I used pam_abl 0.2.3 with following configuration for very long time:
The meaning is to block attacking hosts regardless of login name.
However after upgrading to version 0.4.1 it does not work anymore. pam_abl tool reports the IP address and the user are blocked, but I'm able to log in from the address to the user account and II don't get `Blocking access' message in syslog.
If I remove exclamation mark from user_rule, it will block only already blocked account, other accounts could log in from the same blocked host.
If I remove the user_rule line completely, pam_abl module segfaults.