Fail2Ban v0.11.0-dev Release Notes

  • ๐Ÿ›  Fixes

    • purge database will be executed now (within observer).
    • ๐Ÿ›  restoring currently banned ip after service restart fixed (now < timeofban + bantime), ignore old log failures (already banned)
    • โšก๏ธ upgrade database: update new created table bips with entries from table bans (allows restore current bans after upgrade from version <= 0.10)

    ๐Ÿ†• New Features

    • Increment ban time (+ observer) functionality introduced.
    • Database functionality extended with bad ips.
    • ๐Ÿ†• New tags (usable in actions):
      • <bancount> - ban count of this offender if known as bad (started by 1 for unknown)
      • <bantime> - current ban-time of the ticket (prolongation can be retarded up to 10 sec.)
    • โฑ Introduced new action command actionprolong to prolong ban-time (e. g. set new timeout if expected); Several actions (like ipset, etc.) rewritten using net logic with actionprolong. Note: because ban-time is dynamic, it was removed from jail.conf as timeout argument (check jail.local).

    โœจ Enhancements

    • โšก๏ธ algorithm of restore current bans after restart changed: update the restored ban-time (and therefore end of ban) of the ticket with ban-time of jail (as maximum), for all tickets with ban-time greater (or persistent); not affected if ban-time of the jail is unchanged between stop/start.
    • โž• added new setup-option --without-tests to skip building and installing of tests files (gh-2287).
    • โž• added new command fail2ban-client get <JAIL> banip ?sep-char|--with-time? to get the banned ip addresses (gh-1916).