Jochen,
Not sure if this will be helpful ..you say you installed "the
patches for IPv6" on 0.8.13 ...it sounds to me like you're
saying that you originally installed 0.8.13 and then tried to
install the IPv6 on top of it without doing a complete uninstall
of 0.8.13 first. I tried the same thing and it didn't work for
me. So I had to save my modified files, then do a complete
uninstall of the IPv4 version, then do a fresh install of the
IPv6 version (and add my changed files) ...and it worked
perfectly.
I can't remember what I used to do the uninstall but I probably
did it with the system package tool (ie: "apt-get uninstall").
Hope this helps.
And regarding the fail regex's ...I didn't make changes to them for
the IPv6. I just assumed that <HOST> would now match both IPv4 and
IPv6 (which it does).
Mit besten Grüßen
On Thu, Feb 23, 2017, at 01:47 AM, Jochen Fahrner wrote:
> Hi,
>
> I installed the patches for IPv6 on my Debian Jessie fail2ban (v0.8.13).
> I made a custom firewall using iptables and log access to closed ports.
>
> This is a sample line in kern.log:
>
> Feb 23 10:14:21 server kernel: [2227838.684771] [MYFW BLOCK] IN=eth0
> OUT= MAC=52:54:a2:01:b9:0e:d2:74:7f:6e:37:e3:86:dd
> SRC=2607:f740:000c:0000:0000:0000:0000:0c5c
> DST=2a01:04f8:0c17:12f8:0000:0000:0000:0002 LEN=80 TC=0 HOPLIMIT=19
> FLOWLBL=0 PROTO=UDP SPT=48247 DPT=33523 LEN=40
>
> This is the rule to match them:
> failregex = ^%(__prefix_line)s\[MYFW BLOCK\] IN=eth0 OUT=
> MAC=%(__machex)s SRC=<HOST>
>
> Whenever there is an IPv6 address in this line, fail2ban throws an error
> to the log:
> fail2ban.filter [7589]: WARNING Unable to find a corresponding IP
> address for 127.0.0.1/8: [Errno -2] Name or service not known
>
> I think it has to do with the regex in failregex.py. It now (after the
> patch) is:
> regex = regex.replace("<HOST>", "(?:::f{4,6}:)?(?P<host>[\w\-.^_:]*\w)")
>
> What's wrong with this regex?
>
> --
> Mit besten Grüßen
> Jochen Fahrner
>
>
>
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
> _______________________________________________
> Fail2ban-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/fail2ban-users
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
