Fail2ban: ignoreip does not handle multiline values

Created on 19 May 2016  路  8Comments  路  Source: fail2ban/fail2ban 
==> /var/log/fail2ban.log <==
2016-05-19 02:00:29,517 fail2ban.filterpyinotify[28253]: DEBUG   Default Callback for Event: <Event dir=False mask=0x2 maskname=IN_MODIFY name='' path=/var/log/mail.log pathname=/var/log/mail.log wd=2 >
2016-05-19 02:00:29,518 fail2ban.datedetector   [28253]: DEBUG   Matched time template (?:DAY )?MON Day 24hour:Minute:Second(?:\.Microseconds)?(?: Year)?
2016-05-19 02:00:29,518 fail2ban.datedetector   [28253]: DEBUG   Got time 1463623229.000000 for "'May 19 02:00:29'" using template (?:DAY )?MON Day 24hour:Minute:Second(?:\.Microseconds)?(?: Year)?
2016-05-19 02:00:29,518 fail2ban.filter         [28253]: DEBUG   Processing line with time:1463623229.0 and ip:81.2.237.54
2016-05-19 02:00:29,518 fail2ban.filter         [28253]: INFO    [courier-smtp] Ignore 81.2.237.54 by ip
2016-05-19 02:00:29,521 fail2ban.datedetector   [28253]: DEBUG   Sorting the template list
2016-05-19 02:00:29,522 fail2ban.datedetector   [28253]: DEBUG   Winning template: (?:DAY )?MON Day 24hour:Minute:Second(?:\.Microseconds)?(?: Year)? with 2678 hits

# fail2ban-client get courier-smtp ignoreip
These IP addresses/networks are ignored:
`- 127.0.0.0/8
89.40.125.242
66.249.64.0/19

v0.9.4 backported to Debian jessie.

Could you help?

picture szepeviktor

All 8 comments

Is there a way to debug the ignore procedure?

szepeviktor picture szepeviktor on 19 May 2016

Both a and b are zero:
https://github.com/fail2ban/fail2ban/blob/master/fail2ban/server/filter.py#L374-L375
IP-s are 81.2.237.54 and 127.0.0.0

szepeviktor picture szepeviktor on 19 May 2016

Now it is OK:

# fail2ban-client get courier-smtp ignoreip
These IP addresses/networks are ignored:
|- 127.0.0.0/8
|- 89.40.125.242
`- 66.249.64.0/19

Previously the 3 addresses were in separate lines and they were handled as _one_ address.

Please support multi-line values for ignoreip.

szepeviktor picture szepeviktor on 19 May 2016
👍1

I usually separate it like this

#          localhost
#          own IP
#          Googlebot
ignoreip = 127.0.0.0/8
           89.40.125.242
           66.249.64.0/19
szepeviktor picture szepeviktor on 19 May 2016
👍1

On Wed, 18 May 2016, Viktor Sz茅pe wrote:

Both a and b are zero:
https://github.com/fail2ban/fail2ban/blob/master/fail2ban/server/filter.py#L374-L375

and the values of i, ip, s?

yarikoptic picture yarikoptic on 19 May 2016

I've found out that in case of a multiline value ignoreip gets this one value: (not 3)

ignoreip="127.0.0.0/8
89.40.125.242
66.249.64.0/19"

I think it is a bug.

szepeviktor picture szepeviktor on 19 May 2016
👍1

On Wed, 18 May 2016, Viktor Sz茅pe wrote:

Now it is OK:

# fail2ban-client get courier-smtp ignoreip
These IP addresses/networks are ignored:
|- 127.0.0.0/8
|- 89.40.125.242
`- 66.249.64.0/19

Previously the 3 addresses were in separate lines and they were handled as
one address.

Please support multiline value for ignoreip.

I would say we better add support to crash if 'ignoreip' value
doesn't look like an IP address/mask at all, and then add support for
multiline ;)

yarikoptic picture yarikoptic on 19 May 2016

Thank you.

szepeviktor picture szepeviktor on 23 May 2016
👍1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

gaia picture gaia  路  3Comments
mitchellkrogza picture mitchellkrogza  路  6Comments
Skyridr picture Skyridr  路  3Comments
twixi picture twixi  路  5Comments
xtrmbuster picture xtrmbuster  路  3Comments