Fail2Ban v0.11.1 Release Notes
Release Date: 2020-01-11 // over 4 years ago-
Compatibility:
- to v.0.10:
- 0.11 is totally compatible to 0.10 (configuration- and API-related stuff), but the database got some new tables and fields (auto-converted during the first start), so once updated to 0.11, you have to remove the database /var/lib/fail2ban/fail2ban.sqlite3 (or its different to 0.10 schema) if you would need to downgrade to 0.10 for some reason.
to v.0.9:
- Filter (or
failregex
) internal capture-groups: - If you've your own
failregex
or custom filters using conditional match(?P=host)
, you should rewrite the regex like in example below resp. using(?:(?P=ip4)|(?P=ip6)
instead of(?P=host)
(or(?:(?P=ip4)|(?P=ip6)|(?P=dns))
corresponding yourusedns
andraw
settings).
Of course you can always define your own capture-group (like below
_cond_ip_
) to do this.testln="1500000000 failure from 192.0.2.1: bad host 192.0.2.1" fail2ban-regex "$testln" "^\s*failure from (?P<_cond_ip_><HOST>): bad host (?P=_cond_ip_)$"
- New internal groups (currently reserved for internal usage):
ip4
,ip6
,dns
,fid
,fport
, additionallyuser
and another captures in lower case if mapping from tag<F-*>
used in failregex (e. g.user
by<F-USER>
). - v.0.10 and 0.11 use more precise date template handling, that can be theoretically incompatible to some
user configurations resp.
datepattern
. - Since v0.10 fail2ban supports the matching of IPv6 addresses, but not all ban actions are IPv6-capable now.
- Filter (or
🛠 Fixes
- purge database will be executed now (within observer).
- 🛠 restoring currently banned ip after service restart fixed (now < timeofban + bantime), ignore old log failures (already banned)
- ⚡️ upgrade database: update new created table
bips
with entries from tablebans
(allows restore current bans after upgrade from version <= 0.10)
🆕 New Features
- Increment ban time (+ observer) functionality introduced.
- Database functionality extended with bad ips.
- 🆕 New tags (usable in actions):
<bancount>
- ban count of this offender if known as bad (started by 1 for unknown)<bantime>
- current ban-time of the ticket (prolongation can be retarded up to 10 sec.)
- ⏱ Introduced new action command
actionprolong
to prolong ban-time (e. g. set new timeout if expected); Several actions (like ipset, etc.) rewritten using net logic withactionprolong
. Note: because ban-time is dynamic, it was removed from jail.conf as timeout argument (check jail.local).
✨ Enhancements
- ⚡️ algorithm of restore current bans after restart changed: update the restored ban-time (and therefore end of ban) of the ticket with ban-time of jail (as maximum), for all tickets with ban-time greater (or persistent); not affected if ban-time of the jail is unchanged between stop/start.
- ➕ added new setup-option
--without-tests
to skip building and installing of tests files (gh-2287). - ➕ added new command
fail2ban-client get <JAIL> banip ?sep-char|--with-time?
to get the banned ip addresses (gh-1916).
- to v.0.10: