Mercurial > syslog2iptables
diff syslog2iptables.conf.top @ 66:d179292293eb
fix default config dovecot regular expressions; add manual blocking expression
author | Carl Byington <carl@five-ten-sg.com> |
---|---|
date | Sat, 19 Dec 2015 12:45:31 -0800 |
parents | f17e6599b82c |
children | 0e736950a117 |
line wrap: on
line diff
--- a/syslog2iptables.conf.top Sat Dec 19 11:12:08 2015 -0800 +++ b/syslog2iptables.conf.top Sat Dec 19 12:45:31 2015 -0800 @@ -14,6 +14,11 @@ bucket -5000; message "manual unblock"; }; + pattern "manual block (.*)" { + index 1; // zero based + bucket 5000; + message "manual block"; + }; pattern "sshd.*Failed password .* from ::ffff:(.*) port" { index 1; // zero based bucket 400; @@ -90,7 +95,12 @@ bucket 100; message "dovecot failed password"; }; - pattern "dovecot.*Login: .* rip=(.*), lip=" { + pattern "dovecot.*Disconnected: Inactivity .auth failed.* rip=(.*), lip=" { + index 1; // zero based + bucket 100; + message "dovecot failed password"; + }; + pattern "dovecot.*Login: user=.* rip=(.*), lip=" { index 1; // zero based bucket -5000; message "dovecot good authentication";