Sergey G. Brester
Sergey G. Brester
> I also removed a redundant IFS operation on $ADDRESSES. Why it should be redundant (now)? I don't see any code piece that could solve #2372, which could occur again...
> Can you please point me in the direction what I'm failing to understand? ``` $ python -c 'from fail2ban.helpers import extractOptions; an, ao = extractOptions("""some-action[a="x, y, z", b=x, y,...
Where did you get that screenshot? I'm unsure FILTERS file is supposed to be markdown formatted. But if yes (or we'd allow that): - either it must get more fixes...
Well, as I was asking "why not update the original action instead", I meant why not update `firewallcmd-rich*` action(s) only instead of new action `firewallcmd-rich-rules_new`. If I correct understand the...
Closes #1924 Marked as enhancement now, since I'm firmly convinced it must be optional, at least for multi-port mode (for instance how we made it in #3018 for `ufw`), see...
> Very bad idea to make it optional if you want to actually function. I already explained my doubts about and don't think I'd repeat all that here. After all...
> My suggestion was on the basis of it makes you happy. I'm also not happy with the situation. But unless `pf` doesn't provide proper way to kill the states...
> You seem the be the one advocating making it be insecure by default here. No I'm the one who understand that a workaround (even with many restrictions) is not...
> Do we have current connection killing for other actions? Yes, for example ufw https://github.com/fail2ban/fail2ban/blob/bbfff1828061514e48395a5dbc5c1f9f81625e82/config/action.d/ufw.conf#L35-L43 (see #3018) Just here it is pf-kernel stuff.
The diff for stock `nginx-limit-req` filter may look like this: ```diff failregex = ^%(__prefix_line)slimiting requests, excess: [\d\.]+ by zone "(?:%(ngx_limit_req_zones)s)", client: , + ^%(__prefix_line)slimiting connections by zone "(?:%(ngx_limit_req_zones)s)", client: ,...