├── .gitignore ├── LICENSE ├── README.md ├── bin ├── ld-allow ├── ld-allow-all ├── ld-block ├── ld-block-all ├── ld-clear-f2b ├── ld-cron-job ├── ld-export ├── ld-import ├── ld-load-lists ├── ld-reinitialize ├── ld-reload ├── ld-remove-allow ├── ld-remove-block ├── ld-restart ├── ld-save ├── ld-start ├── ld-status ├── ld-stop ├── ld-test └── ld-update-lists ├── conf └── lockdown-default.conf ├── etc ├── fail2ban │ ├── action.d │ │ ├── badips.conf │ │ ├── badips.py │ │ ├── blocklist_de.conf │ │ ├── cloudflare.conf │ │ ├── complain.conf │ │ ├── dummy.conf │ │ ├── iptables-allports.conf │ │ ├── iptables-common.conf │ │ ├── iptables-ipset-proto4.conf │ │ ├── iptables-ipset-proto6-allports.conf │ │ ├── iptables-ipset-proto6.conf │ │ ├── iptables-multiport-log.conf │ │ ├── iptables-multiport.conf │ │ ├── iptables-new.conf │ │ ├── iptables-xt_recent-echo.conf │ │ ├── iptables.conf │ │ ├── lockdown-iptables-ipset.conf │ │ ├── mail-buffered.conf │ │ ├── mail-whois-common.conf │ │ ├── mail-whois-lines.conf │ │ ├── mail-whois.conf │ │ ├── mail.conf │ │ ├── sendmail-buffered.conf │ │ ├── sendmail-common.conf │ │ ├── sendmail-geoip-lines.conf │ │ ├── sendmail-whois-ipjailmatches.conf │ │ ├── sendmail-whois-ipmatches.conf │ │ ├── sendmail-whois-lines.conf │ │ ├── sendmail-whois-matches.conf │ │ ├── sendmail-whois.conf │ │ ├── sendmail.conf │ │ └── smtp.py │ ├── fail2ban.conf │ ├── fail2ban.d │ │ └── lockdown.fail2ban.conf │ ├── filter.d │ │ ├── apache-auth.conf │ │ ├── apache-badbots.conf │ │ ├── apache-botsearch.conf │ │ ├── apache-common.conf │ │ ├── apache-fakegooglebot.conf │ │ ├── apache-modsecurity.conf │ │ ├── apache-nohome.conf │ │ ├── apache-noscript.conf │ │ ├── apache-overflows.conf │ │ ├── apache-pass.conf │ │ ├── apache-shellshock.conf │ │ ├── botsearch-common.conf │ │ ├── common.conf │ │ ├── ignorecommands │ │ │ └── apache-fakegooglebot │ │ ├── mysqld-auth.conf │ │ ├── nginx-botsearch.conf │ │ ├── nginx-http-auth.conf │ │ ├── nginx-limit-req.conf │ │ ├── pam-generic.conf │ │ ├── php-url-fopen.conf │ │ ├── sshd-ddos.conf │ │ ├── sshd.conf │ │ └── suhosin.conf │ ├── jail.conf │ ├── jail.d │ │ └── lockdown.jails.conf │ ├── paths-common.conf │ ├── paths-debian.conf │ ├── paths-fedora.conf │ └── paths-lockdown.conf ├── init.d │ ├── fail2ban │ ├── ipset │ ├── iptables │ └── lockdown ├── ipset.conf ├── logrotate.d │ └── fail2ban └── sysconfig │ ├── ip6tables │ ├── ip6tables-config │ ├── iptables │ └── iptables-config ├── fail2ban-0.9.4 ├── .coveragerc ├── .github │ ├── ISSUE_TEMPLATE.md │ └── PULL_REQUEST_TEMPLATE.md ├── .gitignore ├── .mailmap ├── .project ├── .pylintrc ├── .travis.yml ├── CONTRIBUTING.md ├── COPYING ├── ChangeLog ├── DEVELOP ├── FILTERS ├── MANIFEST ├── MANIFEST.in ├── README.Solaris ├── README.md ├── RELEASE ├── THANKS ├── TODO ├── Vagrantfile ├── bin │ ├── fail2ban-client │ ├── fail2ban-regex │ ├── fail2ban-server │ └── fail2ban-testcases ├── config │ ├── action.d │ │ ├── apf.conf │ │ ├── badips.conf │ │ ├── badips.py │ │ ├── blocklist_de.conf │ │ ├── bsd-ipfw.conf │ │ ├── cloudflare.conf │ │ ├── complain.conf │ │ ├── dshield.conf │ │ ├── dummy.conf │ │ ├── firewallcmd-allports.conf │ │ ├── firewallcmd-ipset.conf │ │ ├── firewallcmd-multiport.conf │ │ ├── firewallcmd-new.conf │ │ ├── hostsdeny.conf │ │ ├── ipfilter.conf │ │ ├── ipfw.conf │ │ ├── iptables-allports.conf │ │ ├── iptables-common.conf │ │ ├── iptables-ipset-proto4.conf │ │ ├── iptables-ipset-proto6-allports.conf │ │ ├── iptables-ipset-proto6.conf │ │ ├── iptables-multiport-log.conf │ │ ├── iptables-multiport.conf │ │ ├── iptables-new.conf │ │ ├── iptables-xt_recent-echo.conf │ │ ├── iptables.conf │ │ ├── mail-buffered.conf │ │ ├── mail-whois-common.conf │ │ ├── mail-whois-lines.conf │ │ ├── mail-whois.conf │ │ ├── mail.conf │ │ ├── mynetwatchman.conf │ │ ├── nftables-allports.conf │ │ ├── nftables-common.conf │ │ ├── nftables-multiport.conf │ │ ├── nsupdate.conf │ │ ├── osx-afctl.conf │ │ ├── osx-ipfw.conf │ │ ├── pf.conf │ │ ├── route.conf │ │ ├── sendmail-buffered.conf │ │ ├── sendmail-common.conf │ │ ├── sendmail-geoip-lines.conf │ │ ├── sendmail-whois-ipjailmatches.conf │ │ ├── sendmail-whois-ipmatches.conf │ │ ├── sendmail-whois-lines.conf │ │ ├── sendmail-whois-matches.conf │ │ ├── sendmail-whois.conf │ │ ├── sendmail.conf │ │ ├── shorewall-ipset-proto6.conf │ │ ├── shorewall.conf │ │ ├── smtp.py │ │ ├── symbiosis-blacklist-allports.conf │ │ ├── ufw.conf │ │ └── xarf-login-attack.conf │ ├── fail2ban.conf │ ├── filter.d │ │ ├── 3proxy.conf │ │ ├── apache-auth.conf │ │ ├── apache-badbots.conf │ │ ├── apache-botsearch.conf │ │ ├── apache-common.conf │ │ ├── apache-fakegooglebot.conf │ │ ├── apache-modsecurity.conf │ │ ├── apache-nohome.conf │ │ ├── apache-noscript.conf │ │ ├── apache-overflows.conf │ │ ├── apache-pass.conf │ │ ├── apache-shellshock.conf │ │ ├── assp.conf │ │ ├── asterisk.conf │ │ ├── botsearch-common.conf │ │ ├── common.conf │ │ ├── counter-strike.conf │ │ ├── courier-auth.conf │ │ ├── courier-smtp.conf │ │ ├── cyrus-imap.conf │ │ ├── directadmin.conf │ │ ├── dovecot.conf │ │ ├── dropbear.conf │ │ ├── drupal-auth.conf │ │ ├── ejabberd-auth.conf │ │ ├── exim-common.conf │ │ ├── exim-spam.conf │ │ ├── exim.conf │ │ ├── freeswitch.conf │ │ ├── froxlor-auth.conf │ │ ├── groupoffice.conf │ │ ├── gssftpd.conf │ │ ├── guacamole.conf │ │ ├── haproxy-http-auth.conf │ │ ├── horde.conf │ │ ├── ignorecommands │ │ │ └── apache-fakegooglebot │ │ ├── kerio.conf │ │ ├── lighttpd-auth.conf │ │ ├── monit.conf │ │ ├── murmur.conf │ │ ├── mysqld-auth.conf │ │ ├── nagios.conf │ │ ├── named-refused.conf │ │ ├── nginx-botsearch.conf │ │ ├── nginx-http-auth.conf │ │ ├── nginx-limit-req.conf │ │ ├── nsd.conf │ │ ├── openhab.conf │ │ ├── openwebmail.conf │ │ ├── oracleims.conf │ │ ├── pam-generic.conf │ │ ├── perdition.conf │ │ ├── php-url-fopen.conf │ │ ├── portsentry.conf │ │ ├── postfix-rbl.conf │ │ ├── postfix-sasl.conf │ │ ├── postfix.conf │ │ ├── proftpd.conf │ │ ├── pure-ftpd.conf │ │ ├── qmail.conf │ │ ├── recidive.conf │ │ ├── roundcube-auth.conf │ │ ├── screensharingd.conf │ │ ├── selinux-common.conf │ │ ├── selinux-ssh.conf │ │ ├── sendmail-auth.conf │ │ ├── sendmail-reject.conf │ │ ├── sieve.conf │ │ ├── sogo-auth.conf │ │ ├── solid-pop3d.conf │ │ ├── squid.conf │ │ ├── squirrelmail.conf │ │ ├── sshd-ddos.conf │ │ ├── sshd.conf │ │ ├── stunnel.conf │ │ ├── suhosin.conf │ │ ├── tine20.conf │ │ ├── uwimap-auth.conf │ │ ├── vsftpd.conf │ │ ├── webmin-auth.conf │ │ ├── wuftpd.conf │ │ └── xinetd-fail.conf │ ├── jail.conf │ ├── paths-common.conf │ ├── paths-debian.conf │ ├── paths-fedora.conf │ ├── paths-freebsd.conf │ ├── paths-opensuse.conf │ └── paths-osx.conf ├── doc │ ├── Doxyfile │ ├── Makefile │ ├── conf.py │ ├── develop.rst │ ├── fail2ban.client.actionreader.rst │ ├── fail2ban.client.beautifier.rst │ ├── fail2ban.client.configparserinc.rst │ ├── fail2ban.client.configreader.rst │ ├── fail2ban.client.configurator.rst │ ├── fail2ban.client.csocket.rst │ ├── fail2ban.client.fail2banreader.rst │ ├── fail2ban.client.filterreader.rst │ ├── fail2ban.client.jailreader.rst │ ├── fail2ban.client.jailsreader.rst │ ├── fail2ban.client.rst │ ├── fail2ban.exceptions.rst │ ├── fail2ban.helpers.rst │ ├── fail2ban.protocol.rst │ ├── fail2ban.rst │ ├── fail2ban.server.action.rst │ ├── fail2ban.server.actions.rst │ ├── fail2ban.server.asyncserver.rst │ ├── fail2ban.server.banmanager.rst │ ├── fail2ban.server.database.rst │ ├── fail2ban.server.datedetector.rst │ ├── fail2ban.server.datetemplate.rst │ ├── fail2ban.server.faildata.rst │ ├── fail2ban.server.failmanager.rst │ ├── fail2ban.server.failregex.rst │ ├── fail2ban.server.filter.rst │ ├── fail2ban.server.filtergamin.rst │ ├── fail2ban.server.filterpoll.rst │ ├── fail2ban.server.filterpyinotify.rst │ ├── fail2ban.server.filtersystemd.rst │ ├── fail2ban.server.jail.rst │ ├── fail2ban.server.jails.rst │ ├── fail2ban.server.jailthread.rst │ ├── fail2ban.server.mytime.rst │ ├── fail2ban.server.rst │ ├── fail2ban.server.server.rst │ ├── fail2ban.server.strptime.rst │ ├── fail2ban.server.ticket.rst │ ├── fail2ban.server.transmitter.rst │ ├── fail2ban.version.rst │ ├── filters.rst │ ├── index.rst │ ├── release.rst │ ├── requirements.txt │ └── run-rootless.txt ├── fail2ban-2to3 ├── fail2ban-testcases-all ├── fail2ban-testcases-all-python3 ├── fail2ban.egg-info │ ├── PKG-INFO │ ├── SOURCES.txt │ ├── dependency_links.txt │ └── top_level.txt ├── fail2ban │ ├── __init__.py │ ├── client │ │ ├── __init__.py │ │ ├── actionreader.py │ │ ├── beautifier.py │ │ ├── configparserinc.py │ │ ├── configreader.py │ │ ├── configurator.py │ │ ├── csocket.py │ │ ├── fail2banreader.py │ │ ├── fail2banregex.py │ │ ├── filterreader.py │ │ ├── jailreader.py │ │ └── jailsreader.py │ ├── exceptions.py │ ├── helpers.py │ ├── protocol.py │ ├── server │ │ ├── __init__.py │ │ ├── action.py │ │ ├── actions.py │ │ ├── asyncserver.py │ │ ├── banmanager.py │ │ ├── database.py │ │ ├── datedetector.py │ │ ├── datetemplate.py │ │ ├── faildata.py │ │ ├── failmanager.py │ │ ├── failregex.py │ │ ├── filter.py │ │ ├── filtergamin.py │ │ ├── filterpoll.py │ │ ├── filterpyinotify.py │ │ ├── filtersystemd.py │ │ ├── jail.py │ │ ├── jails.py │ │ ├── jailthread.py │ │ ├── mytime.py │ │ ├── server.py │ │ ├── strptime.py │ │ ├── ticket.py │ │ └── transmitter.py │ ├── tests │ │ ├── __init__.py │ │ ├── action_d │ │ │ ├── __init__.py │ │ │ ├── test_badips.py │ │ │ └── test_smtp.py │ │ ├── actionstestcase.py │ │ ├── actiontestcase.py │ │ ├── banmanagertestcase.py │ │ ├── clientreadertestcase.py │ │ ├── config │ │ │ ├── action.d │ │ │ │ └── brokenaction.conf │ │ │ ├── fail2ban.conf │ │ │ ├── filter.d │ │ │ │ ├── simple.conf │ │ │ │ ├── test.conf │ │ │ │ └── test.local │ │ │ └── jail.conf │ │ ├── databasetestcase.py │ │ ├── datedetectortestcase.py │ │ ├── dummyjail.py │ │ ├── fail2banregextestcase.py │ │ ├── failmanagertestcase.py │ │ ├── files │ │ │ ├── action.d │ │ │ │ ├── action.py │ │ │ │ ├── action_checkainfo.py │ │ │ │ ├── action_errors.py │ │ │ │ ├── action_modifyainfo.py │ │ │ │ ├── action_noAction.py │ │ │ │ └── action_nomethod.py │ │ │ ├── config │ │ │ │ └── apache-auth │ │ │ │ │ ├── README │ │ │ │ │ ├── basic │ │ │ │ │ ├── authz_owner │ │ │ │ │ │ ├── .htaccess │ │ │ │ │ │ ├── .htpasswd │ │ │ │ │ │ └── cant_get_me.html │ │ │ │ │ └── file │ │ │ │ │ │ ├── .htaccess │ │ │ │ │ │ └── .htpasswd │ │ │ │ │ ├── digest.py │ │ │ │ │ ├── digest │ │ │ │ │ ├── .htaccess │ │ │ │ │ └── .htpasswd │ │ │ │ │ ├── digest_anon │ │ │ │ │ ├── .htaccess │ │ │ │ │ └── .htpasswd │ │ │ │ │ ├── digest_time │ │ │ │ │ ├── .htaccess │ │ │ │ │ └── .htpasswd │ │ │ │ │ ├── digest_wrongrelm │ │ │ │ │ ├── .htaccess │ │ │ │ │ └── .htpasswd │ │ │ │ │ └── noentry │ │ │ │ │ └── .htaccess │ │ │ ├── database_v1.db │ │ │ ├── filter.d │ │ │ │ ├── substition.conf │ │ │ │ ├── testcase-common.conf │ │ │ │ └── testcase01.conf │ │ │ ├── ignorecommand.py │ │ │ ├── logs │ │ │ │ ├── 3proxy │ │ │ │ ├── apache-auth │ │ │ │ ├── apache-badbots │ │ │ │ ├── apache-botsearch │ │ │ │ ├── apache-fakegooglebot │ │ │ │ ├── apache-modsecurity │ │ │ │ ├── apache-nohome │ │ │ │ ├── apache-noscript │ │ │ │ ├── apache-overflows │ │ │ │ ├── apache-pass │ │ │ │ ├── apache-shellshock │ │ │ │ ├── assp │ │ │ │ ├── asterisk │ │ │ │ ├── bsd │ │ │ │ │ ├── syslog-plain.txt │ │ │ │ │ ├── syslog-v.txt │ │ │ │ │ └── syslog-vv.txt │ │ │ │ ├── counter-strike │ │ │ │ ├── courier-auth │ │ │ │ ├── courier-smtp │ │ │ │ ├── cyrus-imap │ │ │ │ ├── directadmin │ │ │ │ ├── dovecot │ │ │ │ ├── dropbear │ │ │ │ ├── drupal-auth │ │ │ │ ├── ejabberd-auth │ │ │ │ ├── exim │ │ │ │ ├── exim-spam │ │ │ │ ├── freeswitch │ │ │ │ ├── froxlor-auth │ │ │ │ ├── groupoffice │ │ │ │ ├── gssftpd │ │ │ │ ├── guacamole │ │ │ │ ├── haproxy-http-auth │ │ │ │ ├── horde │ │ │ │ ├── kerio │ │ │ │ ├── lighttpd-auth │ │ │ │ ├── monit │ │ │ │ ├── murmur │ │ │ │ ├── mysqld-auth │ │ │ │ ├── nagios │ │ │ │ ├── named-refused │ │ │ │ ├── nginx-botsearch │ │ │ │ ├── nginx-http-auth │ │ │ │ ├── nginx-limit-req │ │ │ │ ├── nsd │ │ │ │ ├── openhab │ │ │ │ ├── openwebmail │ │ │ │ ├── oracleims │ │ │ │ ├── pam-generic │ │ │ │ ├── perdition │ │ │ │ ├── php-url-fopen │ │ │ │ ├── portsentry │ │ │ │ ├── postfix │ │ │ │ ├── postfix-rbl │ │ │ │ ├── postfix-sasl │ │ │ │ ├── proftpd │ │ │ │ ├── pure-ftpd │ │ │ │ ├── qmail │ │ │ │ ├── recidive │ │ │ │ ├── roundcube-auth │ │ │ │ ├── screensharingd │ │ │ │ ├── selinux-ssh │ │ │ │ ├── sendmail-auth │ │ │ │ ├── sendmail-reject │ │ │ │ ├── sieve │ │ │ │ ├── sogo-auth │ │ │ │ ├── solid-pop3d │ │ │ │ ├── squid │ │ │ │ ├── squirrelmail │ │ │ │ ├── sshd │ │ │ │ ├── sshd-ddos │ │ │ │ ├── stunnel │ │ │ │ ├── suhosin │ │ │ │ ├── tine20 │ │ │ │ ├── uwimap-auth │ │ │ │ ├── vsftpd │ │ │ │ ├── webmin-auth │ │ │ │ ├── wuftpd │ │ │ │ └── xinetd-fail │ │ │ ├── testcase-journal.log │ │ │ ├── testcase-multiline.log │ │ │ ├── testcase-usedns.log │ │ │ ├── testcase-wrong-char.log │ │ │ ├── testcase01.log │ │ │ ├── testcase02.log │ │ │ ├── testcase03.log │ │ │ └── testcase04.log │ │ ├── filtertestcase.py │ │ ├── misctestcase.py │ │ ├── samplestestcase.py │ │ ├── servertestcase.py │ │ ├── sockettestcase.py │ │ └── utils.py │ └── version.py ├── files │ ├── bash-completion │ ├── cacti │ │ ├── README │ │ ├── cacti_host_template_fail2ban.xml │ │ └── fail2ban_stats.sh │ ├── debian-initd │ ├── fail2ban-logrotate │ ├── fail2ban-tmpfiles.conf │ ├── fail2ban.service │ ├── fail2ban.upstart │ ├── gen_badbots │ ├── gentoo-confd │ ├── gentoo-initd │ ├── ipmasq-ZZZzzz_fail2ban.rul │ ├── logwatch │ │ ├── fail2ban │ │ ├── fail2ban-0.8.log │ │ └── fail2ban-0.9.log │ ├── macosx-initd │ ├── monit │ │ └── fail2ban │ ├── nagios │ │ ├── README │ │ └── check_fail2ban │ ├── redhat-initd │ ├── solaris-fail2ban.xml │ ├── solaris-svc-fail2ban │ └── suse-initd ├── kill-server ├── man │ ├── fail2ban-client.1 │ ├── fail2ban-client.h2m │ ├── fail2ban-regex.1 │ ├── fail2ban-regex.h2m │ ├── fail2ban-server.1 │ ├── fail2ban-server.h2m │ ├── fail2ban-testcases.1 │ ├── fail2ban-testcases.h2m │ ├── fail2ban.1 │ ├── generate-man │ └── jail.conf.5 ├── setup.cfg └── setup.py ├── ld-install ├── ld-update ├── lib ├── determine_linux_distro ├── lockdown_daemons_srvchkcnf ├── lockdown_daemons_systemctl ├── lockdown_init ├── lockdown_installation_report ├── lockdown_ip_parser └── lockdown_reinit ├── lists ├── blacklists │ ├── blocklist.de.ips │ ├── bogons.cidr │ ├── emergingthreats.net.ips │ ├── spamhaus-extended.cidr │ └── spamhaus.cidr ├── countries.txt ├── countries │ ├── ad.zone │ ├── ae.zone │ ├── af.zone │ ├── ag.zone │ ├── ai.zone │ ├── al.zone │ ├── am.zone │ ├── ao.zone │ ├── ap.zone │ ├── ar.zone │ ├── as.zone │ ├── at.zone │ ├── au.zone │ ├── aw.zone │ ├── ax.zone │ ├── az.zone │ ├── ba.zone │ ├── bb.zone │ ├── bd.zone │ ├── be.zone │ ├── bf.zone │ ├── bg.zone │ ├── bh.zone │ ├── bi.zone │ ├── bj.zone │ ├── bl.zone │ ├── bm.zone │ ├── bn.zone │ ├── bo.zone │ ├── bq.zone │ ├── br.zone │ ├── bs.zone │ ├── bt.zone │ ├── bw.zone │ ├── by.zone │ ├── bz.zone │ ├── ca.zone │ ├── cd.zone │ ├── cf.zone │ ├── cg.zone │ ├── ch.zone │ ├── ci.zone │ ├── ck.zone │ ├── cl.zone │ ├── cm.zone │ ├── cn.zone │ ├── co.zone │ ├── cr.zone │ ├── cu.zone │ ├── cv.zone │ ├── cw.zone │ ├── cy.zone │ ├── cz.zone │ ├── de.zone │ ├── dj.zone │ ├── dk.zone │ ├── dm.zone │ ├── do.zone │ ├── dz.zone │ ├── ec.zone │ ├── ee.zone │ ├── eg.zone │ ├── er.zone │ ├── es.zone │ ├── et.zone │ ├── eu.zone │ ├── fi.zone │ ├── fj.zone │ ├── fm.zone │ ├── fo.zone │ ├── fr.zone │ ├── ga.zone │ ├── gb.zone │ ├── gd.zone │ ├── ge.zone │ ├── gf.zone │ ├── gg.zone │ ├── gh.zone │ ├── gi.zone │ ├── gl.zone │ ├── gm.zone │ ├── gn.zone │ ├── gp.zone │ ├── gq.zone │ ├── gr.zone │ ├── gt.zone │ ├── gu.zone │ ├── gw.zone │ ├── gy.zone │ ├── hk.zone │ ├── hn.zone │ ├── hr.zone │ ├── ht.zone │ ├── hu.zone │ ├── id.zone │ ├── ie.zone │ ├── il.zone │ ├── im.zone │ ├── in.zone │ ├── io.zone │ ├── iq.zone │ ├── ir.zone │ ├── is.zone │ ├── it.zone │ ├── je.zone │ ├── jm.zone │ ├── jo.zone │ ├── jp.zone │ ├── ke.zone │ ├── kg.zone │ ├── kh.zone │ ├── ki.zone │ ├── km.zone │ ├── kn.zone │ ├── kp.zone │ ├── kr.zone │ ├── kw.zone │ ├── ky.zone │ ├── kz.zone │ ├── la.zone │ ├── lb.zone │ ├── lc.zone │ ├── li.zone │ ├── lk.zone │ ├── lr.zone │ ├── ls.zone │ ├── lt.zone │ ├── lu.zone │ ├── lv.zone │ ├── ly.zone │ ├── ma.zone │ ├── mc.zone │ ├── md.zone │ ├── me.zone │ ├── mf.zone │ ├── mg.zone │ ├── mh.zone │ ├── mk.zone │ ├── ml.zone │ ├── mm.zone │ ├── mn.zone │ ├── mo.zone │ ├── mp.zone │ ├── mq.zone │ ├── mr.zone │ ├── ms.zone │ ├── mt.zone │ ├── mu.zone │ ├── mv.zone │ ├── mw.zone │ ├── mx.zone │ ├── my.zone │ ├── mz.zone │ ├── na.zone │ ├── nc.zone │ ├── ne.zone │ ├── nf.zone │ ├── ng.zone │ ├── ni.zone │ ├── nl.zone │ ├── no.zone │ ├── np.zone │ ├── nr.zone │ ├── nu.zone │ ├── nz.zone │ ├── om.zone │ ├── pa.zone │ ├── pe.zone │ ├── pf.zone │ ├── pg.zone │ ├── ph.zone │ ├── pk.zone │ ├── pl.zone │ ├── pm.zone │ ├── pr.zone │ ├── ps.zone │ ├── pt.zone │ ├── pw.zone │ ├── py.zone │ ├── qa.zone │ ├── re.zone │ ├── ro.zone │ ├── rs.zone │ ├── ru.zone │ ├── rw.zone │ ├── sa.zone │ ├── sb.zone │ ├── sc.zone │ ├── sd.zone │ ├── se.zone │ ├── sg.zone │ ├── si.zone │ ├── sk.zone │ ├── sl.zone │ ├── sm.zone │ ├── sn.zone │ ├── so.zone │ ├── sr.zone │ ├── ss.zone │ ├── st.zone │ ├── sv.zone │ ├── sx.zone │ ├── sy.zone │ ├── sz.zone │ ├── tc.zone │ ├── td.zone │ ├── tg.zone │ ├── th.zone │ ├── tj.zone │ ├── tk.zone │ ├── tl.zone │ ├── tm.zone │ ├── tn.zone │ ├── to.zone │ ├── tr.zone │ ├── tt.zone │ ├── tv.zone │ ├── tw.zone │ ├── tz.zone │ ├── ua.zone │ ├── ug.zone │ ├── um.zone │ ├── us.zone │ ├── uy.zone │ ├── uz.zone │ ├── va.zone │ ├── vc.zone │ ├── ve.zone │ ├── vg.zone │ ├── vi.zone │ ├── vn.zone │ ├── vu.zone │ ├── wf.zone │ ├── ws.zone │ ├── ye.zone │ ├── yt.zone │ ├── za.zone │ ├── zm.zone │ └── zw.zone └── country-codes.txt ├── post-process ├── ipset.rules └── iptables.rules ├── pre-process ├── ipset.rules └── iptables.rules └── usr ├── lib └── systemd │ └── system │ ├── fail2ban.service │ ├── ip6tables.service │ ├── ipset.service │ └── iptables.service └── libexec ├── ipset └── ipset.start-stop └── iptables ├── ip6tables.init └── iptables.init /.gitignore: -------------------------------------------------------------------------------- 1 | *.bak 2 | *.sw* 3 | *.tar.gz 4 | *~ 5 | conf/lockdown.conf 6 | ./fail2ban* 7 | -------------------------------------------------------------------------------- /bin/ld-clear-f2b: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/boldleadsdevelopment/lockdown/b3fa7a61c0f887359f3910d88fe0a573d7c16f38/bin/ld-clear-f2b -------------------------------------------------------------------------------- /bin/ld-cron-job: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | #ld-cron-job 3 | 4 | /usr/sbin/ld-load-lists -y 2>&1 5 | -------------------------------------------------------------------------------- /etc/fail2ban/action.d/badips.conf: -------------------------------------------------------------------------------- 1 | # Fail2ban reporting to badips.com 2 | # 3 | # Note: This reports and IP only and does not actually ban traffic. Use 4 | # another action in the same jail if you want bans to occur. 5 | # 6 | # Set the category to the appropriate value before use. 7 | # 8 | # To get see register and optional key to get personalised graphs see: 9 | # http://www.badips.com/blog/personalized-statistics-track-the-attackers-of-all-your-servers-with-one-key 10 | 11 | [Definition] 12 | 13 | actionban = curl --fail --user-agent "" http://www.badips.com/add// 14 | 15 | [Init] 16 | 17 | # Option: category 18 | # Notes.: Values are from the list here: http://www.badips.com/get/categories 19 | category = 20 | -------------------------------------------------------------------------------- /etc/fail2ban/action.d/lockdown-iptables-ipset.conf: -------------------------------------------------------------------------------- 1 | # Fail2Ban configuration file 2 | # 3 | # Author: @iDoMeteor 4 | # 5 | # All Fail2Ban blocks go into the ipset blacklist-f2b rather than f2b- 6 | # Chains and sets are neither created nor destroyed, Lockdown manages this 7 | 8 | [INCLUDES] 9 | 10 | before = 11 | 12 | [Init] 13 | bantime = 1800 14 | 15 | [Definition] 16 | 17 | actionstart = 18 | actionstop = ipset flush blacklist-f2b 19 | actionban = ipset add blacklist-f2b timeout -exist 20 | actionunban = ipset del blacklist-f2b -exist 21 | 22 | -------------------------------------------------------------------------------- /etc/fail2ban/action.d/sendmail-whois.conf: -------------------------------------------------------------------------------- 1 | # Fail2Ban configuration file 2 | # 3 | # Author: Cyril Jaquier 4 | # 5 | # 6 | 7 | [INCLUDES] 8 | 9 | before = sendmail-common.conf 10 | 11 | [Definition] 12 | 13 | # Option: actionban 14 | # Notes.: command executed when banning an IP. Take care that the 15 | # command is executed with Fail2Ban user rights. 16 | # Tags: See jail.conf(5) man page 17 | # Values: CMD 18 | # 19 | actionban = printf %%b "Subject: [Fail2Ban] : banned from `uname -n` 20 | Date: `LC_ALL=C date +"%%a, %%d %%h %%Y %%T %%z"` 21 | From: <> 22 | To: \n 23 | Hi,\n 24 | The IP has just been banned by Fail2Ban after 25 | attempts against .\n\n 26 | Here is more information about :\n 27 | `/usr/bin/whois || echo missing whois program`\n 28 | Regards,\n 29 | Fail2Ban" | /usr/sbin/sendmail -f 30 | 31 | [Init] 32 | 33 | # Default name of the chain 34 | # 35 | name = default 36 | 37 | -------------------------------------------------------------------------------- /etc/fail2ban/action.d/sendmail.conf: -------------------------------------------------------------------------------- 1 | # Fail2Ban configuration file 2 | # 3 | # Author: Cyril Jaquier 4 | # 5 | # 6 | 7 | [INCLUDES] 8 | 9 | before = sendmail-common.conf 10 | 11 | [Definition] 12 | 13 | # Option: actionban 14 | # Notes.: command executed when banning an IP. Take care that the 15 | # command is executed with Fail2Ban user rights. 16 | # Tags: See jail.conf(5) man page 17 | # Values: CMD 18 | # 19 | actionban = printf %%b "Subject: [Fail2Ban] : banned from `uname -n` 20 | Date: `LC_ALL=C date +"%%a, %%d %%h %%Y %%T %%z"` 21 | From: <> 22 | To: \n 23 | Hi,\n 24 | The IP has just been banned by Fail2Ban after 25 | attempts against .\n 26 | Regards,\n 27 | Fail2Ban" | /usr/sbin/sendmail -f 28 | 29 | [Init] 30 | 31 | # Default name of the chain 32 | # 33 | name = default 34 | 35 | -------------------------------------------------------------------------------- /etc/fail2ban/fail2ban.d/lockdown.fail2ban.conf: -------------------------------------------------------------------------------- 1 | # Fail2Ban Lockdown Defaults 2 | # v0.0.1 3 | 4 | [Definition] 5 | 6 | loglevel = ERROR 7 | logtarget = /var/log/fail2ban.log 8 | syslogsocket = auto 9 | socket = /var/run/fail2ban/fail2ban.sock 10 | pidfile = /var/run/fail2ban/fail2ban.pid 11 | dbfile = none 12 | dbpurgeage = 86400 13 | -------------------------------------------------------------------------------- /etc/fail2ban/filter.d/apache-common.conf: -------------------------------------------------------------------------------- 1 | # Generic configuration items (to be used as interpolations) in other 2 | # apache filters. 3 | 4 | [INCLUDES] 5 | 6 | # Load customizations if any available 7 | after = apache-common.local 8 | 9 | [DEFAULT] 10 | 11 | _apache_error_client = \[\] \[(:?error|\S+:\S+)\]( \[pid \d+(:\S+ \d+)?\])? \[client (:\d{1,5})?\] 12 | 13 | # Common prefix for [error] apache messages which also would include 14 | # Depending on the version it could be 15 | # 2.2: [Sat Jun 01 11:23:08 2013] [error] [client 1.2.3.4] 16 | # 2.4: [Thu Jun 27 11:55:44.569531 2013] [core:info] [pid 4101:tid 2992634688] [client 1.2.3.4:46652] 17 | # 2.4 (perfork): [Mon Dec 23 07:49:01.981912 2013] [:error] [pid 3790] [client 204.232.202.107:46301] script '/var/www/timthumb.php' not found or unable to 18 | # 19 | # Reference: https://github.com/fail2ban/fail2ban/issues/268 20 | # 21 | # Author: Yaroslav Halchenko 22 | -------------------------------------------------------------------------------- /etc/fail2ban/filter.d/apache-fakegooglebot.conf: -------------------------------------------------------------------------------- 1 | # Fail2Ban filter for fake Googlebot User Agents 2 | 3 | [Definition] 4 | 5 | failregex = ^ .*Googlebot.*$ 6 | 7 | ignoreregex = 8 | 9 | 10 | # DEV Notes: 11 | # 12 | # Author: Lee Clemens 13 | # Thanks: Johannes B. Ullrich, Ph.D. 14 | # Reference: https://isc.sans.edu/forums/diary/When+Google+isnt+Google/15968/ 15 | -------------------------------------------------------------------------------- /etc/fail2ban/filter.d/apache-modsecurity.conf: -------------------------------------------------------------------------------- 1 | # Fail2Ban apache-modsec filter 2 | # 3 | 4 | [INCLUDES] 5 | 6 | # Read common prefixes. If any customizations available -- read them from 7 | # apache-common.local 8 | before = apache-common.conf 9 | 10 | [Definition] 11 | 12 | 13 | failregex = ^%(_apache_error_client)s ModSecurity: (\[.*?\] )*Access denied with code [45]\d\d.*$ 14 | 15 | ignoreregex = 16 | 17 | # https://github.com/SpiderLabs/ModSecurity/wiki/ModSecurity-2-Data-Formats 18 | # Author: Daniel Black 19 | -------------------------------------------------------------------------------- /etc/fail2ban/filter.d/apache-nohome.conf: -------------------------------------------------------------------------------- 1 | # Fail2Ban filter to web requests for home directories on Apache servers 2 | # 3 | # Regex to match failures to find a home directory on a server, which 4 | # became popular last days. Most often attacker just uses IP instead of 5 | # domain name -- so expect to see them in generic error.log if you have 6 | # per-domain log files. 7 | 8 | [INCLUDES] 9 | 10 | # overwrite with apache-common.local if _apache_error_client is incorrect. 11 | before = apache-common.conf 12 | 13 | [Definition] 14 | 15 | 16 | failregex = ^%(_apache_error_client)s (AH00128: )?File does not exist: .*/~.* 17 | 18 | ignoreregex = 19 | 20 | # Author: Yaroslav O. Halchenko 21 | -------------------------------------------------------------------------------- /etc/fail2ban/filter.d/apache-pass.conf: -------------------------------------------------------------------------------- 1 | # Fail2Ban Apache pass filter 2 | # This filter is for access.log, NOT for error.log 3 | # 4 | # The knocking request must have a referer. 5 | 6 | [INCLUDES] 7 | 8 | before = apache-common.conf 9 | 10 | [Definition] 11 | 12 | failregex = ^ - \w+ \[\] "GET HTTP/1\.[01]" 200 \d+ ".*" "[^-].*"$ 13 | 14 | ignoreregex = 15 | 16 | [Init] 17 | 18 | knocking_url = /knocking/ 19 | 20 | # Author: Viktor Szépe 21 | -------------------------------------------------------------------------------- /etc/fail2ban/filter.d/botsearch-common.conf: -------------------------------------------------------------------------------- 1 | # Generic configuration file for -botsearch filters 2 | 3 | [Init] 4 | 5 | # Block is the actual non-found directories to block 6 | block = \/?(|||cgi-bin|mysqladmin)[^,]* 7 | 8 | # These are just convient definitions that assist the blocking of stuff that 9 | # isn't installed 10 | webmail = roundcube|(ext)?mail|horde|(v-?)?webmail 11 | 12 | phpmyadmin = (typo3/|xampp/|admin/|)(pma|(php)?[Mm]y[Aa]dmin) 13 | 14 | wordpress = wp-(login|signup|admin)\.php 15 | 16 | # DEV Notes: 17 | # Taken from apache-botsearch filter 18 | # 19 | # Author: Frantisek Sumsal 20 | -------------------------------------------------------------------------------- /etc/fail2ban/filter.d/mysqld-auth.conf: -------------------------------------------------------------------------------- 1 | # Fail2Ban filter for unsuccesfull MySQL authentication attempts 2 | # 3 | # 4 | # To log wrong MySQL access attempts add to /etc/my.cnf in [mysqld]: 5 | # log-error=/var/log/mysqld.log 6 | # log-warning = 2 7 | # 8 | # If using mysql syslog [mysql_safe] has syslog in /etc/my.cnf 9 | 10 | [INCLUDES] 11 | 12 | # Read common prefixes. If any customizations available -- read them from 13 | # common.local 14 | before = common.conf 15 | 16 | [Definition] 17 | 18 | _daemon = mysqld 19 | 20 | failregex = ^%(__prefix_line)s(?:\d+ |\d{6} \s?\d{1,2}:\d{2}:\d{2} )?\[\w+\] Access denied for user '[^']+'@'' (to database '[^']*'|\(using password: (YES|NO)\))*\s*$ 21 | 22 | ignoreregex = 23 | 24 | # DEV Notes: 25 | # 26 | # Technically __prefix_line can equate to an empty string hence it can support 27 | # syslog and non-syslog at once. 28 | # Example: 29 | # 130322 11:26:54 [Warning] Access denied for user 'root'@'127.0.0.1' (using password: YES) 30 | # 31 | # Authors: Artur Penttinen 32 | # Yaroslav O. Halchenko 33 | -------------------------------------------------------------------------------- /etc/fail2ban/filter.d/nginx-botsearch.conf: -------------------------------------------------------------------------------- 1 | # Fail2Ban filter to match web requests for selected URLs that don't exist 2 | # 3 | 4 | [INCLUDES] 5 | 6 | # Load regexes for filtering 7 | before = botsearch-common.conf 8 | 9 | [Definition] 10 | 11 | failregex = ^ \- \S+ \[\] \"(GET|POST|HEAD) \/ \S+\" 404 .+$ 12 | ^ \[error\] \d+#\d+: \*\d+ (\S+ )?\"\S+\" (failed|is not found) \(2\: No such file or directory\), client\: \, server\: \S*\, request: \"(GET|POST|HEAD) \/ \S+\"\, .*?$ 13 | 14 | ignoreregex = 15 | 16 | 17 | # DEV Notes: 18 | # Based on apache-botsearch filter 19 | # 20 | # Author: Frantisek Sumsal -------------------------------------------------------------------------------- /etc/fail2ban/filter.d/nginx-http-auth.conf: -------------------------------------------------------------------------------- 1 | # fail2ban filter configuration for nginx 2 | 3 | 4 | [Definition] 5 | 6 | 7 | failregex = ^ \[error\] \d+#\d+: \*\d+ user "\S+":? (password mismatch|was not found in ".*"), client: , server: \S*, request: "\S+ \S+ HTTP/\d+\.\d+", host: "\S+"(, referrer: "\S+")?\s*$ 8 | 9 | ignoreregex = 10 | 11 | # DEV NOTES: 12 | # Based on samples in https://github.com/fail2ban/fail2ban/pull/43/files 13 | # Extensive search of all nginx auth failures not done yet. 14 | # 15 | # Author: Daniel Black 16 | -------------------------------------------------------------------------------- /etc/fail2ban/filter.d/pam-generic.conf: -------------------------------------------------------------------------------- 1 | # Fail2Ban configuration file for generic PAM authentication errors 2 | # 3 | 4 | [INCLUDES] 5 | 6 | before = common.conf 7 | 8 | [Definition] 9 | 10 | # if you want to catch only login errors from specific daemons, use something like 11 | #_ttys_re=(?:ssh|pure-ftpd|ftp) 12 | # 13 | # Default: catch all failed logins 14 | _ttys_re=\S* 15 | 16 | __pam_re=\(?%(__pam_auth)s(?:\(\S+\))?\)?:? 17 | _daemon = \S+ 18 | 19 | failregex = ^%(__prefix_line)s%(__pam_re)s\s+authentication failure; logname=\S* uid=\S* euid=\S* tty=%(_ttys_re)s ruser=\S* rhost=(?:\s+user=.*)?\s*$ 20 | 21 | ignoreregex = 22 | 23 | # DEV Notes: 24 | # 25 | # for linux-pam before 0.99.2.0 (late 2005) (removed before 0.8.11 release) 26 | # _daemon = \S*\(?pam_unix\)? 27 | # failregex = ^%(__prefix_line)sauthentication failure; logname=\S* uid=\S* euid=\S* tty=%(_ttys_re)s ruser=\S* rhost=(?:\s+user=.*)?\s*$ 28 | # 29 | # Author: Yaroslav Halchenko 30 | -------------------------------------------------------------------------------- /etc/fail2ban/filter.d/php-url-fopen.conf: -------------------------------------------------------------------------------- 1 | # Fail2Ban filter for URLs with a URL as a script parameters 2 | # which can be an indication of a fopen url php injection 3 | # 4 | # Example of web requests in Apache access log: 5 | # 66.185.212.172 - - [26/Mar/2009:08:44:20 -0500] "GET /index.php?n=http://eatmyfood.hostinginfive.com/pizza.htm? HTTP/1.1" 200 114 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)" 6 | 7 | [Definition] 8 | 9 | failregex = ^ -.*"(GET|POST).*\?.*\=http\:\/\/.* HTTP\/.*$ 10 | 11 | ignoreregex = 12 | 13 | # DEV Notes: 14 | # 15 | # Version 2 16 | # fixes the failregex so REFERERS that contain =http:// don't get blocked 17 | # (mentioned by "fasuto" (no real email provided... blog comment) in this entry: 18 | # http://blogs.buanzo.com.ar/2009/04/fail2ban-filter-for-php-injection-attacks.html#comment-1489 19 | # 20 | # Author: Arturo 'Buanzo' Busleiman 21 | -------------------------------------------------------------------------------- /etc/fail2ban/filter.d/sshd-ddos.conf: -------------------------------------------------------------------------------- 1 | # Fail2Ban ssh filter for at attempted exploit 2 | # 3 | # The regex here also relates to a exploit: 4 | # 5 | # http://www.securityfocus.com/bid/17958/exploit 6 | # The example code here shows the pushing of the exploit straight after 7 | # reading the server version. This is where the client version string normally 8 | # pushed. As such the server will read this unparsible information as 9 | # "Did not receive identification string". 10 | 11 | [INCLUDES] 12 | 13 | # Read common prefixes. If any customizations available -- read them from 14 | # common.local 15 | before = common.conf 16 | 17 | [Definition] 18 | 19 | _daemon = sshd 20 | 21 | failregex = ^%(__prefix_line)sDid not receive identification string from \s*$ 22 | 23 | ignoreregex = 24 | 25 | [Init] 26 | 27 | journalmatch = _SYSTEMD_UNIT=sshd.service + _COMM=sshd 28 | 29 | # Author: Yaroslav Halchenko 30 | -------------------------------------------------------------------------------- /etc/fail2ban/filter.d/suhosin.conf: -------------------------------------------------------------------------------- 1 | # Fail2Ban filter for suhosian PHP hardening 2 | # 3 | # This occurs with lighttpd or directly from the plugin 4 | # 5 | 6 | [INCLUDES] 7 | 8 | # Read common prefixes. If any customizations available -- read them from 9 | # common.local 10 | before = common.conf 11 | 12 | 13 | [Definition] 14 | 15 | _daemon = (?:lighttpd|suhosin) 16 | 17 | 18 | _lighttpd_prefix = (?:\(mod_fastcgi\.c\.\d+\) FastCGI-stderr:\s) 19 | 20 | failregex = ^%(__prefix_line)s%(_lighttpd_prefix)s?ALERT - .* \(attacker '', file '.*'(?:, line \d+)?\)$ 21 | 22 | ignoreregex = 23 | 24 | # DEV Notes: 25 | # 26 | # https://github.com/stefanesser/suhosin/blob/1fba865ab73cc98a3109f88d85eb82c1bfc29b37/log.c#L161 27 | # 28 | # Author: Arturo 'Buanzo' Busleiman 29 | -------------------------------------------------------------------------------- /etc/fail2ban/paths-debian.conf: -------------------------------------------------------------------------------- 1 | # Debian 2 | 3 | [INCLUDES] 4 | 5 | before = paths-common.conf 6 | 7 | after = paths-overrides.local 8 | 9 | 10 | [DEFAULT] 11 | 12 | syslog_mail = /var/log/mail.log 13 | 14 | syslog_mail_warn = /var/log/mail.warn 15 | 16 | syslog_authpriv = /var/log/auth.log 17 | 18 | # syslog_auth = /var/log/auth.log 19 | # 20 | syslog_user = /var/log/user.log 21 | 22 | syslog_ftp = /var/log/syslog 23 | 24 | syslog_daemon = /var/log/daemon.log 25 | 26 | syslog_local0 = /var/log/messages 27 | 28 | 29 | apache_error_log = /var/log/apache2/*error.log 30 | 31 | apache_access_log = /var/log/apache2/*access.log 32 | 33 | exim_main_log = /var/log/exim4/mainlog 34 | 35 | # was in debian squeezy but not in wheezy 36 | # /etc/proftpd/proftpd.conf (SystemLog) 37 | proftpd_log = /var/log/proftpd/proftpd.log 38 | -------------------------------------------------------------------------------- /etc/fail2ban/paths-lockdown.conf: -------------------------------------------------------------------------------- 1 | # Lockdown Standardized Paths 2 | # v0.0.1 3 | 4 | [INCLUDES] 5 | 6 | after = paths-overrides.local 7 | 8 | [DEFAULT] 9 | 10 | default_backend = auto 11 | auditd_log = /var/log/audit/audit.log 12 | ignorecommands_dir = /etc/fail2ban/filter.d/ignorecommands 13 | mysql_backend = %(default_backend)s 14 | mysql_log = %(syslog_daemon)s 15 | nginx_access_log = /var/log/nginx/*access.log 16 | nginx_error_log = /var/log/nginx/*error.log 17 | sshd_backend = %(default_backend)s 18 | sshd_log = %(syslog_authpriv)s 19 | syslog_backend = %(default_backend)s 20 | -------------------------------------------------------------------------------- /etc/init.d/fail2ban: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/boldleadsdevelopment/lockdown/b3fa7a61c0f887359f3910d88fe0a573d7c16f38/etc/init.d/fail2ban -------------------------------------------------------------------------------- /etc/init.d/iptables: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/boldleadsdevelopment/lockdown/b3fa7a61c0f887359f3910d88fe0a573d7c16f38/etc/init.d/iptables -------------------------------------------------------------------------------- /etc/init.d/lockdown: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/boldleadsdevelopment/lockdown/b3fa7a61c0f887359f3910d88fe0a573d7c16f38/etc/init.d/lockdown -------------------------------------------------------------------------------- /etc/ipset.conf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/boldleadsdevelopment/lockdown/b3fa7a61c0f887359f3910d88fe0a573d7c16f38/etc/ipset.conf -------------------------------------------------------------------------------- /etc/logrotate.d/fail2ban: -------------------------------------------------------------------------------- 1 | /var/log/fail2ban.log { 2 | weekly 3 | rotate 7 4 | missingok 5 | compress 6 | postrotate 7 | /usr/local/bin/fail2ban-client set logtarget /var/log/fail2ban.log >/dev/null 8 | endscript 9 | } 10 | -------------------------------------------------------------------------------- /etc/sysconfig/ip6tables: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/boldleadsdevelopment/lockdown/b3fa7a61c0f887359f3910d88fe0a573d7c16f38/etc/sysconfig/ip6tables -------------------------------------------------------------------------------- /etc/sysconfig/iptables: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/boldleadsdevelopment/lockdown/b3fa7a61c0f887359f3910d88fe0a573d7c16f38/etc/sysconfig/iptables -------------------------------------------------------------------------------- /fail2ban-0.9.4/.coveragerc: -------------------------------------------------------------------------------- 1 | 2 | [run] 3 | branch = True 4 | source = 5 | config 6 | fail2ban 7 | 8 | [report] 9 | exclude_lines = 10 | pragma: no cover 11 | pragma: systemd no cover 12 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/.github/PULL_REQUEST_TEMPLATE.md: -------------------------------------------------------------------------------- 1 | Before submitting your PR, please review the following checklist: 2 | 3 | - [ ] **CONSIDER adding a unit test** if your PR resolves an issue 4 | - [ ] **LIST ISSUES** this PR resolves 5 | - [ ] **MAKE SURE** this PR doesn't break existing tests 6 | - [ ] **KEEP PR small** so it could be easily reviewed. 7 | - [ ] **AVOID** making unnecessary stylistic changes in unrelated code 8 | - [ ] **ACCOMPANY** each new `failregex` for filter `X` with sample log lines 9 | within `fail2ban/tests/files/logs/X` file -------------------------------------------------------------------------------- /fail2ban-0.9.4/.gitignore: -------------------------------------------------------------------------------- 1 | *~ 2 | build 3 | dist 4 | *.pyc 5 | htmlcov 6 | .coverage 7 | *.orig 8 | *.rej 9 | *.bak 10 | __pycache__ 11 | .vagrant/ 12 | .idea/ 13 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/.mailmap: -------------------------------------------------------------------------------- 1 | Lee Clemens 2 | Serg G. Brester 3 | Serg G. Brester 4 | Serg G. Brester 5 | Viktor Szépe 6 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/.project: -------------------------------------------------------------------------------- 1 | 2 | 3 | fail2ban-unstable 4 | 5 | 6 | 7 | 8 | 9 | org.python.pydev.PyDevBuilder 10 | 11 | 12 | 13 | 14 | 15 | org.python.pydev.pythonNature 16 | 17 | 18 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/MANIFEST.in: -------------------------------------------------------------------------------- 1 | include ChangeLog COPYING DEVELOP FILTERS README.* THANKS TODO CONTRIBUTING* Vagrantfile 2 | graft doc 3 | graft files 4 | recursive-include config *.conf *.py 5 | recursive-include config/filter.d/ignorecommands * 6 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/TODO: -------------------------------------------------------------------------------- 1 | __ _ _ ___ _ 2 | / _|__ _(_) |_ ) |__ __ _ _ _ 3 | | _/ _` | | |/ /| '_ \/ _` | ' \ 4 | |_| \__,_|_|_/___|_.__/\__,_|_||_| 5 | 6 | ================================================================================ 7 | ToDo 8 | ================================================================================ 9 | 10 | Legend: 11 | - not yet done 12 | ? maybe 13 | # partially done 14 | * done 15 | 16 | - Added tag for failregex. Add features using this information. Maybe add 17 | more tags 18 | 19 | - Look at the memory consumption. Decrease memory usage 20 | 21 | - More detailed statistics 22 | 23 | - Auto-enable function (search for log files), check modification date to see if 24 | service is still in use 25 | 26 | - Better handling of the protocol in transmitter.py 27 | 28 | - Add gettext support (I18N) 29 | 30 | # improve documentation and website for user 31 | 32 | # better return values in function 33 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/Vagrantfile: -------------------------------------------------------------------------------- 1 | Vagrant.configure("2") do |config| 2 | 3 | config.vm.define "secure" do |secure| 4 | secure.vm.box = "ubuntu/trusty64" 5 | secure.vm.hostname = "secure.dev.fail2ban.org" 6 | secure.vm.network "private_network", ip: "192.168.200.100" 7 | 8 | # secure.vm.synced_folder 'salt/roots', '/srv/salt' 9 | 10 | # secure.vm.provision :salt do |salt| 11 | # salt.minion_config = 'salt/minion' 12 | # salt.run_highstate = true 13 | # salt.verbose = true 14 | # end 15 | end 16 | 17 | config.vm.define "attacker" do |attacker| 18 | attacker.vm.box = "ubuntu/trusty64" 19 | attacker.vm.hostname = "attacker.dev.fail2ban.org" 20 | attacker.vm.network "private_network", ip: "192.168.200.150" 21 | 22 | # attacker.vm.synced_folder 'salt/roots', '/srv/salt' 23 | 24 | # attacker.vm.provision :salt do |salt| 25 | # salt.minion_config = 'salt/minion' 26 | # salt.run_highstate = true 27 | # salt.verbose = true 28 | # end 29 | end 30 | end 31 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/config/action.d/apf.conf: -------------------------------------------------------------------------------- 1 | # Fail2Ban configuration file 2 | # https://www.rfxn.com/projects/advanced-policy-firewall/ 3 | # 4 | # Note: APF doesn't play nicely with other actions. It has been observed to 5 | # remove bans created by other iptables based actions. If you are going to use 6 | # this action, use it for all of your jails. 7 | # 8 | # DON'T MIX APF and other IPTABLES based actions 9 | [Definition] 10 | 11 | actionstart = 12 | actionstop = 13 | actioncheck = 14 | actionban = apf --deny "banned by Fail2Ban " 15 | actionunban = apf --remove 16 | 17 | [Init] 18 | 19 | # Name used in APF configuration 20 | # 21 | name = default 22 | 23 | # DEV NOTES: 24 | # 25 | # Author: Mark McKinstry 26 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/config/action.d/badips.conf: -------------------------------------------------------------------------------- 1 | # Fail2ban reporting to badips.com 2 | # 3 | # Note: This reports and IP only and does not actually ban traffic. Use 4 | # another action in the same jail if you want bans to occur. 5 | # 6 | # Set the category to the appropriate value before use. 7 | # 8 | # To get see register and optional key to get personalised graphs see: 9 | # http://www.badips.com/blog/personalized-statistics-track-the-attackers-of-all-your-servers-with-one-key 10 | 11 | [Definition] 12 | 13 | actionban = curl --fail --user-agent "" http://www.badips.com/add// 14 | 15 | [Init] 16 | 17 | # Option: category 18 | # Notes.: Values are from the list here: http://www.badips.com/get/categories 19 | category = 20 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/config/action.d/nftables-allports.conf: -------------------------------------------------------------------------------- 1 | # Fail2Ban configuration file 2 | # 3 | # Author: Cyril Jaquier 4 | # Modified: Yaroslav O. Halchenko 5 | # made active on all ports from original iptables.conf 6 | # Modified: Alexander Belykh 7 | # adapted for nftables 8 | # 9 | 10 | [INCLUDES] 11 | 12 | before = nftables-common.conf 13 | 14 | [Definition] 15 | 16 | # Option: nftables_mode 17 | # Notes.: additional expressions for nftables filter rule 18 | # Values: nftables expressions 19 | # 20 | nftables_mode = ip protocol 21 | 22 | [Init] 23 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/config/action.d/nftables-multiport.conf: -------------------------------------------------------------------------------- 1 | # Fail2Ban configuration file 2 | # 3 | # Author: Cyril Jaquier 4 | # Modified: Yaroslav O. Halchenko 5 | # made active on all ports from original iptables.conf 6 | # Modified: Alexander Belykh 7 | # adapted for nftables 8 | # 9 | 10 | [INCLUDES] 11 | 12 | before = nftables-common.conf 13 | 14 | [Definition] 15 | 16 | # Option: nftables_mode 17 | # Notes.: additional expressions for nftables filter rule 18 | # Values: nftables expressions 19 | # 20 | nftables_mode = dport \{ \} 21 | 22 | [Init] 23 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/config/action.d/osx-afctl.conf: -------------------------------------------------------------------------------- 1 | # Fail2Ban configuration file for using afctl on Mac OS X Server 10.5 2 | # 3 | # Anonymous author 4 | # http://www.fail2ban.org/wiki/index.php?title=HOWTO_Mac_OS_X_Server_(10.5)&diff=prev&oldid=4081 5 | # 6 | # Ref: https://developer.apple.com/library/mac/documentation/Darwin/Reference/ManPages/man8/afctl.8.html 7 | 8 | [Definition] 9 | actionstart = 10 | actionstop = 11 | actioncheck = 12 | actionban = /usr/libexec/afctl -a -t 13 | actionunban = /usr/libexec/afctl -r 14 | 15 | [Init] 16 | bantime = 2880 17 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/config/action.d/sendmail-whois.conf: -------------------------------------------------------------------------------- 1 | # Fail2Ban configuration file 2 | # 3 | # Author: Cyril Jaquier 4 | # 5 | # 6 | 7 | [INCLUDES] 8 | 9 | before = sendmail-common.conf 10 | 11 | [Definition] 12 | 13 | # Option: actionban 14 | # Notes.: command executed when banning an IP. Take care that the 15 | # command is executed with Fail2Ban user rights. 16 | # Tags: See jail.conf(5) man page 17 | # Values: CMD 18 | # 19 | actionban = printf %%b "Subject: [Fail2Ban] : banned from `uname -n` 20 | Date: `LC_ALL=C date +"%%a, %%d %%h %%Y %%T %%z"` 21 | From: <> 22 | To: \n 23 | Hi,\n 24 | The IP has just been banned by Fail2Ban after 25 | attempts against .\n\n 26 | Here is more information about :\n 27 | `/usr/bin/whois || echo missing whois program`\n 28 | Regards,\n 29 | Fail2Ban" | /usr/sbin/sendmail -f 30 | 31 | [Init] 32 | 33 | # Default name of the chain 34 | # 35 | name = default 36 | 37 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/config/action.d/sendmail.conf: -------------------------------------------------------------------------------- 1 | # Fail2Ban configuration file 2 | # 3 | # Author: Cyril Jaquier 4 | # 5 | # 6 | 7 | [INCLUDES] 8 | 9 | before = sendmail-common.conf 10 | 11 | [Definition] 12 | 13 | # Option: actionban 14 | # Notes.: command executed when banning an IP. Take care that the 15 | # command is executed with Fail2Ban user rights. 16 | # Tags: See jail.conf(5) man page 17 | # Values: CMD 18 | # 19 | actionban = printf %%b "Subject: [Fail2Ban] : banned from `uname -n` 20 | Date: `LC_ALL=C date +"%%a, %%d %%h %%Y %%T %%z"` 21 | From: <> 22 | To: \n 23 | Hi,\n 24 | The IP has just been banned by Fail2Ban after 25 | attempts against .\n 26 | Regards,\n 27 | Fail2Ban" | /usr/sbin/sendmail -f 28 | 29 | [Init] 30 | 31 | # Default name of the chain 32 | # 33 | name = default 34 | 35 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/config/filter.d/3proxy.conf: -------------------------------------------------------------------------------- 1 | # Fail2Ban filter for 3proxy 2 | # 3 | # 4 | 5 | [Definition] 6 | 7 | 8 | failregex = ^\s[+-]\d{4} \S+ \d{3}0[1-9] \S+ :\d+ [\d.]+:\d+ \d+ \d+ \d+\s 9 | 10 | ignoreregex = 11 | 12 | # DEV Notes: 13 | # http://www.3proxy.ru/howtoe.asp#ERRORS indicates that 01-09 are 14 | # all authentication problems (%E field) 15 | # Log format is: "L%d-%m-%Y %H:%M:%S %z %N.%p %E %U %C:%c %R:%r %O %I %h %T" 16 | # 17 | # Requested by ykimon in https://github.com/fail2ban/fail2ban/issues/246 18 | # Author: Daniel Black 19 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/config/filter.d/apache-common.conf: -------------------------------------------------------------------------------- 1 | # Generic configuration items (to be used as interpolations) in other 2 | # apache filters. 3 | 4 | [INCLUDES] 5 | 6 | # Load customizations if any available 7 | after = apache-common.local 8 | 9 | [DEFAULT] 10 | 11 | _apache_error_client = \[\] \[(:?error|\S+:\S+)\]( \[pid \d+(:\S+ \d+)?\])? \[client (:\d{1,5})?\] 12 | 13 | # Common prefix for [error] apache messages which also would include 14 | # Depending on the version it could be 15 | # 2.2: [Sat Jun 01 11:23:08 2013] [error] [client 1.2.3.4] 16 | # 2.4: [Thu Jun 27 11:55:44.569531 2013] [core:info] [pid 4101:tid 2992634688] [client 1.2.3.4:46652] 17 | # 2.4 (perfork): [Mon Dec 23 07:49:01.981912 2013] [:error] [pid 3790] [client 204.232.202.107:46301] script '/var/www/timthumb.php' not found or unable to 18 | # 19 | # Reference: https://github.com/fail2ban/fail2ban/issues/268 20 | # 21 | # Author: Yaroslav Halchenko 22 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/config/filter.d/apache-fakegooglebot.conf: -------------------------------------------------------------------------------- 1 | # Fail2Ban filter for fake Googlebot User Agents 2 | 3 | [Definition] 4 | 5 | failregex = ^ .*Googlebot.*$ 6 | 7 | ignoreregex = 8 | 9 | 10 | # DEV Notes: 11 | # 12 | # Author: Lee Clemens 13 | # Thanks: Johannes B. Ullrich, Ph.D. 14 | # Reference: https://isc.sans.edu/forums/diary/When+Google+isnt+Google/15968/ 15 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/config/filter.d/apache-modsecurity.conf: -------------------------------------------------------------------------------- 1 | # Fail2Ban apache-modsec filter 2 | # 3 | 4 | [INCLUDES] 5 | 6 | # Read common prefixes. If any customizations available -- read them from 7 | # apache-common.local 8 | before = apache-common.conf 9 | 10 | [Definition] 11 | 12 | 13 | failregex = ^%(_apache_error_client)s ModSecurity: (\[.*?\] )*Access denied with code [45]\d\d.*$ 14 | 15 | ignoreregex = 16 | 17 | # https://github.com/SpiderLabs/ModSecurity/wiki/ModSecurity-2-Data-Formats 18 | # Author: Daniel Black 19 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/config/filter.d/apache-nohome.conf: -------------------------------------------------------------------------------- 1 | # Fail2Ban filter to web requests for home directories on Apache servers 2 | # 3 | # Regex to match failures to find a home directory on a server, which 4 | # became popular last days. Most often attacker just uses IP instead of 5 | # domain name -- so expect to see them in generic error.log if you have 6 | # per-domain log files. 7 | 8 | [INCLUDES] 9 | 10 | # overwrite with apache-common.local if _apache_error_client is incorrect. 11 | before = apache-common.conf 12 | 13 | [Definition] 14 | 15 | 16 | failregex = ^%(_apache_error_client)s (AH00128: )?File does not exist: .*/~.* 17 | 18 | ignoreregex = 19 | 20 | # Author: Yaroslav O. Halchenko 21 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/config/filter.d/apache-pass.conf: -------------------------------------------------------------------------------- 1 | # Fail2Ban Apache pass filter 2 | # This filter is for access.log, NOT for error.log 3 | # 4 | # The knocking request must have a referer. 5 | 6 | [INCLUDES] 7 | 8 | before = apache-common.conf 9 | 10 | [Definition] 11 | 12 | failregex = ^ - \w+ \[\] "GET HTTP/1\.[01]" 200 \d+ ".*" "[^-].*"$ 13 | 14 | ignoreregex = 15 | 16 | [Init] 17 | 18 | knocking_url = /knocking/ 19 | 20 | # Author: Viktor Szépe 21 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/config/filter.d/botsearch-common.conf: -------------------------------------------------------------------------------- 1 | # Generic configuration file for -botsearch filters 2 | 3 | [Init] 4 | 5 | # Block is the actual non-found directories to block 6 | block = \/?(|||cgi-bin|mysqladmin)[^,]* 7 | 8 | # These are just convient definitions that assist the blocking of stuff that 9 | # isn't installed 10 | webmail = roundcube|(ext)?mail|horde|(v-?)?webmail 11 | 12 | phpmyadmin = (typo3/|xampp/|admin/|)(pma|(php)?[Mm]y[Aa]dmin) 13 | 14 | wordpress = wp-(login|signup|admin)\.php 15 | 16 | # DEV Notes: 17 | # Taken from apache-botsearch filter 18 | # 19 | # Author: Frantisek Sumsal 20 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/config/filter.d/counter-strike.conf: -------------------------------------------------------------------------------- 1 | # Fail2Ban filter for failure attempts in Counter Strike-1.6 2 | # 3 | # 4 | 5 | [Definition] 6 | 7 | failregex = ^: Bad Rcon: "rcon \d+ "\S+" sv_contact ".*?"" from ":\d+"$ 8 | 9 | ignoreregex = 10 | 11 | [Init] 12 | 13 | datepattern = ^L %%d/%%m/%%Y - %%H:%%M:%%S 14 | 15 | 16 | # Author: Daniel Black 17 | 18 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/config/filter.d/courier-auth.conf: -------------------------------------------------------------------------------- 1 | # Fail2Ban filter for courier authentication failures 2 | # 3 | 4 | [INCLUDES] 5 | 6 | # Read common prefixes. If any customizations available -- read them from 7 | # common.local 8 | before = common.conf 9 | 10 | [Definition] 11 | 12 | _daemon = (?:courier)?(?:imapd?|pop3d?)(?:login)?(?:-ssl)? 13 | 14 | failregex = ^%(__prefix_line)sLOGIN FAILED, user=.*, ip=\[\]$ 15 | 16 | ignoreregex = 17 | 18 | # Author: Christoph Haas 19 | # Modified by: Cyril Jaquier 20 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/config/filter.d/courier-smtp.conf: -------------------------------------------------------------------------------- 1 | # Fail2Ban filter to block relay attempts though a Courier smtp server 2 | # 3 | # 4 | 5 | [INCLUDES] 6 | 7 | # Read common prefixes. If any customizations available -- read them from 8 | # common.local 9 | before = common.conf 10 | 11 | [Definition] 12 | 13 | _daemon = courieresmtpd 14 | 15 | failregex = ^%(__prefix_line)serror,relay=,.*: 550 User (<.*> )?unknown\.?$ 16 | ^%(__prefix_line)serror,relay=,msg="535 Authentication failed\.",cmd:( AUTH \S+)?( [0-9a-zA-Z\+/=]+)?$ 17 | 18 | ignoreregex = 19 | 20 | # Author: Cyril Jaquier 21 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/config/filter.d/cyrus-imap.conf: -------------------------------------------------------------------------------- 1 | # Fail2Ban filter for authentication failures on Cyrus imap server 2 | # 3 | # 4 | # 5 | 6 | [INCLUDES] 7 | 8 | # Read common prefixes. If any customizations available -- read them from 9 | # common.local 10 | before = common.conf 11 | 12 | [Definition] 13 | 14 | _daemon = (?:cyrus/)?(?:imap(d|s)?|pop3(d|s)?) 15 | 16 | failregex = ^%(__prefix_line)sbadlogin: \S+ ?\[\] \S+ .*?\[?SASL\(-13\): (authentication failure|user not found): .*\]?$ 17 | 18 | ignoreregex = 19 | 20 | # Author: Jan Wagner 21 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/config/filter.d/directadmin.conf: -------------------------------------------------------------------------------- 1 | # Fail2Ban configuration file for Directadmin 2 | # 3 | # 4 | # 5 | 6 | [INCLUDES] 7 | 8 | before = common.conf 9 | 10 | [Definition] 11 | 12 | failregex = ^: \'\' \d{1,3} failed login attempt(s)?. \s* 13 | 14 | ignoreregex = 15 | 16 | [Init] 17 | datepattern = ^%%Y:%%m:%%d-%%H:%%M:%%S 18 | 19 | # 20 | # Requires Directadmin v1.45.3 or higher. http://www.directadmin.com/features.php?id=1590 21 | # 22 | # Author: Cyril Roos 23 | 24 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/config/filter.d/drupal-auth.conf: -------------------------------------------------------------------------------- 1 | # Fail2Ban filter to block repeated failed login attempts to Drupal site(s) 2 | # 3 | # 4 | # Drupal must be setup to use Syslog, which defaults to the following format: 5 | # 6 | # !base_url|!timestamp|!type|!ip|!request_uri|!referer|!uid|!link|!message 7 | # 8 | # 9 | 10 | [INCLUDES] 11 | 12 | before = common.conf 13 | 14 | 15 | [Definition] 16 | 17 | failregex = ^%(__prefix_line)s(https?:\/\/)([\da-z\.-]+)\.([a-z\.]{2,6})(\/[\w\.-]+)*\|\d{10}\|user\|\|.+\|.+\|\d\|.*\|Login attempt failed for .+\.$ 18 | 19 | ignoreregex = 20 | 21 | 22 | # DEV Notes: 23 | # 24 | # https://www.drupal.org/documentation/modules/syslog 25 | # 26 | # Author: Lee Clemens 27 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/config/filter.d/exim-common.conf: -------------------------------------------------------------------------------- 1 | # Fail2Ban filter file for common exim expressions 2 | # 3 | # This is to be used by other exim filters 4 | 5 | [INCLUDES] 6 | 7 | # Load customizations if any available 8 | after = exim-common.local 9 | 10 | [Definition] 11 | 12 | host_info = H=([\w.-]+ )?(\(\S+\) )?\[\](:\d+)? (I=\[\S+\]:\d+ )?(U=\S+ )?(P=e?smtp )? 13 | pid = ( \[\d+\])? 14 | 15 | # DEV Notes: 16 | # From exim source code: ./src/receive.c:add_host_info_for_log 17 | # 18 | # Author: Daniel Black 19 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/config/filter.d/freeswitch.conf: -------------------------------------------------------------------------------- 1 | # Fail2Ban configuration file 2 | # 3 | # Enable "log-auth-failures" on each Sofia profile to monitor 4 | # 5 | # -- this requires a high enough loglevel on your logs to save these messages. 6 | # 7 | # In the fail2ban jail.local file for this filter set ignoreip to the internal 8 | # IP addresses on your LAN. 9 | # 10 | 11 | [Definition] 12 | 13 | failregex = ^\.\d+ \[WARNING\] sofia_reg\.c:\d+ SIP auth (failure|challenge) \((REGISTER|INVITE)\) on sofia profile \'[^']+\' for \[.*\] from ip $ 14 | ^\.\d+ \[WARNING\] sofia_reg\.c:\d+ Can't find user \[\d+@\d+\.\d+\.\d+\.\d+\] from $ 15 | 16 | ignoreregex = 17 | 18 | # Author: Rupa SChomaker, soapee01, Daniel Black 19 | # http://wiki.freeswitch.org/wiki/Fail2ban 20 | # Thanks to Jim on mailing list of samples and guidance 21 | # 22 | # No need to match the following. Its a duplicate of the SIP auth regex. 23 | # ^\.\d+ \[DEBUG\] sofia\.c:\d+ IP Rejected by acl "\S+"\. Falling back to Digest auth\.$ 24 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/config/filter.d/groupoffice.conf: -------------------------------------------------------------------------------- 1 | # Fail2Ban filter for Group-Office 2 | # 3 | # Enable logging with: 4 | # $config['info_log']='/home/groupoffice/log/info.log'; 5 | # 6 | 7 | [Definition] 8 | 9 | failregex = ^\[\]LOGIN FAILED for user: "\S+" from IP: $ 10 | 11 | ignoreregex = 12 | 13 | # Author: Daniel Black 14 | 15 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/config/filter.d/gssftpd.conf: -------------------------------------------------------------------------------- 1 | # Fail2Ban filter file for gssftp 2 | # 3 | # Note: gssftp is part of the krb5-appl-servers in Fedora 4 | # 5 | [INCLUDES] 6 | 7 | before = common.conf 8 | 9 | [Definition] 10 | 11 | _daemon = ftpd 12 | 13 | failregex = ^%(__prefix_line)srepeated login failures from \(\S+\)$ 14 | 15 | ignoreregex = 16 | 17 | # Author: Kevin Zembower 18 | # Edited: Daniel Black - syslog based daemon 19 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/config/filter.d/guacamole.conf: -------------------------------------------------------------------------------- 1 | # Fail2Ban configuration file for guacamole 2 | # 3 | # Author: Steven Hiscocks 4 | # 5 | 6 | [Definition] 7 | 8 | # Option: failregex 9 | # Notes.: regex to match the password failures messages in the logfile. 10 | # Values: TEXT 11 | # 12 | failregex = ^.*\nWARNING: Authentication attempt from for user "[^"]*" failed\.$ 13 | 14 | # Option: ignoreregex 15 | # Notes.: regex to ignore. If this regex matches, the line is ignored. 16 | # Values: TEXT 17 | # 18 | ignoreregex = 19 | 20 | [Init] 21 | # "maxlines" is number of log lines to buffer for multi-line regex searches 22 | maxlines = 2 23 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/config/filter.d/horde.conf: -------------------------------------------------------------------------------- 1 | # fail2ban filter configuration for horde 2 | 3 | 4 | [Definition] 5 | 6 | 7 | failregex = ^ HORDE \[error\] \[(horde|imp)\] FAILED LOGIN for \S+ \[\](\(forwarded for \[\S+\]\))? to (Horde|{[^}]+}) \[(pid \d+ )?on line \d+ of \S+\]$ 8 | 9 | 10 | ignoreregex = 11 | 12 | # DEV NOTES: 13 | # https://github.com/horde/horde/blob/master/imp/lib/Auth.php#L132 14 | # https://github.com/horde/horde/blob/master/horde/login.php 15 | # 16 | # Author: Daniel Black 17 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/config/filter.d/kerio.conf: -------------------------------------------------------------------------------- 1 | # Fail2ban filter for kerio 2 | 3 | [Definition] 4 | 5 | failregex = ^ SMTP Spam attack detected from , 6 | ^ IP address found in DNS blacklist \S+, mail from \S+ to \S+$ 7 | ^ Relay attempt from IP address 8 | ^ Attempt to deliver to unknown recipient \S+, from \S+, IP address $ 9 | 10 | ignoreregex = 11 | 12 | [Init] 13 | 14 | datepattern = ^\[%%d/%%b/%%Y %%H:%%M:%%S\] 15 | 16 | # DEV NOTES: 17 | # 18 | # Author: A.P. Lawrence 19 | # 20 | # Based off: http://aplawrence.com/Kerio/fail2ban.html 21 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/config/filter.d/lighttpd-auth.conf: -------------------------------------------------------------------------------- 1 | # Fail2Ban filter to match wrong passwords as notified by lighttpd's auth Module 2 | # 3 | 4 | [Definition] 5 | 6 | failregex = ^: \(http_auth\.c\.\d+\) (password doesn\'t match .* username: .*|digest: auth failed for .*: wrong password|get_password failed), IP: \s*$ 7 | 8 | ignoreregex = 9 | 10 | # Author: Francois Boulogne 11 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/config/filter.d/monit.conf: -------------------------------------------------------------------------------- 1 | # Fail2Ban filter for monit.conf, looks for failed access attempts 2 | # 3 | # 4 | 5 | [Definition] 6 | 7 | failregex = ^\[[A-Z]+\s+\]\s*error\s*:\s*Warning:\s+Client '' supplied unknown user '\w+' accessing monit httpd$ 8 | ^\[[A-Z]+\s+\]\s*error\s*:\s*Warning:\s+Client '' supplied wrong password for user '\w+' accessing monit httpd$ 9 | 10 | ignoreregex = 11 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/config/filter.d/murmur.conf: -------------------------------------------------------------------------------- 1 | # Fail2Ban filter for murmur/mumble-server 2 | # 3 | 4 | [INCLUDES] 5 | 6 | before = common.conf 7 | 8 | 9 | [Definition] 10 | 11 | _daemon = murmurd 12 | 13 | # N.B. If you allow users to have usernames that include the '>' character you 14 | # should change this to match the regex assigned to the 'username' 15 | # variable in your server config file (murmur.ini / mumble-server.ini). 16 | _usernameregex = [^>]+ 17 | 18 | _prefix = [\n\s]*(\.\d{3})?\s+\d+ => <\d+:%(_usernameregex)s\(-1\)> Rejected connection from :\d+: 19 | 20 | failregex = ^%(_prefix)s Invalid server password$ 21 | ^%(_prefix)s Wrong certificate or password for existing user$ 22 | 23 | ignoreregex = 24 | 25 | 26 | # DEV Notes: 27 | # 28 | # Author: Ross Brown 29 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/config/filter.d/mysqld-auth.conf: -------------------------------------------------------------------------------- 1 | # Fail2Ban filter for unsuccesfull MySQL authentication attempts 2 | # 3 | # 4 | # To log wrong MySQL access attempts add to /etc/my.cnf in [mysqld]: 5 | # log-error=/var/log/mysqld.log 6 | # log-warning = 2 7 | # 8 | # If using mysql syslog [mysql_safe] has syslog in /etc/my.cnf 9 | 10 | [INCLUDES] 11 | 12 | # Read common prefixes. If any customizations available -- read them from 13 | # common.local 14 | before = common.conf 15 | 16 | [Definition] 17 | 18 | _daemon = mysqld 19 | 20 | failregex = ^%(__prefix_line)s(?:\d+ |\d{6} \s?\d{1,2}:\d{2}:\d{2} )?\[\w+\] Access denied for user '[^']+'@'' (to database '[^']*'|\(using password: (YES|NO)\))*\s*$ 21 | 22 | ignoreregex = 23 | 24 | # DEV Notes: 25 | # 26 | # Technically __prefix_line can equate to an empty string hence it can support 27 | # syslog and non-syslog at once. 28 | # Example: 29 | # 130322 11:26:54 [Warning] Access denied for user 'root'@'127.0.0.1' (using password: YES) 30 | # 31 | # Authors: Artur Penttinen 32 | # Yaroslav O. Halchenko 33 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/config/filter.d/nagios.conf: -------------------------------------------------------------------------------- 1 | # Fail2Ban filter for Nagios Remote Plugin Executor (nrpe2) 2 | # Detecting unauthorized access to the nrpe2 daemon 3 | # typically logged in /var/log/messages syslog 4 | # 5 | 6 | [INCLUDES] 7 | # Read syslog common prefixes 8 | before = common.conf 9 | 10 | [Definition] 11 | _daemon = nrpe 12 | failregex = ^%(__prefix_line)sHost is not allowed to talk to us!\s*$ 13 | ignoreregex = 14 | 15 | # DEV Notes: 16 | # 17 | # Author: Ivo Truxa - 2014/02/03 18 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/config/filter.d/nginx-botsearch.conf: -------------------------------------------------------------------------------- 1 | # Fail2Ban filter to match web requests for selected URLs that don't exist 2 | # 3 | 4 | [INCLUDES] 5 | 6 | # Load regexes for filtering 7 | before = botsearch-common.conf 8 | 9 | [Definition] 10 | 11 | failregex = ^ \- \S+ \[\] \"(GET|POST|HEAD) \/ \S+\" 404 .+$ 12 | ^ \[error\] \d+#\d+: \*\d+ (\S+ )?\"\S+\" (failed|is not found) \(2\: No such file or directory\), client\: \, server\: \S*\, request: \"(GET|POST|HEAD) \/ \S+\"\, .*?$ 13 | 14 | ignoreregex = 15 | 16 | 17 | # DEV Notes: 18 | # Based on apache-botsearch filter 19 | # 20 | # Author: Frantisek Sumsal -------------------------------------------------------------------------------- /fail2ban-0.9.4/config/filter.d/nginx-http-auth.conf: -------------------------------------------------------------------------------- 1 | # fail2ban filter configuration for nginx 2 | 3 | 4 | [Definition] 5 | 6 | 7 | failregex = ^ \[error\] \d+#\d+: \*\d+ user "\S+":? (password mismatch|was not found in ".*"), client: , server: \S*, request: "\S+ \S+ HTTP/\d+\.\d+", host: "\S+"(, referrer: "\S+")?\s*$ 8 | 9 | ignoreregex = 10 | 11 | # DEV NOTES: 12 | # Based on samples in https://github.com/fail2ban/fail2ban/pull/43/files 13 | # Extensive search of all nginx auth failures not done yet. 14 | # 15 | # Author: Daniel Black 16 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/config/filter.d/nsd.conf: -------------------------------------------------------------------------------- 1 | # Fail2Ban configuration file 2 | # 3 | # Author: Bas van den Dikkenberg 4 | # 5 | # 6 | 7 | [INCLUDES] 8 | 9 | # Read common prefixes. If any customizations available -- read them from 10 | # common.local 11 | before = common.conf 12 | 13 | 14 | [Definition] 15 | 16 | _daemon = nsd 17 | 18 | # Option: failregex 19 | # Notes.: regex to match the password failures messages in the logfile. The 20 | # host must be matched by a group named "host". The tag "" can 21 | # be used for standard IP/hostname matching and is only an alias for 22 | # (?:::f{4,6}:)?(?P[\w\-.^_]+) 23 | # Values: TEXT 24 | 25 | failregex = ^\[\]%(__prefix_line)sinfo: ratelimit block .* query TYPE255$ 26 | ^\[\]%(__prefix_line)sinfo: .* refused, no acl matches\.$ 27 | 28 | ignoreregex = 29 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/config/filter.d/openhab.conf: -------------------------------------------------------------------------------- 1 | # Openhab brute force auth filter: /etc/fail2ban/filter.d/openhab.conf: 2 | # 3 | # Block IPs trying to auth openhab by web or rest api 4 | # 5 | # Matches e.g. 6 | # 12.34.33.22 - - [26/sept./2015:18:04:43 +0200] "GET /openhab.app HTTP/1.1" 401 1382 7 | # 175.18.15.10 - - [02/sept./2015:00:11:31 +0200] "GET /rest/bindings HTTP/1.1" 401 1384 8 | 9 | [Definition] 10 | failregex = ^\s+-\s+-\s+\[\]\s+"[A-Z]+ .*" 401 \d+\s*$ 11 | 12 | [Init] 13 | datepattern = %%d/%%b[^/]*/%%Y:%%H:%%M:%%S %%z 14 | 15 | 16 | 17 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/config/filter.d/openwebmail.conf: -------------------------------------------------------------------------------- 1 | # Fail2Ban filter for Openwebmail 2 | # banning hosts with authentication errors in /var/log/openwebmail.log 3 | # OpenWebMail http://openwebmail.org 4 | # 5 | 6 | [Definition] 7 | 8 | failregex = ^ - \[\d+\] \(\) (?P\S+) - login error - (no such user - loginname=(?P=USER)|auth_unix.pl, ret -4, Password incorrect)$ 9 | ^ - \[\d+\] \(\) (?P\S+) - userinfo error - auth_unix.pl, ret -4, User (?P=USER) doesn't exist$ 10 | 11 | ignoreregex = 12 | 13 | # DEV Notes: 14 | # 15 | # Author: Ivo Truxa (c) 2013 truXoft.com 16 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/config/filter.d/pam-generic.conf: -------------------------------------------------------------------------------- 1 | # Fail2Ban configuration file for generic PAM authentication errors 2 | # 3 | 4 | [INCLUDES] 5 | 6 | before = common.conf 7 | 8 | [Definition] 9 | 10 | # if you want to catch only login errors from specific daemons, use something like 11 | #_ttys_re=(?:ssh|pure-ftpd|ftp) 12 | # 13 | # Default: catch all failed logins 14 | _ttys_re=\S* 15 | 16 | __pam_re=\(?%(__pam_auth)s(?:\(\S+\))?\)?:? 17 | _daemon = \S+ 18 | 19 | failregex = ^%(__prefix_line)s%(__pam_re)s\s+authentication failure; logname=\S* uid=\S* euid=\S* tty=%(_ttys_re)s ruser=\S* rhost=(?:\s+user=.*)?\s*$ 20 | 21 | ignoreregex = 22 | 23 | # DEV Notes: 24 | # 25 | # for linux-pam before 0.99.2.0 (late 2005) (removed before 0.8.11 release) 26 | # _daemon = \S*\(?pam_unix\)? 27 | # failregex = ^%(__prefix_line)sauthentication failure; logname=\S* uid=\S* euid=\S* tty=%(_ttys_re)s ruser=\S* rhost=(?:\s+user=.*)?\s*$ 28 | # 29 | # Author: Yaroslav Halchenko 30 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/config/filter.d/perdition.conf: -------------------------------------------------------------------------------- 1 | # Fail2Ban filter for perdition 2 | # 3 | # 4 | 5 | [INCLUDES] 6 | 7 | before = common.conf 8 | 9 | [Definition] 10 | 11 | _daemon=perdition.\S+ 12 | 13 | failregex = ^%(__prefix_line)sAuth: :\d+->(\d{1,3}\.){3}\d{1,3}:\d+ client-secure=\S+ authorisation_id=NONE authentication_id=".+" server="\S+" protocol=\S+ server-secure=\S+ status="failed: (local authentication failure|Re-Authentication Failure)"$ 14 | ^%(__prefix_line)sFatal Error reading authentication information from client :\d+->(\d{1,3}\.){3}\d{1,3}:\d+: Exiting child$ 15 | 16 | ignoreregex = 17 | 18 | # Author: Christophe Carles and Daniel Black 19 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/config/filter.d/php-url-fopen.conf: -------------------------------------------------------------------------------- 1 | # Fail2Ban filter for URLs with a URL as a script parameters 2 | # which can be an indication of a fopen url php injection 3 | # 4 | # Example of web requests in Apache access log: 5 | # 66.185.212.172 - - [26/Mar/2009:08:44:20 -0500] "GET /index.php?n=http://eatmyfood.hostinginfive.com/pizza.htm? HTTP/1.1" 200 114 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)" 6 | 7 | [Definition] 8 | 9 | failregex = ^ -.*"(GET|POST).*\?.*\=http\:\/\/.* HTTP\/.*$ 10 | 11 | ignoreregex = 12 | 13 | # DEV Notes: 14 | # 15 | # Version 2 16 | # fixes the failregex so REFERERS that contain =http:// don't get blocked 17 | # (mentioned by "fasuto" (no real email provided... blog comment) in this entry: 18 | # http://blogs.buanzo.com.ar/2009/04/fail2ban-filter-for-php-injection-attacks.html#comment-1489 19 | # 20 | # Author: Arturo 'Buanzo' Busleiman 21 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/config/filter.d/portsentry.conf: -------------------------------------------------------------------------------- 1 | # Fail2Ban filter for failure attempts in Counter Strike-1.6 2 | # 3 | # 4 | 5 | [Definition] 6 | 7 | failregex = \/ Port\: [0-9]+ (TCP|UDP) Blocked$ 8 | 9 | ignoreregex = 10 | 11 | # Author: Pacop 12 | 13 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/config/filter.d/postfix-rbl.conf: -------------------------------------------------------------------------------- 1 | # Fail2Ban filter for Postfix's RBL based Blocked hosts 2 | # 3 | # 4 | 5 | [INCLUDES] 6 | 7 | # Read common prefixes. If any customizations available -- read them from 8 | # common.local 9 | before = common.conf 10 | 11 | [Definition] 12 | 13 | _daemon = postfix(-\w+)?/smtpd 14 | 15 | failregex = ^%(__prefix_line)sNOQUEUE: reject: RCPT from \S+\[\]: 454 4\.7\.1 Service unavailable; Client host \[\S+\] blocked using .* from=<\S*> to=<\S+> proto=ESMTP helo=<\S*>$ 16 | 17 | ignoreregex = 18 | 19 | # Author: Lee Clemens 20 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/config/filter.d/postfix-sasl.conf: -------------------------------------------------------------------------------- 1 | # Fail2Ban filter for postfix authentication failures 2 | # 3 | 4 | [INCLUDES] 5 | 6 | before = common.conf 7 | 8 | [Definition] 9 | 10 | _daemon = postfix(-\w+)?/(submission/)?smtp(d|s) 11 | 12 | failregex = ^%(__prefix_line)swarning: [-._\w]+\[\]: SASL ((?i)LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(: [ A-Za-z0-9+/:]*={0,2})?\s*$ 13 | 14 | ignoreregex = authentication failed: Connection lost to authentication server$ 15 | 16 | [Init] 17 | 18 | journalmatch = _SYSTEMD_UNIT=postfix.service 19 | 20 | 21 | # Author: Yaroslav Halchenko 22 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/config/filter.d/qmail.conf: -------------------------------------------------------------------------------- 1 | # Fail2Ban filters for qmail RBL patches/fake proxies 2 | # 3 | # the default djb RBL implementation doesn't log any rejections 4 | # so is useless with this filter. 5 | # 6 | # One patch is here: 7 | # 8 | # http://www.tjsi.com/rblsmtpd/faq/ patch to rblsmtpd 9 | 10 | [INCLUDES] 11 | 12 | before = common.conf 13 | 14 | [Definition] 15 | 16 | _daemon = (?:qmail|rblsmtpd) 17 | 18 | failregex = ^%(__prefix_line)s\d+\.\d+ rblsmtpd: pid \d+ \S+ 4\d\d \S+\s*$ 19 | ^%(__prefix_line)s\d+\.\d+ qmail-smtpd: 4\d\d badiprbl: ip rbl: \S+\s*$ 20 | ^%(__prefix_line)s\S+ blocked \S+ -\s*$ 21 | 22 | ignoreregex = 23 | 24 | # DEV Notes: 25 | # 26 | # These seem to be for two or 3 different patches to qmail or rblsmtpd 27 | # so you'll probably only ever see one of these regex's that match. 28 | # 29 | # ref: https://github.com/fail2ban/fail2ban/pull/386 30 | # 31 | # Author: Daniel Black 32 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/config/filter.d/screensharingd.conf: -------------------------------------------------------------------------------- 1 | # Fail2Ban configuration file 2 | # 3 | # Author: Simon Brown 4 | # 5 | # Filter for Mac OS X Screen Sharing service 6 | 7 | [INCLUDES] 8 | 9 | # Read common prefixes. If any customizations available -- read them from 10 | # common.local 11 | before = common.conf 12 | 13 | 14 | [Definition] 15 | 16 | _daemon = screensharingd 17 | 18 | # Option: failregex 19 | # Notes.: regex to match the password failures messages in the logfile. The 20 | # host must be matched by a group named "host". The tag "" can 21 | # be used for standard IP/hostname matching and is only an alias for 22 | # (?:::f{4,6}:)?(?P[\w\-.^_]+) 23 | # Values: TEXT 24 | # 25 | failregex = ^%(__prefix_line)sAuthentication: FAILED :: User Name: .+ :: Viewer Address: :: Type: DH$ 26 | 27 | # Option: ignoreregex 28 | # Notes.: regex to ignore. If this regex matches, the line is ignored. 29 | # Values: TEXT 30 | # 31 | ignoreregex = 32 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/config/filter.d/selinux-common.conf: -------------------------------------------------------------------------------- 1 | # Fail2Ban configuration file for generic SELinux audit messages 2 | # 3 | # This file is not intended to be used directly, and should be included into a 4 | # filter file which would define following variables. See selinux-ssh.conf as 5 | # and example. 6 | # 7 | # _type 8 | # _uid 9 | # _auid 10 | # _subj 11 | # _msg 12 | # 13 | # Also one of these variables must include . 14 | 15 | [Definition] 16 | 17 | failregex = ^type=%(_type)s msg=audit\(:\d+\): (user )?pid=\d+ uid=%(_uid)s auid=%(_auid)s ses=\d+ subj=%(_subj)s msg='%(_msg)s'$ 18 | 19 | ignoreregex = 20 | 21 | # Author: Daniel Black 22 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/config/filter.d/selinux-ssh.conf: -------------------------------------------------------------------------------- 1 | # Fail2Ban configuration file for SELinux ssh authentication errors 2 | # 3 | 4 | [INCLUDES] 5 | 6 | after = selinux-common.conf 7 | 8 | [Definition] 9 | 10 | _type = USER_(ERR|AUTH) 11 | _uid = 0 12 | _auid = \d+ 13 | _subj = (?:unconfined_u|system_u):system_r:sshd_t:s0-s0:c0\.c1023 14 | 15 | _exe =/usr/sbin/sshd 16 | _terminal = ssh 17 | 18 | _msg = op=\S+ acct=(?P<_quote_acct>"?)\S+(?P=_quote_acct) exe="%(_exe)s" hostname=(\?|(\d+\.){3}\d+) addr= terminal=%(_terminal)s res=failed 19 | 20 | # DEV Notes: 21 | # 22 | # Note: USER_LOGIN is ignored as this is the duplicate messsage 23 | # ssh logs after 3 USER_AUTH failures. 24 | # 25 | # Author: Daniel Black 26 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/config/filter.d/sendmail-auth.conf: -------------------------------------------------------------------------------- 1 | # Fail2Ban filter for sendmail authentication failures 2 | # 3 | 4 | [INCLUDES] 5 | 6 | before = common.conf 7 | 8 | [Definition] 9 | 10 | _daemon = (?:sm-(mta|acceptingconnections)) 11 | 12 | failregex = ^%(__prefix_line)s\w{14}: (\S+ )?\[\]( \(may be forged\))?: possible SMTP attack: command=AUTH, count=\d+$ 13 | 14 | ignoreregex = 15 | 16 | # DEV Notes: 17 | # 18 | # Author: Daniel Black 19 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/config/filter.d/sieve.conf: -------------------------------------------------------------------------------- 1 | # Fail2Ban filter for sieve authentication failures 2 | # 3 | 4 | [INCLUDES] 5 | 6 | # Read common prefixes. If any customizations available -- read them from 7 | # common.local 8 | before = common.conf 9 | 10 | [Definition] 11 | 12 | _daemon = (?:cyrus/)?(?:tim)?sieved? 13 | 14 | failregex = ^%(__prefix_line)sbadlogin: \S+ ?\[\] \S+ authentication failure$ 15 | 16 | ignoreregex = 17 | 18 | # Author: Jan Wagner 19 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/config/filter.d/sogo-auth.conf: -------------------------------------------------------------------------------- 1 | # Fail2ban filter for SOGo authentcation 2 | # 3 | # Log file usually in /var/log/sogo/sogo.log 4 | 5 | [Definition] 6 | 7 | failregex = ^ sogod \[\d+\]: SOGoRootPage Login from '' for user '.*' might not have worked( - password policy: \d* grace: -?\d* expire: -?\d* bound: -?\d*)?\s*$ 8 | 9 | ignoreregex = 10 | 11 | # 12 | # DEV Notes: 13 | # 14 | # The error log may contain multiple hosts, whereas the first one 15 | # is the client and all others are poxys. We match the first one, only 16 | # 17 | # Author: Arnd Brandes 18 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/config/filter.d/squid.conf: -------------------------------------------------------------------------------- 1 | # Fail2Ban filter for Squid attempted proxy bypasses 2 | # 3 | # 4 | 5 | [Definition] 6 | 7 | failregex = ^\s+\d\s\s+[A-Z_]+_DENIED/403 .*$ 8 | ^\s+\d\s\s+NONE/405 .*$ 9 | 10 | ignoreregex = 11 | 12 | # Author: Daniel Black 13 | 14 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/config/filter.d/squirrelmail.conf: -------------------------------------------------------------------------------- 1 | 2 | [Definition] 3 | 4 | failregex = ^ \[LOGIN_ERROR\].*from : Unknown user or password incorrect\.$ 5 | 6 | ignoreregex = 7 | 8 | [Init] 9 | 10 | datepattern = ^%%m/%%d/%%Y %%H:%%M:%%S 11 | 12 | # DEV NOTES: 13 | # 14 | # Author: Daniel Black 15 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/config/filter.d/sshd-ddos.conf: -------------------------------------------------------------------------------- 1 | # Fail2Ban ssh filter for at attempted exploit 2 | # 3 | # The regex here also relates to a exploit: 4 | # 5 | # http://www.securityfocus.com/bid/17958/exploit 6 | # The example code here shows the pushing of the exploit straight after 7 | # reading the server version. This is where the client version string normally 8 | # pushed. As such the server will read this unparsible information as 9 | # "Did not receive identification string". 10 | 11 | [INCLUDES] 12 | 13 | # Read common prefixes. If any customizations available -- read them from 14 | # common.local 15 | before = common.conf 16 | 17 | [Definition] 18 | 19 | _daemon = sshd 20 | 21 | failregex = ^%(__prefix_line)sDid not receive identification string from \s*$ 22 | 23 | ignoreregex = 24 | 25 | [Init] 26 | 27 | journalmatch = _SYSTEMD_UNIT=sshd.service + _COMM=sshd 28 | 29 | # Author: Yaroslav Halchenko 30 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/config/filter.d/stunnel.conf: -------------------------------------------------------------------------------- 1 | # Fail2ban filter for stunnel 2 | 3 | [Definition] 4 | 5 | failregex = ^ LOG\d\[\d+:\d+\]:\ SSL_accept from :\d+ : (?P[\dA-F]+): error:(?P=CODE):SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate$ 6 | 7 | ignoreregex = 8 | 9 | # DEV NOTES: 10 | # 11 | # Author: Daniel Black 12 | # 13 | # Based off: http://www.fail2ban.org/wiki/index.php/Fail2ban:Community_Portal#stunnel4 14 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/config/filter.d/suhosin.conf: -------------------------------------------------------------------------------- 1 | # Fail2Ban filter for suhosian PHP hardening 2 | # 3 | # This occurs with lighttpd or directly from the plugin 4 | # 5 | 6 | [INCLUDES] 7 | 8 | # Read common prefixes. If any customizations available -- read them from 9 | # common.local 10 | before = common.conf 11 | 12 | 13 | [Definition] 14 | 15 | _daemon = (?:lighttpd|suhosin) 16 | 17 | 18 | _lighttpd_prefix = (?:\(mod_fastcgi\.c\.\d+\) FastCGI-stderr:\s) 19 | 20 | failregex = ^%(__prefix_line)s%(_lighttpd_prefix)s?ALERT - .* \(attacker '', file '.*'(?:, line \d+)?\)$ 21 | 22 | ignoreregex = 23 | 24 | # DEV Notes: 25 | # 26 | # https://github.com/stefanesser/suhosin/blob/1fba865ab73cc98a3109f88d85eb82c1bfc29b37/log.c#L161 27 | # 28 | # Author: Arturo 'Buanzo' Busleiman 29 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/config/filter.d/tine20.conf: -------------------------------------------------------------------------------- 1 | # Fail2Ban filter for Tine 2.0 authentication 2 | # 3 | # Enable logging with: 4 | # $config['info_log']='/var/log/tine20/tine20.log'; 5 | # 6 | 7 | [Definition] 8 | 9 | failregex = ^[\da-f]{5,} [\da-f]{5,} (-- none --|.*?)( \d+(\.\d+)?(h|m|s|ms)){0,2} - WARN \(\d+\): Tinebase_Controller::login::\d+ Login with username .*? from failed \(-[13]\)!$ 10 | 11 | ignoreregex = 12 | 13 | # Author: Mika (mkl) from Tine20.org forum: https://www.tine20.org/forum/viewtopic.php?f=2&t=15688&p=54766 14 | # Editor: Daniel Black 15 | # Advisor: Lars Kneschke 16 | # 17 | # Usernames can contain spaces. 18 | # 19 | # Authentication: http://git.tine20.org/git?p=tine20;a=blob;f=tine20/Tinebase/Controller.php#l105 20 | # Logger: http://git.tine20.org/git?p=tine20;a=blob;f=tine20/Tinebase/Log/Formatter.php 21 | # formatMicrotimeDiff: http://git.tine20.org/git?p=tine20;a=blob;f=tine20/Tinebase/Helper.php#l276 22 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/config/filter.d/uwimap-auth.conf: -------------------------------------------------------------------------------- 1 | # Fail2Ban filter for uwimap 2 | # 3 | 4 | [INCLUDES] 5 | 6 | before = common.conf 7 | 8 | [Definition] 9 | 10 | _daemon = (?:ipop3d|imapd) 11 | 12 | failregex = ^%(__prefix_line)sLogin (?:failed|excessive login failures|disabled|SYSTEM BREAK-IN ATTEMPT) user=\S* auth=\S* host=.*\[\]\s*$ 13 | ^%(__prefix_line)sFailed .* override of user=.* host=.*\[\]\s*$ 14 | 15 | ignoreregex = 16 | 17 | # Author: Amir Caspi 18 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/config/filter.d/vsftpd.conf: -------------------------------------------------------------------------------- 1 | # Fail2Ban filter for vsftp 2 | # 3 | # Configure VSFTP for "dual_log_enable=YES", and have fail2ban watch 4 | # /var/log/vsftpd.log instead of /var/log/secure. vsftpd.log file shows the 5 | # incoming ip address rather than domain names. 6 | 7 | [INCLUDES] 8 | 9 | before = common.conf 10 | 11 | [Definition] 12 | 13 | __pam_re=\(?%(__pam_auth)s(?:\(\S+\))?\)?:? 14 | _daemon = vsftpd 15 | 16 | failregex = ^%(__prefix_line)s%(__pam_re)s\s+authentication failure; logname=\S* uid=\S* euid=\S* tty=(ftp)? ruser=\S* rhost=(?:\s+user=.*)?\s*$ 17 | ^ \[pid \d+\] \[.+\] FAIL LOGIN: Client ""\s*$ 18 | 19 | ignoreregex = 20 | 21 | # Author: Cyril Jaquier 22 | # Documentation from fail2ban wiki 23 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/config/filter.d/webmin-auth.conf: -------------------------------------------------------------------------------- 1 | # Fail2Ban filter for webmin 2 | # 3 | 4 | [INCLUDES] 5 | 6 | before = common.conf 7 | 8 | [Definition] 9 | 10 | _daemon = webmin 11 | 12 | failregex = ^%(__prefix_line)sNon-existent login as .+ from \s*$ 13 | ^%(__prefix_line)sInvalid login as .+ from \s*$ 14 | 15 | ignoreregex = 16 | 17 | # DEV Notes: 18 | # 19 | # pattern : webmin[15673]: Non-existent login as toto from 86.0.6.217 20 | # webmin[29544]: Invalid login as root from 86.0.6.217 21 | # 22 | # Rule Author: Delvit Guillaume 23 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/config/filter.d/wuftpd.conf: -------------------------------------------------------------------------------- 1 | # Fail2Ban configuration file for wuftpd 2 | # 3 | # 4 | 5 | [INCLUDES] 6 | 7 | # Read common prefixes. If any customizations available -- read them from 8 | # common.local 9 | before = common.conf 10 | 11 | [Definition] 12 | 13 | _daemon = wu-ftpd 14 | __pam_re=\(?%(__pam_auth)s(?:\(wu-ftpd:auth\))?\)?:? 15 | 16 | failregex = ^%(__prefix_line)sfailed login from \S+ \[\]\s*$ 17 | ^%(__prefix_line)s%(__pam_re)s\s+authentication failure; logname=\S* uid=\S* euid=\S* tty=(ftp)? ruser=\S* rhost=(?:\s+user=.*)?\s*$ 18 | 19 | 20 | ignoreregex = 21 | 22 | # Author: Yaroslav Halchenko 23 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/config/filter.d/xinetd-fail.conf: -------------------------------------------------------------------------------- 1 | # Fail2Ban filter for xinetd failures 2 | # 3 | # Cfr.: /var/log/(daemon\.|sys)log 4 | # 5 | # 6 | 7 | [INCLUDES] 8 | 9 | # Read common prefixes. If any customizations available -- read them from 10 | # common.local 11 | before = common.conf 12 | 13 | [Definition] 14 | 15 | _daemon = xinetd 16 | 17 | failregex = ^%(__prefix_line)sFAIL: \S+ address from=$ 18 | ^%(__prefix_line)sFAIL: \S+ libwrap from=$ 19 | 20 | ignoreregex = 21 | 22 | # DEV Notes: 23 | # 24 | # libwrap => tcp wrappers: hosts.(allow|deny) 25 | # address => xinetd: deny_from|only_from 26 | # 27 | # Author: Guido Bozzetto 28 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/config/paths-debian.conf: -------------------------------------------------------------------------------- 1 | # Debian 2 | 3 | [INCLUDES] 4 | 5 | before = paths-common.conf 6 | 7 | after = paths-overrides.local 8 | 9 | 10 | [DEFAULT] 11 | 12 | syslog_mail = /var/log/mail.log 13 | 14 | syslog_mail_warn = /var/log/mail.warn 15 | 16 | syslog_authpriv = /var/log/auth.log 17 | 18 | # syslog_auth = /var/log/auth.log 19 | # 20 | syslog_user = /var/log/user.log 21 | 22 | syslog_ftp = /var/log/syslog 23 | 24 | syslog_daemon = /var/log/daemon.log 25 | 26 | syslog_local0 = /var/log/messages 27 | 28 | 29 | apache_error_log = /var/log/apache2/*error.log 30 | 31 | apache_access_log = /var/log/apache2/*access.log 32 | 33 | exim_main_log = /var/log/exim4/mainlog 34 | 35 | # was in debian squeezy but not in wheezy 36 | # /etc/proftpd/proftpd.conf (SystemLog) 37 | proftpd_log = /var/log/proftpd/proftpd.log 38 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/config/paths-opensuse.conf: -------------------------------------------------------------------------------- 1 | # openSUSE log-file locations 2 | 3 | [INCLUDES] 4 | 5 | before = paths-common.conf 6 | 7 | after = paths-overrides.local 8 | 9 | 10 | [DEFAULT] 11 | 12 | syslog_local0 = /var/log/messages 13 | 14 | syslog_mail = /var/log/mail 15 | 16 | syslog_mail_warn = %(syslog_mail)s 17 | 18 | syslog_authpriv = %(syslog_local0)s 19 | 20 | syslog_user = %(syslog_local0)s 21 | 22 | syslog_ftp = %(syslog_local0)s 23 | 24 | syslog_daemon = %(syslog_local0)s 25 | 26 | apache_error_log = /var/log/apache2/*error_log 27 | 28 | apache_access_log = /var/log/apache2/*access_log 29 | 30 | pureftpd_log = %(syslog_local0)s 31 | 32 | exim_main_log = /var/log/exim/main.log 33 | 34 | mysql_log = /var/log/mysql/mysqld.log 35 | 36 | roundcube_errors_log = /srv/www/roundcubemail/logs/errors 37 | 38 | solidpop3d_log = %(syslog_mail)s 39 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/config/paths-osx.conf: -------------------------------------------------------------------------------- 1 | # OSX 2 | # 3 | 4 | [INCLUDES] 5 | 6 | before = paths-common.conf 7 | 8 | after = paths-overrides.local 9 | 10 | 11 | [DEFAULT] 12 | 13 | syslog_mail = /var/log/mail.log 14 | 15 | syslog_mail_warn = /var/log/mail.warn 16 | 17 | syslog_authpriv = /var/log/secure.log 18 | #syslog_auth = 19 | 20 | #syslog_user = 21 | 22 | #syslog_ftp = 23 | 24 | #syslog_daemon = 25 | 26 | #syslog_local0 = 27 | 28 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/doc/develop.rst: -------------------------------------------------------------------------------- 1 | .. include:: ../DEVELOP 2 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/doc/fail2ban.client.actionreader.rst: -------------------------------------------------------------------------------- 1 | fail2ban.client.actionreader module 2 | =================================== 3 | 4 | .. automodule:: fail2ban.client.actionreader 5 | :members: 6 | :undoc-members: 7 | :show-inheritance: 8 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/doc/fail2ban.client.beautifier.rst: -------------------------------------------------------------------------------- 1 | fail2ban.client.beautifier module 2 | ================================= 3 | 4 | .. automodule:: fail2ban.client.beautifier 5 | :members: 6 | :undoc-members: 7 | :show-inheritance: 8 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/doc/fail2ban.client.configparserinc.rst: -------------------------------------------------------------------------------- 1 | fail2ban.client.configparserinc module 2 | ====================================== 3 | 4 | .. automodule:: fail2ban.client.configparserinc 5 | :members: 6 | :undoc-members: 7 | :show-inheritance: 8 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/doc/fail2ban.client.configreader.rst: -------------------------------------------------------------------------------- 1 | fail2ban.client.configreader module 2 | =================================== 3 | 4 | .. automodule:: fail2ban.client.configreader 5 | :members: 6 | :undoc-members: 7 | :show-inheritance: 8 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/doc/fail2ban.client.configurator.rst: -------------------------------------------------------------------------------- 1 | fail2ban.client.configurator module 2 | =================================== 3 | 4 | .. automodule:: fail2ban.client.configurator 5 | :members: 6 | :undoc-members: 7 | :show-inheritance: 8 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/doc/fail2ban.client.csocket.rst: -------------------------------------------------------------------------------- 1 | fail2ban.client.csocket module 2 | ============================== 3 | 4 | .. automodule:: fail2ban.client.csocket 5 | :members: 6 | :undoc-members: 7 | :show-inheritance: 8 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/doc/fail2ban.client.fail2banreader.rst: -------------------------------------------------------------------------------- 1 | fail2ban.client.fail2banreader module 2 | ===================================== 3 | 4 | .. automodule:: fail2ban.client.fail2banreader 5 | :members: 6 | :undoc-members: 7 | :show-inheritance: 8 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/doc/fail2ban.client.filterreader.rst: -------------------------------------------------------------------------------- 1 | fail2ban.client.filterreader module 2 | =================================== 3 | 4 | .. automodule:: fail2ban.client.filterreader 5 | :members: 6 | :undoc-members: 7 | :show-inheritance: 8 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/doc/fail2ban.client.jailreader.rst: -------------------------------------------------------------------------------- 1 | fail2ban.client.jailreader module 2 | ================================= 3 | 4 | .. automodule:: fail2ban.client.jailreader 5 | :members: 6 | :undoc-members: 7 | :show-inheritance: 8 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/doc/fail2ban.client.jailsreader.rst: -------------------------------------------------------------------------------- 1 | fail2ban.client.jailsreader module 2 | ================================== 3 | 4 | .. automodule:: fail2ban.client.jailsreader 5 | :members: 6 | :undoc-members: 7 | :show-inheritance: 8 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/doc/fail2ban.client.rst: -------------------------------------------------------------------------------- 1 | fail2ban.client package 2 | ======================= 3 | 4 | .. toctree:: 5 | 6 | fail2ban.client.actionreader 7 | fail2ban.client.beautifier 8 | fail2ban.client.configparserinc 9 | fail2ban.client.configreader 10 | fail2ban.client.configurator 11 | fail2ban.client.csocket 12 | fail2ban.client.fail2banreader 13 | fail2ban.client.filterreader 14 | fail2ban.client.jailreader 15 | fail2ban.client.jailsreader 16 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/doc/fail2ban.exceptions.rst: -------------------------------------------------------------------------------- 1 | fail2ban.exceptions module 2 | ========================== 3 | 4 | .. automodule:: fail2ban.exceptions 5 | :members: 6 | :undoc-members: 7 | :show-inheritance: 8 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/doc/fail2ban.helpers.rst: -------------------------------------------------------------------------------- 1 | fail2ban.helpers module 2 | ======================= 3 | 4 | .. automodule:: fail2ban.helpers 5 | :members: 6 | :undoc-members: 7 | :show-inheritance: 8 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/doc/fail2ban.protocol.rst: -------------------------------------------------------------------------------- 1 | fail2ban.protocol module 2 | ======================== 3 | 4 | .. automodule:: fail2ban.protocol 5 | :members: 6 | :undoc-members: 7 | :show-inheritance: 8 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/doc/fail2ban.rst: -------------------------------------------------------------------------------- 1 | fail2ban package 2 | ================ 3 | 4 | .. toctree:: 5 | 6 | fail2ban.client 7 | fail2ban.server 8 | 9 | fail2ban.exceptions 10 | fail2ban.helpers 11 | fail2ban.protocol 12 | fail2ban.version 13 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/doc/fail2ban.server.action.rst: -------------------------------------------------------------------------------- 1 | fail2ban.server.action module 2 | ============================= 3 | 4 | .. automodule:: fail2ban.server.action 5 | :members: 6 | :undoc-members: 7 | :show-inheritance: 8 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/doc/fail2ban.server.actions.rst: -------------------------------------------------------------------------------- 1 | fail2ban.server.actions module 2 | ============================== 3 | 4 | .. automodule:: fail2ban.server.actions 5 | :members: 6 | :undoc-members: 7 | :show-inheritance: 8 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/doc/fail2ban.server.asyncserver.rst: -------------------------------------------------------------------------------- 1 | fail2ban.server.asyncserver module 2 | ================================== 3 | 4 | .. automodule:: fail2ban.server.asyncserver 5 | :members: 6 | :undoc-members: 7 | :show-inheritance: 8 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/doc/fail2ban.server.banmanager.rst: -------------------------------------------------------------------------------- 1 | fail2ban.server.banmanager module 2 | ================================= 3 | 4 | .. automodule:: fail2ban.server.banmanager 5 | :members: 6 | :undoc-members: 7 | :show-inheritance: 8 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/doc/fail2ban.server.database.rst: -------------------------------------------------------------------------------- 1 | fail2ban.server.database module 2 | =============================== 3 | 4 | .. automodule:: fail2ban.server.database 5 | :members: 6 | :undoc-members: 7 | :show-inheritance: 8 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/doc/fail2ban.server.datedetector.rst: -------------------------------------------------------------------------------- 1 | fail2ban.server.datedetector module 2 | =================================== 3 | 4 | .. automodule:: fail2ban.server.datedetector 5 | :members: 6 | :undoc-members: 7 | :show-inheritance: 8 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/doc/fail2ban.server.datetemplate.rst: -------------------------------------------------------------------------------- 1 | fail2ban.server.datetemplate module 2 | =================================== 3 | 4 | .. automodule:: fail2ban.server.datetemplate 5 | :members: 6 | :undoc-members: 7 | :show-inheritance: 8 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/doc/fail2ban.server.faildata.rst: -------------------------------------------------------------------------------- 1 | fail2ban.server.faildata module 2 | =============================== 3 | 4 | .. automodule:: fail2ban.server.faildata 5 | :members: 6 | :undoc-members: 7 | :show-inheritance: 8 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/doc/fail2ban.server.failmanager.rst: -------------------------------------------------------------------------------- 1 | fail2ban.server.failmanager module 2 | ================================== 3 | 4 | .. automodule:: fail2ban.server.failmanager 5 | :members: 6 | :undoc-members: 7 | :show-inheritance: 8 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/doc/fail2ban.server.failregex.rst: -------------------------------------------------------------------------------- 1 | fail2ban.server.failregex module 2 | ================================ 3 | 4 | .. automodule:: fail2ban.server.failregex 5 | :members: 6 | :undoc-members: 7 | :show-inheritance: 8 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/doc/fail2ban.server.filter.rst: -------------------------------------------------------------------------------- 1 | fail2ban.server.filter module 2 | ============================= 3 | 4 | .. automodule:: fail2ban.server.filter 5 | :members: 6 | :undoc-members: 7 | :show-inheritance: 8 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/doc/fail2ban.server.filtergamin.rst: -------------------------------------------------------------------------------- 1 | fail2ban.server.filtergamin module 2 | ================================== 3 | 4 | .. automodule:: fail2ban.server.filtergamin 5 | :members: 6 | :undoc-members: 7 | :show-inheritance: 8 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/doc/fail2ban.server.filterpoll.rst: -------------------------------------------------------------------------------- 1 | fail2ban.server.filterpoll module 2 | ================================= 3 | 4 | .. automodule:: fail2ban.server.filterpoll 5 | :members: 6 | :undoc-members: 7 | :show-inheritance: 8 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/doc/fail2ban.server.filterpyinotify.rst: -------------------------------------------------------------------------------- 1 | fail2ban.server.filterpyinotify module 2 | ====================================== 3 | 4 | .. automodule:: fail2ban.server.filterpyinotify 5 | :members: 6 | :undoc-members: 7 | :show-inheritance: 8 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/doc/fail2ban.server.filtersystemd.rst: -------------------------------------------------------------------------------- 1 | fail2ban.server.filtersystemd module 2 | ==================================== 3 | 4 | .. automodule:: fail2ban.server.filtersystemd 5 | :members: 6 | :undoc-members: 7 | :show-inheritance: 8 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/doc/fail2ban.server.jail.rst: -------------------------------------------------------------------------------- 1 | fail2ban.server.jail module 2 | =========================== 3 | 4 | .. automodule:: fail2ban.server.jail 5 | :members: 6 | :undoc-members: 7 | :show-inheritance: 8 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/doc/fail2ban.server.jails.rst: -------------------------------------------------------------------------------- 1 | fail2ban.server.jails module 2 | ============================ 3 | 4 | .. automodule:: fail2ban.server.jails 5 | :members: 6 | :undoc-members: 7 | :show-inheritance: 8 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/doc/fail2ban.server.jailthread.rst: -------------------------------------------------------------------------------- 1 | fail2ban.server.jailthread module 2 | ================================= 3 | 4 | .. automodule:: fail2ban.server.jailthread 5 | :members: 6 | :undoc-members: 7 | :show-inheritance: 8 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/doc/fail2ban.server.mytime.rst: -------------------------------------------------------------------------------- 1 | fail2ban.server.mytime module 2 | ============================= 3 | 4 | .. automodule:: fail2ban.server.mytime 5 | :members: 6 | :undoc-members: 7 | :show-inheritance: 8 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/doc/fail2ban.server.rst: -------------------------------------------------------------------------------- 1 | fail2ban.server package 2 | ======================= 3 | 4 | .. toctree:: 5 | 6 | fail2ban.server.action 7 | fail2ban.server.actions 8 | fail2ban.server.asyncserver 9 | fail2ban.server.banmanager 10 | fail2ban.server.database 11 | fail2ban.server.datedetector 12 | fail2ban.server.datetemplate 13 | fail2ban.server.faildata 14 | fail2ban.server.failmanager 15 | fail2ban.server.failregex 16 | fail2ban.server.filter 17 | fail2ban.server.filtergamin 18 | fail2ban.server.filterpoll 19 | fail2ban.server.filterpyinotify 20 | fail2ban.server.filtersystemd 21 | fail2ban.server.jail 22 | fail2ban.server.jails 23 | fail2ban.server.jailthread 24 | fail2ban.server.mytime 25 | fail2ban.server.server 26 | fail2ban.server.strptime 27 | fail2ban.server.ticket 28 | fail2ban.server.transmitter 29 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/doc/fail2ban.server.server.rst: -------------------------------------------------------------------------------- 1 | fail2ban.server.server module 2 | ============================= 3 | 4 | .. automodule:: fail2ban.server.server 5 | :members: 6 | :undoc-members: 7 | :show-inheritance: 8 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/doc/fail2ban.server.strptime.rst: -------------------------------------------------------------------------------- 1 | fail2ban.server.strptime module 2 | =============================== 3 | 4 | .. automodule:: fail2ban.server.strptime 5 | :members: 6 | :undoc-members: 7 | :show-inheritance: 8 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/doc/fail2ban.server.ticket.rst: -------------------------------------------------------------------------------- 1 | fail2ban.server.ticket module 2 | ============================= 3 | 4 | .. automodule:: fail2ban.server.ticket 5 | :members: 6 | :undoc-members: 7 | :show-inheritance: 8 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/doc/fail2ban.server.transmitter.rst: -------------------------------------------------------------------------------- 1 | fail2ban.server.transmitter module 2 | ================================== 3 | 4 | .. automodule:: fail2ban.server.transmitter 5 | :members: 6 | :undoc-members: 7 | :show-inheritance: 8 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/doc/fail2ban.version.rst: -------------------------------------------------------------------------------- 1 | fail2ban.version module 2 | ======================= 3 | 4 | .. automodule:: fail2ban.version 5 | :members: 6 | :undoc-members: 7 | :show-inheritance: 8 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/doc/filters.rst: -------------------------------------------------------------------------------- 1 | .. include:: ../FILTERS 2 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/doc/index.rst: -------------------------------------------------------------------------------- 1 | Welcome to Fail2Ban's developers documentation! 2 | =============================================== 3 | 4 | Contents: 5 | 6 | .. toctree:: 7 | :maxdepth: 2 8 | 9 | develop 10 | filters 11 | release 12 | fail2ban 13 | 14 | Indices and tables 15 | ================== 16 | 17 | * :ref:`genindex` 18 | * :ref:`search` 19 | 20 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/doc/release.rst: -------------------------------------------------------------------------------- 1 | .. include:: ../RELEASE 2 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/doc/requirements.txt: -------------------------------------------------------------------------------- 1 | numpydoc 2 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/fail2ban-2to3: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # This script carries out conversion of fail2ban to python3 3 | # A backup of any converted files are created with ".bak" 4 | # extension 5 | 6 | set -eu 7 | 8 | if 2to3 -w --no-diffs bin/* fail2ban;then 9 | echo "Success!" >&2 10 | exit 0 11 | else 12 | echo "Fail!" >&2 13 | exit 1 14 | fi 15 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/fail2ban-testcases-all: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # Simple helper script to exercise unittests using all available 3 | # (under /usr/bin and /usr/local/bin python2.*) 4 | 5 | set -eu 6 | 7 | failed= 8 | for python in /usr/{,local/}bin/python2.[0-9]{,.*}{,-dbg} 9 | do 10 | [ -e "$python" ] || continue 11 | echo "Testing using $python" 12 | $python bin/fail2ban-testcases "$@" || failed+=" $python" 13 | done 14 | 15 | if [ ! -z "$failed" ]; then 16 | echo "E: Failed with $failed" 17 | exit 1 18 | fi 19 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/fail2ban-testcases-all-python3: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # Simple helper script to exercise unittests using all available 3 | # (under /usr/bin and /usr/local/bin python3.*) 4 | 5 | set -eu 6 | 7 | failed= 8 | for python in /usr/{,local/}bin/python3.[0-9]{,.*}{,-dbg} 9 | do 10 | [ -e "$python" ] || continue 11 | echo "Testing using $python" 12 | $python bin/fail2ban-testcases "$@" || failed+=" $python" 13 | done 14 | 15 | if [ ! -z "$failed" ]; then 16 | echo "E: Failed with $failed" 17 | exit 1 18 | fi 19 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/fail2ban.egg-info/PKG-INFO: -------------------------------------------------------------------------------- 1 | Metadata-Version: 1.0 2 | Name: fail2ban 3 | Version: 0.9.4 4 | Summary: Ban IPs that make too many password failures 5 | Home-page: http://www.fail2ban.org 6 | Author: Cyril Jaquier & Fail2Ban Contributors 7 | Author-email: cyril.jaquier@fail2ban.org 8 | License: GPL 9 | Description-Content-Type: UNKNOWN 10 | Description: 11 | Fail2Ban scans log files like /var/log/pwdfail or 12 | /var/log/apache/error_log and bans IP that makes 13 | too many password failures. It updates firewall rules 14 | to reject the IP address or executes user defined 15 | commands. 16 | Platform: Posix 17 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/fail2ban.egg-info/dependency_links.txt: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/fail2ban.egg-info/top_level.txt: -------------------------------------------------------------------------------- 1 | fail2ban 2 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/fail2ban/client/__init__.py: -------------------------------------------------------------------------------- 1 | # emacs: -*- mode: python; py-indent-offset: 4; indent-tabs-mode: t -*- 2 | # vi: set ft=python sts=4 ts=4 sw=4 noet : 3 | 4 | # This file is part of Fail2Ban. 5 | # 6 | # Fail2Ban is free software; you can redistribute it and/or modify 7 | # it under the terms of the GNU General Public License as published by 8 | # the Free Software Foundation; either version 2 of the License, or 9 | # (at your option) any later version. 10 | # 11 | # Fail2Ban is distributed in the hope that it will be useful, 12 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | # GNU General Public License for more details. 15 | # 16 | # You should have received a copy of the GNU General Public License 17 | # along with Fail2Ban; if not, write to the Free Software 18 | # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 19 | 20 | # Author: Cyril Jaquier 21 | # 22 | 23 | __author__ = "Cyril Jaquier" 24 | __copyright__ = "Copyright (c) 2004 Cyril Jaquier" 25 | __license__ = "GPL" 26 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/fail2ban/server/__init__.py: -------------------------------------------------------------------------------- 1 | # emacs: -*- mode: python; py-indent-offset: 4; indent-tabs-mode: t -*- 2 | # vi: set ft=python sts=4 ts=4 sw=4 noet : 3 | 4 | # This file is part of Fail2Ban. 5 | # 6 | # Fail2Ban is free software; you can redistribute it and/or modify 7 | # it under the terms of the GNU General Public License as published by 8 | # the Free Software Foundation; either version 2 of the License, or 9 | # (at your option) any later version. 10 | # 11 | # Fail2Ban is distributed in the hope that it will be useful, 12 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | # GNU General Public License for more details. 15 | # 16 | # You should have received a copy of the GNU General Public License 17 | # along with Fail2Ban; if not, write to the Free Software 18 | # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 19 | 20 | # Author: Cyril Jaquier 21 | # 22 | 23 | __author__ = "Cyril Jaquier" 24 | __copyright__ = "Copyright (c) 2004 Cyril Jaquier" 25 | __license__ = "GPL" 26 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/fail2ban/tests/__init__.py: -------------------------------------------------------------------------------- 1 | # emacs: -*- mode: python; py-indent-offset: 4; indent-tabs-mode: t -*- 2 | # vi: set ft=python sts=4 ts=4 sw=4 noet : 3 | 4 | # This file is part of Fail2Ban. 5 | # 6 | # Fail2Ban is free software; you can redistribute it and/or modify 7 | # it under the terms of the GNU General Public License as published by 8 | # the Free Software Foundation; either version 2 of the License, or 9 | # (at your option) any later version. 10 | # 11 | # Fail2Ban is distributed in the hope that it will be useful, 12 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | # GNU General Public License for more details. 15 | # 16 | # You should have received a copy of the GNU General Public License 17 | # along with Fail2Ban; if not, write to the Free Software 18 | # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 19 | 20 | # Author: Cyril Jaquier 21 | # 22 | 23 | __author__ = "Cyril Jaquier" 24 | __copyright__ = "Copyright (c) 2004 Cyril Jaquier" 25 | __license__ = "GPL" 26 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/fail2ban/tests/action_d/__init__.py: -------------------------------------------------------------------------------- 1 | # emacs: -*- mode: python; py-indent-offset: 4; indent-tabs-mode: t -*- 2 | # vi: set ft=python sts=4 ts=4 sw=4 noet : 3 | 4 | # This file is part of Fail2Ban. 5 | # 6 | # Fail2Ban is free software; you can redistribute it and/or modify 7 | # it under the terms of the GNU General Public License as published by 8 | # the Free Software Foundation; either version 2 of the License, or 9 | # (at your option) any later version. 10 | # 11 | # Fail2Ban is distributed in the hope that it will be useful, 12 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 13 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 | # GNU General Public License for more details. 15 | # 16 | # You should have received a copy of the GNU General Public License 17 | # along with Fail2Ban; if not, write to the Free Software 18 | # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. 19 | 20 | __author__ = "Steven Hiscocks" 21 | __copyright__ = "Copyright (c) 2014 Steven Hiscocks" 22 | __license__ = "GPL" 23 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/fail2ban/tests/config/action.d/brokenaction.conf: -------------------------------------------------------------------------------- 1 | 2 | [Definition] 3 | 4 | actionban = hit with big stick 5 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/fail2ban/tests/config/fail2ban.conf: -------------------------------------------------------------------------------- 1 | [Definition] 2 | 3 | # 3 = INFO 4 | loglevel = 3 5 | 6 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/fail2ban/tests/config/filter.d/simple.conf: -------------------------------------------------------------------------------- 1 | 2 | [Definition] 3 | 4 | failregex = 5 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/fail2ban/tests/config/filter.d/test.conf: -------------------------------------------------------------------------------- 1 | #[INCLUDES] 2 | #before = common.conf 3 | 4 | [Definition] 5 | failregex = failure test 1 (filter.d/test.conf) 6 | 7 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/fail2ban/tests/config/filter.d/test.local: -------------------------------------------------------------------------------- 1 | #[INCLUDES] 2 | #before = common.conf 3 | 4 | [Definition] 5 | failregex = %(known/failregex)s 6 | failure test 2 (filter.d/test.local) 7 | 8 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/fail2ban/tests/config/jail.conf: -------------------------------------------------------------------------------- 1 | 2 | [DEFAULT] 3 | filter = simple 4 | logpath = /non/exist 5 | 6 | [emptyaction] 7 | enabled = true 8 | filter = 9 | action = 10 | 11 | [special] 12 | failregex = 13 | ignoreregex = 14 | ignoreip = 15 | 16 | [test-known-interp] 17 | enabled = true 18 | filter = test 19 | failregex = %(known/failregex)s 20 | failure test 3 (jail.local) 21 | 22 | [missinglogfiles] 23 | enabled = true 24 | logpath = /weapons/of/mass/destruction 25 | 26 | [brokenactiondef] 27 | enabled = true 28 | action = joho[foo 29 | 30 | [brokenaction] 31 | enabled = true 32 | action = brokenaction 33 | 34 | [missingbitsjail] 35 | enabled = true 36 | filter = catchallthebadies 37 | action = thefunkychickendance 38 | 39 | [parse_to_end_of_jail.conf] 40 | enabled = true 41 | action = 42 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/fail2ban/tests/files/action.d/action.py: -------------------------------------------------------------------------------- 1 | 2 | from fail2ban.server.action import ActionBase 3 | 4 | 5 | class TestAction(ActionBase): 6 | 7 | def __init__(self, jail, name, opt1, opt2=None): 8 | super(TestAction, self).__init__(jail, name) 9 | self._logSys.debug("%s initialised" % self.__class__.__name__) 10 | self.opt1 = opt1 11 | self.opt2 = opt2 12 | self._opt3 = "Hello" 13 | 14 | def start(self): 15 | self._logSys.debug("%s action start" % self.__class__.__name__) 16 | 17 | def stop(self): 18 | self._logSys.debug("%s action stop" % self.__class__.__name__) 19 | 20 | def ban(self, aInfo): 21 | self._logSys.debug("%s action ban" % self.__class__.__name__) 22 | 23 | def unban(self, aInfo): 24 | self._logSys.debug("%s action unban" % self.__class__.__name__) 25 | 26 | def testmethod(self, text): 27 | return "%s %s %s" % (self._opt3, text, self.opt1) 28 | 29 | Action = TestAction 30 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/fail2ban/tests/files/action.d/action_checkainfo.py: -------------------------------------------------------------------------------- 1 | 2 | from fail2ban.server.action import ActionBase 3 | 4 | 5 | class TestAction(ActionBase): 6 | 7 | def ban(self, aInfo): 8 | self._logSys.info("ban ainfo %s, %s, %s, %s", 9 | aInfo["ipmatches"] != '', aInfo["ipjailmatches"] != '', aInfo["ipfailures"] > 0, aInfo["ipjailfailures"] > 0 10 | ) 11 | 12 | def unban(self, aInfo): 13 | pass 14 | 15 | Action = TestAction 16 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/fail2ban/tests/files/action.d/action_errors.py: -------------------------------------------------------------------------------- 1 | 2 | from fail2ban.server.action import ActionBase 3 | 4 | 5 | class TestAction(ActionBase): 6 | 7 | def __init__(self, jail, name): 8 | super(TestAction, self).__init__(jail, name) 9 | 10 | def start(self): 11 | raise Exception() 12 | 13 | def stop(self): 14 | raise Exception() 15 | 16 | def ban(self): 17 | raise Exception() 18 | 19 | def unban(self): 20 | raise Exception() 21 | 22 | Action = TestAction 23 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/fail2ban/tests/files/action.d/action_modifyainfo.py: -------------------------------------------------------------------------------- 1 | 2 | from fail2ban.server.action import ActionBase 3 | 4 | 5 | class TestAction(ActionBase): 6 | 7 | def ban(self, aInfo): 8 | del aInfo['ip'] 9 | self._logSys.info("%s ban deleted aInfo IP", self._name) 10 | 11 | def unban(self, aInfo): 12 | del aInfo['ip'] 13 | self._logSys.info("%s unban deleted aInfo IP", self._name) 14 | 15 | Action = TestAction 16 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/fail2ban/tests/files/action.d/action_noAction.py: -------------------------------------------------------------------------------- 1 | 2 | from fail2ban.server.action import ActionBase 3 | 4 | 5 | class TestAction(ActionBase): 6 | pass 7 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/fail2ban/tests/files/action.d/action_nomethod.py: -------------------------------------------------------------------------------- 1 | 2 | class TestAction(): 3 | 4 | def __init__(self, jail, name): 5 | pass 6 | 7 | def start(self): 8 | pass 9 | 10 | Action = TestAction 11 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/fail2ban/tests/files/config/apache-auth/README: -------------------------------------------------------------------------------- 1 | 2 | Apache Auth. 3 | 4 | This directory contains the configuration file of Apache's Web Server to 5 | simulate authentication files. 6 | 7 | These assumed that /var/www/html is the web root and AllowOverides is "All". 8 | 9 | The subdirectories here are copied to the /var/www/html directory. 10 | 11 | Commands executed are in testcases/files/log/apache-auth with their 12 | corresponding failure mechanism. 13 | 14 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/fail2ban/tests/files/config/apache-auth/basic/authz_owner/.htaccess: -------------------------------------------------------------------------------- 1 | AuthType basic 2 | AuthName "private area" 3 | AuthBasicProvider file 4 | AuthUserFile /var/www/html/basic/authz_owner/.htpasswd 5 | Require file-owner 6 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/fail2ban/tests/files/config/apache-auth/basic/authz_owner/.htpasswd: -------------------------------------------------------------------------------- 1 | username:$apr1$1f5oQUl4$21lLXSN7xQOPtNsj5s4Nk/ 2 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/fail2ban/tests/files/config/apache-auth/basic/authz_owner/cant_get_me.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/boldleadsdevelopment/lockdown/b3fa7a61c0f887359f3910d88fe0a573d7c16f38/fail2ban-0.9.4/fail2ban/tests/files/config/apache-auth/basic/authz_owner/cant_get_me.html -------------------------------------------------------------------------------- /fail2ban-0.9.4/fail2ban/tests/files/config/apache-auth/basic/file/.htaccess: -------------------------------------------------------------------------------- 1 | AuthType basic 2 | AuthName "private area" 3 | AuthBasicProvider file 4 | AuthUserFile /var/www/html/basic/file/.htpasswd 5 | Require valid-user 6 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/fail2ban/tests/files/config/apache-auth/basic/file/.htpasswd: -------------------------------------------------------------------------------- 1 | username:$apr1$uUMsOjCQ$.BzXClI/B/vZKddgIAJCR. 2 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/fail2ban/tests/files/config/apache-auth/digest/.htaccess: -------------------------------------------------------------------------------- 1 | AuthType Digest 2 | AuthName "digest private area" 3 | AuthDigestDomain /digest/ 4 | AuthBasicProvider file 5 | AuthUserFile /var/www/html/digest/.htpasswd 6 | Require valid-user 7 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/fail2ban/tests/files/config/apache-auth/digest/.htpasswd: -------------------------------------------------------------------------------- 1 | username:digest private area:fad48d3a7c63f61b5b3567a4105bbb04 2 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/fail2ban/tests/files/config/apache-auth/digest_anon/.htaccess: -------------------------------------------------------------------------------- 1 | AuthType Digest 2 | AuthName "digest anon" 3 | AuthDigestDomain /digest_anon/ 4 | AuthBasicProvider file anon 5 | AuthUserFile /var/www/html/digest_anon/.htpasswd 6 | Anonymous_NoUserID off 7 | Anonymous anonymous 8 | Anonymous_LogEmail on 9 | Require valid-user 10 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/fail2ban/tests/files/config/apache-auth/digest_anon/.htpasswd: -------------------------------------------------------------------------------- 1 | username:digest anon:25e4077a9344ceb1a88f2a62c9fb60d8 2 | 05bbb04 3 | anonymous:digest anon:faa4e5870970cf935bb9674776e6b26a 4 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/fail2ban/tests/files/config/apache-auth/digest_time/.htaccess: -------------------------------------------------------------------------------- 1 | AuthType Digest 2 | AuthName "digest private area" 3 | AuthDigestDomain /digest_time/ 4 | AuthBasicProvider file 5 | AuthUserFile /var/www/html/digest_time/.htpasswd 6 | AuthDigestNonceLifetime 1 7 | Require valid-user 8 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/fail2ban/tests/files/config/apache-auth/digest_time/.htpasswd: -------------------------------------------------------------------------------- 1 | username:digest private area:fad48d3a7c63f61b5b3567a4105bbb04 2 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/fail2ban/tests/files/config/apache-auth/digest_wrongrelm/.htaccess: -------------------------------------------------------------------------------- 1 | AuthType Digest 2 | AuthName "digest private area" 3 | AuthDigestDomain /digest_wrongrelm/ 4 | AuthBasicProvider file 5 | AuthUserFile /var/www/html/digest_wrongrelm/.htpasswd 6 | Require valid-user 7 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/fail2ban/tests/files/config/apache-auth/digest_wrongrelm/.htpasswd: -------------------------------------------------------------------------------- 1 | username:wrongrelm:99cd340e1283c6d0ab34734bd47bdc30 2 | 4105bbb04 3 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/fail2ban/tests/files/config/apache-auth/noentry/.htaccess: -------------------------------------------------------------------------------- 1 | Deny from all 2 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/fail2ban/tests/files/database_v1.db: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/boldleadsdevelopment/lockdown/b3fa7a61c0f887359f3910d88fe0a573d7c16f38/fail2ban-0.9.4/fail2ban/tests/files/database_v1.db -------------------------------------------------------------------------------- /fail2ban-0.9.4/fail2ban/tests/files/filter.d/substition.conf: -------------------------------------------------------------------------------- 1 | 2 | [Definition] 3 | 4 | failregex = to= fromip= 5 | 6 | [Init] 7 | 8 | honeypot = sweet@example.com 9 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/fail2ban/tests/files/ignorecommand.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | import sys 3 | if sys.argv[1] == "10.0.0.1": 4 | exit(0) 5 | exit(1) 6 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/fail2ban/tests/files/logs/3proxy: -------------------------------------------------------------------------------- 1 | # failJSON: { "time": "2013-06-11T02:09:40", "match": true , "host": "1.2.3.4" } 2 | 11-06-2013 02:09:40 +0300 PROXY.3128 00004 - 1.2.3.4:28783 0.0.0.0:0 0 0 0 GET http://www.yandex.ua/?ncrnd=2169807731 HTTP/1.1 3 | # failJSON: { "time": "2013-06-11T02:09:43", "match": true , "host": "1.2.3.4" } 4 | 11-06-2013 02:09:43 +0300 PROXY.3128 00005 ewr 1.2.3.4:28788 0.0.0.0:0 0 0 0 GET http://www.yandex.ua/?ncrnd=2169807731 HTTP/1.1 5 | # failJSON: { "time": "2013-06-13T01:39:34", "match": true , "host": "1.2.3.4" } 6 | 13-06-2013 01:39:34 +0300 PROXY.3128 00508 - 1.2.3.4:28938 0.0.0.0:0 0 0 0 7 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/fail2ban/tests/files/logs/apache-badbots: -------------------------------------------------------------------------------- 1 | # failJSON: { "time": "2007-03-05T14:39:21", "match": true , "host": "1.2.3.4" } 2 | 1.2.3.4 - - [05/Mar/2007:14:39:21 +0100] "POST /123.html/trackback/ HTTP/1.0" 301 459 "http://www.mydomain.tld/123.html/trackback" "TrackBack/1.02" 3 | 4 | # failJSON: { "time": "2007-03-05T14:40:21", "match": true , "host": "1.2.3.4" } 5 | 1.2.3.4 - - [05/Mar/2007:14:40:21 +0100] "GET /123.html/trackback/ HTTP/1.0" 301 459 "http://www.mydomain.tld/123.html/trackback" "TrackBack/1.02" 6 | 7 | # failJSON: { "time": "2007-03-05T14:41:21", "match": true , "host": "1.2.3.4" } 8 | 1.2.3.4 - - [05/Mar/2007:14:41:21 +0100] "HEAD /123.html/trackback/ HTTP/1.0" 301 459 "http://www.mydomain.tld/123.html/trackback" "TrackBack/1.02" 9 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/fail2ban/tests/files/logs/apache-fakegooglebot: -------------------------------------------------------------------------------- 1 | # Apache 2.2 2 | # failJSON: { "time": "2015-01-31T14:29:44", "match": true, "host": "66.249.66.1" } 3 | 66.249.66.1 - - - [31/Jan/2015:14:29:44 ] example.com "GET / HTTP/1.1" 200 814 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" + 293 1149 546 4 | # failJSON: { "time": "2015-01-31T14:29:44", "match": false, "host": "93.184.216.34" } 5 | 93.184.216.34 - - - [31/Jan/2015:14:29:44 ] example.com "GET / HTTP/1.1" 200 814 "-" "NOT A __GOOGLE_BOT__" + 293 1149 546 6 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/fail2ban/tests/files/logs/apache-nohome: -------------------------------------------------------------------------------- 1 | # Apache 2.2 2 | # failJSON: { "time": "2013-06-01T11:23:08", "match": true , "host": "1.2.3.4" } 3 | [Sat Jun 01 11:23:08 2013] [error] [client 1.2.3.4] File does not exist: /xxx/~ 4 | # Apache 2.4 5 | # failJSON: { "time": "2013-06-27T11:55:44", "match": true , "host": "192.0.2.12" } 6 | [Thu Jun 27 11:55:44.569531 2013] [core:info] [pid 4101:tid 2992634688] [client 192.0.2.12:46652] AH00128: File does not exist: /xxx/~ 7 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/fail2ban/tests/files/logs/apache-pass: -------------------------------------------------------------------------------- 1 | # failJSON: { "time": "2013-06-27T11:55:44", "match": true , "host": "192.0.2.12" } 2 | 192.0.2.12 - user1 [27/Jun/2013:11:55:44] "GET /knocking/ HTTP/1.1" 200 266 "http://domain.net/hello-world/" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:40.0) Gecko/20100101 Firefox/40.0" 3 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/fail2ban/tests/files/logs/apache-shellshock: -------------------------------------------------------------------------------- 1 | # failJSON: { "time": "2014-09-25T09:27:18", "match": true , "host": "89.207.132.76" } 2 | [Thu Sep 25 09:27:18.813902 2014] [cgi:error] [pid 16860] [client 89.207.132.76:59635] AH01215: /bin/bash: warning: HTTP_TEST: ignoring function definition attempt 3 | # failJSON: { "time": "2014-09-25T09:29:56", "match": true , "host": "162.247.73.206" } 4 | [Thu Sep 25 09:29:56.141832 2014] [cgi:error] [pid 16864] [client 162.247.73.206:41273] AH01215: /bin/bash: error importing function definition for `HTTP_TEST' 5 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/fail2ban/tests/files/logs/bsd/syslog-plain.txt: -------------------------------------------------------------------------------- 1 | Apr 2 17:52:55 pancake sshd[55657]: Invalid user oracle from 192.0.2.100 2 | Apr 2 17:53:01 pancake sshd[55657]: error: PAM: authentication error for illegal user oracle from example.com 3 | Apr 2 17:53:01 pancake sshd[55657]: Failed keyboard-interactive/pam for invalid user oracle from 192.0.2.100 port 48856 ssh2 4 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/fail2ban/tests/files/logs/bsd/syslog-vv.txt: -------------------------------------------------------------------------------- 1 | Mar 19 23:48:18 pancake sshd[55517]: Invalid user r00t from 183.60.159.20 2 | Mar 19 23:48:20 pancake sshd[55519]: Invalid user r00t from 183.60.159.20 3 | Mar 19 23:50:03 pancake sshd[55604]: Invalid user http from 183.60.159.20 4 | Mar 19 23:50:05 pancake sshd[55606]: Invalid user kylix from 183.60.159.20 5 | Mar 19 23:50:08 pancake sshd[55608]: Invalid user nagios from 183.60.159.20 6 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/fail2ban/tests/files/logs/counter-strike: -------------------------------------------------------------------------------- 1 | # failJSON: { "time": "2014-01-01T01:25:17", "match": true, "host": "31.29.29.89" } 2 | L 01/01/2014 - 01:25:17: Bad Rcon: "rcon 1146003691 "284" sv_contact "HLBrute 1.10"" from "31.29.29.89:57370" 3 | # failJSON: { "time": "2014-01-01T04:17:01", "match": true, "host": "105.158.241.147" } 4 | L 01/01/2014 - 04:17:01: Bad Rcon: "rcon 260639614 "admin" sv_contact "HLBrute 1.10"" from "105.158.241.147:53772" 5 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/fail2ban/tests/files/logs/courier-auth: -------------------------------------------------------------------------------- 1 | # failJSON: { "time": "2005-04-23T21:59:01", "match": true , "host": "1.2.3.4" } 2 | Apr 23 21:59:01 dns2 imapd: LOGIN FAILED, user=sales@example.com, ip=[::ffff:1.2.3.4] 3 | # failJSON: { "time": "2005-04-23T21:59:38", "match": true , "host": "198.51.100.76" } 4 | Apr 23 21:59:38 dns2 pop3d: LOGIN FAILED, user=info@example.com, ip=[::ffff:198.51.100.76] 5 | # failJSON: { "time": "2004-11-13T08:11:53", "match": true , "host": "198.51.100.33" } 6 | Nov 13 08:11:53 server imapd-ssl: LOGIN FAILED, user=user@domain.tld, ip=[::ffff:198.51.100.33] 7 | # failJSON: { "time": "2005-04-17T19:17:11", "match": true , "host": "1.2.3.4" } 8 | Apr 17 19:17:11 SERVER courierpop3login: LOGIN FAILED, user=USER@EXAMPLE.org, ip=[::ffff:1.2.3.4] 9 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/fail2ban/tests/files/logs/directadmin: -------------------------------------------------------------------------------- 1 | # failJSON: { "time": "2014-07-02T00:17:45", "match": true , "host": "3.2.1.4" } 2 | 2014:07:02-00:17:45: '3.2.1.4' 2 failed login attempts. Account 'test' 3 | 4 | # failJSON: { "time": "2014-07-02T13:07:40", "match": true , "host": "40.40.123.231" } 5 | 2014:07:02-13:07:40: '40.40.123.231' 13 failed login attempts. Account 'admin' 6 | 7 | # failJSON: { "time": "2014-07-02T13:07:50", "match": true , "host": "40.40.123.231" } 8 | 2014:07:02-13:07:50: '40.40.123.231' 5 failed login attempt. Invalid account 'user%2Ename' 9 | 10 | # failJSON: { "time": "2014-07-02T13:28:39", "match": false , "host": "12.12.123.231" } 11 | 2014:07:02-13:28:39: '12.12.123.231' successful login to 'nobody' after 1 attempts 12 | 13 | # failJSON: { "time": "2014-07-02T13:29:38", "match": true , "host": "1.2.3.4" } 14 | 2014:07:02-13:29:38: '1.2.3.4' 2 failed login attempts. Account 'user' via 'admin' 15 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/fail2ban/tests/files/logs/drupal-auth: -------------------------------------------------------------------------------- 1 | # failJSON: { "time": "2005-04-26T13:15:25", "match": true , "host": "1.2.3.4" } 2 | Apr 26 13:15:25 webserver example.com: https://example.com|1430068525|user|1.2.3.4|https://example.com/?q=user|https://example.com/?q=user|0||Login attempt failed for drupaladmin. 3 | # failJSON: { "time": "2005-04-26T13:15:25", "match": true , "host": "1.2.3.4" } 4 | Apr 26 13:15:25 webserver example.com: https://example.com/subdir|1430068525|user|1.2.3.4|https://example.com/subdir/user|https://example.com/subdir/user|0||Login attempt failed for drupaladmin. 5 | 6 | # failJSON: { "time": "2005-04-26T13:19:08", "match": false , "host": "1.2.3.4" } 7 | Apr 26 13:19:08 webserver example.com: https://example.com|1430068748|user|1.2.3.4|https://example.com/user|https://example.com/user|1||Session opened for drupaladmin. 8 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/fail2ban/tests/files/logs/ejabberd-auth: -------------------------------------------------------------------------------- 1 | # failJSON: { "match": false } 2 | =INFO REPORT==== 2013-07-14 17:53:40 === 3 | # failJSON: { "match": false } 4 | I(<0.370.0>:ejabberd_listener:281) : (#Port<0.6910>) Accepted connection {{192,0,2,4},12716} -> {{198,51,100,2},5222} 5 | 6 | # failJSON: { "match": false } 7 | =INFO REPORT==== 2013-07-14 17:53:40 === 8 | # failJSON: { "time": "2013-07-14T17:53:40", "match": true , "host": "192.0.2.4" } 9 | I(<0.1440.0>:ejabberd_c2s:813) : ({socket_state,tls,{tlssock,#Port<0.6910>,#Port<0.6912>},<0.1439.0>}) Failed authentication for user@example.com from IP 192.0.2.4 ({{192,0,2,4},12716}) 10 | # failJSON: { "time": "2014-01-07T18:09:08", "match": true , "host": "1.2.3.4" } 11 | 2014-01-07 18:09:08.512 [info] <0.22741.1>@ejabberd_c2s:wait_for_feature_request:662 ({socket_state,p1_tls,{tlssock,#Port<0.24718>,#Port<0.24720>},<0.22740.1>}) Failed authentication for test@example.com from IP 1.2.3.4 12 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/fail2ban/tests/files/logs/froxlor-auth: -------------------------------------------------------------------------------- 1 | # failJSON: { "time": "2005-05-21T00:56:27", "match": true , "host": "1.2.3.4" } 2 | May 21 00:56:27 jomu Froxlor: [Login Action 1.2.3.4] Unknown user 'user' tried to login. 3 | # failJSON: { "time": "2005-05-21T00:57:38", "match": true , "host": "1.2.3.4" } 4 | May 21 00:57:38 jomu Froxlor: [Login Action 1.2.3.4] User 'admin' tried to login with wrong password. 5 | 6 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/fail2ban/tests/files/logs/groupoffice: -------------------------------------------------------------------------------- 1 | # failJSON: { "time": "2014-01-06T10:59:38", "match": true, "host": "127.0.0.1" } 2 | [2014-01-06 10:59:38]LOGIN FAILED for user: "asdsad" from IP: 127.0.0.1 3 | # failJSON: { "time": "2014-01-06T10:59:49", "match": false, "host": "127.0.0.1" } 4 | [2014-01-06 10:59:49]LOGIN SUCCESS for user: "admin" from IP: 127.0.0.1 5 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/fail2ban/tests/files/logs/gssftpd: -------------------------------------------------------------------------------- 1 | # failJSON: { "time": "2005-01-22T18:09:46", "match": true , "host": "198.51.100.23" } 2 | Jan 22 18:09:46 host ftpd[132]: repeated login failures from 198.51.100.23 (example.com) 3 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/fail2ban/tests/files/logs/guacamole: -------------------------------------------------------------------------------- 1 | # failJSON: { "match": false } 2 | apr 15, 2013 8:34:08 PM org.slf4j.impl.JCLLoggerAdapter warn 3 | # failJSON: { "time": "2013-04-15T20:34:08", "match": true , "host": "192.0.2.0" } 4 | WARNING: Authentication attempt from 192.0.2.0 for user "null" failed. 5 | # failJSON: { "match": false } 6 | apr 16, 2013 8:32:13 AM org.slf4j.impl.JCLLoggerAdapter warn 7 | # failJSON: { "time": "2013-04-16T08:32:13", "match": true , "host": "192.0.2.0" } 8 | WARNING: Authentication attempt from 192.0.2.0 for user "null" failed. 9 | # failJSON: { "match": false } 10 | apr 16, 2013 8:32:28 AM org.slf4j.impl.JCLLoggerAdapter warn 11 | # failJSON: { "time": "2013-04-16T08:32:28", "match": true , "host": "192.0.2.0" } 12 | WARNING: Authentication attempt from 192.0.2.0 for user "pippo" failed. 13 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/fail2ban/tests/files/logs/haproxy-http-auth: -------------------------------------------------------------------------------- 1 | # failJSON: { "match": false } 2 | Nov 14 22:45:27 test haproxy[760]: 192.168.33.1:58444 [14/Nov/2015:22:45:25.439] main app/app1 1939/0/1/0/1940 403 5168 - - ---- 3/3/0/0/0 0/0 "GET / HTTP/1.1" 3 | # failJSON: { "time": "2004-11-14T22:45:11", "match": true , "host": "192.168.33.1" } 4 | Nov 14 22:45:11 test haproxy[760]: 192.168.33.1:58430 [14/Nov/2015:22:45:11.608] main main/ -1/-1/-1/-1/0 401 248 - - PR-- 0/0/0/0/0 0/0 "GET / HTTP/1.1" 5 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/fail2ban/tests/files/logs/horde: -------------------------------------------------------------------------------- 1 | # failJSON: { "time": "2004-11-11T18:57:57", "match": true , "host": "203.16.208.190" } 2 | Nov 11 18:57:57 HORDE [error] [horde] FAILED LOGIN for graham [203.16.208.190] to Horde [on line 116 of "/home/ace-hosting/public_html/horde/login.php"] 3 | 4 | # failJSON: { "time": "2004-12-15T08:59:59", "match": true , "host": "1.2.3.4" } 5 | Dec 15 08:59:59 HORDE [error] [imp] FAILED LOGIN for emai.user@somedomain.com [1.2.3.4] to {mx.somedomain.com:993 [imap/ssl/novalidate-cert]} [pid 68394 on line 139 of /usr/local/www/www.somedomain.com/public_html/horde/imp/lib/Auth/imp.php"] 6 | 7 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/fail2ban/tests/files/logs/lighttpd-auth: -------------------------------------------------------------------------------- 1 | #authentification failure (mod_auth) 2 | # failJSON: { "time": "2011-12-25T17:09:20", "match": true , "host": "4.4.4.4" } 3 | 2011-12-25 17:09:20: (http_auth.c.875) password doesn't match for /gitweb/ username: francois, IP: 4.4.4.4 4 | # failJSON: { "time": "2012-09-26T10:24:35", "match": true , "host": "4.4.4.4" } 5 | 2012-09-26 10:24:35: (http_auth.c.1136) digest: auth failed for xxx : wrong password, IP: 4.4.4.4 6 | # failJSON: { "time": "2013-08-25T00:24:55", "match": true , "host": "4.4.4.4" } 7 | 2013-08-25 00:24:55: (http_auth.c.877) get_password failed, IP: 4.4.4.4 8 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/fail2ban/tests/files/logs/monit: -------------------------------------------------------------------------------- 1 | # failJSON: { "time": "2005-04-16T21:05:29", "match": true , "host": "69.93.127.111" } 2 | [PDT Apr 16 21:05:29] error : Warning: Client '69.93.127.111' supplied unknown user 'foo' accessing monit httpd 3 | 4 | # failJSON: { "time": "2005-04-16T20:59:33", "match": true , "host": "97.113.189.111" } 5 | [PDT Apr 16 20:59:33] error : Warning: Client '97.113.189.111' supplied wrong password for user 'admin' accessing monit httpd 6 | 7 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/fail2ban/tests/files/logs/murmur: -------------------------------------------------------------------------------- 1 | # failJSON: { "time": "2015-11-29T16:38:01", "match": true , "host": "192.168.0.1" } 2 | 2015-11-29 16:38:01.818 1 => <4:testUsernameOne(-1)> Rejected connection from 192.168.0.1:29530: Invalid server password 3 | 4 | # failJSON: { "time": "2015-11-29T17:18:20", "match": true , "host": "192.168.1.2" } 5 | 2015-11-29 17:18:20.962 1 => <8:testUsernameTwo(-1)> Rejected connection from 192.168.1.2:29761: Wrong certificate or password for existing user 6 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/fail2ban/tests/files/logs/nagios: -------------------------------------------------------------------------------- 1 | # Access of unauthorized host in /var/log/messages 2 | # failJSON: { "time": "2005-02-03T11:22:44", "match": true , "host": "50.97.225.132" } 3 | Feb 3 11:22:44 valhalla nrpe[63284]: Host 50.97.225.132 is not allowed to talk to us! 4 | 5 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/fail2ban/tests/files/logs/nginx-http-auth: -------------------------------------------------------------------------------- 1 | 2 | # failJSON: { "time": "2012-04-09T11:53:29", "match": true , "host": "192.0.43.10" } 3 | 2012/04/09 11:53:29 [error] 2865#0: *66647 user "xyz" was not found in "/var/www/.htpasswd", client: 192.0.43.10, server: www.myhost.com, request: "GET / HTTP/1.1", host: "www.myhost.com" 4 | # failJSON: { "time": "2012-04-09T11:53:36", "match": true , "host": "192.0.43.10" } 5 | 2012/04/09 11:53:36 [error] 2865#0: *66647 user "xyz": password mismatch, client: 192.0.43.10, server: www.myhost.com, request: "GET / HTTP/1.1", host: "www.myhost.com" 6 | # failJSON: { "time": "2014-04-01T22:20:38", "match": true, "host": "10.0.2.2" } 7 | 2014/04/01 22:20:38 [error] 30708#0: *3 user "scribendio": password mismatch, client: 10.0.2.2, server: , request: "GET / HTTP/1.1", host: "localhost:8443" 8 | # failJSON: { "time": "2014-04-02T12:37:58", "match": true, "host": "10.0.2.2" } 9 | 2014/04/02 12:37:58 [error] 6563#0: *1861 user "scribendio": password mismatch, client: 10.0.2.2, server: scribend.io, request: "GET /admin HTTP/1.1", host: "scribend.io", referrer: "https://scribend.io/admin" 10 | 11 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/fail2ban/tests/files/logs/nginx-limit-req: -------------------------------------------------------------------------------- 1 | 2 | # failJSON: { "time": "2015-10-29T20:01:02", "match": true , "host": "1.2.3.4" } 3 | 2015/10/29 20:01:02 [error] 256554#0: *99927 limiting requests, excess: 1.852 by zone "one", client: 1.2.3.4, server: example.com, request: "POST /index.htm HTTP/1.0", host: "exmaple.com" 4 | 5 | # failJSON: { "time": "2015-10-29T19:24:05", "match": true , "host": "192.0.2.0" } 6 | 2015/10/29 19:24:05 [error] 12684#12684: *22174 limiting requests, excess: 1.495 by zone "one", client: 192.0.2.0, server: example.com, request: "GET /index.php HTTP/1.1", host: "example.com", referrer: "https://example.com" 7 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/fail2ban/tests/files/logs/nsd: -------------------------------------------------------------------------------- 1 | # failJSON: { "time": "2013-12-17T14:58:14", "match": true , "host": "192.0.2.105" } 2 | [1387288694] nsd[7745]: info: ratelimit block example.com. type any target 192.0.2.0/24 query 192.0.2.105 TYPE255 3 | # failJSON: { "time": "2013-12-18T07:42:15", "match": true , "host": "192.0.2.115" } 4 | [1387348935] nsd[23600]: info: axfr for zone domain.nl. from client 192.0.2.115 refused, no acl matches. 5 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/fail2ban/tests/files/logs/openhab: -------------------------------------------------------------------------------- 1 | # should match 2 | # failJSON: { "time": "2015-09-02T00:11:31", "match": true , "host": "175.18.15.10" } 3 | 175.18.15.10 - - [02/sept./2015:00:11:31 +0200] "GET /openhab.app HTTP/1.1" 401 1382 4 | # failJSON: { "time": "2015-09-02T00:11:31", "match": true , "host": "175.18.15.10" } 5 | 175.18.15.10 - - [02/sept./2015:00:11:31 +0200] "GET /rest/bindings HTTP/1.1" 401 1384 6 | 7 | # Should not match 8 | # failJSON: { "match": false } 9 | 175.18.15.11 - - [17/oct./2015:00:35:12 +0200] "GET /openhab.app?sitemap=default&poll=true&__async=true&__source=waHome HTTP/1.1" 200 92 10 | # failJSON: { "match": false } 11 | 175.18.15.11 - - [16/oct./2015:20:29:38 +0200] "GET /rest/sitemaps/default/maison HTTP/1.1" 200 2837 12 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/fail2ban/tests/files/logs/openwebmail: -------------------------------------------------------------------------------- 1 | # failJSON: { "time": "2013-12-28T19:03:53", "match": true , "host": "178.123.108.196" } 2 | Sat Dec 28 19:03:53 2013 - [72926] (178.123.108.196) gsdfg - userinfo error - auth_unix.pl, ret -4, User gsdfg doesn't exist 3 | # failJSON: { "time": "2013-12-28T19:04:03", "match": true , "host": "178.123.108.196" } 4 | Sat Dec 28 19:04:03 2013 - [72926] (178.123.108.196) gsdfg - login error - no such user - loginname=gsdfg 5 | # failJSON: { "time": "2013-12-28T19:05:38", "match": true , "host": "178.123.108.196" } 6 | Sat Dec 28 19:05:38 2013 - [73540] (178.123.108.196) myname - login error - auth_unix.pl, ret -4, Password incorrect 7 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/fail2ban/tests/files/logs/perdition: -------------------------------------------------------------------------------- 1 | # failJSON: { "time": "2005-07-18T16:07:18", "match": true , "host": "192.168.8.100" } 2 | Jul 18 16:07:18 ares perdition.imaps[3194]: Auth: 192.168.8.100:2274->193.48.191.9:993 client-secure=ssl authorisation_id=NONE authentication_id="carles" server="imap.biotoul.fr:993" protocol=IMAP4S server-secure=ssl status="failed: Re-Authentication Failure" 3 | # failJSON: { "time": "2005-07-18T16:08:58", "match": true , "host": "192.168.8.100" } 4 | Jul 18 16:08:58 ares perdition.imaps[3194]: Fatal Error reading authentication information from client 192.168.8.100:2274->193.48.191.9:993: Exiting child 5 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/fail2ban/tests/files/logs/php-url-fopen: -------------------------------------------------------------------------------- 1 | # failJSON: { "time": "2009-03-26T14:44:20", "match": true , "host": "66.185.212.172" } 2 | 66.185.212.172 - - [26/Mar/2009:08:44:20 -0500] "GET /index.php?n=http://eatmyfood.hostinginfive.com/pizza.htm? HTTP/1.1" 200 114 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)" 3 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/fail2ban/tests/files/logs/portsentry: -------------------------------------------------------------------------------- 1 | # failJSON: { "time": "2014-06-27T17:51:19", "match": true , "host": "192.168.56.1" } 2 | 1403884279 - 06/27/2014 17:51:19 Host: 192.168.56.1/192.168.56.1 Port: 1 TCP Blocked 3 | # failJSON: { "time": "2014-06-27T17:51:19", "match": true , "host": "192.168.56.1" } 4 | 1403884279 - 06/27/2014 17:51:19 Host: 192.168.56.1/192.168.56.1 Port: 1 UDP Blocked -------------------------------------------------------------------------------- /fail2ban-0.9.4/fail2ban/tests/files/logs/postfix-rbl: -------------------------------------------------------------------------------- 1 | # failJSON: { "time": "2004-12-30T18:19:15", "match": true , "host": "93.184.216.34" } 2 | Dec 30 18:19:15 xxx postfix/smtpd[1574]: NOQUEUE: reject: RCPT from badguy.example.com[93.184.216.34]: 454 4.7.1 Service unavailable; Client host [93.184.216.34] blocked using rbl.example.com; http://www.example.com/query?ip=93.184.216.34; from= to= proto=ESMTP helo= 3 | 4 | # failJSON: { "time": "2004-12-30T18:19:15", "match": true , "host": "93.184.216.34" } 5 | Dec 30 18:19:15 xxx postfix-incoming/smtpd[1574]: NOQUEUE: reject: RCPT from badguy.example.com[93.184.216.34]: 454 4.7.1 Service unavailable; Client host [93.184.216.34] blocked using rbl.example.com; http://www.example.com/query?ip=93.184.216.34; from= to= proto=ESMTP helo= 6 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/fail2ban/tests/files/logs/pure-ftpd: -------------------------------------------------------------------------------- 1 | # failJSON: { "time": "2005-01-31T16:54:07", "match": true , "host": "24.79.92.194" } 2 | Jan 31 16:54:07 desktop pure-ftpd: (?@24.79.92.194) [WARNING] Authentication failed for user [Administrator] 3 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/fail2ban/tests/files/logs/qmail: -------------------------------------------------------------------------------- 1 | # failJSON: { "time": "2004-09-06T07:33:33", "match": true , "host": "198.51.100.77" } 2 | Sep 6 07:33:33 sd6 qmail: 1157520813.485077 rblsmtpd: 198.51.100.77 pid 19597 sbl-xbl.spamhaus.org: 451 http://www.spamhaus.org/query/bl?ip=198.51.100.77 3 | # failJSON: { "time": "2004-09-06T07:18:29", "match": true , "host": "198.51.100.54" } 4 | Sep 6 07:18:29 sd6 qmail: 1157519909.633171 qmail-smtpd: 421 badiprbl: ip 198.51.100.54 rbl: example.com 5 | 6 | # http://www.tjsi.com/rblsmtpd/faq/ 7 | # failJSON: { "time": "2005-06-30T15:13:33", "match": true , "host": "193.111.120.47" } 8 | Jun 30 15:13:33 ns1 rblsmtpd: relays.ordb.org blocked 193.111.120.47 ordb-test.null.dk - 9 | # failJSON: { "time": "2005-06-30T15:13:55", "match": true , "host": "192.203.178.107" } 10 | Jun 30 15:13:55 ns1 rblsmtpd: relays.osirusoft.com blocked 192.203.178.107 sbl.crynwr.com - 11 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/fail2ban/tests/files/logs/recidive: -------------------------------------------------------------------------------- 1 | # failJSON: { "time": "2006-02-13T15:52:30", "match": true , "host": "1.2.3.4" } 2 | 2006-02-13 15:52:30,388 fail2ban.actions: NOTICE [sendmail] Ban 1.2.3.4 3 | # failJSON: { "time": "2006-02-13T15:52:30", "match": true , "host": "1.2.3.4", "desc": "Extended with [PID]" } 4 | 2006-02-13 15:52:30,388 fail2ban.actions[123]: NOTICE [sendmail] Ban 1.2.3.4 5 | # failJSON: { "match": false } 6 | 2006-02-13 16:07:31,183 fail2ban.actions: NOTICE [sendmail] Unban 1.2.3.4 7 | # failJSON: { "match": false } 8 | 2006-02-13 15:52:30,388 fail2ban.actions: NOTICE [recidive] Ban 1.2.3.4 9 | # syslog example 10 | # failJSON: { "time": "2004-09-16T00:44:55", "match": true , "host": "10.0.0.7" } 11 | Sep 16 00:44:55 spaceman fail2ban.actions: NOTICE [jail] Ban 10.0.0.7 12 | 13 | # failJSON: { "time": "2006-02-13T15:52:30", "match": true , "host": "1.2.3.4", "desc": "Extended with [PID] and padding" } 14 | 2006-02-13 15:52:30,388 fail2ban.actions [123]: NOTICE [sendmail] Ban 1.2.3.4 15 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/fail2ban/tests/files/logs/sendmail-auth: -------------------------------------------------------------------------------- 1 | 2 | # failJSON: { "time": "2005-02-16T23:33:20", "match": true , "host": "190.5.230.178" } 3 | Feb 16 23:33:20 smtp1 sm-mta[5133]: s1GNXHYB005133: [190.5.230.178]: possible SMTP attack: command=AUTH, count=5 4 | 5 | # failJSON: { "time": "2005-02-16T23:40:36", "match": true , "host": "75.176.164.191" } 6 | Feb 16 23:40:36 smtp1 sm-mta[5178]: s1GNeNqe005178: cpe-075-176-164-191.sc.res.rr.com [75.176.164.191]: possible SMTP attack: command=AUTH, count=5 7 | 8 | # failJSON: { "time": "2005-02-24T12:10:15", "match": true , "host": "211.75.6.133" } 9 | Feb 24 12:10:15 kismet sm-acceptingconnections[32053]: s1OHA28u032053: 211-75-6-133.HINET-IP.hinet.net [211.75.6.133]: possible SMTP attack: command=AUTH, count=6 10 | 11 | # failJSON: { "time": "2005-02-24T13:00:17", "match": true , "host": "95.70.241.192" } 12 | Feb 24 13:00:17 kismet sm-acceptingconnections[1499]: s1OHxxSn001499: 192.241.70.95.dsl.static.turk.net [95.70.241.192] (may be forged): possible SMTP attack: command=AUTH, count=6 13 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/fail2ban/tests/files/logs/sieve: -------------------------------------------------------------------------------- 1 | # failJSON: { "time": "2004-12-01T20:36:56", "match": true , "host": "1.2.3.4" } 2 | Dec 1 20:36:56 mail sieve[23713]: badlogin: example.com[1.2.3.4] PLAIN authentication failure 3 | # failJSON: { "time": "2005-07-18T17:21:58", "match": true , "host": "1.2.3.4" } 4 | Jul 18 17:21:58 ophelia cyrus/timsieved[12305]: badlogin: example.com[1.2.3.4] PLAIN authentication failure 5 | # failJSON: { "time": "2004-09-25T22:07:38", "match": true , "host": "1.2.3.4" } 6 | Sep 25 22:07:38 web9 timsieved[21040]: badlogin: web4[1.2.3.4] OTP authentication failure 7 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/fail2ban/tests/files/logs/squid: -------------------------------------------------------------------------------- 1 | # Logs thanks to Roman Gelfand 2 | # 3 | # failJSON: { "time": "2013-12-08T23:55:23.000", "match": true , "host": "91.188.124.227" } 4 | 1386543323.000 4 91.188.124.227 TCP_DENIED/403 4099 GET http://www.proxy-listen.de/azenv.php - HIER_NONE/- text/html 5 | 6 | # failJSON: { "time": "2013-12-08T23:58:20", "match": true , "host": "175.44.0.184" } 7 | 1386543500.000 5 175.44.0.184 NONE/405 3364 CONNECT error:method-not-allowed - HIER_NONE/- text/html 8 | 9 | # failJSON: { "time": "2013-12-09T00:08:04.000", "match": true , "host": "198.74.125.200" } 10 | 1386544084.000 3 198.74.125.200 TCP_DENIED/403 3722 GET http://www2t.biglobe.ne.jp/~take52/test/env.cgi - HIER_NONE/- text/html 11 | 12 | # failJSON: { "time": "2013-12-09T00:09:06.000", "match": true , "host": "175.42.91.151" } 13 | 1386544146.000 1 175.42.91.151 TCP_DENIED/403 3745 GET http://pkfsp.ru/wp-content/uploads/proxyc/engine.php - HIER_NONE/- text/html 14 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/fail2ban/tests/files/logs/squirrelmail: -------------------------------------------------------------------------------- 1 | 2 | # failJSON: { "time": "2013-10-06T15:50:41", "match": true , "host": "151.64.44.11" } 3 | 10/06/2013 15:50:41 [LOGIN_ERROR] dadas (mydomain.org) from 151.64.44.11: Unknown user or password incorrect. 4 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/fail2ban/tests/files/logs/sshd-ddos: -------------------------------------------------------------------------------- 1 | # http://forums.powervps.com/showthread.php?t=1667 2 | # failJSON: { "time": "2005-06-07T01:10:56", "match": true , "host": "69.61.56.114" } 3 | Jun 7 01:10:56 host sshd[5937]: Did not receive identification string from 69.61.56.114 4 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/fail2ban/tests/files/logs/stunnel: -------------------------------------------------------------------------------- 1 | # failJSON: { "time": "2011-11-21T14:29:16", "match": true, "host": "10.7.41.61" } 2 | 2011.11.21 14:29:16 LOG3[28228:140093368055552]: SSL_accept from 10.7.41.61:33454 : 140890C7: error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate 3 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/fail2ban/tests/files/logs/tine20: -------------------------------------------------------------------------------- 1 | # Wrong username (-1) error 2 | # failJSON: { "time": "2014-01-13T06:02:22", "match": true, "host": "127.0.0.1" } 3 | 78017 00cff -- none -- - 2014-01-13T05:02:22+00:00 WARN (4): Tinebase_Controller::login::106 Login with username sdfsadf from 127.0.0.1 failed (-1)! 4 | 5 | # Wrong password (-3) error 6 | # failJSON: { "time": "2014-01-21T05:38:14", "match": true, "host": "127.0.0.1" } 7 | 8e035 ffff3 -- none -- - 2014-01-21T04:38:14+00:00 WARN (4): Tinebase_Controller::login::106 Login with username testuser from 127.0.0.1 failed (-3)! 8 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/fail2ban/tests/files/logs/vsftpd: -------------------------------------------------------------------------------- 1 | #1 PAM based 2 | # failJSON: { "time": "2004-10-11T01:06:47", "match": true , "host": "209.67.1.67" } 3 | Oct 11 01:06:47 ServerJV vsftpd: (pam_unix) authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=209.67.1.67 4 | 5 | # Pam pre 0.99.2.0 - https://github.com/fail2ban/fail2ban/pull/358 6 | # failJSON: { "time": "2005-02-06T12:02:29", "match": false , "host": "64.168.103.1" } 7 | Feb 6 12:02:29 server vsftpd(pam_unix)[15522]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=64.168.103.1 user=user1 8 | 9 | #2 Internal 10 | # failJSON: { "time": "2007-01-19T12:20:33", "match": true , "host": "64.106.46.98" } 11 | Fri Jan 19 12:20:33 2007 [pid 27202] [anonymous] FAIL LOGIN: Client "64.106.46.98" 12 | 13 | # failJSON: { "time": "2004-10-23T21:15:42", "match": true , "host": "58.254.172.161" } 14 | Oct 23 21:15:42 vps vsftpd: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=test rhost=58.254.172.161 15 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/fail2ban/tests/files/logs/webmin-auth: -------------------------------------------------------------------------------- 1 | #Webmin authentication failures from /var/log/auth.log 2 | 3 | #1 User exists, bad password 4 | # failJSON: { "time": "2004-12-13T08:15:18", "match": true , "host": "89.2.49.230" } 5 | Dec 13 08:15:18 sb1 webmin[25875]: Invalid login as root from 89.2.49.230 6 | 7 | #2 User does not exists 8 | # failJSON: { "time": "2004-12-12T23:14:19", "match": true , "host": "188.40.105.142" } 9 | Dec 12 23:14:19 sb1 webmin[22134]: Non-existent login as robert from 188.40.105.142 10 | 11 | # failJSON: { "time": "2004-09-25T10:38:11", "match": true , "host": "14.200.251.155" } 12 | Sep 25 10:38:11 platypus webmin[27249]: Non-existent login as admin@goodeyedeer.com.au from 14.200.251.155 13 | 14 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/fail2ban/tests/files/logs/wuftpd: -------------------------------------------------------------------------------- 1 | # This login line is from syslog 2 | # failJSON: { "time": "2004-10-06T09:59:26", "match": true , "host": "202.108.145.173" } 3 | Oct 6 09:59:26 myserver wu-ftpd[18760]: failed login from hj-145-173-a8.bta.net.cn [202.108.145.173] 4 | # failJSON: { "time": "2004-10-11T16:45:07", "match": true , "host": "198.51.100.71" } 5 | Oct 11 16:45:07 ubuntu wu-ftpd[2360]: failed login from example.com [198.51.100.71] 6 | # failJSON: { "time": "2005-03-22T09:35:02", "match": true , "host": "198.51.100.71" } 7 | Mar 22 09:35:02 SiD wu-ftpd[31278]: pam_unix(wu-ftpd:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=198.51.100.71 user=root 8 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/fail2ban/tests/files/logs/xinetd-fail: -------------------------------------------------------------------------------- 1 | # failJSON: { "time": "2005-05-15T17:38:49", "match": true , "host": "198.51.100.169" } 2 | May 15 17:38:49 boo xinetd[16256]: FAIL: telnet address from=198.51.100.169 3 | # failJSON: { "time": "2005-08-03T14:38:49", "match": true , "host": "198.51.100.223" } 4 | Aug 3 14:38:49 backup xinetd[31234]: FAIL: amanda libwrap from=198.51.100.223 5 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/fail2ban/tests/files/testcase-usedns.log: -------------------------------------------------------------------------------- 1 | Aug 14 11:54:59 i60p295 sshd[12365]: Failed publickey for roehl from example.com port 51332 ssh2 2 | Aug 14 11:58:59 i60p295 sshd[12365]: Failed publickey for roehl from ::ffff:93.184.216.34 port 51332 ssh2 3 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/fail2ban/tests/files/testcase-wrong-char.log: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/boldleadsdevelopment/lockdown/b3fa7a61c0f887359f3910d88fe0a573d7c16f38/fail2ban-0.9.4/fail2ban/tests/files/testcase-wrong-char.log -------------------------------------------------------------------------------- /fail2ban-0.9.4/fail2ban/tests/files/testcase01.log: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/boldleadsdevelopment/lockdown/b3fa7a61c0f887359f3910d88fe0a573d7c16f38/fail2ban-0.9.4/fail2ban/tests/files/testcase01.log -------------------------------------------------------------------------------- /fail2ban-0.9.4/fail2ban/tests/files/testcase04.log: -------------------------------------------------------------------------------- 1 | Sep 21 22:03:07 [sshd] Invalid user toto from 212.41.96.185 2 | 1124012400 [sshd] Invalid user duck from 212.41.96.185 3 | Sep 21 21:03:38 [sshd] Invalid user toto from 212.41.96.185 4 | 1124012500 [sshd] Invalid user duck from 212.41.96.185 5 | Sep 21 21:03:46 [sshd] Invalid user toto from 212.41.96.185 6 | Aug 14 11:58:48 [sshd] Invalid user duck from 212.41.96.185 7 | Aug 14 11:59:58 [sshd] Invalid user toto from 212.41.96.185 8 | Sep 21 21:04:03 [sshd] Invalid user duck from 212.41.96.185 9 | - Last output repeated twice - 10 | 2005/08/14 11:57:00 [sshd] Invalid user toto from 212.41.96.186 11 | 2005/08/14 11:58:00 [sshd] Invalid user duck from 212.41.96.186 12 | 2005/08/14 11:59:00 [sshd] Invalid user toto from 212.41.96.186 13 | 2005/08/14 12:00:00 [sshd] Invalid user duck from 212.41.96.186 14 | - Last output repeated twice - 15 | Sep 21 21:09:01 [sshd] Invalid user toto from 212.41.96.185 16 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/files/fail2ban-logrotate: -------------------------------------------------------------------------------- 1 | # 2 | # Gentoo: 3 | # http://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/net-analyzer/fail2ban/files/fail2ban-logrotate?view=markup 4 | # 5 | # Debian: 6 | # https://github.com/fail2ban/fail2ban/blob/debian/debian/fail2ban.logrotate 7 | 8 | /var/log/fail2ban.log { 9 | missingok 10 | notifempty 11 | postrotate 12 | /usr/bin/fail2ban-client flushlogs >/dev/null || true 13 | endscript 14 | } 15 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/files/fail2ban-tmpfiles.conf: -------------------------------------------------------------------------------- 1 | D /var/run/fail2ban 0755 root root - -------------------------------------------------------------------------------- /fail2ban-0.9.4/files/fail2ban.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=Fail2Ban Service 3 | Documentation=man:fail2ban(1) 4 | After=network.target iptables.service firewalld.service 5 | PartOf=iptables.service firewalld.service 6 | 7 | [Service] 8 | Type=forking 9 | ExecStart=/usr/bin/fail2ban-client -x start 10 | ExecStop=/usr/bin/fail2ban-client stop 11 | ExecReload=/usr/bin/fail2ban-client reload 12 | PIDFile=/var/run/fail2ban/fail2ban.pid 13 | Restart=always 14 | 15 | [Install] 16 | WantedBy=multi-user.target 17 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/files/fail2ban.upstart: -------------------------------------------------------------------------------- 1 | description "fail2ban - ban hosts that cause multiple authentication errors" 2 | 3 | start on filesystem and static-network-up 4 | stop on runlevel [016] 5 | 6 | expect fork 7 | respawn 8 | 9 | env RUNDIR=/var/run/fail2ban 10 | 11 | pre-start script 12 | test -d $RUNDIR || mkdir -p $RUNDIR 13 | test ! -e $RUNDIR/fail2ban.sock || rm -f $RUNDIR/fail2ban.sock 14 | end script 15 | 16 | exec /usr/bin/fail2ban-client -f -x start 17 | 18 | pre-stop exec /usr/bin/fail2ban-client stop 19 | 20 | post-stop exec rm -f $RUNDIR/fail2ban.pid 21 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/files/gentoo-confd: -------------------------------------------------------------------------------- 1 | # Config file for /etc/init.d/fail2ban 2 | # 3 | # For information on options, see "/usr/bin/fail2ban-client -h". 4 | 5 | FAIL2BAN_OPTIONS="" 6 | 7 | # Force execution of the server even if the socket already exists: 8 | #FAIL2BAN_OPTIONS="-x" 9 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/files/logwatch/fail2ban-0.8.log: -------------------------------------------------------------------------------- 1 | 2014-08-04 03:06:26,161 fail2ban.actions[4822]: WARNING [apache-badbots] Ban 37.152.91.34 2 | 2014-08-05 03:06:26,448 fail2ban.actions[4822]: WARNING [apache-badbots] Unban 37.152.91.34 3 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/files/macosx-initd: -------------------------------------------------------------------------------- 1 | /Library/LaunchDaemonsm/org.fail2ban.plist 2 | =================================== 3 | 4 | 5 | 6 | 7 | Disabled 8 | 9 | Label 10 | fail2ban 11 | ProgramArguments 12 | 13 | /usr/local/bin/fail2ban-client 14 | start 15 | 16 | RunAtLoad 17 | 18 | 19 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/files/monit/fail2ban: -------------------------------------------------------------------------------- 1 | check process fail2ban with pidfile /var/run/fail2ban/fail2ban.pid 2 | group services 3 | start program = "/etc/init.d/fail2ban force-start" 4 | stop program = "/etc/init.d/fail2ban stop || :" 5 | if failed unixsocket /var/run/fail2ban/fail2ban.sock then restart 6 | if 5 restarts within 5 cycles then timeout 7 | 8 | check file fail2ban_log with path /var/log/fail2ban.log 9 | if match "ERROR|WARNING" then alert 10 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/kill-server: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | kill `ps ax|grep fail2ban|grep -v grep|awk '{print $1}'` 3 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/man/fail2ban-client.h2m: -------------------------------------------------------------------------------- 1 | Include file for help2man man page 2 | $Id: $ 3 | 4 | [name] 5 | fail2ban-client \- configure and control the server 6 | 7 | [files] 8 | \fI/etc/fail2ban/*\fR 9 | 10 | [see also] 11 | .br 12 | fail2ban-server(1) 13 | jail.conf(5) 14 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/man/fail2ban-regex.h2m: -------------------------------------------------------------------------------- 1 | Include file for help2man man page 2 | $Id: $ 3 | 4 | [name] 5 | fail2ban-regex \- test Fail2ban "failregex" option 6 | 7 | [see also] 8 | .br 9 | fail2ban-client(1) 10 | fail2ban-server(1) 11 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/man/fail2ban-server.h2m: -------------------------------------------------------------------------------- 1 | Include file for help2man man page 2 | $Id: $ 3 | 4 | [name] 5 | fail2ban-server \- start the server 6 | 7 | [see also] 8 | .br 9 | fail2ban-client(1) 10 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/man/fail2ban-testcases.1: -------------------------------------------------------------------------------- 1 | .\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.47.2. 2 | .TH FAIL2BAN-TESTCASES "1" "March 2016" "fail2ban-testcases 0.9.4" "User Commands" 3 | .SH NAME 4 | fail2ban-testcases \- run Fail2Ban unit-tests 5 | .SH SYNOPSIS 6 | .B fail2ban-testcases 7 | [\fI\,OPTIONS\/\fR] [\fI\,regexps\/\fR] 8 | .SH DESCRIPTION 9 | Script to run Fail2Ban tests battery 10 | .SH OPTIONS 11 | .TP 12 | \fB\-\-version\fR 13 | show program's version number and exit 14 | .TP 15 | \fB\-h\fR, \fB\-\-help\fR 16 | show this help message and exit 17 | .TP 18 | \fB\-l\fR LOG_LEVEL, \fB\-\-log\-level\fR=\fI\,LOG_LEVEL\/\fR 19 | Log level for the logger to use during running tests 20 | .TP 21 | \fB\-n\fR, \fB\-\-no\-network\fR 22 | Do not run tests that require the network 23 | .TP 24 | \fB\-t\fR, \fB\-\-log\-traceback\fR 25 | Enrich log\-messages with compressed tracebacks 26 | .TP 27 | \fB\-\-full\-traceback\fR 28 | Either to make the tracebacks full, not compressed (as 29 | by default) 30 | .SH "SEE ALSO" 31 | .br 32 | fail2ban-client(1) 33 | fail2ban-server(1) 34 | fail2ban-regex(1) 35 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/man/fail2ban-testcases.h2m: -------------------------------------------------------------------------------- 1 | Include file for help2man man page 2 | $Id: $ 3 | 4 | [name] 5 | fail2ban-testcases \- run Fail2Ban unit-tests 6 | 7 | [see also] 8 | .br 9 | fail2ban-client(1) 10 | fail2ban-server(1) 11 | fail2ban-regex(1) 12 | -------------------------------------------------------------------------------- /fail2ban-0.9.4/setup.cfg: -------------------------------------------------------------------------------- 1 | [sdist] 2 | formats=bztar 3 | 4 | [bdist_rpm] 5 | release = 1 6 | packager = Yaroslav Halchenko , Daniel Black 7 | doc_files = DEVELOP 8 | README.md 9 | THANKS 10 | doc/run-rootless.txt 11 | -------------------------------------------------------------------------------- /lib/determine_linux_distro: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # Distro determination 3 | determine_distro () { 4 | if [ -f /etc/os-release ] 5 | then 6 | if [[ `cut -d= -f2 /etc/os-release` =~ 'Amazon Linux 2' ]] 7 | then 8 | DISTRO='Amazon Linux 2' 9 | elif [[ `cut -d= -f2 /etc/os-release` =~ 'Amazon Linux' ]] 10 | then 11 | DISTRO='Amazon Linux' 12 | elif [[ `cut -d= -f2 /etc/os-release` =~ 'CentOS' ]] 13 | then 14 | DISTRO='CentOS7' 15 | elif [[ `cut -d= -f2 /etc/os-release` =~ 'Fedora' ]] 16 | then 17 | DISTRO='Fedora' 18 | PACKAGE_MANAGER='dnf' 19 | elif [[ `cut -d= -f2 /etc/os-release` =~ 'RHEL' ]] 20 | then 21 | DISTRO='RHEL' 22 | elif [[ `cut -d= -f2 /etc/os-release` =~ 'Red Hat' ]] 23 | then 24 | DISTRO='RHEL' 25 | elif [[ `cut -d= -f2 /etc/os-release` =~ 'Ubuntu' ]] 26 | then 27 | DISTRO='Ubuntu' 28 | PACKAGE_MANAGER='apt-get' 29 | fi 30 | elif [ -f /etc/system-release ] 31 | then 32 | if [[ `cut -d= -f2 /etc/system-release` =~ 'CentOS' ]] 33 | then 34 | DISTRO='CentOS6' 35 | fi 36 | fi 37 | } 38 | -------------------------------------------------------------------------------- /lib/lockdown_ip_parser: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Just waiting to be finished.. :) 4 | 5 | # Parse target input into pieces 6 | if [ 0 -eq `expr index "$TARGET_INPUT" .` ] 7 | then 8 | if [ 0 < $TARGET_INPUT 9 | && 256 > $TARGET_INPUT ] 10 | then 11 | TARGET="$TARGET_INPUT.0.0.0/8" 12 | TARGET_LIST=$LIST_NETS 13 | fi 14 | elif [[ $TARGET_INPUT =~ ^[1-9][0-9]{0,2}\.[1-9][0-9]{0,2}$ ]] 15 | TARGET="$TARGET_INPUT.0.0/16" 16 | TARGET_LIST=$LIST_NETS 17 | elif [[ $TARGET_INPUT =~ ^([1-9][0-9]{0,2}\.){2}[1-9][0-9]{0,2}$ ]] 18 | TARGET="$TARGET_INPUT.0/24" 19 | TARGET_LIST=$LIST_NETS 20 | elif [[ $TARGET_INPUT =~ ^([1-9][0-9]{0,2}\.){3}[1-9][0-9]{0,2}$ ]] 21 | TARGET="$TARGET_INPUT" 22 | TARGET_LIST=$LIST_IPS 23 | elif [[ $TARGET_INPUT =~ ^([1-9][0-9]{0,2}\.){3}[1-9][0-9]{0,2}\/32$ ]] 24 | TARGET="$TARGET_INPUT" 25 | TARGET_LIST=$LIST_IPS 26 | elif [[ $TARGET_INPUT =~ ^([1-9][0-9]{0,2}\.){3}[1-9][0-9]{0,2}\/[1-9][0-9]?$ ]] 27 | TARGET="$TARGET_INPUT" 28 | TARGET_LIST=$LIST_NETS 29 | fi 30 | 31 | -------------------------------------------------------------------------------- /lists/countries/ad.zone: -------------------------------------------------------------------------------- 1 | 85.94.160.0/19 2 | 91.187.64.0/19 3 | 109.111.96.0/19 4 | 185.4.52.0/22 5 | 185.33.0.0/22 6 | 185.87.36.0/22 7 | 185.87.40.0/22 8 | 185.87.44.0/22 9 | 185.106.124.0/22 10 | 185.121.12.0/22 11 | 194.158.64.0/19 12 | 46.172.224.0/19 13 | -------------------------------------------------------------------------------- /lists/countries/ag.zone: -------------------------------------------------------------------------------- 1 | 69.50.64.0/20 2 | 69.57.224.0/19 3 | 76.76.160.0/19 4 | 162.210.156.0/22 5 | 162.222.84.0/22 6 | 162.252.188.0/22 7 | 192.64.120.0/22 8 | 199.16.56.0/22 9 | 199.48.204.0/22 10 | 199.189.112.0/22 11 | 204.16.112.0/22 12 | 205.217.224.0/19 13 | 206.214.0.0/19 14 | 208.83.80.0/21 15 | 209.59.64.0/18 16 | 216.48.96.0/22 17 | -------------------------------------------------------------------------------- /lists/countries/ai.zone: -------------------------------------------------------------------------------- 1 | 104.193.196.0/22 2 | 104.255.176.0/22 3 | 162.251.108.0/22 4 | 162.254.188.0/22 5 | 192.30.124.0/24 6 | 204.14.248.0/21 7 | 208.66.48.0/21 8 | -------------------------------------------------------------------------------- /lists/countries/ap.zone: -------------------------------------------------------------------------------- 1 | 103.71.56.0/24 2 | 103.248.249.0/24 3 | 202.56.62.0/23 4 | -------------------------------------------------------------------------------- /lists/countries/as.zone: -------------------------------------------------------------------------------- 1 | 103.238.156.0/23 2 | 202.70.112.0/20 3 | -------------------------------------------------------------------------------- /lists/countries/aw.zone: -------------------------------------------------------------------------------- 1 | 138.255.252.0/22 2 | 181.41.0.0/18 3 | 186.189.128.0/18 4 | 190.104.96.0/20 5 | 201.229.0.0/18 6 | 201.229.64.0/18 7 | -------------------------------------------------------------------------------- /lists/countries/ax.zone: -------------------------------------------------------------------------------- 1 | 185.217.4.0/22 2 | -------------------------------------------------------------------------------- /lists/countries/bb.zone: -------------------------------------------------------------------------------- 1 | 23.236.0.0/20 2 | 64.119.192.0/20 3 | 65.48.128.0/17 4 | 69.73.192.0/18 5 | 69.80.0.0/18 6 | 72.22.128.0/19 7 | 72.51.64.0/18 8 | 104.153.128.0/21 9 | 104.200.96.0/20 10 | 104.218.176.0/22 11 | 162.212.12.0/22 12 | 162.220.136.0/21 13 | 162.246.104.0/21 14 | 192.65.160.0/21 15 | 192.171.120.0/21 16 | 192.214.112.0/20 17 | 192.235.48.0/20 18 | 196.1.160.0/20 19 | 196.3.192.0/19 20 | 198.56.56.0/21 21 | 198.245.160.0/24 22 | 198.246.229.0/24 23 | 198.246.230.0/24 24 | 199.7.112.0/21 25 | 199.47.52.0/22 26 | 199.58.152.0/22 27 | 199.254.104.0/21 28 | 200.50.64.0/19 29 | 200.50.128.0/20 30 | 205.214.192.0/19 31 | 216.110.96.0/19 32 | -------------------------------------------------------------------------------- /lists/countries/bf.zone: -------------------------------------------------------------------------------- 1 | 41.78.48.0/22 2 | 41.78.52.0/22 3 | 41.138.96.0/19 4 | 41.203.224.0/20 5 | 41.216.144.0/20 6 | 41.223.232.0/22 7 | 105.235.176.0/20 8 | 129.45.128.0/17 9 | 154.65.60.0/22 10 | 154.66.160.0/20 11 | 160.226.184.0/22 12 | 165.16.208.0/20 13 | 192.136.55.0/24 14 | 192.136.56.0/24 15 | 192.136.57.0/24 16 | 196.13.207.0/24 17 | 196.28.240.0/20 18 | 196.41.71.0/24 19 | 196.43.247.0/24 20 | 196.49.19.0/24 21 | 196.223.47.0/24 22 | 197.239.64.0/18 23 | 212.52.128.0/19 24 | -------------------------------------------------------------------------------- /lists/countries/bh.zone: -------------------------------------------------------------------------------- 1 | 37.131.0.0/17 2 | 46.23.16.0/20 3 | 46.42.64.0/18 4 | 46.184.128.0/17 5 | 46.235.208.0/21 6 | 62.209.0.0/19 7 | 77.69.128.0/17 8 | 77.92.160.0/19 9 | 78.110.64.0/20 10 | 79.171.240.0/21 11 | 80.88.240.0/20 12 | 80.95.208.0/20 13 | 80.241.144.0/20 14 | 81.22.16.0/20 15 | 82.194.32.0/19 16 | 83.136.56.0/21 17 | 84.255.128.0/18 18 | 85.158.128.0/21 19 | 87.236.48.0/21 20 | 87.236.136.0/21 21 | 87.237.192.0/21 22 | 87.252.96.0/19 23 | 88.201.0.0/17 24 | 89.31.192.0/21 25 | 89.148.0.0/18 26 | 93.95.24.0/21 27 | 93.188.192.0/21 28 | 94.76.0.0/18 29 | 94.79.192.0/18 30 | 95.84.64.0/18 31 | 109.63.0.0/17 32 | 109.161.128.0/17 33 | 151.248.96.0/20 34 | 178.132.32.0/20 35 | 185.3.120.0/22 36 | 185.6.104.0/22 37 | 185.7.8.0/22 38 | 185.33.176.0/22 39 | 185.34.228.0/22 40 | 185.36.88.0/22 41 | 185.49.160.0/22 42 | 185.143.124.0/22 43 | 185.156.236.0/22 44 | 185.165.176.0/22 45 | 185.170.12.0/22 46 | 188.116.192.0/18 47 | 188.137.128.0/17 48 | 193.188.96.0/19 49 | 217.17.224.0/20 50 | 217.17.240.0/20 51 | 193.188.12.0/23 52 | 195.82.138.0/23 53 | -------------------------------------------------------------------------------- /lists/countries/bi.zone: -------------------------------------------------------------------------------- 1 | 41.79.44.0/22 2 | 41.79.224.0/22 3 | 154.70.196.0/22 4 | 154.73.40.0/22 5 | 154.73.104.0/22 6 | 154.117.192.0/18 7 | 154.119.0.0/19 8 | 196.2.8.0/21 9 | 196.13.223.0/24 10 | 196.49.3.0/24 11 | 196.223.3.0/24 12 | 196.223.36.0/24 13 | 197.157.192.0/22 14 | 197.231.248.0/22 15 | -------------------------------------------------------------------------------- /lists/countries/bj.zone: -------------------------------------------------------------------------------- 1 | 41.74.0.0/20 2 | 41.79.216.0/22 3 | 41.85.160.0/19 4 | 41.86.224.0/19 5 | 41.138.88.0/22 6 | 41.190.64.0/22 7 | 41.191.84.0/22 8 | 41.216.32.0/19 9 | 41.222.192.0/22 10 | 41.223.248.0/22 11 | 41.242.176.0/20 12 | 45.221.224.0/19 13 | 81.91.224.0/20 14 | 137.255.0.0/16 15 | 154.66.128.0/20 16 | 154.72.112.0/20 17 | 154.127.32.0/20 18 | 160.0.224.0/19 19 | 164.160.140.0/22 20 | 196.46.152.0/22 21 | 196.49.8.0/24 22 | 196.192.16.0/20 23 | 196.223.40.0/24 24 | 196.250.64.0/18 25 | 196.251.152.0/22 26 | 197.234.216.0/21 27 | -------------------------------------------------------------------------------- /lists/countries/bl.zone: -------------------------------------------------------------------------------- 1 | 162.12.217.0/24 2 | 192.131.134.0/24 3 | 206.130.228.0/24 4 | -------------------------------------------------------------------------------- /lists/countries/bm.zone: -------------------------------------------------------------------------------- 1 | 64.37.32.0/20 2 | 64.147.80.0/20 3 | 66.55.112.0/20 4 | 66.97.172.0/23 5 | 69.17.192.0/19 6 | 74.114.240.0/22 7 | 76.8.32.0/20 8 | 104.218.168.0/21 9 | 142.54.192.0/21 10 | 162.219.233.0/24 11 | 162.221.212.0/22 12 | 162.255.216.0/21 13 | 192.40.84.0/22 14 | 192.156.199.0/24 15 | 192.219.29.0/24 16 | 196.1.107.0/24 17 | 196.12.64.0/18 18 | 198.182.170.0/24 19 | 198.186.235.0/24 20 | 198.187.171.0/24 21 | 198.207.16.0/21 22 | 199.15.228.0/22 23 | 199.27.70.0/23 24 | 199.68.192.0/22 25 | 199.87.170.0/23 26 | 199.96.64.0/22 27 | 199.193.228.0/22 28 | 200.1.160.0/24 29 | 200.10.165.0/24 30 | 200.10.166.0/24 31 | 204.13.24.0/21 32 | 205.211.8.0/23 33 | 206.53.176.0/20 34 | 206.188.128.0/19 35 | 207.2.96.0/21 36 | 207.228.128.0/18 37 | 208.75.200.0/22 38 | 208.82.164.0/22 39 | 208.89.228.0/22 40 | 209.240.32.0/20 41 | 216.249.32.0/20 42 | 185.214.132.0/22 43 | 185.216.72.0/22 44 | -------------------------------------------------------------------------------- /lists/countries/bn.zone: -------------------------------------------------------------------------------- 1 | 43.225.40.0/22 2 | 43.225.136.0/22 3 | 43.251.128.0/22 4 | 45.126.140.0/22 5 | 61.6.192.0/18 6 | 103.4.188.0/22 7 | 103.12.208.0/23 8 | 103.16.120.0/22 9 | 103.17.24.0/22 10 | 103.18.172.0/22 11 | 103.20.24.0/22 12 | 103.42.208.0/22 13 | 103.224.96.0/22 14 | 103.230.64.0/22 15 | 118.103.248.0/21 16 | 119.160.128.0/18 17 | 156.31.0.0/16 18 | 158.161.0.0/16 19 | 192.94.122.0/24 20 | 202.12.26.0/24 21 | 202.59.230.0/24 22 | 202.90.36.0/24 23 | 202.93.208.0/20 24 | 202.152.64.0/19 25 | 202.160.0.0/21 26 | 202.160.8.0/21 27 | 202.160.16.0/20 28 | 202.160.32.0/20 29 | -------------------------------------------------------------------------------- /lists/countries/bq.zone: -------------------------------------------------------------------------------- 1 | 138.185.208.0/22 2 | 143.0.32.0/22 3 | 161.0.80.0/20 4 | 186.159.96.0/20 5 | 190.4.64.0/20 6 | 190.97.112.0/21 7 | 190.107.248.0/21 8 | 190.123.16.0/22 9 | 200.6.144.0/21 10 | 200.71.248.0/21 11 | 200.107.84.0/22 12 | -------------------------------------------------------------------------------- /lists/countries/bs.zone: -------------------------------------------------------------------------------- 1 | 103.65.220.0/22 2 | 103.225.116.0/22 3 | 24.51.64.0/18 4 | 24.206.0.0/19 5 | 24.231.32.0/19 6 | 24.244.128.0/18 7 | 64.66.0.0/20 8 | 64.150.192.0/18 9 | 65.75.64.0/18 10 | 66.85.2.0/24 11 | 66.226.160.0/19 12 | 69.4.160.0/20 13 | 104.166.32.0/20 14 | 108.60.224.0/19 15 | 192.231.36.0/24 16 | 199.102.188.0/22 17 | 204.236.64.0/18 18 | 208.87.32.0/21 19 | 216.137.0.0/20 20 | -------------------------------------------------------------------------------- /lists/countries/bt.zone: -------------------------------------------------------------------------------- 1 | 43.229.124.0/22 2 | 43.230.208.0/24 3 | 43.241.136.0/22 4 | 45.64.248.0/22 5 | 103.7.252.0/22 6 | 103.29.224.0/22 7 | 103.78.111.0/24 8 | 103.78.116.0/23 9 | 103.80.108.0/22 10 | 103.197.176.0/22 11 | 103.245.240.0/22 12 | 103.252.84.0/24 13 | 118.103.136.0/21 14 | 119.2.96.0/19 15 | 202.89.24.0/21 16 | 202.144.128.0/19 17 | 220.158.236.0/22 18 | -------------------------------------------------------------------------------- /lists/countries/bw.zone: -------------------------------------------------------------------------------- 1 | 41.74.48.0/20 2 | 41.75.0.0/20 3 | 41.76.240.0/21 4 | 41.77.88.0/21 5 | 41.78.92.0/22 6 | 41.79.32.0/22 7 | 41.79.136.0/22 8 | 41.87.160.0/19 9 | 41.138.72.0/21 10 | 41.190.244.0/22 11 | 41.191.64.0/22 12 | 41.191.216.0/22 13 | 41.216.208.0/21 14 | 41.223.72.0/22 15 | 41.223.140.0/22 16 | 41.223.192.0/22 17 | 83.143.24.0/21 18 | 105.235.240.0/20 19 | 129.205.192.0/18 20 | 154.0.16.0/21 21 | 154.70.144.0/21 22 | 154.73.36.0/22 23 | 154.73.84.0/22 24 | 156.38.4.0/22 25 | 156.38.16.0/20 26 | 168.167.0.0/16 27 | 169.255.80.0/22 28 | 196.2.2.0/24 29 | 196.43.216.0/24 30 | 196.45.164.0/22 31 | 196.49.24.0/24 32 | 196.60.4.0/24 33 | 196.61.208.0/21 34 | 196.216.163.0/24 35 | 197.231.192.0/22 36 | 197.234.208.0/21 37 | -------------------------------------------------------------------------------- /lists/countries/cd.zone: -------------------------------------------------------------------------------- 1 | 41.77.220.0/22 2 | 41.78.192.0/22 3 | 41.78.196.0/22 4 | 41.79.232.0/22 5 | 41.189.192.0/19 6 | 41.190.80.0/22 7 | 41.190.232.0/22 8 | 41.215.252.0/22 9 | 41.222.196.0/22 10 | 41.222.216.0/22 11 | 41.223.104.0/22 12 | 41.242.84.0/22 13 | 41.242.128.0/22 14 | 41.243.0.0/16 15 | 45.221.4.0/22 16 | 154.72.52.0/22 17 | 154.73.20.0/22 18 | 164.160.48.0/22 19 | 169.159.208.0/20 20 | 169.239.72.0/22 21 | 169.239.156.0/22 22 | 169.239.212.0/22 23 | 169.255.64.0/22 24 | 169.255.188.0/22 25 | 169.255.204.0/22 26 | 193.110.104.0/23 27 | 196.1.137.0/24 28 | 196.13.110.0/24 29 | 196.41.67.0/24 30 | 196.46.112.0/22 31 | 196.49.36.0/24 32 | 196.61.72.0/22 33 | 196.200.192.0/20 34 | 196.216.216.0/23 35 | 196.223.28.0/24 36 | 197.149.184.0/22 37 | 197.157.208.0/22 38 | 197.189.0.0/17 39 | 197.215.220.0/22 40 | 197.231.252.0/22 41 | -------------------------------------------------------------------------------- /lists/countries/cf.zone: -------------------------------------------------------------------------------- 1 | 41.78.120.0/22 2 | 41.223.184.0/22 3 | 169.239.96.0/22 4 | 196.32.200.0/21 5 | 196.216.160.0/24 6 | 197.242.176.0/21 7 | -------------------------------------------------------------------------------- /lists/countries/cg.zone: -------------------------------------------------------------------------------- 1 | 41.75.64.0/20 2 | 41.76.136.0/21 3 | 41.190.72.0/22 4 | 41.223.88.0/22 5 | 41.223.188.0/22 6 | 154.73.116.0/22 7 | 164.160.16.0/22 8 | 164.160.156.0/22 9 | 169.255.72.0/22 10 | 169.255.120.0/22 11 | 196.43.240.0/24 12 | 196.223.32.0/24 13 | 197.149.136.0/22 14 | 197.157.252.0/22 15 | 197.214.128.0/17 16 | 197.255.176.0/20 17 | -------------------------------------------------------------------------------- /lists/countries/ci.zone: -------------------------------------------------------------------------------- 1 | 41.66.0.0/18 2 | 41.189.32.0/19 3 | 41.191.68.0/22 4 | 41.202.64.0/19 5 | 41.202.96.0/19 6 | 41.202.128.0/19 7 | 41.206.64.0/19 8 | 41.207.0.0/19 9 | 41.207.192.0/19 10 | 45.220.50.0/23 11 | 45.221.28.0/22 12 | 102.181.224.0/19 13 | 105.235.0.0/17 14 | 154.0.24.0/21 15 | 154.68.0.0/18 16 | 154.73.100.0/22 17 | 154.232.0.0/14 18 | 160.120.0.0/16 19 | 160.154.0.0/15 20 | 164.160.32.0/22 21 | 164.160.40.0/22 22 | 169.239.64.0/22 23 | 193.221.218.0/24 24 | 196.10.122.0/23 25 | 196.41.75.0/24 26 | 196.47.128.0/18 27 | 196.49.0.0/24 28 | 196.180.0.0/14 29 | 196.201.64.0/19 30 | 196.216.226.0/23 31 | 196.223.4.0/24 32 | 197.159.192.0/19 33 | 213.136.96.0/19 34 | -------------------------------------------------------------------------------- /lists/countries/ck.zone: -------------------------------------------------------------------------------- 1 | 202.65.32.0/19 2 | -------------------------------------------------------------------------------- /lists/countries/cm.zone: -------------------------------------------------------------------------------- 1 | 41.67.192.0/18 2 | 41.77.80.0/21 3 | 41.77.208.0/21 4 | 41.78.204.0/22 5 | 41.79.128.0/22 6 | 41.92.128.0/17 7 | 41.190.224.0/22 8 | 41.191.100.0/22 9 | 41.202.192.0/19 10 | 41.204.64.0/19 11 | 41.205.0.0/19 12 | 41.205.64.0/19 13 | 41.211.96.0/19 14 | 41.216.232.0/22 15 | 41.217.128.0/19 16 | 41.223.28.0/22 17 | 41.223.92.0/22 18 | 41.242.32.0/21 19 | 41.244.0.0/16 20 | 102.244.0.0/14 21 | 129.0.0.0/16 22 | 154.70.96.0/19 23 | 154.72.128.0/18 24 | 154.73.200.0/21 25 | 154.126.128.0/19 26 | 154.126.160.0/19 27 | 155.12.192.0/19 28 | 160.19.236.0/22 29 | 165.73.144.0/20 30 | 165.210.0.0/15 31 | 169.239.40.0/22 32 | 169.255.4.0/22 33 | 195.24.192.0/19 34 | 196.3.90.0/24 35 | 196.10.100.0/24 36 | 196.49.38.0/24 37 | 196.60.6.0/24 38 | 196.202.232.0/21 39 | 196.216.212.0/24 40 | 197.159.0.0/19 41 | -------------------------------------------------------------------------------- /lists/countries/cu.zone: -------------------------------------------------------------------------------- 1 | 152.206.0.0/15 2 | 169.158.0.0/16 3 | 181.225.224.0/19 4 | 190.6.64.0/20 5 | 190.6.80.0/20 6 | 190.15.144.0/20 7 | 190.92.112.0/20 8 | 190.107.0.0/20 9 | 196.1.112.0/24 10 | 196.1.135.0/24 11 | 196.3.152.0/24 12 | 200.0.16.0/24 13 | 200.0.24.0/22 14 | 200.5.12.0/22 15 | 200.13.144.0/21 16 | 200.14.48.0/21 17 | 200.55.128.0/19 18 | 200.55.160.0/20 19 | 200.55.176.0/20 20 | 201.220.192.0/20 21 | 201.220.208.0/20 22 | -------------------------------------------------------------------------------- /lists/countries/cv.zone: -------------------------------------------------------------------------------- 1 | 41.74.128.0/20 2 | 41.79.124.0/22 3 | 41.215.208.0/20 4 | 41.221.192.0/20 5 | 165.90.96.0/19 6 | 169.239.12.0/22 7 | 197.255.128.0/20 8 | 213.150.192.0/21 9 | -------------------------------------------------------------------------------- /lists/countries/cw.zone: -------------------------------------------------------------------------------- 1 | 131.72.112.0/22 2 | 131.221.144.0/22 3 | 138.99.212.0/22 4 | 138.219.140.0/22 5 | 161.0.96.0/20 6 | 161.22.48.0/21 7 | 170.245.0.0/22 8 | 186.2.176.0/20 9 | 186.148.216.0/21 10 | 186.190.232.0/22 11 | 186.190.240.0/20 12 | 190.2.128.0/19 13 | 190.2.160.0/19 14 | 190.4.128.0/19 15 | 190.4.160.0/19 16 | 190.13.120.0/21 17 | 190.88.0.0/18 18 | 190.88.64.0/18 19 | 190.88.128.0/17 20 | 190.105.192.0/22 21 | 190.112.224.0/20 22 | 190.112.240.0/20 23 | 190.121.208.0/20 24 | 190.121.240.0/20 25 | 190.123.20.0/22 26 | 190.185.0.0/18 27 | 196.3.16.0/20 28 | 200.0.20.0/23 29 | 200.6.56.0/21 30 | 200.7.184.0/21 31 | 200.16.92.0/24 32 | 200.16.93.0/24 33 | 200.26.192.0/20 34 | 200.26.208.0/20 35 | 200.61.253.0/24 36 | 200.115.179.0/24 37 | 200.124.128.0/20 38 | 200.124.144.0/20 39 | 201.131.43.0/24 40 | 216.152.160.0/20 41 | -------------------------------------------------------------------------------- /lists/countries/dj.zone: -------------------------------------------------------------------------------- 1 | 41.189.224.0/19 2 | 196.49.10.0/24 3 | 196.201.192.0/20 4 | 196.223.38.0/24 5 | 197.241.0.0/17 6 | 217.78.64.0/20 7 | -------------------------------------------------------------------------------- /lists/countries/dm.zone: -------------------------------------------------------------------------------- 1 | 69.12.108.0/22 2 | 104.153.248.0/22 3 | 104.245.204.0/22 4 | 162.213.168.0/22 5 | 162.253.100.0/22 6 | 192.243.48.0/20 7 | 198.101.28.0/22 8 | 199.127.196.0/22 9 | 206.53.141.0/24 10 | -------------------------------------------------------------------------------- /lists/countries/dz.zone: -------------------------------------------------------------------------------- 1 | 41.77.176.0/21 2 | 41.96.0.0/12 3 | 41.191.252.0/22 4 | 41.200.0.0/15 5 | 41.210.64.0/18 6 | 41.220.144.0/20 7 | 41.221.16.0/20 8 | 41.223.176.0/22 9 | 41.223.236.0/22 10 | 80.88.12.0/22 11 | 80.246.0.0/20 12 | 80.249.64.0/20 13 | 105.96.0.0/12 14 | 105.235.128.0/20 15 | 129.45.0.0/17 16 | 154.73.92.0/22 17 | 154.121.0.0/16 18 | 154.127.96.0/20 19 | 154.240.0.0/12 20 | 168.253.96.0/20 21 | 169.239.56.0/22 22 | 192.52.232.0/24 23 | 192.245.148.0/24 24 | 193.41.146.0/23 25 | 193.194.64.0/19 26 | 195.24.80.0/21 27 | 195.39.218.0/23 28 | 196.11.75.0/24 29 | 196.20.64.0/18 30 | 196.29.40.0/22 31 | 196.32.16.0/20 32 | 196.41.224.0/19 33 | 196.46.248.0/21 34 | 197.112.0.0/13 35 | 197.140.0.0/14 36 | 197.200.0.0/13 37 | 213.179.160.0/19 38 | -------------------------------------------------------------------------------- /lists/countries/er.zone: -------------------------------------------------------------------------------- 1 | 196.200.96.0/20 2 | -------------------------------------------------------------------------------- /lists/countries/et.zone: -------------------------------------------------------------------------------- 1 | 164.160.184.0/22 2 | 196.188.0.0/14 3 | 197.154.0.0/16 4 | 197.156.64.0/18 5 | 213.55.64.0/18 6 | -------------------------------------------------------------------------------- /lists/countries/fj.zone: -------------------------------------------------------------------------------- 1 | 27.123.128.0/18 2 | 43.245.56.0/22 3 | 45.112.224.0/22 4 | 45.117.240.0/22 5 | 45.117.244.0/22 6 | 103.1.180.0/22 7 | 103.52.88.0/22 8 | 103.58.20.0/22 9 | 103.71.204.0/24 10 | 103.76.157.0/24 11 | 103.77.225.0/24 12 | 103.244.228.0/22 13 | 110.35.88.0/21 14 | 113.20.64.0/19 15 | 119.235.64.0/19 16 | 119.235.96.0/21 17 | 124.108.24.0/21 18 | 144.120.0.0/16 19 | 183.81.128.0/20 20 | 202.62.0.0/21 21 | 202.62.118.0/23 22 | 202.62.120.0/22 23 | 202.62.124.0/22 24 | 202.129.228.0/22 25 | 202.137.176.0/21 26 | 202.151.16.0/20 27 | 202.170.32.0/20 28 | 203.83.251.0/24 29 | 203.119.51.0/24 30 | 203.202.235.0/24 31 | 210.7.0.0/19 32 | -------------------------------------------------------------------------------- /lists/countries/fm.zone: -------------------------------------------------------------------------------- 1 | 43.248.156.0/22 2 | 103.39.252.0/22 3 | 119.252.112.0/20 4 | 124.109.8.0/21 5 | -------------------------------------------------------------------------------- /lists/countries/fo.zone: -------------------------------------------------------------------------------- 1 | 46.227.112.0/21 2 | 80.77.128.0/20 3 | 81.18.224.0/20 4 | 81.25.176.0/20 5 | 88.85.32.0/19 6 | 178.19.192.0/20 7 | 185.74.208.0/22 8 | 185.88.228.0/22 9 | 185.171.172.0/22 10 | 193.34.104.0/22 11 | 212.55.32.0/19 12 | 217.172.80.0/20 13 | -------------------------------------------------------------------------------- /lists/countries/ga.zone: -------------------------------------------------------------------------------- 1 | 41.72.224.0/19 2 | 41.76.120.0/21 3 | 41.77.120.0/21 4 | 41.78.96.0/22 5 | 41.78.152.0/22 6 | 41.78.240.0/22 7 | 41.158.0.0/15 8 | 41.211.128.0/18 9 | 41.223.168.0/22 10 | 154.0.32.0/19 11 | 154.0.176.0/20 12 | 154.66.232.0/21 13 | 154.112.0.0/16 14 | 154.116.0.0/17 15 | 154.118.248.0/22 16 | 154.119.192.0/19 17 | 160.119.104.0/22 18 | 160.119.160.0/19 19 | 169.159.0.0/18 20 | 169.239.148.0/22 21 | 169.255.148.0/22 22 | 192.188.164.0/22 23 | 192.189.139.0/24 24 | 192.189.140.0/24 25 | 196.46.156.0/22 26 | 196.49.17.0/24 27 | 196.50.32.0/19 28 | 196.223.39.0/24 29 | 197.231.64.0/18 30 | 197.231.136.0/21 31 | 197.242.0.0/19 32 | 197.255.248.0/22 33 | 217.77.64.0/20 34 | -------------------------------------------------------------------------------- /lists/countries/gd.zone: -------------------------------------------------------------------------------- 1 | 74.117.84.0/22 2 | 74.122.88.0/21 3 | 104.245.48.0/22 4 | 104.245.92.0/22 5 | 162.245.152.0/22 6 | 196.3.73.0/24 7 | 199.83.192.0/21 8 | 199.85.236.0/22 9 | 206.126.244.0/24 10 | -------------------------------------------------------------------------------- /lists/countries/gf.zone: -------------------------------------------------------------------------------- 1 | 128.201.88.0/22 2 | 161.22.64.0/18 3 | 170.233.72.0/22 4 | 186.2.244.0/22 5 | 200.13.136.0/21 6 | -------------------------------------------------------------------------------- /lists/countries/gg.zone: -------------------------------------------------------------------------------- 1 | 46.235.128.0/21 2 | 62.68.160.0/19 3 | 93.95.16.0/21 4 | 185.40.140.0/24 5 | 185.104.200.0/22 6 | 185.110.36.0/22 7 | 83.143.168.0/21 8 | -------------------------------------------------------------------------------- /lists/countries/gi.zone: -------------------------------------------------------------------------------- 1 | 5.150.152.0/22 2 | 85.115.128.0/19 3 | 85.159.120.0/21 4 | 91.109.248.0/21 5 | 93.191.192.0/21 6 | 94.190.196.0/22 7 | 95.131.184.0/21 8 | 178.208.192.0/19 9 | 185.9.212.0/22 10 | 185.16.80.0/22 11 | 185.74.72.0/22 12 | 185.75.80.0/22 13 | 185.82.48.0/22 14 | 185.83.148.0/22 15 | 185.94.76.0/22 16 | 185.104.220.0/22 17 | 185.120.96.0/22 18 | 185.144.156.0/22 19 | 185.192.4.0/22 20 | 195.166.192.0/19 21 | 195.244.192.0/19 22 | 212.22.224.0/19 23 | 212.120.224.0/19 24 | 217.65.48.0/20 25 | 217.147.112.0/20 26 | 91.198.166.0/24 27 | 91.199.56.0/24 28 | 193.105.57.0/24 29 | 193.169.30.0/23 30 | 195.34.78.0/23 31 | -------------------------------------------------------------------------------- /lists/countries/gl.zone: -------------------------------------------------------------------------------- 1 | 46.16.16.0/21 2 | 88.83.0.0/19 3 | 185.18.188.0/22 4 | 185.21.228.0/22 5 | 185.57.160.0/22 6 | 185.93.20.0/22 7 | 185.157.200.0/22 8 | 185.195.236.0/22 9 | 194.177.224.0/19 10 | -------------------------------------------------------------------------------- /lists/countries/gm.zone: -------------------------------------------------------------------------------- 1 | 41.76.8.0/21 2 | 41.223.212.0/22 3 | 146.196.128.0/17 4 | 155.251.0.0/16 5 | 160.182.0.0/15 6 | 196.46.232.0/21 7 | 196.49.1.0/24 8 | 196.223.34.0/24 9 | 196.223.144.0/21 10 | 197.148.72.0/21 11 | 197.231.128.0/21 12 | 197.231.204.0/22 13 | 197.242.128.0/20 14 | 197.255.192.0/20 15 | 212.60.64.0/19 16 | -------------------------------------------------------------------------------- /lists/countries/gn.zone: -------------------------------------------------------------------------------- 1 | 41.77.184.0/21 2 | 41.79.200.0/22 3 | 41.79.236.0/22 4 | 41.191.220.0/22 5 | 41.223.48.0/22 6 | 41.242.88.0/22 7 | 45.220.52.0/22 8 | 154.66.84.0/22 9 | 196.41.90.0/24 10 | 196.49.40.0/24 11 | 196.60.38.0/24 12 | 197.149.192.0/18 13 | -------------------------------------------------------------------------------- /lists/countries/gp.zone: -------------------------------------------------------------------------------- 1 | 104.250.0.0/19 2 | 107.191.208.0/20 3 | 199.91.160.0/22 4 | 208.72.228.0/22 5 | 208.79.96.0/22 6 | 208.94.168.0/22 7 | 193.218.114.0/24 8 | -------------------------------------------------------------------------------- /lists/countries/gq.zone: -------------------------------------------------------------------------------- 1 | 41.79.48.0/22 2 | 41.222.112.0/21 3 | 105.235.224.0/20 4 | 154.73.56.0/22 5 | 164.160.84.0/22 6 | 169.239.112.0/22 7 | 196.251.240.0/22 8 | 197.149.168.0/22 9 | 197.214.64.0/20 10 | -------------------------------------------------------------------------------- /lists/countries/gu.zone: -------------------------------------------------------------------------------- 1 | 43.240.88.0/22 2 | 43.247.60.0/22 3 | 49.128.104.0/22 4 | 101.99.128.0/17 5 | 103.3.240.0/22 6 | 103.7.100.0/22 7 | 103.17.112.0/22 8 | 103.212.24.0/22 9 | 114.142.192.0/19 10 | 114.142.224.0/19 11 | 116.68.0.0/20 12 | 116.68.16.0/20 13 | 117.20.120.0/21 14 | 121.55.192.0/18 15 | 139.5.136.0/22 16 | 182.173.192.0/18 17 | 202.20.112.0/24 18 | 202.22.176.0/20 19 | 202.47.144.0/20 20 | 202.123.128.0/19 21 | 202.128.0.0/19 22 | 202.128.64.0/19 23 | 202.131.160.0/19 24 | 202.151.64.0/19 25 | 203.95.8.0/21 26 | 203.215.52.0/22 27 | 168.123.0.0/16 28 | 192.149.202.0/24 29 | -------------------------------------------------------------------------------- /lists/countries/gw.zone: -------------------------------------------------------------------------------- 1 | 154.73.60.0/22 2 | 196.22.12.0/22 3 | 197.214.80.0/20 4 | -------------------------------------------------------------------------------- /lists/countries/gy.zone: -------------------------------------------------------------------------------- 1 | 138.94.248.0/22 2 | 168.232.144.0/22 3 | 181.41.64.0/18 4 | 181.177.216.0/22 5 | 190.80.0.0/18 6 | 190.80.64.0/18 7 | 190.93.36.0/22 8 | 190.105.156.0/22 9 | 190.108.196.0/22 10 | 190.108.200.0/21 11 | 190.108.208.0/21 12 | 190.124.220.0/22 13 | -------------------------------------------------------------------------------- /lists/countries/ht.zone: -------------------------------------------------------------------------------- 1 | 148.102.128.0/17 2 | 161.0.128.0/19 3 | 168.197.100.0/22 4 | 170.80.248.0/22 5 | 170.83.192.0/22 6 | 170.239.12.0/22 7 | 186.1.192.0/20 8 | 186.190.0.0/17 9 | 190.102.64.0/19 10 | 190.105.172.0/22 11 | 190.115.128.0/18 12 | 190.120.192.0/20 13 | 190.120.208.0/20 14 | 190.196.192.0/20 15 | 200.0.18.0/24 16 | 200.2.128.0/20 17 | 200.2.144.0/20 18 | 200.4.160.0/20 19 | 200.4.176.0/20 20 | 200.80.96.0/20 21 | 200.80.112.0/20 22 | 200.113.192.0/19 23 | 200.113.224.0/19 24 | 200.115.182.0/23 25 | 201.131.77.0/24 26 | 201.150.104.0/22 27 | -------------------------------------------------------------------------------- /lists/countries/im.zone: -------------------------------------------------------------------------------- 1 | 5.62.80.0/20 2 | 78.24.208.0/21 3 | 79.170.32.0/21 4 | 94.125.56.0/21 5 | 109.202.112.0/21 6 | 185.16.0.0/22 7 | 185.20.92.0/22 8 | 185.28.72.0/22 9 | 185.31.220.0/22 10 | 185.48.76.0/22 11 | 185.60.88.0/22 12 | 185.74.56.0/22 13 | 185.147.32.0/22 14 | 185.180.168.0/22 15 | 91.223.161.0/24 16 | 193.105.74.0/24 17 | 194.54.172.0/22 18 | -------------------------------------------------------------------------------- /lists/countries/io.zone: -------------------------------------------------------------------------------- 1 | 202.44.112.0/22 2 | 203.83.48.0/21 3 | -------------------------------------------------------------------------------- /lists/countries/je.zone: -------------------------------------------------------------------------------- 1 | 31.186.112.0/21 2 | 37.156.38.0/23 3 | 77.73.184.0/21 4 | 81.20.176.0/20 5 | 82.112.128.0/19 6 | 87.244.64.0/18 7 | 92.62.208.0/20 8 | 93.191.200.0/22 9 | 185.3.52.0/22 10 | 185.26.152.0/22 11 | 185.87.8.0/22 12 | 209.251.252.0/23 13 | 212.9.0.0/19 14 | 213.133.192.0/19 15 | -------------------------------------------------------------------------------- /lists/countries/jm.zone: -------------------------------------------------------------------------------- 1 | 63.143.64.0/18 2 | 65.183.0.0/20 3 | 66.54.112.0/20 4 | 66.212.52.0/22 5 | 66.249.144.0/20 6 | 67.213.144.0/20 7 | 69.160.96.0/19 8 | 72.27.0.0/17 9 | 72.27.128.0/18 10 | 72.27.192.0/19 11 | 74.116.56.0/22 12 | 96.43.160.0/19 13 | 104.152.236.0/22 14 | 104.244.224.0/21 15 | 142.0.224.0/20 16 | 162.216.160.0/21 17 | 162.246.0.0/22 18 | 173.225.240.0/20 19 | 184.170.0.0/18 20 | 192.131.32.0/21 21 | 196.1.136.0/24 22 | 196.1.138.0/23 23 | 196.2.0.0/24 24 | 196.2.1.0/24 25 | 196.3.0.0/21 26 | 196.3.95.0/24 27 | 196.3.104.0/24 28 | 196.3.153.0/24 29 | 196.3.184.0/21 30 | 196.32.0.0/21 31 | 198.58.0.0/23 32 | 199.73.60.0/22 33 | 199.115.28.0/23 34 | 199.195.220.0/22 35 | 200.9.115.0/24 36 | 200.10.152.0/24 37 | 206.41.107.0/24 38 | 207.204.64.0/18 39 | 208.131.160.0/19 40 | 208.138.16.0/20 41 | 208.138.32.0/20 42 | 208.163.32.0/19 43 | 209.236.0.0/18 44 | 216.10.208.0/20 45 | -------------------------------------------------------------------------------- /lists/countries/ki.zone: -------------------------------------------------------------------------------- 1 | 103.25.140.0/22 2 | 103.73.80.0/23 3 | 103.250.0.0/22 4 | 202.6.120.0/22 5 | 202.58.248.0/22 6 | -------------------------------------------------------------------------------- /lists/countries/km.zone: -------------------------------------------------------------------------------- 1 | 164.160.136.0/22 2 | 197.255.224.0/20 3 | -------------------------------------------------------------------------------- /lists/countries/kn.zone: -------------------------------------------------------------------------------- 1 | 198.167.192.0/19 2 | 199.21.164.0/22 3 | 204.16.8.0/22 4 | 204.19.200.0/22 5 | 208.70.92.0/22 6 | 208.81.160.0/22 7 | 208.87.144.0/22 8 | -------------------------------------------------------------------------------- /lists/countries/kp.zone: -------------------------------------------------------------------------------- 1 | 175.45.176.0/22 2 | -------------------------------------------------------------------------------- /lists/countries/ky.zone: -------------------------------------------------------------------------------- 1 | 23.188.0.0/24 2 | 63.136.112.0/21 3 | 64.96.0.0/15 4 | 74.117.112.0/21 5 | 74.117.216.0/21 6 | 74.222.64.0/19 7 | 162.211.136.0/22 8 | 162.247.220.0/22 9 | 162.249.128.0/21 10 | 173.225.208.0/20 11 | 192.0.4.0/22 12 | 192.160.250.0/24 13 | 199.201.84.0/22 14 | 208.82.216.0/22 15 | 208.157.144.0/21 16 | 208.168.224.0/19 17 | 209.27.52.0/22 18 | 209.27.60.0/22 19 | 216.144.80.0/20 20 | -------------------------------------------------------------------------------- /lists/countries/la.zone: -------------------------------------------------------------------------------- 1 | 43.224.36.0/22 2 | 43.228.84.0/22 3 | 43.252.244.0/22 4 | 101.78.8.0/21 5 | 103.1.28.0/22 6 | 103.1.232.0/22 7 | 103.13.88.0/22 8 | 103.43.76.0/22 9 | 103.59.52.0/22 10 | 103.67.20.0/22 11 | 103.82.56.0/22 12 | 103.95.24.0/22 13 | 103.205.16.0/22 14 | 103.228.252.0/22 15 | 103.232.80.0/22 16 | 103.240.240.0/22 17 | 103.245.164.0/22 18 | 103.249.156.0/22 19 | 114.129.24.0/21 20 | 115.84.64.0/18 21 | 139.5.156.0/22 22 | 157.119.180.0/22 23 | 180.131.148.0/22 24 | 183.182.96.0/19 25 | 202.9.76.0/23 26 | 202.62.96.0/20 27 | 202.123.176.0/21 28 | 202.136.240.0/21 29 | 202.137.128.0/19 30 | 202.144.184.0/21 31 | 203.76.252.0/22 32 | 203.110.64.0/20 33 | -------------------------------------------------------------------------------- /lists/countries/lc.zone: -------------------------------------------------------------------------------- 1 | 24.92.144.0/20 2 | 66.212.62.0/23 3 | 104.218.216.0/22 4 | 104.255.252.0/22 5 | 162.212.208.0/23 6 | 162.245.76.0/22 7 | 192.58.142.0/23 8 | 192.147.231.0/24 9 | 199.38.192.0/21 10 | 199.192.226.0/23 11 | 205.166.35.0/24 12 | 206.126.120.0/21 13 | 207.191.248.0/21 14 | 208.94.176.0/21 15 | -------------------------------------------------------------------------------- /lists/countries/li.zone: -------------------------------------------------------------------------------- 1 | 5.34.248.0/21 2 | 31.10.16.0/20 3 | 80.66.224.0/20 4 | 80.72.48.0/20 5 | 80.241.112.0/20 6 | 80.248.192.0/20 7 | 82.117.0.0/19 8 | 85.31.152.0/21 9 | 88.82.96.0/19 10 | 89.248.144.0/20 11 | 149.255.176.0/21 12 | 178.250.56.0/21 13 | 185.27.64.0/22 14 | 185.34.148.0/22 15 | 185.44.156.0/22 16 | 185.70.80.0/22 17 | 185.73.156.0/22 18 | 185.77.44.0/22 19 | 185.77.52.0/22 20 | 185.101.8.0/22 21 | 185.101.48.0/22 22 | 185.112.48.0/22 23 | 185.117.164.0/22 24 | 185.157.132.0/22 25 | 185.172.92.0/22 26 | 185.174.32.0/22 27 | 195.225.200.0/22 28 | 212.77.32.0/19 29 | 217.173.224.0/20 30 | 81.161.56.0/23 31 | 91.207.130.0/23 32 | 91.232.229.0/24 33 | 193.17.79.0/24 34 | 193.202.240.0/20 35 | 193.222.112.0/20 36 | 193.238.204.0/22 37 | 194.147.68.0/23 38 | 194.147.196.0/22 39 | 194.147.200.0/21 40 | 194.153.157.160/27 41 | 195.5.104.0/23 42 | 195.234.0.0/23 43 | 195.242.248.0/22 44 | 195.245.218.0/24 45 | 195.254.128.0/23 46 | 213.108.31.0/24 47 | -------------------------------------------------------------------------------- /lists/countries/lr.zone: -------------------------------------------------------------------------------- 1 | 41.57.80.0/20 2 | 41.86.0.0/19 3 | 41.191.104.0/22 4 | 102.183.0.0/16 5 | 164.160.8.0/22 6 | 168.253.0.0/19 7 | 196.49.16.0/24 8 | 196.223.44.0/24 9 | 196.250.176.0/20 10 | 197.215.216.0/22 11 | 197.231.152.0/21 12 | 197.231.220.0/22 13 | -------------------------------------------------------------------------------- /lists/countries/ls.zone: -------------------------------------------------------------------------------- 1 | 41.76.16.0/21 2 | 41.191.200.0/21 3 | 41.203.176.0/20 4 | 64.57.112.0/20 5 | 129.232.0.0/17 6 | 154.66.108.0/22 7 | 196.4.255.0/24 8 | 196.11.175.0/24 9 | 196.43.249.0/24 10 | 196.202.240.0/21 11 | 196.223.24.0/24 12 | 197.155.192.0/20 13 | 197.157.200.0/22 14 | 197.189.128.0/18 15 | 197.220.128.0/19 16 | 197.231.32.0/19 17 | 197.254.128.0/18 18 | -------------------------------------------------------------------------------- /lists/countries/ly.zone: -------------------------------------------------------------------------------- 1 | 41.74.64.0/20 2 | 41.208.64.0/18 3 | 41.242.12.0/22 4 | 41.242.16.0/20 5 | 41.252.0.0/14 6 | 62.68.32.0/19 7 | 62.240.32.0/19 8 | 154.73.28.0/22 9 | 154.73.52.0/22 10 | 154.73.108.0/22 11 | 154.73.128.0/21 12 | 154.127.64.0/20 13 | 156.38.32.0/19 14 | 164.160.144.0/22 15 | 165.16.0.0/17 16 | 169.239.92.0/22 17 | 169.239.116.0/22 18 | 169.255.108.0/22 19 | 169.255.156.0/22 20 | 197.215.128.0/19 21 | 197.231.228.0/22 22 | 197.234.248.0/22 23 | 5.63.0.0/21 24 | 185.10.240.0/22 25 | -------------------------------------------------------------------------------- /lists/countries/ma.zone: -------------------------------------------------------------------------------- 1 | 41.77.112.0/21 2 | 41.87.128.0/19 3 | 41.92.0.0/17 4 | 41.137.0.0/16 5 | 41.140.0.0/14 6 | 41.205.192.0/19 7 | 41.214.128.0/17 8 | 41.216.224.0/22 9 | 41.248.0.0/14 10 | 45.216.0.0/14 11 | 62.251.128.0/17 12 | 80.250.32.0/20 13 | 81.192.0.0/16 14 | 105.64.0.0/12 15 | 105.128.0.0/11 16 | 105.188.0.0/14 17 | 154.70.200.0/21 18 | 154.144.0.0/13 19 | 160.77.0.0/16 20 | 160.89.0.0/16 21 | 160.90.0.0/16 22 | 160.105.0.0/16 23 | 160.160.0.0/12 24 | 160.176.0.0/14 25 | 169.255.176.0/22 26 | 193.188.7.0/24 27 | 193.194.1.0/24 28 | 193.194.2.0/24 29 | 193.194.3.0/24 30 | 193.194.4.0/24 31 | 193.194.5.0/24 32 | 193.194.32.0/19 33 | 194.6.224.0/24 34 | 194.204.192.0/18 35 | 196.2.80.0/20 36 | 196.12.192.0/18 37 | 196.13.108.0/24 38 | 196.32.216.0/21 39 | 196.43.236.0/24 40 | 196.61.232.0/21 41 | 196.64.0.0/11 42 | 196.112.0.0/12 43 | 196.200.128.0/18 44 | 196.200.240.0/20 45 | 196.206.0.0/16 46 | 196.217.0.0/16 47 | 196.223.176.0/20 48 | 197.128.0.0/14 49 | 197.144.0.0/14 50 | 197.153.0.0/16 51 | 197.230.0.0/16 52 | 197.247.0.0/16 53 | 197.253.128.0/17 54 | 212.217.0.0/17 55 | -------------------------------------------------------------------------------- /lists/countries/mc.zone: -------------------------------------------------------------------------------- 1 | 80.94.96.0/20 2 | 82.113.0.0/19 3 | 87.238.104.0/21 4 | 87.254.224.0/19 5 | 88.209.64.0/18 6 | 185.162.120.0/22 7 | 195.78.0.0/19 8 | 213.137.128.0/19 9 | 91.199.109.0/24 10 | 194.9.12.0/23 11 | 195.20.192.0/23 12 | -------------------------------------------------------------------------------- /lists/countries/me.zone: -------------------------------------------------------------------------------- 1 | 31.204.192.0/18 2 | 37.0.64.0/21 3 | 37.122.160.0/19 4 | 37.221.176.0/21 5 | 46.33.192.0/19 6 | 46.161.64.0/18 7 | 62.4.32.0/19 8 | 77.222.0.0/19 9 | 78.155.32.0/19 10 | 79.140.144.0/20 11 | 79.143.96.0/20 12 | 85.94.96.0/19 13 | 89.188.32.0/19 14 | 89.207.192.0/21 15 | 94.102.224.0/20 16 | 95.155.0.0/18 17 | 109.72.96.0/20 18 | 109.228.64.0/18 19 | 178.175.0.0/17 20 | 185.12.40.0/22 21 | 185.38.184.0/22 22 | 185.40.188.0/22 23 | 185.64.0.0/22 24 | 185.68.48.0/22 25 | 185.80.96.0/22 26 | 185.132.160.0/22 27 | 185.147.200.0/22 28 | 185.163.224.0/22 29 | 185.179.52.0/22 30 | 185.179.92.0/22 31 | 185.214.172.0/22 32 | 195.66.160.0/19 33 | 213.133.0.0/19 34 | 213.149.96.0/19 35 | 213.163.96.0/19 36 | 91.217.138.0/24 37 | 91.220.187.0/24 38 | 185.1.44.0/24 39 | 195.140.164.0/22 40 | 195.242.169.0/24 41 | -------------------------------------------------------------------------------- /lists/countries/mf.zone: -------------------------------------------------------------------------------- 1 | 74.112.232.0/21 2 | 74.116.92.0/22 3 | 158.222.40.0/23 4 | 192.96.136.0/23 5 | 192.139.192.0/24 6 | 199.101.188.0/22 7 | 208.78.48.0/21 8 | 208.91.192.0/22 9 | -------------------------------------------------------------------------------- /lists/countries/mg.zone: -------------------------------------------------------------------------------- 1 | 41.63.128.0/19 2 | 41.74.16.0/20 3 | 41.74.208.0/20 4 | 41.77.16.0/21 5 | 41.188.0.0/18 6 | 41.190.236.0/22 7 | 41.204.96.0/19 8 | 41.207.32.0/19 9 | 41.242.96.0/20 10 | 154.120.128.0/18 11 | 154.126.0.0/17 12 | 196.43.214.0/24 13 | 196.49.13.0/24 14 | 196.192.32.0/20 15 | 196.223.41.0/24 16 | 197.148.128.0/18 17 | 197.149.0.0/18 18 | 197.158.64.0/18 19 | 197.159.144.0/20 20 | 197.215.192.0/20 21 | -------------------------------------------------------------------------------- /lists/countries/mh.zone: -------------------------------------------------------------------------------- 1 | 103.202.148.0/22 2 | 117.103.88.0/21 3 | 203.78.152.0/22 4 | -------------------------------------------------------------------------------- /lists/countries/ml.zone: -------------------------------------------------------------------------------- 1 | 41.73.96.0/19 2 | 41.203.192.0/20 3 | 41.221.176.0/20 4 | 154.70.192.0/22 5 | 154.118.128.0/18 6 | 165.90.208.0/20 7 | 169.239.100.0/22 8 | 196.10.216.0/21 9 | 196.32.112.0/20 10 | 196.50.16.0/22 11 | 196.200.48.0/20 12 | 196.200.80.0/20 13 | 196.251.156.0/22 14 | 197.155.128.0/18 15 | 217.64.96.0/20 16 | 217.170.144.0/20 17 | -------------------------------------------------------------------------------- /lists/countries/mo.zone: -------------------------------------------------------------------------------- 1 | 27.109.128.0/17 2 | 43.247.24.0/22 3 | 45.64.20.0/22 4 | 45.123.200.0/22 5 | 60.246.0.0/16 6 | 103.96.60.0/22 7 | 103.192.44.0/22 8 | 103.233.188.0/22 9 | 103.237.100.0/22 10 | 103.237.124.0/22 11 | 113.52.64.0/18 12 | 116.193.8.0/21 13 | 122.100.128.0/18 14 | 122.100.192.0/19 15 | 122.100.224.0/19 16 | 125.31.0.0/18 17 | 161.64.0.0/16 18 | 163.53.244.0/22 19 | 180.94.128.0/18 20 | 182.93.0.0/18 21 | 192.203.232.0/24 22 | 202.75.248.0/22 23 | 202.86.128.0/18 24 | 202.171.252.0/22 25 | 202.174.0.0/22 26 | 202.175.0.0/22 27 | 202.175.4.0/22 28 | 202.175.8.0/21 29 | 202.175.16.0/20 30 | 202.175.32.0/19 31 | 202.175.64.0/19 32 | 202.175.96.0/19 33 | 202.175.160.0/19 34 | -------------------------------------------------------------------------------- /lists/countries/mp.zone: -------------------------------------------------------------------------------- 1 | 45.117.196.0/22 2 | 103.1.96.0/22 3 | 103.57.232.0/22 4 | 202.88.64.0/20 5 | 202.88.80.0/20 6 | 210.23.80.0/20 7 | -------------------------------------------------------------------------------- /lists/countries/mq.zone: -------------------------------------------------------------------------------- 1 | 104.245.112.0/21 2 | 94.124.216.0/21 3 | 109.203.224.0/19 4 | 185.60.232.0/22 5 | -------------------------------------------------------------------------------- /lists/countries/mr.zone: -------------------------------------------------------------------------------- 1 | 41.138.128.0/19 2 | 41.188.64.0/18 3 | 41.223.96.0/22 4 | 82.151.64.0/19 5 | 196.49.18.0/24 6 | 196.223.45.0/24 7 | 197.231.0.0/19 8 | -------------------------------------------------------------------------------- /lists/countries/ms.zone: -------------------------------------------------------------------------------- 1 | 199.7.90.0/24 2 | 208.90.112.0/22 3 | -------------------------------------------------------------------------------- /lists/countries/mv.zone: -------------------------------------------------------------------------------- 1 | 27.114.128.0/18 2 | 43.226.220.0/22 3 | 43.231.28.0/22 4 | 103.31.84.0/22 5 | 103.50.104.0/22 6 | 103.67.26.0/24 7 | 103.71.57.0/24 8 | 103.76.2.0/24 9 | 103.84.132.0/24 10 | 103.84.134.0/24 11 | 103.87.188.0/24 12 | 103.197.164.0/22 13 | 115.84.128.0/19 14 | 123.176.0.0/19 15 | 124.195.192.0/19 16 | 202.1.192.0/22 17 | 202.1.196.0/22 18 | 202.1.200.0/21 19 | 202.21.176.0/20 20 | 202.153.80.0/21 21 | 203.82.2.0/23 22 | 203.104.24.0/21 23 | 220.158.220.0/22 24 | -------------------------------------------------------------------------------- /lists/countries/mw.zone: -------------------------------------------------------------------------------- 1 | 41.70.0.0/17 2 | 41.75.112.0/20 3 | 41.77.8.0/21 4 | 41.78.56.0/22 5 | 41.78.216.0/22 6 | 41.78.248.0/22 7 | 41.79.88.0/22 8 | 41.87.0.0/19 9 | 41.190.92.0/22 10 | 41.216.228.0/22 11 | 41.217.216.0/22 12 | 41.221.96.0/20 13 | 41.222.184.0/21 14 | 45.221.25.0/24 15 | 105.234.0.0/16 16 | 129.140.0.0/16 17 | 137.64.0.0/16 18 | 137.115.0.0/16 19 | 137.196.0.0/16 20 | 154.66.120.0/21 21 | 168.253.224.0/19 22 | 169.255.52.0/22 23 | 196.11.80.0/21 24 | 196.45.188.0/22 25 | 196.216.8.0/21 26 | 196.220.208.0/20 27 | 196.223.27.0/24 28 | 197.149.152.0/22 29 | 197.211.96.0/19 30 | -------------------------------------------------------------------------------- /lists/countries/mz.zone: -------------------------------------------------------------------------------- 1 | 41.76.0.0/21 2 | 41.76.144.0/21 3 | 41.77.32.0/21 4 | 41.77.128.0/21 5 | 41.77.240.0/21 6 | 41.79.244.0/22 7 | 41.94.0.0/16 8 | 41.138.224.0/20 9 | 41.190.160.0/19 10 | 41.191.72.0/22 11 | 41.217.208.0/22 12 | 41.220.32.0/20 13 | 41.220.160.0/20 14 | 41.220.192.0/20 15 | 41.221.64.0/20 16 | 41.223.124.0/22 17 | 41.223.152.0/22 18 | 105.235.216.0/21 19 | 160.19.190.0/23 20 | 160.119.112.0/21 21 | 165.90.64.0/19 22 | 169.239.104.0/22 23 | 169.239.144.0/22 24 | 169.255.132.0/22 25 | 196.3.96.0/21 26 | 196.10.148.0/24 27 | 196.11.135.0/24 28 | 196.13.101.0/24 29 | 196.22.48.0/20 30 | 196.28.224.0/20 31 | 196.40.112.0/20 32 | 196.43.234.0/24 33 | 196.43.241.0/24 34 | 196.46.0.0/20 35 | 196.49.34.0/24 36 | 196.50.128.0/18 37 | 196.223.33.0/24 38 | 197.149.156.0/22 39 | 197.158.0.0/18 40 | 197.218.0.0/15 41 | 197.231.216.0/22 42 | 197.235.0.0/16 43 | 197.242.160.0/20 44 | 197.249.0.0/16 45 | 195.140.248.0/22 46 | -------------------------------------------------------------------------------- /lists/countries/na.zone: -------------------------------------------------------------------------------- 1 | 41.63.192.0/18 2 | 41.79.52.0/22 3 | 41.182.0.0/16 4 | 41.190.84.0/22 5 | 41.190.96.0/19 6 | 41.205.128.0/19 7 | 41.218.64.0/18 8 | 41.219.64.0/18 9 | 41.223.80.0/22 10 | 105.232.0.0/16 11 | 154.0.192.0/18 12 | 160.242.0.0/17 13 | 164.160.108.0/22 14 | 196.1.28.0/22 15 | 196.3.94.0/24 16 | 196.12.10.0/24 17 | 196.20.0.0/19 18 | 196.44.128.0/19 19 | 196.46.28.0/24 20 | 196.49.2.0/24 21 | 196.216.32.0/19 22 | 196.216.164.0/22 23 | 196.216.207.0/24 24 | 196.223.18.0/24 25 | 196.223.35.0/24 26 | 197.188.0.0/16 27 | 197.233.0.0/16 28 | 197.234.64.0/18 29 | 197.243.128.0/17 30 | 204.152.14.0/23 31 | -------------------------------------------------------------------------------- /lists/countries/nc.zone: -------------------------------------------------------------------------------- 1 | 27.122.0.0/22 2 | 43.224.192.0/22 3 | 43.245.212.0/22 4 | 43.255.236.0/22 5 | 61.5.208.0/20 6 | 101.101.0.0/18 7 | 103.2.184.0/22 8 | 103.17.44.0/22 9 | 103.23.52.0/22 10 | 103.24.112.0/22 11 | 103.29.152.0/22 12 | 103.43.156.0/22 13 | 103.76.31.0/24 14 | 113.20.32.0/20 15 | 113.20.48.0/20 16 | 113.21.96.0/20 17 | 113.21.112.0/20 18 | 114.69.176.0/20 19 | 114.69.192.0/20 20 | 114.69.208.0/20 21 | 115.126.160.0/20 22 | 115.126.176.0/20 23 | 118.179.224.0/19 24 | 163.47.224.0/22 25 | 163.47.248.0/22 26 | 175.158.128.0/18 27 | 180.214.96.0/19 28 | 202.0.156.0/22 29 | 202.22.128.0/19 30 | 202.22.224.0/20 31 | 202.87.128.0/19 32 | 202.166.176.0/21 33 | 202.171.64.0/20 34 | 203.80.48.0/21 35 | 203.104.48.0/20 36 | 203.147.64.0/20 37 | 203.147.80.0/21 38 | 220.156.160.0/20 39 | 223.29.128.0/19 40 | 223.29.160.0/20 41 | 37.156.216.0/21 42 | -------------------------------------------------------------------------------- /lists/countries/ne.zone: -------------------------------------------------------------------------------- 1 | 41.78.116.0/22 2 | 41.138.32.0/19 3 | 41.190.228.0/22 4 | 41.203.128.0/19 5 | 154.66.220.0/22 6 | 154.127.80.0/20 7 | 197.214.0.0/18 8 | -------------------------------------------------------------------------------- /lists/countries/nf.zone: -------------------------------------------------------------------------------- 1 | 103.43.204.0/23 2 | 203.12.249.0/24 3 | 203.17.240.0/22 4 | 203.142.221.0/24 5 | -------------------------------------------------------------------------------- /lists/countries/ni.zone: -------------------------------------------------------------------------------- 1 | 45.5.216.0/22 2 | 138.97.160.0/22 3 | 138.117.4.0/22 4 | 138.185.28.0/22 5 | 138.185.104.0/22 6 | 143.137.24.0/22 7 | 143.202.252.0/22 8 | 152.231.32.0/20 9 | 161.0.32.0/19 10 | 165.98.0.0/16 11 | 170.80.16.0/22 12 | 170.84.132.0/22 13 | 170.246.152.0/22 14 | 186.1.0.0/18 15 | 186.76.0.0/15 16 | 190.106.0.0/19 17 | 190.106.48.0/20 18 | 190.107.208.0/22 19 | 190.124.32.0/21 20 | 190.181.128.0/18 21 | 190.184.0.0/18 22 | 190.184.64.0/18 23 | 190.212.0.0/18 24 | 190.212.64.0/18 25 | 190.212.128.0/17 26 | 191.98.224.0/19 27 | 191.102.48.0/21 28 | 191.103.112.0/20 29 | 192.107.104.0/24 30 | 192.136.42.0/23 31 | 192.136.44.0/22 32 | 200.1.152.0/24 33 | 200.6.55.0/24 34 | 200.9.187.0/24 35 | 200.9.188.0/22 36 | 200.9.192.0/24 37 | 200.10.205.0/24 38 | 200.11.30.0/24 39 | 200.62.64.0/19 40 | 200.62.96.0/19 41 | 200.85.160.0/20 42 | 200.106.247.0/24 43 | 201.131.66.0/24 44 | 201.131.115.0/24 45 | 207.248.86.0/24 46 | -------------------------------------------------------------------------------- /lists/countries/nr.zone: -------------------------------------------------------------------------------- 1 | 43.230.6.0/24 2 | 103.20.124.0/24 3 | 103.49.173.0/24 4 | 103.49.174.0/23 5 | 203.98.224.0/19 6 | 203.190.216.0/24 7 | -------------------------------------------------------------------------------- /lists/countries/nu.zone: -------------------------------------------------------------------------------- 1 | 49.156.48.0/22 2 | 202.59.4.0/22 3 | -------------------------------------------------------------------------------- /lists/countries/om.zone: -------------------------------------------------------------------------------- 1 | 5.21.0.0/16 2 | 5.32.192.0/18 3 | 5.36.0.0/15 4 | 5.162.0.0/16 5 | 37.28.0.0/17 6 | 37.40.0.0/15 7 | 37.200.128.0/17 8 | 46.40.192.0/18 9 | 46.255.56.0/21 10 | 62.61.160.0/19 11 | 62.231.192.0/18 12 | 78.111.32.0/20 13 | 82.178.0.0/16 14 | 85.154.0.0/16 15 | 94.185.0.0/18 16 | 96.9.128.0/19 17 | 134.0.128.0/17 18 | 141.105.168.0/21 19 | 145.255.64.0/18 20 | 178.20.16.0/21 21 | 185.6.220.0/22 22 | 185.27.88.0/22 23 | 185.29.140.0/22 24 | 185.53.240.0/22 25 | 185.64.24.0/22 26 | 185.112.104.0/22 27 | 185.186.204.0/22 28 | 185.187.76.0/22 29 | 185.200.124.0/22 30 | 185.201.100.0/22 31 | 188.65.24.0/21 32 | 188.66.128.0/17 33 | 188.135.0.0/17 34 | 188.140.128.0/17 35 | 212.72.0.0/19 36 | 213.202.0.0/19 37 | 148.151.0.0/16 38 | -------------------------------------------------------------------------------- /lists/countries/pf.zone: -------------------------------------------------------------------------------- 1 | 43.249.176.0/22 2 | 103.4.72.0/22 3 | 103.46.216.0/22 4 | 103.254.224.0/22 5 | 103.254.232.0/22 6 | 113.197.68.0/22 7 | 123.50.64.0/18 8 | 148.66.64.0/18 9 | 192.136.59.0/24 10 | 202.3.224.0/19 11 | 202.90.64.0/19 12 | 203.185.160.0/20 13 | 203.185.176.0/21 14 | 218.100.77.0/24 15 | -------------------------------------------------------------------------------- /lists/countries/pg.zone: -------------------------------------------------------------------------------- 1 | 14.192.72.0/22 2 | 27.122.16.0/20 3 | 103.3.168.0/22 4 | 103.9.140.0/22 5 | 103.9.226.0/24 6 | 103.14.88.0/22 7 | 103.15.112.0/22 8 | 103.16.156.0/22 9 | 103.20.76.0/22 10 | 103.43.144.0/22 11 | 103.49.207.0/24 12 | 103.53.176.0/22 13 | 103.77.24.0/23 14 | 103.82.247.0/24 15 | 103.83.32.0/23 16 | 103.83.197.0/24 17 | 103.91.114.0/23 18 | 103.96.134.0/23 19 | 103.98.52.0/24 20 | 103.209.54.0/24 21 | 103.212.40.0/24 22 | 103.234.48.0/22 23 | 103.242.164.0/22 24 | 119.252.224.0/20 25 | 124.240.192.0/19 26 | 180.150.252.0/22 27 | 202.0.80.0/24 28 | 202.1.32.0/19 29 | 202.1.240.0/20 30 | 202.20.68.0/24 31 | 202.52.133.0/24 32 | 202.58.128.0/22 33 | 202.61.0.0/24 34 | 202.95.192.0/20 35 | 202.165.192.0/20 36 | 202.171.240.0/21 37 | 203.83.16.0/21 38 | -------------------------------------------------------------------------------- /lists/countries/pm.zone: -------------------------------------------------------------------------------- 1 | 70.36.0.0/20 2 | -------------------------------------------------------------------------------- /lists/countries/pw.zone: -------------------------------------------------------------------------------- 1 | 103.30.248.0/22 2 | 103.251.132.0/23 3 | 202.124.224.0/20 4 | -------------------------------------------------------------------------------- /lists/countries/qa.zone: -------------------------------------------------------------------------------- 1 | 31.11.48.0/21 2 | 37.186.32.0/19 3 | 37.208.128.0/17 4 | 37.210.0.0/15 5 | 78.100.0.0/15 6 | 80.76.160.0/20 7 | 81.29.160.0/20 8 | 82.148.96.0/19 9 | 86.36.0.0/15 10 | 86.62.192.0/18 11 | 89.211.0.0/16 12 | 94.125.224.0/21 13 | 176.202.0.0/15 14 | 178.23.16.0/21 15 | 178.152.0.0/15 16 | 185.2.244.0/22 17 | 185.25.12.0/22 18 | 185.37.96.0/22 19 | 185.37.108.0/22 20 | 185.96.224.0/22 21 | 185.104.56.0/22 22 | 185.107.76.0/22 23 | 185.154.168.0/22 24 | 212.70.96.0/19 25 | 212.77.192.0/19 26 | 213.130.96.0/19 27 | 194.6.255.0/24 28 | -------------------------------------------------------------------------------- /lists/countries/re.zone: -------------------------------------------------------------------------------- 1 | 41.213.128.0/17 2 | 41.242.124.0/22 3 | 62.61.192.0/18 4 | 129.122.64.0/18 5 | 139.26.0.0/16 6 | 154.67.0.0/17 7 | 154.67.128.0/17 8 | 164.160.68.0/22 9 | 164.160.224.0/20 10 | 165.90.128.0/18 11 | 165.169.0.0/16 12 | 168.253.128.0/18 13 | -------------------------------------------------------------------------------- /lists/countries/rw.zone: -------------------------------------------------------------------------------- 1 | 41.74.160.0/20 2 | 41.138.80.0/21 3 | 41.186.0.0/16 4 | 41.197.0.0/16 5 | 41.222.244.0/22 6 | 41.242.140.0/22 7 | 105.178.0.0/15 8 | 154.68.64.0/18 9 | 156.38.8.0/21 10 | 160.19.192.0/22 11 | 164.160.100.0/22 12 | 196.44.240.0/20 13 | 196.49.7.0/24 14 | 196.223.12.0/24 15 | 196.223.240.0/21 16 | 197.157.128.0/18 17 | 197.157.212.0/22 18 | 197.234.244.0/22 19 | 197.243.0.0/17 20 | -------------------------------------------------------------------------------- /lists/countries/sb.zone: -------------------------------------------------------------------------------- 1 | 103.2.88.0/22 2 | 103.9.50.0/24 3 | 103.21.230.0/23 4 | 103.21.248.0/22 5 | 202.1.160.0/19 6 | 202.63.254.0/23 7 | -------------------------------------------------------------------------------- /lists/countries/sd.zone: -------------------------------------------------------------------------------- 1 | 41.67.0.0/18 2 | 41.78.108.0/22 3 | 41.95.0.0/16 4 | 41.202.160.0/19 5 | 41.209.64.0/18 6 | 41.218.0.0/18 7 | 41.223.160.0/22 8 | 41.223.200.0/22 9 | 41.240.0.0/15 10 | 62.12.96.0/20 11 | 102.181.0.0/17 12 | 102.181.128.0/18 13 | 102.181.192.0/19 14 | 105.238.0.0/15 15 | 154.96.0.0/13 16 | 155.196.0.0/16 17 | 196.1.192.0/18 18 | 196.29.160.0/19 19 | 196.202.128.0/19 20 | 196.223.20.0/24 21 | 196.223.152.0/21 22 | 197.208.0.0/15 23 | 197.251.0.0/17 24 | 197.252.0.0/16 25 | 197.254.192.0/19 26 | 197.254.224.0/19 27 | 212.0.128.0/19 28 | -------------------------------------------------------------------------------- /lists/countries/sl.zone: -------------------------------------------------------------------------------- 1 | 41.78.84.0/22 2 | 41.191.248.0/22 3 | 41.205.224.0/19 4 | 41.223.132.0/22 5 | 154.73.176.0/22 6 | 160.19.152.0/22 7 | 165.73.236.0/22 8 | 169.239.196.0/22 9 | 169.239.244.0/22 10 | 196.43.229.0/24 11 | 196.216.220.0/23 12 | 196.223.10.0/24 13 | 197.157.224.0/22 14 | 197.157.232.0/22 15 | 197.215.0.0/17 16 | 31.134.96.0/21 17 | -------------------------------------------------------------------------------- /lists/countries/sm.zone: -------------------------------------------------------------------------------- 1 | 31.193.32.0/21 2 | 77.242.208.0/20 3 | 89.186.32.0/19 4 | 109.233.80.0/21 5 | 109.235.104.0/21 6 | 185.21.116.0/22 7 | 185.45.40.0/22 8 | 185.45.68.0/22 9 | 185.62.32.0/22 10 | 185.86.60.0/22 11 | 194.183.64.0/19 12 | 91.223.220.0/24 13 | 91.234.215.0/24 14 | 94.232.112.0/21 15 | 194.0.27.0/24 16 | -------------------------------------------------------------------------------- /lists/countries/sn.zone: -------------------------------------------------------------------------------- 1 | 41.82.0.0/15 2 | 41.208.128.0/18 3 | 41.214.0.0/17 4 | 41.219.0.0/18 5 | 154.65.32.0/21 6 | 154.73.172.0/22 7 | 154.124.0.0/15 8 | 160.0.128.0/18 9 | 169.239.136.0/22 10 | 196.1.92.0/24 11 | 196.1.93.0/24 12 | 196.1.94.0/24 13 | 196.1.95.0/24 14 | 196.1.96.0/24 15 | 196.1.97.0/24 16 | 196.1.98.0/24 17 | 196.1.99.0/24 18 | 196.1.100.0/24 19 | 196.49.42.0/24 20 | 196.50.8.0/21 21 | 196.60.40.0/24 22 | 196.207.192.0/18 23 | 196.216.188.0/22 24 | 196.223.252.0/24 25 | 213.154.64.0/19 26 | -------------------------------------------------------------------------------- /lists/countries/so.zone: -------------------------------------------------------------------------------- 1 | 41.78.72.0/22 2 | 41.79.196.0/22 3 | 41.223.108.0/22 4 | 154.72.24.0/22 5 | 154.72.48.0/22 6 | 154.73.24.0/22 7 | 154.73.44.0/22 8 | 154.73.76.0/22 9 | 154.73.124.0/22 10 | 154.115.192.0/18 11 | 154.118.240.0/22 12 | 196.11.62.0/24 13 | 197.157.244.0/22 14 | 197.220.64.0/19 15 | 197.231.200.0/22 16 | -------------------------------------------------------------------------------- /lists/countries/sr.zone: -------------------------------------------------------------------------------- 1 | 168.121.84.0/22 2 | 168.195.216.0/22 3 | 186.179.128.0/17 4 | 190.98.0.0/19 5 | 190.98.32.0/19 6 | 190.98.64.0/18 7 | 200.1.156.0/22 8 | 200.1.208.0/21 9 | 200.2.160.0/20 10 | 200.2.176.0/20 11 | 200.7.148.0/22 12 | -------------------------------------------------------------------------------- /lists/countries/ss.zone: -------------------------------------------------------------------------------- 1 | 41.79.24.0/22 2 | 41.79.120.0/22 3 | 41.222.72.0/22 4 | 105.235.208.0/21 5 | 154.65.44.0/22 6 | 154.65.48.0/22 7 | 154.66.100.0/22 8 | 154.73.88.0/22 9 | 169.255.24.0/22 10 | 169.255.100.0/22 11 | 169.255.136.0/22 12 | 196.201.8.0/22 13 | 197.231.236.0/22 14 | -------------------------------------------------------------------------------- /lists/countries/st.zone: -------------------------------------------------------------------------------- 1 | 154.72.12.0/22 2 | 197.159.160.0/19 3 | -------------------------------------------------------------------------------- /lists/countries/sx.zone: -------------------------------------------------------------------------------- 1 | 131.161.84.0/22 2 | 168.0.84.0/22 3 | 168.197.108.0/22 4 | 170.0.16.0/22 5 | 190.102.0.0/20 6 | 190.102.16.0/20 7 | 190.124.216.0/22 8 | 190.185.64.0/20 9 | 190.185.80.0/20 10 | 200.0.22.0/23 11 | 200.7.32.0/20 12 | 200.7.48.0/20 13 | 201.220.0.0/20 14 | -------------------------------------------------------------------------------- /lists/countries/sz.zone: -------------------------------------------------------------------------------- 1 | 41.77.232.0/21 2 | 41.84.224.0/19 3 | 41.204.0.0/19 4 | 41.211.32.0/19 5 | 41.215.144.0/20 6 | 69.63.64.0/20 7 | 154.119.96.0/19 8 | 160.119.208.0/22 9 | 165.73.132.0/22 10 | 196.11.124.0/24 11 | 196.13.168.0/24 12 | 196.28.7.0/24 13 | 196.49.4.0/24 14 | 196.223.37.0/24 15 | -------------------------------------------------------------------------------- /lists/countries/tc.zone: -------------------------------------------------------------------------------- 1 | 65.255.48.0/20 2 | 142.54.204.0/22 3 | 192.203.37.0/24 4 | 199.103.28.0/22 5 | 199.182.192.0/22 6 | 204.13.104.0/22 7 | 204.110.56.0/21 8 | -------------------------------------------------------------------------------- /lists/countries/td.zone: -------------------------------------------------------------------------------- 1 | 41.74.32.0/20 2 | 154.66.116.0/22 3 | 154.68.128.0/19 4 | 154.73.112.0/22 5 | 154.73.160.0/21 6 | 169.239.120.0/22 7 | 169.255.152.0/22 8 | 196.41.79.0/24 9 | 196.223.42.0/24 10 | 197.149.128.0/22 11 | -------------------------------------------------------------------------------- /lists/countries/tg.zone: -------------------------------------------------------------------------------- 1 | 41.78.136.0/22 2 | 41.207.160.0/19 3 | 80.248.64.0/20 4 | 154.70.80.0/20 5 | 156.38.64.0/19 6 | 160.242.192.0/18 7 | 196.49.44.0/24 8 | 196.60.42.0/24 9 | 196.168.0.0/14 10 | 197.148.96.0/19 11 | -------------------------------------------------------------------------------- /lists/countries/tj.zone: -------------------------------------------------------------------------------- 1 | 37.98.152.0/21 2 | 46.20.192.0/20 3 | 77.95.0.0/21 4 | 77.244.144.0/20 5 | 79.170.184.0/21 6 | 85.9.128.0/18 7 | 94.199.16.0/21 8 | 95.142.80.0/20 9 | 109.68.232.0/21 10 | 109.74.64.0/20 11 | 109.75.48.0/20 12 | 185.42.96.0/22 13 | 185.105.228.0/22 14 | 185.121.0.0/22 15 | 185.134.168.0/22 16 | 185.166.56.0/22 17 | 185.177.0.0/22 18 | 185.191.52.0/22 19 | 185.194.196.0/22 20 | 185.208.96.0/22 21 | 217.8.32.0/20 22 | 217.11.176.0/20 23 | 91.218.168.0/22 24 | 91.235.36.0/22 25 | 176.113.128.0/20 26 | 193.111.10.0/23 27 | -------------------------------------------------------------------------------- /lists/countries/tk.zone: -------------------------------------------------------------------------------- 1 | 27.96.24.0/21 2 | -------------------------------------------------------------------------------- /lists/countries/tl.zone: -------------------------------------------------------------------------------- 1 | 43.254.56.0/22 2 | 45.115.72.0/22 3 | 59.153.132.0/22 4 | 103.26.95.0/24 5 | 103.30.112.0/22 6 | 103.55.48.0/22 7 | 103.198.176.0/22 8 | 103.208.36.0/22 9 | 103.238.116.0/22 10 | 150.242.108.0/22 11 | 180.189.160.0/20 12 | -------------------------------------------------------------------------------- /lists/countries/tm.zone: -------------------------------------------------------------------------------- 1 | 94.102.176.0/20 2 | 95.85.96.0/19 3 | 185.69.184.0/22 4 | 217.174.224.0/20 5 | 195.191.230.0/23 6 | -------------------------------------------------------------------------------- /lists/countries/tn.zone: -------------------------------------------------------------------------------- 1 | 41.224.0.0/13 2 | 102.168.0.0/13 3 | 102.240.0.0/14 4 | 154.72.224.0/20 5 | 154.104.0.0/13 6 | 160.156.0.0/14 7 | 164.160.0.0/22 8 | 165.50.0.0/15 9 | 169.255.68.0/22 10 | 169.255.92.0/22 11 | 192.68.138.0/24 12 | 193.95.0.0/17 13 | 196.41.95.0/24 14 | 196.176.0.0/14 15 | 196.184.0.0/14 16 | 196.203.0.0/16 17 | 196.216.156.0/22 18 | 196.224.0.0/12 19 | 197.0.0.0/11 20 | 213.150.160.0/19 21 | -------------------------------------------------------------------------------- /lists/countries/to.zone: -------------------------------------------------------------------------------- 1 | 43.255.148.0/22 2 | 103.239.160.0/22 3 | 103.242.126.0/23 4 | 103.245.160.0/22 5 | 175.176.144.0/21 6 | 202.43.8.0/21 7 | 202.134.24.0/21 8 | -------------------------------------------------------------------------------- /lists/countries/tt.zone: -------------------------------------------------------------------------------- 1 | 64.28.128.0/20 2 | 131.72.76.0/22 3 | 131.100.36.0/22 4 | 131.100.160.0/22 5 | 131.221.28.0/22 6 | 138.59.24.0/22 7 | 138.94.240.0/22 8 | 143.0.172.0/22 9 | 143.137.192.0/22 10 | 161.0.112.0/21 11 | 161.0.224.0/19 12 | 168.195.120.0/22 13 | 170.0.244.0/22 14 | 170.82.208.0/22 15 | 170.82.216.0/22 16 | 170.84.8.0/22 17 | 170.246.160.0/22 18 | 179.0.28.0/24 19 | 179.0.196.0/22 20 | 179.60.212.0/22 21 | 181.188.0.0/17 22 | 186.44.0.0/15 23 | 186.96.208.0/20 24 | 190.6.224.0/20 25 | 190.58.0.0/16 26 | 190.59.0.0/16 27 | 190.83.128.0/17 28 | 190.93.0.0/19 29 | 190.93.64.0/18 30 | 190.97.96.0/20 31 | 190.213.0.0/18 32 | 190.213.64.0/18 33 | 190.213.128.0/17 34 | 196.3.132.0/22 35 | 196.3.136.0/21 36 | 196.3.144.0/22 37 | 196.29.64.0/19 38 | 196.32.32.0/19 39 | 200.1.104.0/21 40 | 200.3.176.0/21 41 | 200.7.88.0/21 42 | 200.9.216.0/23 43 | 200.9.218.0/24 44 | 200.12.240.0/21 45 | 200.108.0.0/20 46 | 200.108.16.0/20 47 | 200.125.160.0/21 48 | 201.221.64.0/20 49 | 201.221.80.0/20 50 | 201.238.64.0/18 51 | 209.94.192.0/19 52 | -------------------------------------------------------------------------------- /lists/countries/tv.zone: -------------------------------------------------------------------------------- 1 | 202.2.96.0/19 2 | -------------------------------------------------------------------------------- /lists/countries/ug.zone: -------------------------------------------------------------------------------- 1 | 41.75.160.0/20 2 | 41.76.48.0/21 3 | 41.77.72.0/21 4 | 41.84.192.0/19 5 | 41.138.0.0/19 6 | 41.138.208.0/20 7 | 41.190.76.0/22 8 | 41.190.192.0/19 9 | 41.191.76.0/22 10 | 41.202.224.0/19 11 | 41.210.128.0/18 12 | 41.217.232.0/21 13 | 41.220.0.0/20 14 | 41.220.208.0/20 15 | 41.221.80.0/20 16 | 41.223.84.0/22 17 | 45.221.8.0/22 18 | 45.221.72.0/21 19 | 129.205.0.0/19 20 | 137.63.128.0/17 21 | 154.0.128.0/20 22 | 154.66.216.0/22 23 | 154.70.156.0/22 24 | 154.72.16.0/22 25 | 154.72.192.0/19 26 | 154.73.12.0/22 27 | 154.224.0.0/13 28 | 155.255.0.0/16 29 | 160.119.148.0/22 30 | 160.242.128.0/18 31 | 164.160.4.0/22 32 | 164.160.112.0/22 33 | 164.160.160.0/21 34 | 169.239.88.0/22 35 | 193.108.214.0/24 36 | 193.108.252.0/22 37 | 196.0.0.0/16 38 | 196.6.226.0/24 39 | 196.10.119.0/24 40 | 196.10.138.0/23 41 | 196.10.228.0/24 42 | 196.13.122.0/24 43 | 196.13.203.0/24 44 | 196.43.128.0/18 45 | 196.43.226.0/24 46 | 196.49.15.0/24 47 | 196.216.176.0/22 48 | 196.216.196.0/23 49 | 196.223.25.0/24 50 | 197.157.0.0/18 51 | 197.221.128.0/19 52 | 197.239.0.0/18 53 | 212.88.96.0/19 54 | -------------------------------------------------------------------------------- /lists/countries/um.zone: -------------------------------------------------------------------------------- 1 | 199.26.104.0/21 2 | -------------------------------------------------------------------------------- /lists/countries/va.zone: -------------------------------------------------------------------------------- 1 | 46.36.200.0/22 2 | 185.17.220.0/22 3 | 185.77.224.0/22 4 | 185.152.68.0/22 5 | 212.77.0.0/19 6 | 193.43.102.0/23 7 | 193.43.128.0/22 8 | -------------------------------------------------------------------------------- /lists/countries/vc.zone: -------------------------------------------------------------------------------- 1 | 104.219.24.0/22 2 | 104.255.232.0/22 3 | 162.212.210.0/23 4 | 192.58.140.0/23 5 | 199.192.224.0/23 6 | 204.13.240.0/22 7 | 207.191.240.0/21 8 | 208.84.200.0/21 9 | -------------------------------------------------------------------------------- /lists/countries/vi.zone: -------------------------------------------------------------------------------- 1 | 66.185.32.0/20 2 | 66.248.160.0/19 3 | 67.211.240.0/20 4 | 104.192.184.0/21 5 | 142.147.102.0/23 6 | 146.226.0.0/16 7 | 162.247.24.0/21 8 | 162.253.168.0/22 9 | 172.102.224.0/22 10 | 192.65.170.0/24 11 | 192.81.72.0/23 12 | 198.36.28.0/22 13 | 204.8.64.0/22 14 | 204.11.152.0/21 15 | 208.84.192.0/21 16 | -------------------------------------------------------------------------------- /lists/countries/vu.zone: -------------------------------------------------------------------------------- 1 | 43.240.140.0/22 2 | 103.7.197.0/24 3 | 103.16.15.0/24 4 | 103.20.232.0/23 5 | 103.25.228.0/23 6 | 103.36.144.0/22 7 | 103.38.218.0/23 8 | 103.72.90.0/23 9 | 103.75.20.0/23 10 | 103.226.22.0/23 11 | 113.11.240.0/21 12 | 180.222.208.0/22 13 | 202.4.251.0/24 14 | 202.61.106.0/23 15 | 202.80.32.0/20 16 | 203.191.128.0/22 17 | 223.25.120.0/21 18 | -------------------------------------------------------------------------------- /lists/countries/wf.zone: -------------------------------------------------------------------------------- 1 | 27.125.192.0/22 2 | 103.235.110.0/23 3 | 117.20.32.0/21 4 | -------------------------------------------------------------------------------- /lists/countries/ws.zone: -------------------------------------------------------------------------------- 1 | 43.241.164.0/22 2 | 103.9.228.0/22 3 | 103.63.27.0/24 4 | 110.5.112.0/22 5 | 123.176.72.0/21 6 | 182.50.72.0/22 7 | 182.50.168.0/22 8 | 202.4.32.0/19 9 | 202.87.208.0/22 10 | 203.99.156.0/22 11 | 203.99.255.0/24 12 | -------------------------------------------------------------------------------- /lists/countries/ye.zone: -------------------------------------------------------------------------------- 1 | 5.100.160.0/21 2 | 31.31.176.0/20 3 | 46.35.64.0/19 4 | 78.137.64.0/19 5 | 81.91.24.0/21 6 | 82.114.160.0/19 7 | 89.189.64.0/19 8 | 109.74.32.0/20 9 | 109.200.160.0/19 10 | 131.117.160.0/21 11 | 185.11.8.0/22 12 | 185.71.132.0/22 13 | 185.80.44.0/22 14 | 185.80.140.0/22 15 | 185.112.200.0/22 16 | 195.94.0.0/19 17 | 134.35.0.0/16 18 | -------------------------------------------------------------------------------- /lists/countries/yt.zone: -------------------------------------------------------------------------------- 1 | 41.242.116.0/22 2 | -------------------------------------------------------------------------------- /lists/countries/zm.zone: -------------------------------------------------------------------------------- 1 | 41.63.0.0/18 2 | 41.72.96.0/19 3 | 41.75.240.0/20 4 | 41.77.0.0/21 5 | 41.78.112.0/22 6 | 41.191.116.0/22 7 | 41.215.176.0/20 8 | 41.216.0.0/19 9 | 41.216.64.0/19 10 | 41.222.16.0/21 11 | 41.222.240.0/22 12 | 41.223.116.0/22 13 | 45.212.0.0/14 14 | 80.88.3.0/24 15 | 154.73.232.0/22 16 | 155.0.0.0/16 17 | 164.160.12.0/22 18 | 164.160.56.0/22 19 | 165.56.0.0/13 20 | 196.12.12.0/22 21 | 196.13.104.0/24 22 | 196.41.74.0/24 23 | 196.43.193.0/24 24 | 196.46.18.0/23 25 | 196.46.192.0/19 26 | 196.223.2.0/24 27 | 197.158.128.0/18 28 | 197.212.0.0/15 29 | 197.220.0.0/19 30 | 197.220.192.0/18 31 | 197.231.244.0/22 32 | -------------------------------------------------------------------------------- /lists/countries/zw.zone: -------------------------------------------------------------------------------- 1 | 41.57.64.0/20 2 | 41.57.124.0/22 3 | 41.78.76.0/22 4 | 41.79.28.0/22 5 | 41.79.56.0/22 6 | 41.79.188.0/22 7 | 41.85.192.0/19 8 | 41.190.32.0/19 9 | 41.191.232.0/21 10 | 41.220.16.0/20 11 | 41.221.144.0/20 12 | 154.73.80.0/22 13 | 154.119.80.0/20 14 | 168.253.32.0/19 15 | 169.239.24.0/22 16 | 196.4.80.0/24 17 | 196.29.32.0/21 18 | 196.41.88.0/24 19 | 196.43.96.0/19 20 | 196.43.199.0/24 21 | 196.44.176.0/20 22 | 196.216.224.0/23 23 | 196.220.96.0/19 24 | 196.223.26.0/24 25 | 197.157.204.0/22 26 | 197.221.224.0/19 27 | -------------------------------------------------------------------------------- /lists/country-codes.txt: -------------------------------------------------------------------------------- 1 | lu 2 | lv 3 | ly 4 | ma 5 | mc 6 | md 7 | mg 8 | mh 9 | mil 10 | mk 11 | ml 12 | mm 13 | mn 14 | mo 15 | mp 16 | mq 17 | mr 18 | ms 19 | mt 20 | mu 21 | mv 22 | mw 23 | mx 24 | my 25 | mz 26 | na 27 | nato 28 | nc 29 | ne 30 | net 31 | nf 32 | ng 33 | ni 34 | nl 35 | no 36 | np 37 | nr 38 | nt 39 | nu 40 | nz 41 | om 42 | org 43 | pa 44 | pe 45 | pf 46 | pg 47 | ph 48 | pk 49 | pl 50 | pm 51 | pn 52 | pr 53 | pt 54 | pw 55 | py 56 | qa 57 | re 58 | ro 59 | ru 60 | rw 61 | sa 62 | sb 63 | sc 64 | sd 65 | se 66 | sg 67 | sh 68 | si 69 | sj 70 | sk 71 | sl 72 | sm 73 | sn 74 | so 75 | sr 76 | st 77 | su 78 | sv 79 | sy 80 | sz 81 | tc 82 | td 83 | tf 84 | tg 85 | th 86 | tj 87 | tk 88 | tm 89 | tn 90 | to 91 | tp 92 | tr 93 | tt 94 | tv 95 | tw 96 | tz 97 | ua 98 | ug 99 | uk 100 | um 101 | us 102 | uy 103 | uz 104 | va 105 | vc 106 | ve 107 | vg 108 | vi 109 | vn 110 | vu 111 | wf 112 | ws 113 | ye 114 | yt 115 | yu 116 | za 117 | zm 118 | zr 119 | zw 120 | -------------------------------------------------------------------------------- /post-process/ipset.rules: -------------------------------------------------------------------------------- 1 | # This file will be sourced after creation of IP sets and 2 | # the loading of data into them and is relatively unrelated 3 | # to iptables as iptables is generally flushed and reloaded 4 | # after this. 5 | # 6 | # This would most probably be a list of ipset commands, but may 7 | # execute any bash script. 8 | -------------------------------------------------------------------------------- /post-process/iptables.rules: -------------------------------------------------------------------------------- 1 | # This file will be sourced after creation of IP chains and 2 | # default Lockdown policies and rules loaded into them. 3 | # 4 | # This would most probably be a list of iptables commands, but may 5 | # execute any bash script. 6 | -------------------------------------------------------------------------------- /pre-process/ipset.rules: -------------------------------------------------------------------------------- 1 | # This file will be sourced before creation of IP sets but 2 | # after ipset is flushed and all lists destroyed. 3 | # 4 | # This would most probably be a list of ipset commands, but may 5 | # execute any bash script. 6 | -------------------------------------------------------------------------------- /pre-process/iptables.rules: -------------------------------------------------------------------------------- 1 | # This file will be sourced before creation of IP chains and 2 | # generally after iptables is rebooted to default state. 3 | # 4 | # This would most probably be a list of iptables commands, but may 5 | # execute any bash script. 6 | -------------------------------------------------------------------------------- /usr/lib/systemd/system/fail2ban.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=Fail2ban Service 3 | After=syslog.target network.target firewalld.service 4 | 5 | [Service] 6 | Type=forking 7 | ExecStart=/usr/bin/fail2ban-client -x start 8 | ExecStop=/usr/bin/fail2ban-client stop 9 | ExecReload=/usr/bin/fail2ban-client reload 10 | PIDFile=/var/run/fail2ban/fail2ban.pid 11 | Restart=always 12 | 13 | [Install] 14 | WantedBy=multi-user.target 15 | -------------------------------------------------------------------------------- /usr/lib/systemd/system/ip6tables.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=IPv6 firewall with ip6tables 3 | After=syslog.target 4 | AssertPathExists=/etc/sysconfig/ip6tables 5 | 6 | [Service] 7 | Type=oneshot 8 | RemainAfterExit=yes 9 | ExecStart=/usr/libexec/iptables/ip6tables.init start 10 | ExecReload=/usr/libexec/iptables/ip6tables.init reload 11 | ExecStop=/usr/libexec/iptables/ip6tables.init stop 12 | Environment=BOOTUP=serial 13 | Environment=CONSOLETYPE=serial 14 | StandardOutput=syslog 15 | StandardError=syslog 16 | 17 | [Install] 18 | WantedBy=basic.target 19 | -------------------------------------------------------------------------------- /usr/lib/systemd/system/ipset.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=IP sets for iptables 3 | Before=iptables.service 4 | Before=ip6tables.service 5 | 6 | [Service] 7 | Type=oneshot 8 | RemainAfterExit=yes 9 | ExecStart=/usr/libexec/ipset/ipset.start-stop start 10 | ExecStop=/usr/libexec/ipset/ipset.start-stop stop 11 | ExecReload=/usr/libexec/ipset/ipset.start-stop reload 12 | # Save current ipset entries on stop/restart. 13 | # Value: yes|no, default: no 14 | # Saves all ipsets to /etc/ipset/ipset if ipset gets stopped 15 | Environment=IPSET_SAVE_ON_STOP=no IPSET_SAVE_ON_RESTART=no 16 | 17 | [Install] 18 | WantedBy=basic.target 19 | -------------------------------------------------------------------------------- /usr/lib/systemd/system/iptables.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=IPv4 firewall with ip6tables 3 | After=syslog.target 4 | 5 | [Service] 6 | Type=oneshot 7 | RemainAfterExit=yes 8 | ExecStart=/usr/libexec/iptables/iptables.init start 9 | ExecReload=/usr/libexec/iptables/iptables.init reload 10 | ExecStop=/usr/libexec/iptables/iptables.init stop 11 | Environment=BOOTUP=serial 12 | Environment=CONSOLETYPE=serial 13 | StandardOutput=syslog 14 | StandardError=syslog 15 | 16 | [Install] 17 | WantedBy=basic.target 18 | --------------------------------------------------------------------------------