Ubuntu
fail2ban package

fail2ban 0.9 branch does not support IPv6; existing logic can misinterpret IPv6 addresses in logs

Bug #1608040 reported by Markus Ueberall
12
This bug affects 2 people
Affects Status Importance Assigned to Milestone
fail2ban
Fix Released
Unknown
fail2ban (Ubuntu)
Confirmed
Undecided
Unassigned

Bug Description

See release note for v0.9.5 (https://github.com/fail2ban/fail2ban/releases) -- either the 0.10.x branch should be packaged or available patches (e.g., published at https://crycode.de/wiki/Fail2Ban) should be adopted.

NB this is *not* just a "feature request"--the existing code can wrongly ban IPv4 addresses by misinterpreting IPv6 addresses in the logs. So at the very least, IPv6 addresses should *never* lead to spurious bans:

# grep failregex /etc/fail2ban/filter.d/seafile-auth.conf
failregex = Login attempt limit reached.*, ip: <HOST>
# grep eumel /var/www/apps/seafile/logs/seahub.log
2016-07-30 12:06:39,595 [WARNING] seahub.auth.views:191 login Login attempt limit reached, show Captcha, email/username: eumel, ip: nnnn:nnnn:nnnn:nnnn:nnnn:nnnn:nnnn:nnnn, attemps: 5
# fail2ban-client status seafile
Status for the jail: seafile
|- Filter
| |- Currently failed: 1
| |- Total failed: 3
| `- File list: /var/www/apps/seafile/logs/seahub.log
`- Actions
   |- Currently banned: 1
   |- Total banned: 1
   `- Banned IP list: 0.0.7.209

See original description
Markus Ueberall (ueberall)
description: updated
Revision history for this message
Markus Ueberall (ueberall) wrote :

Reported upstream as well (https://github.com/fail2ban/fail2ban/issues/1493)

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in fail2ban (Ubuntu):
status: New → Confirmed
Bug Watch Updater (bug-watch-updater)
Changed in fail2ban:
status: Unknown → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.