Mercurial > syslog2iptables

changeset 66:d179292293eb

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
fix default config dovecot regular expressions; add manual blocking expression
author Carl Byington <carl@five-ten-sg.com>
date Sat, 19 Dec 2015 12:45:31 -0800
parents f17e6599b82c
children 45e53c44c46c
files syslog2iptables.conf.top
diffstat 1 files changed, 11 insertions(+), 1 deletions(-) [+]
line wrap: on
line diff
--- a/syslog2iptables.conf.top	Sat Dec 19 11:12:08 2015 -0800
+++ b/syslog2iptables.conf.top	Sat Dec 19 12:45:31 2015 -0800
@@ -14,6 +14,11 @@
             bucket -5000;
             message "manual unblock";
         };
+        pattern "manual block (.*)" {
+            index 1;    // zero based
+            bucket 5000;
+            message "manual block";
+        };
         pattern "sshd.*Failed password .* from ::ffff:(.*) port" {
             index 1;    // zero based
             bucket 400;
@@ -90,7 +95,12 @@
             bucket 100;
             message "dovecot failed password";
         };
-        pattern "dovecot.*Login: .* rip=(.*), lip=" {
+        pattern "dovecot.*Disconnected: Inactivity .auth failed.* rip=(.*), lip=" {
+            index 1;    // zero based
+            bucket 100;
+            message "dovecot failed password";
+        };
+        pattern "dovecot.*Login: user=.* rip=(.*), lip=" {
             index 1;    // zero based
             bucket -5000;
             message "dovecot good authentication";