-
-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
<HOST> expression results in a portion of IPv6 address being matched #1375
Comments
Currently Which filter/jail? |
Example log entry from httpd that triggers this problem: 2001:db8::dead:e1f - - [17/Apr/2016:12:35:01 +0000] "GET /xmlrpc.php HTTP/1.1" 405 42 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.1" |
@sebres: So then the match RE should be written to specifically exclude IPv6 addresses. That's kind of the whole reason I opened this ticket. fail2ban should only be consuming log entries that are IPv4 if it doesn't support IPv6. The fact that fail2ban doesn't yet support IPv6 is a whole other can of worms, but until the years of debate about supporting it can finally be resolved, it needs to ensure that it does not falsely match IPv6 addresses. |
I can repeat only, that the whole regular expression you have use is not "good", I mean that our So I ask AGAIN:
|
OK. So my regex is no good. That doesn't change the nature of this ticket, that the current I would request that the ticket be reopened on that basis. |
Improve your expression around I've wrote already 2 times, that So I don't see any occasion, to reopen this issue. BTW. We've a new branch 0.10, that support IPv6 addresses, so these would be also banned there. I emphasize: the issue is because your expression allows |
BTW, since we should care to match hostname only if usedns is set, and in general we should not rely on hostnames, I wondered if we should change the default in 0.10 to not do name resolving, and use more specific regex for HOST if usedns is false? On May 14, 2016 11:10:46 AM EDT, "Serg G. Brester" notifications@github.com wrote:
Sent from a phone which beats iPhone. |
The extenstion of regex for HOST was required:
How it was done, you can see here: |
Where indeed, would be not bad to have a HOST dependent on |
Environment:
Created my own iptables matching filters but they use to match IP addresses.
The issue:
The current match RE is too generous and ends up matching and returning a portion of an IPv6 address. This results in the following kind of log messages:
The
2605
is the first portion of an IPv6 address.Steps to reproduce
Create or use any kind of filter with in it and then trigger the filter with an IPv6 address.
Expected behavior
Since IPv6 is not yet supported, IPv6 addresses should be ignored.
Observed behavior
An RE of the format
(?:::f{4,6}:)?(?P<host>(\d{1,3}\.){3}\d{1,3})
seems to be much more restrictive about only matching IPv4 addresses.The text was updated successfully, but these errors were encountered: