delta/fail2ban.git - github.com: fail2ban/fail2ban.git

	Commit message (Collapse)	Author	Age	Files	Lines
*	IPThreat integration (#3349)	Jeff Johnson	2022-09-13	1	-0/+107
\| \| \|	new IPThreat action
*	Adding jail name to notes to disambiguate between jails.	Logic-32	2022-05-07	1	-1/+1
\|
*	Moving inet6 family block to the end so other config doesn't get added to it.	Logic-32	2022-05-07	1	-3/+3
\|
*	Adding support for Cloudflare Token API.	Logic-32	2022-04-27	1	-0/+92
\| \| \| \|	Closes #3080
*	iptables and iptables-ipset actions extended to support multiple protocols ↵	sebres	2022-01-26	4	-15/+38
\| \| \| \| \| \|	with single action for multiport or oneport type (back-ported from nftables action); amend to gh-980 fixing several actions (correctly supporting new enhancements now)
*	make several iptables actions more breakdown-safe: start wouldn't fail if ↵	sebres	2022-01-25	2	-4/+3
\| \| \| \| \| \|	chain or rule already exists (e. g. created by previous instance and doesn't get purged properly); ultimately closes gh-980
*	make ipset actions more breakdown-safe: start wouldn't fail if set with this ↵	sebres	2022-01-24	2	-6/+6
\| \| \| \|	name already exists (e. g. created by previous instance and don't deleted properly)
*	Merge remote-tracking branch 'remotes/sebres/1.0-breakdown-safe-actions' ↵	sebres	2022-01-24	12	-361/+224
\|\ \| \| \| \| \| \| \| \| \| \|	with master; conflicts resolved
\| *	replace internals of several iptables-ipset actions using internals of ↵	sebres	2020-02-14	5	-123/+99
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	iptables include: - better check mechanism (using `-C`, option `--check` is available long time); - additionally iptables-ipset is a common action for iptables-ipset-proto6-* now (which become obsolete now); - many features of different iptables actions are combinable as single chain/rule (can be supplied to action as parameters); - tests adjusted.
\| *	first attempt to make certain standard actions breakdown safe starting with ↵	sebres	2020-02-14	11	-233/+128
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	iptables: - better check mechanism (using `-C`, option `--check` is available long time); - additionally iptables is a replacement for iptables-common now, several actions using this as include now become obsolete; - many features of different iptables actions are combinable as single chain/rule (can be supplied to action as parameters);
* \|	Merge branch '0.11'	sebres	2021-11-03	4	-7/+7
\|\ \
\| * \	Merge branch '0.10' into 0.11	sebres	2021-11-03	4	-7/+7
\| \|\ \
\| \| * \|	Revert "`action.d/firewallcmd-*.conf` (multiport only): fixed port range ↵	sebres	2021-11-01	4	-7/+7
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	selector, replacing `:` with `-`;" This reverts the incompatibility #3047 introduced by commit a038fd5dfe8cb0714472833604735b83462a217d (#2821).
* \| \| \|	merge 0.11 to 1.0 (GHSA-m985-3f3v-cwmm)	sebres	2021-07-07	6	-13/+13
\|\ \ \ \ \| \|/ / /
\| * \| \|	merge 0.10 to 0.11 (GHSA-m985-3f3v-cwmm)	sebres	2021-07-07	6	-13/+13
\| \|\ \ \ \| \| \|/ /
\| \| * \|	fixed possible RCE vulnerability, unset escape variable (default tilde) ↵	sebres	2021-06-21	6	-13/+13
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	stops consider "~" char after new-line as composing escape sequence
* \| \| \|	action.d/ufw.conf: amend to #3018: parameter `kill-mode` extended with conntrack	Sergey G. Brester	2021-06-03	1	-1/+2
\| \| \| \|
* \| \| \|	action.d/firewallcmd-ipset.conf: amend to #2620:	sebres	2021-05-29	2	-82/+38
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	- combines actions `firewallcmd-ipset` and `firewallcmd-ipset-native` (parameter `ipsettype=firewalld`); - IPv6-capability for firewalld ipset; - no internal timeout handling by default; - no permanent rules yet
* \| \| \|	Merge pull request #2620 from mspolitaev/master	Sergey G. Brester	2021-05-29	1	-0/+77
\|\ \ \ \ \| \| \| \| \| \| \| \| \| \|	Using native firewalld ipset implementation
\| * \| \| \|	Using native firewalld ipset implementation	Mihail Politaev	2020-01-30	1	-0/+77
\| \| \|_\|/ \| \|/\| \| \| \| \| \|	By creating additional action file firewallcmd-ipset-native.conf
* \| \| \|	Missing comment "#" (#3022)	usernamepi	2021-05-07	1	-1/+1
\| \| \| \| \| \| \| \| \| \| \| \|	Missed this ... but the logs showed it.
* \| \| \|	ufw.conf, amend to #3018 - add missing option for comment (#3019)	usernamepi	2021-05-06	1	-0/+4
\| \| \| \|
* \| \| \|	added new options `kill-mode` and `kill`, which makes the drop of all ↵	Sergey G. Brester	2021-05-06	1	-1/+16
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	connections optional
* \| \| \|	option "add", can be set to "insert <num>" instead of prepend (customization ↵	Sergey G. Brester	2021-05-06	1	-2/+6
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	or backwards compat)
* \| \| \|	Update ufw.conf	usernamepi	2021-05-06	1	-9/+18
\| \|/ / \|/\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Prerequisites: * The ss command is available, kernel is compiled with option CONFIG_INET_DIAG_DESTROY. * Ufw version is => 0.36 (released in 2018) * Now using "prepend" instead of "insert" to be able to handle IPv6 addresses correctly. The current action will fail for IPv6 addresses. * Now application names containing a space should handled correctly, solves https://github.com/fail2ban/fail2ban/pull/1532 * Now closing IPv4 and IPv6 connections (if any) from the ip that is being banned. The current action will leave them open. Using ss to accomplish this. For this to work the kernel needs to be compiled with the CONFIG_INET_DIAG_DESTROY option. My system apparently is compiled that way.
* \| \|	Merge pull request #2565 from caronc/0.11	Sergey G. Brester	2021-04-04	1	-0/+49
\|\ \ \ \| \| \| \| \| \| \| \|	Add Apprise Support (50+ Notifications)
\| * \| \|	involve config parameter (replaces hard-coded path); fixed typo in actionban ↵	Sergey G. Brester	2020-09-02	1	-3/+5
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	(looks like copy&paste from trimmed tty)
\| * \| \|	Add Apprise Support (50+ Notifications)	Chris Caron	2020-08-04	1	-0/+47
\| \| \| \|
* \| \| \|	Merge branch '0.10' into 0.11	sebres	2021-03-03	1	-2/+9
\|\ \ \ \ \| \| \|_\|/ \| \|/\| \|
\| * \| \|	`action.d/nginx-block-map.conf`: reload nginx only if it is running (also ↵	sebres	2021-02-24	1	-2/+9
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	avoid error in nginx-errorlog, gh-2949) and better test coverage for the action
* \| \| \|	Merge branch '0.10' into 0.11	sebres	2021-02-24	2	-410/+0
\|\ \ \ \ \| \|/ / /
\| * \| \|	action.d/badips.* removed (badips.com is no longer active, gh-2889)	sebres	2021-02-24	2	-410/+0
\| \| \| \|
* \| \| \|	Merge branch '0.10' into 0.11	sebres	2021-01-21	1	-2/+7
\|\ \ \ \ \| \|/ / /
\| * \| \|	action.d/cloudflare.conf: better IPv6 capability	Sergey G. Brester	2021-01-11	1	-2/+7
\| \| \| \| \| \| \| \| \| \| \| \|	closes gh-2891
* \| \| \|	Merge branch '0.10' into 0.11	sebres	2020-11-05	1	-1/+4
\|\ \ \ \ \| \|/ / /
\| * \| \|	`action.d/bsd-ipfw.conf`: small amend (gh-2836) simplifying awk ↵	sebres	2020-09-29	1	-1/+1
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	condition/code (position starts from `<lowest_rule_num>` and increases whilst used)
\| * \| \|	`action.d/bsd-ipfw.conf`: fixed selection of rule-no by large list or ↵	sebres	2020-09-29	1	-1/+4
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	initial `lowest_rule_num`, exit code can't be larger than 255 (gh-2836)
* \| \| \|	Merge branch '0.10' into 0.11	sebres	2020-09-23	1	-4/+3
\|\ \ \ \ \| \|/ / /
\| * \| \|	action.d/abuseipdb.conf: removed broken link, simplified usage example, ↵	Sergey G. Brester	2020-09-17	1	-5/+4
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	fixed typos
* \| \| \|	Merge branch '0.10' into 0.11	sebres	2020-09-04	5	-34/+14
\|\ \ \ \ \| \|/ / /
\| * \| \|	`action.d/firewallcmd-*.conf` (multiport only): fixed port range selector, ↵	sebres	2020-09-03	5	-34/+14
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	replacing `:` with `-`; small optimizations on `firewallcmd-rich-rules.conf` and `firewallcmd-rich-logging.conf` simplifying both and provide a dependency (rich-logging is a derivative of rich-rules); closes gh-2821
* \| \| \|	Merge branch '0.10' into 0.11	sebres	2020-08-04	5	-29/+29
\|\ \ \ \ \| \|/ / /
\| * \| \|	Merge branch '0.10-ipset-tout' into 0.10, amend to #2703: resolves names ↵	sebres	2020-08-04	4	-28/+28
\| \|\ \ \ \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	conflict (command action timeout and ipset timeout); closes #2790
\| \| * \| \|	resolves names conflict (command action timeout and ipset timeout); closes ↵	sebres	2020-08-04	4	-28/+28
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	gh-2790
\| * \| \| \|	action.d/nftables.conf (type=multiport only): fixed port range selector ↵	sebres	2020-06-24	1	-1/+1
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	(replacing `:` with `-`)
* \| \| \| \|	Merge branch '0.10' into 0.11	sebres	2020-05-25	5	-29/+66
\|\ \ \ \ \ \| \|/ / / / \| \| \| \| / \| \|_\|_\|/ \|/\| \| \|
\| * \| \|	added fallback using tr and sed (jq is optional now)	Sergey G. Brester	2020-04-27	1	-2/+2
\| \| \| \|
\| * \| \|	Update cloudflare.conf	Sergey G. Brester	2020-04-27	1	-2/+2
\| \| \| \|
\| * \| \|	cloudflare: fixes ip to id conversion by unban using jq	Sergey G. Brester	2020-04-27	1	-6/+11
\| \| \| \| \| \| \| \| \| \| \| \|	normalized URIs and parameters, notes gets a jail-name (should be possible to differentiate the same IP across several jails)
\| * \| \|	CloudFlare started to indent their API responses	Viktor Szépe	2020-04-27	1	-2/+2
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	We need to use https://github.com/stedolan/jq to parse it.