Skip to content


Subversion checkout URL

You can clone with
Download ZIP


fail2ban Debian release 0.9.2-1


Long delayed
ver. 0.9.2 (2015/04/29) - better-quick-now-than-later

- Fixes:
   * Fix ufw action commands
   * infinite busy loop on _escapedTags match in substituteRecursiveTags gh-907.
     Thanks TonyThompson
   * port[s] typo in jail.conf/nginx-http-auth gh-913. Thanks Frederik Wagner
   * $ typo in jail.conf. Thanks Skibbi. Debian bug #767255
   * grep'ing for IP in *mail-whois-lines.conf should now match also
     at the beginning and EOL.  Thanks Dean Lee
   * jail.conf
     - php-url-fopen: separate logpath entries by newline
   * failregex declared direct in jail was joined to single line (specifying of
     multiple expressions was not possible).
   * filters.d/exim.conf - cover different settings of exim logs
     details. Thanks bes.internal
   * filter.d/postfix-sasl.conf - failregex is now case insensitive
   * filters.d/postfix.conf - add 'Client host rejected error message' failregex
   * fail2ban/ - add strptime thread safety hack-around
   * recidive uses iptables-allports banaction by default now.
     Avoids problems with iptables versions not understanding 'all' for
     protocols and ports
   * filter.d/dovecot.conf
     - match pam_authenticate line from EL7
     - match unknown user line from EL7
   * Use use_poll=True for Python 2.7 and >=3.4 to overcome "Bad file
     descriptor" msgs issue (gh-161)
   * filter.d/postfix-sasl.conf - tweak failregex and add ignoreregex to ignore
     system authentication issues
   * fail2ban-regex reads filter file(s) completely, incl. '.local' file etc.
   * firewallcmd-* actions: split output into separate lines for grepping (gh-908)
   * Guard unicode encode/decode issues while storing records in the database.
     Fixes "binding parameter error (unsupported type)" (gh-973), thanks to kot
     for reporting
   * filter.d/sshd added regex for matching openSUSE ssh authentication failure
   * filter.d/asterisk.conf:
     - Dropped "Sending fake auth rejection" failregex since it incorrectly
       targets the asterisk server itself
     - match "hacking attempt detected" logs

- New Features:
   - New filters:
     - postfix-rbl  Thanks Lee Clemens
     - apache-fakegooglebot.conf  Thanks Lee Clemens
     - nginx-botsearch  Thanks Frantisek Sumsal
     - drupal-auth  Thanks Lee Clemens
   - New recursive embedded substitution feature added:
     - `<<PREF>HOST>` becomes `<IPV4HOST>` for PREF=`IPV4`;
     - `<<PREF>HOST>` becomes `` for PREF=`IPV4` and IPV4HOST=``;
   - New interpolation feature for config readers - `%(known/parameter)s`.
     (means last known option with name `parameter`). This interpolation makes
     possible to extend a stock filter or jail regexp in .local file
     (opposite to simply set failregex/ignoreregex that overwrites it),
     see gh-867.
   - Monit config for fail2ban in files/monit/
   - New actions:
     - action.d/firewallcmd-multiport and action.d/firewallcmd-allports Thanks Donald Yandt
     - action.d/sendmail-geoip-lines.conf
     - action.d/nsupdate to update DNSBL. Thanks Andrew St. Jean
   - New status argument for fail2ban-client -- flavor:
     fail2ban-client status <jail> [flavor]
     - empty or "basic" works as-is
     - "cymru" additionally prints (ASN, Country RIR) per banned IP
       (requires dnspython or dnspython3)
   - Flush log at USR1 signal

- Enhancements:
   * Enable multiport for firewallcmd-new action.  Closes gh-834
   * files/debian-initd migrated from the debian branch and should be
     suitable for manual installations now (thanks Juan Karlo de Guzman)
   * Define empty ignoreregex in filters which didn't have it to avoid
     warnings (gh-934)
   * action.d/{sendmail-*,xarf-login-attack}.conf - report local
     timezone not UTC time/zone. Closes gh-911
   * Conditionally log Ignore IP with reason (dns, ip, command). Closes gh-916
   * Absorbed DNSUtils.cidr into addr2bin in, added unittests
   * Added syslogsocket configuration to fail2ban.conf
   * Note in the jail.conf for the recidive jail to increase dbpurgeage (gh-964)

Read release notes


fail2ban Debian release 0.9.1+git44-gd65c4f8-1


fail2ban Debian release 0.9.1-1


What aught to be a bugfix release delayed into a featured release 0.9.1
ver. 0.9.1 (2014/10/29) - better, faster, stronger

- Refactoring (IMPORTANT -- Please review your setup and configuration):
   * iptables-common.conf replaced iptables-blocktype.conf
     (iptables-blocktype.local should still be read) and now also
     provides defaults for the chain, port, protocol and name tags

- Fixes:
   * start of file2ban aborted (on slow hosts, systemd considers the server has
     been timed out and kills him), see gh-824
   * UTF-8 fixes in pure-ftp thanks to Johannes Weberhofer. Closes gh-806.
   * systemd backend error on bad utf-8 in python3
   * action error when logging HTTP error raised with badips request
   * fail2ban-regex failed to work in python3 due to space/tab mix
   * recidive regex samples incorrect log level
   * journalmatch for recidive incorrect PRIORITY
   * loglevel couldn't be changed in fail2ban.conf
   * Handle case when no sqlite library is available for persistent database
   * Only reban once per IP from database on fail2ban restart
   * Nginx filter to support missing server_name. Closes gh-676
   * fail2ban-regex assertion error caused by miscount missed lines with
     multiline regex
   * Fix actions failing to execute for Python 3.4.0. Workaround for
   * Database now returns persistent bans on restart (bantime < 0)
   * Recursive action tags now fully processed. Fixes issue with bsd-ipfw
   * Fixed TypeError with "ipfailures" and "ipjailfailures" action tags.
     Thanks Serg G. Brester
   * Correct times for non-timezone date times formats during DST
   * Pass a copy of, not original, aInfo into actions to avoid side-effects
   * Per-distribution paths to the exim's main log
   * Ignored IPs are no longer banned when being restored from persistent
   * Manually unbanned IPs are now removed from persistent database, such they
     wont be banned again when Fail2Ban is restarted
   * Pass "bantime" parameter to the actions in default jail's action
   * filters.d/sieve.conf - fixed typo in _daemon.  Thanks Jisoo Park
   * cyrus-imap -- also catch also failed logins via secured (imaps/pop3s).
     Regression was introduced while strengthening failregex in 0.8.11 (bd175f)
     Debian bug #755173
   * postfix-sasl - added journalmatch.  Thanks Luc Maisonobe
   * postfix* - match with a new daemon string (postfix/submission/smtpd).
     Closes gh-804 .  Thanks Paul Traina
   * apache - added filter for AH01630 client denied by server configuration.

- New features:
   - New filters:
     - monit  Thanks Jason H Martin
     - directadmin  Thanks niorg
     - apache-shellshock  Thanks Eugene Hopkinson (SlowRiot)
   - New actions:
     - symbiosis-blacklist-allports  for Bytemark symbiosis firewall
   - fail2ban-client can fetch the running server version
   - Added Cloudflare API action

- Enhancements
   * Start performance of fail2ban-client (and tests) increased, start time
     and cpu usage rapidly reduced. Introduced a shared storage logic, to
     bypass reading lots of config files (see gh-824).
     Thanks to Joost Molenaar for good catch (reported gh-820).
   * Fail2ban-regex - add print-all-matched option. Closes gh-652
   * Suppress fail2ban-client warnings for non-critical config options
   * Match non "Bye Bye" disconnect messages for sshd locked account regex
   * courier-smtp filter:
     - match lines with user names
     - match lines containing "535 Authentication failed" attempts
   * Add <chain> tag to iptables-ipsets
   * Realign fail2ban log output with white space to improve readability. Does
     not affect SYSLOG output
   * Log unhandled exceptions
   * cyrus-imap: catch "user not found" attempts
   * Add support for Portsentry

Read release notes


fail2ban Debian release 0.9.0+git252-g47441d1-1


removed changes to vagrant and stuff


Bugfix release to please people with elderly Pythons

Read release notes


fail2ban Debian release 0.8.6-3wheezy3
Something went wrong with that request. Please try again.