Fail2Ban v0.11.0-dev Release Notes
-
๐ Fixes
- purge database will be executed now (within observer).
- ๐ restoring currently banned ip after service restart fixed (now < timeofban + bantime), ignore old log failures (already banned)
- โก๏ธ upgrade database: update new created table
bips
with entries from tablebans
(allows restore current bans after upgrade from version <= 0.10)
๐ New Features
- Increment ban time (+ observer) functionality introduced.
- Database functionality extended with bad ips.
- ๐ New tags (usable in actions):
<bancount>
- ban count of this offender if known as bad (started by 1 for unknown)<bantime>
- current ban-time of the ticket (prolongation can be retarded up to 10 sec.)
- โฑ Introduced new action command
actionprolong
to prolong ban-time (e. g. set new timeout if expected); Several actions (like ipset, etc.) rewritten using net logic withactionprolong
. Note: because ban-time is dynamic, it was removed from jail.conf as timeout argument (check jail.local).
โจ Enhancements
- โก๏ธ algorithm of restore current bans after restart changed: update the restored ban-time (and therefore end of ban) of the ticket with ban-time of jail (as maximum), for all tickets with ban-time greater (or persistent); not affected if ban-time of the jail is unchanged between stop/start.
- โ added new setup-option
--without-tests
to skip building and installing of tests files (gh-2287). - โ added new command
fail2ban-client get <JAIL> banip ?sep-char|--with-time?
to get the banned ip addresses (gh-1916).