -@@ -33,7 +33,7 @@ - # own rules. The 3600 second timeout is independent and acts as a - # safeguard in case the fail2ban process dies unexpectedly. The - # shorter of the two timeouts actually matters. --actionstart = iptables -I INPUT -m recent --update --seconds 3600 --name fail2ban-<name> -j <blocktype> -+actionstart = fail2ban-iptables -I INPUT -m recent --update --seconds 3600 --name fail2ban-<name> -j <blocktype> - - # Option: actionstop - # Notes.: command executed once at the end of Fail2Ban -diff -urN fail2ban-0.8.11.orig/config/fail2ban.conf fail2ban-0.8.11/config/fail2ban.conf ---- fail2ban-0.8.11.orig/config/fail2ban.conf 2013-11-12 22:06:54.000000000 +0100 -+++ fail2ban-0.8.11/config/fail2ban.conf 2014-01-06 11:31:27.709238905 +0100 -@@ -47,3 +47,10 @@ - # - pidfile = /var/run/fail2ban/fail2ban.pid - -+# Option: ipv6 -+# Notes.: Activate IPv6 support -+# Warning : only with iptables action supported -+# Values: BOOLEAN Default: disabled -+# -+ipv6 = enabled -+ -diff -urN fail2ban-0.8.11.orig/fail2ban-iptables fail2ban-0.8.11/fail2ban-iptables ---- fail2ban-0.8.11.orig/fail2ban-iptables 1970-01-01 01:00:00.000000000 +0100 -+++ fail2ban-0.8.11/fail2ban-iptables 2014-01-06 11:32:30.559238449 +0100 -@@ -0,0 +1,50 @@ -+#!/usr/bin/python -+# This file is part of Fail2Ban. -+# -+# Fail2Ban is free software; you can redistribute it and/or modify -+# it under the terms of the GNU General Public License as published by -+# the Free Software Foundation; either version 2 of the License, or -+# (at your option) any later version. -+# -+# Fail2Ban is distributed in the hope that it will be useful, -+# but WITHOUT ANY WARRANTY; without even the implied warranty of -+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+# GNU General Public License for more details. -+# -+# You should have received a copy of the GNU General Public License -+# along with Fail2Ban; if not, write to the Free Software -+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -+ -+ -+# Iptable wrapper, call the right iptables depending of the ip proposed -+# Author: Paul J Aka "Thanat0s" -+ -+import sys, re, subprocess -+ -+# Main procedure -+def main(argv): -+ concat_argv = ' '.join(argv) -+ regv4 = re.compile('([0-9]{1,3}\.){3}[0-9]{1,3}') -+ if regv4.search(concat_argv): -+ # we are facing to a ipv4 -+ ret = subprocess.call(['iptables'] + argv) -+ sys.exit(ret) -+ else: -+ # if not, maybe it's a ipv6 -+ regv6 = re.compile('::[A-Fa-f0-9]{1,4}|(:[A-Fa-f0-9]{1,4}){2,}') -+ if regv6.search(concat_argv): -+ ret6 = subprocess.call(['ip6tables'] + argv) -+ sys.exit(ret6) -+ else: -+ # if it's not a ipv6 either, we call both iptables -+ ret = subprocess.call(['iptables'] + argv) -+ ret6 = subprocess.call(['ip6tables'] + argv) -+ # return worst error code -+ if ret > ret6: -+ sys.exit(ret) -+ else: -+ sys.exit(ret6) -+ -+# Main call, pass all variables -+if __name__ == "__main__": -+ main(sys.argv[1:]) -diff -urN fail2ban-0.8.11.orig/server/failregex.py fail2ban-0.8.11/server/failregex.py ---- fail2ban-0.8.11.orig/server/failregex.py 2013-11-12 22:06:54.000000000 +0100 -+++ fail2ban-0.8.11/server/failregex.py 2014-01-06 11:12:39.602580405 +0100 -@@ -41,7 +41,7 @@ - self._matchCache = None - # Perform shortcuts expansions. - # Replace "<HOST>" with default regular expression for host. -- regex = regex.replace("<HOST>", "(?:::f{4,6}:)?(?P<host>[\w\-.^_]*\w)") -+ regex = regex.replace("<HOST>", "(?:::f{4,6}:)?(?P<host>[\w\-.^_:]*[\w:])") - if regex.lstrip() == '': - raise RegexException("Cannot add empty regex") - try: -diff -urN fail2ban-0.8.11.orig/server/filter.py fail2ban-0.8.11/server/filter.py ---- fail2ban-0.8.11.orig/server/filter.py 2013-11-12 22:06:54.000000000 +0100 -+++ fail2ban-0.8.11/server/filter.py 2014-01-06 12:25:40.509215356 +0100 -@@ -267,7 +267,10 @@ - s = i.split('/', 1) - # IP address without CIDR mask - if len(s) == 1: -- s.insert(1, '32') -+ if re.match(":", s[0]): -+ s.insert(1, '128') -+ else: -+ s.insert(1, '32') - s[1] = long(s[1]) - try: - a = DNSUtils.cidr(s[0], s[1]) -@@ -623,6 +626,7 @@ - class DNSUtils: - - IP_CRE = re.compile("^(?:\d{1,3}\.){3}\d{1,3}$") -+ IP_CRE6 = re.compile("^(?:[0-9:A-Fa-f]{3,})$") - - #@staticmethod - def dnsToIp(dns): -@@ -646,19 +650,31 @@ - if match: - return match - else: -- return None -+ match = DNSUtils.IP_CRE6.match(text) -+ if match: -+ """ Right Here, we faced to a ipv6 -+ """ -+ return match -+ else: -+ return None - searchIP = staticmethod(searchIP) - - #@staticmethod - def isValidIP(string): -- """ Return true if str is a valid IP -- """ -+ # Return true if str is a valid IP - s = string.split('/', 1) -+ # try to convert to ipv4 - try: - socket.inet_aton(s[0]) - return True - except socket.error: -- return False -+ # if it had failed try to convert ipv6 -+ try: -+ socket.inet_pton(socket.AF_INET6, s[0]) -+ return True -+ except socket.error: -+ # not a valid address in both stacks -+ return False - isValidIP = staticmethod(isValidIP) - - #@staticmethod -@@ -687,11 +703,14 @@ - - #@staticmethod - def cidr(i, n): -- """ Convert an IP address string with a CIDR mask into a 32-bit -- integer. -+ """ Convert an IP address string with a CIDR mask into an integer. - """ -- # 32-bit IPv4 address mask -- MASK = 0xFFFFFFFFL -+ if re.match(":", i): -+ # 128-bit IPv6 address mask -+ MASK = ((1 << 128) - 1) -+ else: -+ # 32-bit IPv4 address mask -+ MASK = 0xFFFFFFFFL - return ~(MASK >> n) & MASK & DNSUtils.addr2bin(i) - cidr = staticmethod(cidr) - -@@ -699,12 +718,21 @@ - def addr2bin(string): - """ Convert a string IPv4 address into an unsigned integer. - """ -- return struct.unpack("!L", socket.inet_aton(string))[0] -+ try: -+ return struct.unpack("!L", socket.inet_aton(string))[0] -+ except socket.error: -+ hi, lo = struct.unpack('!QQ', socket.inet_pton(socket.AF_INET6, string)) -+ return (hi << 64) | lo - addr2bin = staticmethod(addr2bin) - - #@staticmethod - def bin2addr(addr): - """ Convert a numeric IPv4 address into string n.n.n.n form. - """ -- return socket.inet_ntoa(struct.pack("!L", addr)) -+ try: -+ return socket.inet_ntoa(struct.pack("!L", addr)) -+ except socket.error: -+ hi = addr >> 64 -+ lo = addr & ((1 << 64) - 1) -+ return socket.inet_ntop(socket.AF_INET6, struct.pack('!QQ', hi, lo)) - bin2addr = staticmethod(bin2addr) -diff -urN fail2ban-0.8.11.orig/setup.py fail2ban-0.8.11/setup.py ---- fail2ban-0.8.11.orig/setup.py 2013-11-12 22:06:54.000000000 +0100 -+++ fail2ban-0.8.11/setup.py 2014-01-06 11:15:41.519245754 +0100 -@@ -48,7 +48,8 @@ - scripts = [ - 'fail2ban-client', - 'fail2ban-server', -- 'fail2ban-regex' -+ 'fail2ban-regex', -+ 'fail2ban-iptables' - ], - packages = [ - 'common', ================================================================ ---- gitweb: http://git.pld-linux.org/gitweb.cgi/packages/fail2ban.git/commitdiff/7037c24e8b96456f4850906a72884736c290eed4 _______________________________________________ pld-cvs-commit mailing list pld-cvs-commit@lists.pld-linux.org http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit