Hi,
I installed the patches for IPv6 on my Debian Jessie fail2ban (v0.8.13).
I made a custom firewall using iptables and log access to closed ports.
This is a sample line in kern.log:
Feb 23 10:14:21 server kernel: [2227838.684771] [MYFW BLOCK] IN=eth0
OUT= MAC=52:54:a2:01:b9:0e:d2:74:7f:6e:37:e3:86:dd
SRC=2607:f740:000c:0000:0000:0000:0000:0c5c
DST=2a01:04f8:0c17:12f8:0000:0000:0000:0002 LEN=80 TC=0 HOPLIMIT=19
FLOWLBL=0 PROTO=UDP SPT=48247 DPT=33523 LEN=40
This is the rule to match them:
failregex = ^%(__prefix_line)s\[MYFW BLOCK\] IN=eth0 OUT=
MAC=%(__machex)s SRC=<HOST>
Whenever there is an IPv6 address in this line, fail2ban throws an error
to the log:
fail2ban.filter [7589]: WARNING Unable to find a corresponding IP
address for 127.0.0.1/8: [Errno -2] Name or service not known
I think it has to do with the regex in failregex.py. It now (after the
patch) is:
regex = regex.replace("<HOST>", "(?:::f{4,6}:)?(?P<host>[\w\-.^_:]*\w)")
What's wrong with this regex?
--
Mit besten Grüßen
Jochen Fahrner
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
