Yes this satisfies the regex but I need to make a capture group to carry that port value to iptables (--sport)
I have found other alternatives that works for me but while I kept on searching, it seems that starting with 0.10 there is what I need: (from ChangeLog) "Exposes filter group captures in actions (non-recursive interpolation of tags `<F-...>`" ... * New tags (usable in actions): `<fid>` - failure identifier (if raw resp. failures without IP address) `<ip-rev>` - PTR reversed representation of IP address `<ip-host>` - host name of the IP address `<F-...>` - interpolates to the corresponding filter group capture `...` <<<<<< THIS `<fq-hostname>` - fully-qualified name of host (the same as `$(hostname -f)`) `<sh-hostname>` - short hostname (the same as `$(uname -n)`) On Thu, Aug 1, 2019 at 3:25 AM Denis Rasulev <[email protected]> wrote: > > How about this: > > <HOST>\:\d{2,5} > > Denis > > > On 1 Aug 2019, at 07:18, Mick Burns <[email protected]> wrote: > > > > Hi James, > > > > The source port number is dynamic so I need to catch it in a capture > > group in order to pass both the source host and source port to the > > action. > > What you gave here only works if the source port is known and is also > > static. > > > > Thanks > > > > > > On Wed, Jul 31, 2019 at 2:51 PM James Moe via Fail2ban-users > > <[email protected]> wrote: > >> > >> On 29/07/2019 5.30 PM, Bill Shirley wrote: > >> > >>> Indeed, not only I need to ban on the source IP, but also on the source > >>> port. > >>> My log files entries exposes this in a pretty standard form : src_ip:port > >>> > >>> Is this feasible at all with f2b ? > >>> > >> ...<HOST>\:port_number... > >> > >> -- > >> James Moe > >> moe dot james at sohnen-moe dot com > >> 520.743.3936 > >> Think. > >> > >> > >> _______________________________________________ > >> Fail2ban-users mailing list > >> [email protected] > >> https://lists.sourceforge.net/lists/listinfo/fail2ban-users > > > > > > _______________________________________________ > > Fail2ban-users mailing list > > [email protected] > > https://lists.sourceforge.net/lists/listinfo/fail2ban-users > _______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
