[Fail2ban-users] fail2ban.filter : WARNING Determined IP using DNS Reverse Lookup: h1970896.xxxx.net = [xx1.xx9.xx2.x0']

[Klaus L. <leh...@t-...>]

hi


since some days there are strange entries in fail2ban.log, like this:
2012-08-07 11:41:16,741 fail2ban.filter : WARNING Determined IP using DNS Reverse Lookup: hxxxx.stratoserver.net = ['8x.1x.1x.3x']

they are only in fail2ban.log. I've not found them elsewhere.. (?) it's only a warning.

question: 
where and how I can ban them?


my idea:
one more line in recidive.conf ??!!
[Definition]
_jailname = recidive
failregex = fail2ban.actions:\s+WARNING\s+\[(?:.*)\]\s+Ban\s+<HOST>

NEW: one line!
failregex = fail2ban.filter.:\s+WARNING Determined IP using DNS Reverse Lookup:.*=.*
would this line work? sorry, I'm not expert in regex... ;-(


thanks a lot and yours,
klaus