diff options
| author | sebres <serg.brester@sebres.de> | 2021-04-21 11:50:07 +0200 |
|---|---|---|
| committer | sebres <serg.brester@sebres.de> | 2021-04-21 11:50:07 +0200 |
| commit | d3f5d2d52b1e1b1577dbf29e931fbdbe59f56109 (patch) | |
| tree | 184044ce6edd79b3871c64f88d73afbffeb4d1ee /man | |
| parent | f0214b3d36ea08b318c52a2d51fce50bf9ec0cce (diff) | |
| download | fail2ban-d3f5d2d52b1e1b1577dbf29e931fbdbe59f56109.tar.gz | |
documentation (interpolation tags)
Diffstat (limited to 'man')
| -rw-r--r-- | man/jail.conf.5 | 18 |
1 files changed, 17 insertions, 1 deletions
diff --git a/man/jail.conf.5 b/man/jail.conf.5 index 788fad2b..5f29161d 100644 --- a/man/jail.conf.5 +++ b/man/jail.conf.5 @@ -481,13 +481,29 @@ is the regex (\fBreg\fRular \fBex\fRpression) that will match failed attempts. T .IP \fI<IP4>\fR - regex for IPv4 addresses. .IP -\fI<IP6>\fR - regex for IPv6 addresses (also IP enclosed in brackets). +\fI<IP6>\fR - regex for IPv6 addresses. .IP \fI<DNS>\fR - regex to match hostnames. .IP \fI<CIDR>\fR - helper regex to match CIDR (simple integer form of net-mask). .IP \fI<SUBNET>\fR - regex to match sub-net adresses (in form of IP/CIDR, also single IP is matched, so part /CIDR is optional). +.IP +\fI<F-ID>...</F-ID>\fR - free regex capturing group targeting identifier used for ban (instead of IP address or hostname). +.IP +\fI<F-*>...</F-*>\fR - free regex capturing named group stored in ticket, which can be used in action. +.nf +For example \fI<F-USER>[^@]+</F-USER>\fR matches and stores a user name, that can be used in action with interpolation tag \fI<F-USER>\fR. +.IP +\fI<F-ALT_*n>...</F-ALT_*n>\fR - free regex capturing alternative named group stored in ticket. +.nf +For example first found matched value defined in regex as \fI<F-ALT_USER>\fR, \fI<F-ALT_USER1>\fR or \fI<F-ALT_USER2>\fR would be stored as <F-USER> (if direct match is not found or empty). +.PP +Every of abovementioned tags can be specified in \fBprefregex\fR and in \fBfailregex\fR, thereby if specified in both, the value matched in \fBfailregex\fR overwrites a value matched in \fBprefregex\fR. +.TQ +All standard tags like IP4 or IP6 can be also specified with custom regex using \fI<F-*>...</F-*>\fR syntax, for example \fI(?:ip4:<F-IP4>\\S+</F-IP4>|ip6:<F-IP6>\\S+</F-IP6>)\fR. +.TQ +Tags \fI<ADDR>\fR, \fI<HOST>\fR and \fI<SUBNET>\fR would also match the IP address enclosed in square brackets. .PP \fBNOTE:\fR the \fBfailregex\fR will be applied to the remaining part of message after \fBprefregex\fR processing (if specified), which in turn takes place after \fBdatepattern\fR processing (whereby the string of timestamp matching the best pattern, cut out from the message). .PP |