Daemon to ban hosts that cause multiple authentication errors
IPv6 support, faster more then ever, more secure, many new features etc. See the ChangeLog for more information.
Compatibility warning: Although we have endeavoured to maintain the backwards-compatibility, some custom filter or action configuration files resp. distribution-relevant configs of 0.9th version could be incompatible with this release. Please check it after upgrade to new version.
0.9.x line is no longer heavily developed. If you are interested in new features (e.g. IPv6 support), please consider 0.10 branch and its releases.
filter.d/monit.conf
filter.d/postfix.conf
, filter.d/postfix-sasl.conf
postfix/smtps/smtpd
now (gh-1391)bsd-ipfw
, etc). Now tracks
the actual list of the already substituted tags (per tag instead
of single list)filter.d/common.conf
__prefix_line
(gh-1405)common.conf
, test covered now__prefix_line
extended with optional brackets for the
date ambit (gh-1421), added new parameter __date_ambit
gentoo-initd
fixed --pidfile
bug: --pidfile
is option of
start-stop-daemon
, not argument of fail2ban (see gh-1434)filter.d/asterisk.conf
action.d/firewallcmd-rich-rules
and action.d/firewallcmd-rich-logging
(gh-1367)filter.d/exim*conf
1h
instead of 3600
, 1d
instead of 86400
, etc-f
, --fast
to decrease wait intervals, avoid passive waiting, and skip
few very slow test cases (implied memory database, see -m
and no gamin tests -g
)-g
, --no-gamin
to prevent running of tests that require the gamin (slow)-m
, --memory-db
- run database tests using memory instead of file-i
, --ignore
- negate [regexps] filter to ignore tests matched specified regexpsDNSUtils
moved to new class IPAddr
,
both classes moved to new module ipdns
[Section?family=inet6]
(currently use for IPv6-support only).postfix/smtps/smtpd
now (gh-1391)bsd-ipfw
, etc).
Now tracks the actual list of the already substituted tags (per tag instead of single list)__prefix_line
(gh-1405)common.conf
, test covered now__prefix_line
extended with optional brackets for the date ambit (gh-1421),
added new parameter __date_ambit
--pidfile
is option of start-stop-daemon,
not argument of fail2ban (see gh-1434)+
banaction_allports
(gh-1216)fail2ban-regex
stops working on invalid (wrong encoded) character
for python version < 3.x (gh-1248)fail2ban_agent
as user-agent in actions badips, blocklist_de, etc (gh-1271)<known/parameter>
(means last known init definition of filters or actions with name parameter
).
This interpolation makes possible to extend a parameters of stock filter or
action directly in jail inside jail.local file, without creating a separately
filter.d/*.local file.
As extension to interpolation %(known/parameter)s
, that does not works for
filter and action init parametersfail2ban_version
and interpolation variable
fail2ban_agent
in jail.conf