Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Bug#949746: fail2ban: bad sshd filter rule for "Connection reset by ..."
76 views
Skip to first unread message
Peter Nowee
Oct 29, 2021, 10:30:03 AM10/29/21
to
I think this was fixed with this upstream commit, which was first
included in fail2ban 0.10.6:
https://github.com/fail2ban/fail2ban/commit/606bf110c99c0b491b10f336b67675311f279f1a
With fail2ban 0.11.2-2:
$ fail2ban-regex -v "sshd[5157]: Connection reset by authenticating user root 192.0.2.1 port 56014 [preauth]" sshd[mode=aggressive]
..
| 20) [1] ^<F-MLFFORGET>(Connection (?:closed|reset)|Disconnected)</F-MLFFORGET> (?:by|from)(?: (?:invalid|authenticating) user <F-USER>\S+|.*?</F-USER>)? <HOST>(?: (?:port \d+|on \S+)){0,2}\s+\[preauth\]\s*$
| 192.0.2.1 Fri Oct 29 14:15:10 2021
..
Lines: 1 lines, 0 ignored, 1 matched, 0 missed
So I think this bug can be closed.
Best regards,
Peter Nowee
included in fail2ban 0.10.6:
https://github.com/fail2ban/fail2ban/commit/606bf110c99c0b491b10f336b67675311f279f1a
With fail2ban 0.11.2-2:
$ fail2ban-regex -v "sshd[5157]: Connection reset by authenticating user root 192.0.2.1 port 56014 [preauth]" sshd[mode=aggressive]
..
| 20) [1] ^<F-MLFFORGET>(Connection (?:closed|reset)|Disconnected)</F-MLFFORGET> (?:by|from)(?: (?:invalid|authenticating) user <F-USER>\S+|.*?</F-USER>)? <HOST>(?: (?:port \d+|on \S+)){0,2}\s+\[preauth\]\s*$
| 192.0.2.1 Fri Oct 29 14:15:10 2021
..
Lines: 1 lines, 0 ignored, 1 matched, 0 missed
So I think this bug can be closed.
Best regards,
Peter Nowee
0 new messages