From: Klaus L. <leh...@t-...> - 2012-08-07 09:58:41
|
hi since some days there are strange entries in fail2ban.log, like this: 2012-08-07 11:41:16,741 fail2ban.filter : WARNING Determined IP using DNS Reverse Lookup: hxxxx.stratoserver.net = ['8x.1x.1x.3x'] they are only in fail2ban.log. I've not found them elsewhere.. (?) it's only a warning. question: where and how I can ban them? my idea: one more line in recidive.conf ??!! [Definition] _jailname = recidive failregex = fail2ban.actions:\s+WARNING\s+\[(?:.*)\]\s+Ban\s+<HOST> NEW: one line! failregex = fail2ban.filter.:\s+WARNING Determined IP using DNS Reverse Lookup:.*=.* would this line work? sorry, I'm not expert in regex... ;-( thanks a lot and yours, klaus |