Rev 5 | Blame | Compare with Previous | Last modification | View Log | RSS feed
# Fail2Ban filter for repeat bans## This filter monitors the fail2ban log file, and enables you to add long# time bans for ip addresses that get banned by fail2ban multiple times.## Reasons to use this: block very persistent attackers for a longer time,# stop receiving email notifications about the same attacker over and# over again.## This jail is only useful if you set the 'findtime' and 'bantime' parameters# in jail.conf to a higher value than the other jails. Also, this jail has its# drawbacks, namely in that it works only with iptables, or if you use a# different blocking mechanism for this jail versus others (e.g. hostsdeny# for most jails, and shorewall for this one).[INCLUDES]# Read common prefixes. If any customizations available -- read them from# common.localbefore = common.conf[Definition]_daemon = fail2ban\.actions\s*# The name of the jail that this filter is used for. In jail.conf, name the# jail using this filter 'recidive', or change this line!_jailname = recidivefailregex = ^(%(__prefix_line)s| %(_daemon)s%(__pid_re)s?:\s+)NOTICE\s+\[(?!%(_jailname)s\])(?:.*)\]\s+Ban\s+<HOST>\s*$ignoreregex =[Init]journalmatch = _SYSTEMD_UNIT=fail2ban.service PRIORITY=5# Author: Tom Hendrikx, modifications by Amir Caspi