# HG changeset patch # User Carl Byington # Date 1450552328 28800 # Node ID f17e6599b82c507c0b29510f2662346bded19803 # Parent 4b147494fc64817f9d13cbfcfb63ebcde1f813c5 fix default config regular expressions for geedy matching diff -r 4b147494fc64 -r f17e6599b82c syslog2iptables.conf.top --- a/syslog2iptables.conf.top Sat Dec 19 10:25:11 2015 -0800 +++ b/syslog2iptables.conf.top Sat Dec 19 11:12:08 2015 -0800 @@ -49,24 +49,9 @@ bucket 400; message "ftp failed password"; }; - pattern "dovecot.* authentication failure; .* rhost=::ffff:(.*) " { - index 1; // zero based - bucket 100; - message "dovecot failed password"; - }; - pattern "dovecot.* authentication failure; .* rhost=(.*) " { - index 1; // zero based - bucket 100; - message "dovecot failed password"; - }; }; file "/var/log/messages" { - pattern "dovecot.* authentication failure; .* rhost=(.*) " { - index 1; // zero based - bucket 100; - message "dovecot failed password"; - }; pattern "kernel.*local-net-to.*SRC=(.*) DST=.*DPT=" { index 1; // zero based bucket 400; @@ -92,7 +77,7 @@ }; pattern "rejecting commands from.* \[(.*)\] due to pre-greeting traffic" { index 1; // zero based - bucket 1800; + bucket 0; // disable - iphone setup trips this; bucket 1800; message "sendmail pre-greeting"; }; pattern "authentication failure: checkpass failed, .*\[(.*)\]" { @@ -100,12 +85,12 @@ bucket 100; message "sendmail authentication failed"; }; - pattern "dovecot.*Aborted login .* rip=(.*)," { + pattern "dovecot.*Aborted login .* rip=(.*), lip=" { index 1; // zero based bucket 100; message "dovecot failed password"; }; - pattern "dovecot.*Login: .* rip=(.*)," { + pattern "dovecot.*Login: .* rip=(.*), lip=" { index 1; // zero based bucket -5000; message "dovecot good authentication";