-
fail2ban 0.11.2 I think an example will help explain what I'm trying, and failing, to do.
In the example the SoftEther VPN server assigns CID-24 to the session and the lines may not appear in as shown in the example. I am absolutely stuck on how to create a filter to do the following . . . . When the error at 2022-01-22 03:33:53.608 is encountered, I wish to ban IP 34.223.110.145. So how can I create a filter what will remember CID-24 has been assigned to a connection initiated by 34.223.110.145 and at 2022-01-22 03:33:53.608 ban 34.223.110.145? I've been trying to learn how to do this for the best part of two months now and finally have admitted defeat. :-( Can anyone help me with this? |
Beta Was this translation helpful? Give feedback.
Replies: 3 comments 1 reply
-
Hmm... Such a wordy log, but logging of IP by the failure seems to be seemingly too much... Anyway, this is a filter example that will cache [Definition]
failregex = ^\s*For the client \(IP address: <ADDR>, host name: "[^"]*", port number: \d+\), connection "<F-MLFID>[^"]+</F-MLFID>" has been <F-NOFAIL>create$
^\s*Connection "<F-MLFID>[^"]+</F-MLFID>" terminated by the cause
^\s*Connection "<F-MLFID>[^"]+</F-MLFID>" has been <F-MLFFORGET><F-NOFAIL>terminated</F-NOFAIL></F-MLFFORGET> |
Beta Was this translation helpful? Give feedback.
-
Thanks for the information. I am struggling to find the documentation to learn how to do this for myself. Can you signpost me to the documentation? I have no clue how to cache stuff and use it later, or even how this caching works. |
Beta Was this translation helpful? Give feedback.
-
Right. I didn't know jail.conf has it's own man page and thank-you for pointing me as well to the bits that has still got to be put into the official man page |
Beta Was this translation helpful? Give feedback.
Hmm... Such a wordy log, but logging of IP by the failure seems to be seemingly too much...
Anyway, this is a filter example that will cache
CID-24
as ID for the IP and matchterminated by the cause
as a failure: