BdqdZdZdZddlZddlZddlZddlZddlZddlZddl Z ddl m Z m Z m Z ddlmZddlmZdd lmZmZdd lmZdd lmZdd lmZdd lmZddlmZddl m!Z!m"Z"m#Z#ddl$m%Z%m&Z&m'Z'ddl(m)Z) ddlm*Z*n #e+$rdZ*YnwxYwej,-ej,.e/dZ0dZ1e%dZ2GddeZ3Gdde!Z4Gdde4Z5Gdde4Z6Gdd ej7Z8Gd!d"ej7Z9Gd#d$eZ:Gd%d&e!Z;dd'lZ>m?Z?Gd(d)e!Z@dS)*z Cyril Jaquierz Copyright (c) 2004 Cyril JaquierGPLN)Regex FailRegexRegexException)actions)Server)DNSUtilsIPAddr)Jail) JailThread) BanTicket)Utils) DummyJail)LogCaptureTestCase with_alt_timeMyTime) getLoggerextractOptions PREFER_ENC)version) filtersystemdfilespollingfail2banceZdZdZdZdS) TestServercdSNselfargskwargss ?/usr/lib/python3/dist-packages/fail2ban/tests/servertestcase.py setLogLevelzTestServer.setLogLevel<$cdSr r!r"s r& setLogTargetzTestServer.setLogTarget?r(r)N)__name__ __module__ __qualname__r'r+r!r)r&rr;s2r)rcHeZdZeZfdZfdZd dZddZd Z d Z xZ S) TransmitterBasectt|||_|jj|_d|_|j|jtdS)Call before every test case. TestJail1N) superr0setUpTEST_SRV_CLASSserver_Server__transmtransmjailNameaddJail FAST_BACKENDr# __class__s r&r5zTransmitterBase.setUpGsg$$&&&##%%$+ +$+$-+dm\22222r)c|jtt|dSzCall after every test case.N)r7quitr4r0tearDownr=s r&rBzTransmitterBase.tearDownQs;+'')))))r)r rNFcd||g}d|g}|,|d||d||dkr|}fd} || |j|| ||f|sD|| |j|| d|fdSdS)zoProcess set/get commands and compare both return values with outValue if it was given otherwise with inValuesetgetNrr c*rt|n|S)zPrepare value for comparison)repr)xrepr_s r&vz%TransmitterBase.setGetTest..vds "4777#r)r)insert assertEqualr9proceed) r#cmdinValueoutValueoutCodejailrIsetCmdgetCmdrJs ` r& setGetTestzTransmitterBase.setGetTestWs  3 & 3<&  ==D ==D8$$$$$11T[((001111gx5H3I3IJJJ FAAdk))&1122AAq(m4D4DEEEEEFFr)c|d||g}d|g}|,|d||d||j|d}||j|dd||j|d|fdS)NrDrErr)rKr9rMrL)r#rNrOrRrSrT initValues r& setGetTestNOKzTransmitterBase.setGetTestNOKms 3 & 3<&  ==D ==Dk!!&))!,)4;&&v..q115554;&&v..I?????r)c`d|z}d|z}||jd||gdgft|D]'\}}|jd|||g}||dt t t|dfdt t t|d|dzfd|jd||g}||dt t t|dfdt t t|d|dzfd)t|D]'\}}|jd|||g}||dt t t|dfdt t t||dzdfd|jd||g}||dt t t|dfdt t t||dzdfd)dS) NadddelrErrDrr)level)rLr9rM enumerateassertSortedEquallistmapstr) r#rNvaluesrRcmdAddcmdDelnvaluerets r&jailAddDelTestzTransmitterBase.jailAddDelTestzs 3;& 3;&;tS)**QG555F##hhha   eT659 : :33q64CQ(8(8#9#9:QSfUYVWXYVYUYlE[E[@\@\<]efggg   eT3/ 0 033q64CQ(8(8#9#9:QSfUYVWXYVYUYlE[E[@\@\<]efggggF##hhha   eT659 : :33q64CQ(8(8#9#9:QSfUVWXUXUYUYlE[E[@\@\<]efggg   eT3/ 0 033q64CQ(8(8#9#9:QSfUVWXUXUYUYlE[E[@\@\<]efgggg hhr)c d|z}d|z}||jd||gdgft|D]\}}||jd|||gd|d|dzf||jd||gd|d|dzft|D]\}}||jd||dgd||dzdf||jd||gd||dzdfdS)NrZr[rErrDr)rLr9rMr]) r#rNinValues outValuesrRrcrdrerfs r&jailAddDelRegexTestz#TransmitterBase.jailAddDelRegexTests 3;& 3;&;tS)**QG555H%%haKfe455 $1Q3$Kc*++ $1Q3$H%%haKfa011 !A#$$Kc*++ !A#$$ r))r rNF) r,r-r.rr6r5rBrUrXrhrl __classcell__r>s@r&r0r0Cs33333***** FFFF, @ @ @ @hhh"r)r0c,eZdZdZdZdZdZdZdZdZ dZ d Z d Z d Z d Zd ZdZdZdZdZdZedZdZdZdZdZdZdZdZdZdZdZ dZ!dZ"d Z#d!Z$d"Z%d#Z&d$Z'd%Z(d&Z)d'Z*d(Z+d)Z,d*Z-d+Z.d,Z/d-Z0d.S)/ Transmitterc^||jdSr ) assertFalser7 isStartedr#s r&testServerIsNotStartedz"Transmitter.testServerIsNotStarteds,4;((**+++++r)cd||jdgddS)NstoprNrLr9rMrts r&testStopServerzTransmitter.testStopServers04;&&x00)<<<<>>>>r)c|||jdgdtjfdS)Nrr)rLr9rMrrts r& testVersionzTransmitter.testVersions74;&& {33a5IJJJJJr)cr ||jgdd|t j|d|||jgdd|t j|d|||jgdd|d |dS#||jgdd|d |wxYw) N)rD allowipv6yes)rrz IPv6 is on)rDrnorrz IPv6 is off)rDrauto)rrz IPv6 is auto) rLr9rM assertTruer IPv6IsAllowed assertLoggedpruneLogrrrts r& testSetIPv6zTransmitter.testSetIPv6s 6DK''(C(C(CDDjQQQ??8)++,,,\"""DMMOOODK''(B(B(BCCYOOOH*,,---]###T]]___DK''(D(D(DEE{SSS^$$$dmmoooooDK''(D(D(DEE{SSS^$$$dmmoooos C>EAF6ctjjstj}||jddgdtj}||z }|d|cxkodkncd|zdS||jddgddS) Nsleepz0.1rxg ףp= ?g?zSleep was %g sec)msgz0.0001)unittestF2BfasttimerLr9rMr)r#t0t1dts r& testSleepzTransmitter.testSleeps  I 2DK''%(8999EEE 2 R2??4"????s????(:R(??@@@@@DK''((;< 4;&&!! 4;&& < +dm\2224;&&   8C===9[r)cd}d}d}||jd|dgd|f||jd|gd|f||jd|dgdd||jd|d gd|f||jd|jdgdd||jgd dddS) N TestJail2 TestJail3 TestJail4rZrrzinvalid backendrr)rZ--allrrLr9rMr:)r#jail2jail3jail4s r& testAddJailzTransmitter.testAddJailsq % % %;ui011Au:???4;&&u~66E CCC;u&7899!z/Transmitter.testStartStopJail..C4;  q ! ! r*T[5H5H(TXTaIb5c5ceq*r*r&rr)rw) rLr9rMr:rrrDEFAULT_SLEEP_TIMErwait_for assertNotInr7_Server__jailsrts`r&testStartStopJailzTransmitter.testStartStopJail s;/00)===*U %&&&//5>rrrr; .//<<<4=$+"<=====r)cjdtjdjgdjddgdtjtj  tj fddjddgd tj fdd jjj djjdS) Nrrrxcjdo4tjdjgt  S)Nrrrrtsr&rz2Transmitter.testStartStopAllJail.."rr)rrwrc8tjj Sr )lenr7rrtsr&rz2Transmitter.testStartStopAllJail..%ss4;3M/N/N+Nr))r7r;r<rLr9rMr:rrrrrrrrrts`r&testStartStopAllJailz Transmitter.testStartStopAllJails]+k<000;/00)===;-.. ;;; *U %&&&//5>rrrr4;&&'8999EEE//5>#N#N#N#NPQRRTTT4=$+"<===; :;;;;;r)c\||jd|jddgd||jd|jddgd||jd|jddgdd dS) NrDidleonrToffrFCATrrrrts r& testJailIdlezTransmitter.testJailIdle)s;t}fd;<< ;t}fe<== ;t}fe<==a@r)c0|ddd|j|ddd|j|ddd|j|dd d |j|dd |jdS) Nfindtime120xrR60<30mz-60iDogrUr:rXrts r&testJailFindTimezTransmitter.testJailFindTime4s//*eSt}/===//*dBT]/;;;//*eU/???//*eSt}/===ZT];;;;;r)c0|ddd|j|ddd|j|ddd|j|dd d |j|dd |jdS) Nbantimerrr502z-50iz 15d 5h 30miCatrrts r&testJailBanTimezTransmitter.testJailBanTime;s//)UCdm/<<<//)T2DM/::://)UCdm/<<<//)\7/GGGYDM:::::r)c0|ddd|j|ddd|j|ddd|j|dd d |j|dd |jdS) N datepattern%%%Y%m%d%H%M%S)rz%YearMonthDay24hourMinuteSecondrEpoch)Nrz^Epoch)Nz{^LN-BEG}EpochTAI64N)Nrz %Cat%a%%%grrts r&testDatePatternzTransmitter.testDatePatternBs//-!18 //'?@@@//(44=JJJ//(,4=BBB]Lt}EEEEEr)c||ddd|j|dd|jdS)N logtimezonezUTC+0400rznot-a-time-zonerrts r&testLogTimeZonezTransmitter.testLogTimeZoneNsB//-Zdm/LLL]$5DMJJJJJr)c&|dd|j|dd|j|dd|jd}||jd|jd|gddS) NusednsrrwarnrFishrDr)rUr:rLr9rMr#rfs r&testJailUseDNSzTransmitter.testJailUseDNSRs//(E /666//(F/777//(Dt}/555 %;t}h>?? r)c |j|j||jd|jddddgd|dddd ||jd|jdd gd |d d ||jd|jdddddgd|dddd |dddd |||jd|jdddgdd||jd|jdddgd|dddd dS)NrDbanip 192.0.2.1 192.0.2.2)rr Ban 192.0.2.1 Ban 192.0.2.2TallwaitBadgerrrz Ban Badgerrunbanipz 192.0.2.255z 192.0.2.254zUnban 192.0.2.1zUnban 192.0.2.2z192.0.2.255 is not bannedz192.0.2.254 is not bannedz--report-absentrr)rr)r7 startJailr:rLr9rMrrrts r& testJailBanIPzTransmitter.testJailBanIP]s+ &&&;t}g{KQ\]^^    O_$TJJJ;t}gx@AA    Lt,,,; DM9m[+}]__    %'8dNNN/1LRV]abbb--///; DM9&7GIIIJLLMOOO; DM9m]CEEEKMMM/1LRV]abbbbbr)c jjfd}dddjdD]+}dD]&}||d|zgd ',d d d d ||ddDd dd dd ddS)NcPjdjd|g|zS)NrDattempt)r9rMr:)ipmatchesr#s r&rz.Transmitter.testJailAttemptIP..attempt}s) +  udmYCgM N NNr)maxretry5r)rr)rrtest failure %drz 192.0.2.1:2z 192.0.2.2:2Trcg|]}d|zS)r r!).0is r& z1Transmitter.testJailAttemptIP..sGGG! 1A 5GGGr))rr z 192.0.2.2:5rrr)r7rr:rUrLrassertNotLogged)r#rrrs` r&testJailAttemptIPzTransmitter.testJailAttemptIPzsG+ &&&OOOOO//*c14=/999 CCa 'CCrWWR"3a"7!8996BBBBCM=dFFF772GGwGGGHH&QQQM---O$///'''''r)cjd}j|tj|dddgffd }||g||dddg||d ddd g||d gd  ||dd d g||d d g||d gdS)NTestJailBanListr!c|Ljd|d|gdd|zd|Ljd|d|gdd|zdjd |dgt |zd |fd t jt jd zdS)NrDrrzBan %sTrrzUnban %srErF) nestedOnlyr) rLr9rMrr^r_rsetTimer)rRrrr$outListr#s r&_getBanListTestz4Transmitter.testJailBanList.._getBanListTests+  [%w677     h&T222  [%y':;;     j7*666Kg.tDzz9::LU$$$ >&+--!#$$$$$r))r 127.0.0.1)z --with-timez:127.0.0.1 2005-08-14 12:00:01 + 600 = 2005-08-14 12:10:01)rr$r 192.168.0.1z<192.168.0.1 2005-08-14 12:00:02 + 600 = 2005-08-14 12:10:02 192.168.1.10)rrr)rr)rr)r7r;r<r)r#rRrs` r&testJailBanListzTransmitter.testJailBanListsr $+dL)))+#'2r%%%%%%&/$ /$k0@ I JLLLL/$m2BAC EFFFF/$n 7 7 79999/$ > *,,,,/$ ?/$ r)c|ddd|j|ddd|j|ddd|j|dd |jdS) N maxmatchesr r r2r-2Duckrrts r&testJailMaxMatcheszTransmitter.testJailMaxMatchessy//,QT]/;;;//,QT]/;;;//,bt}/===\6 >>>>>r)c|ddd|j|ddd|j|ddd|j|dd |jdS) Nr r r rr!rr"r#r$rrts r&testJailMaxRetryzTransmitter.testJailMaxRetrysy//*c14=/999//*c14=/999//*dBT]/;;;Zdm<<<<; DM<u=???@Br)cd}|jd|jd|g}|t |dt dS)Nzthis_file_shouldn't_existrDr3r)r9rMr:rrIOError)r#rfresults r&testJailLogPathInvalidFilez&Transmitter.testJailLogPathInvalidFilesR %% ;   4=,. 0 0&//*VAY0011111r)c.tjd}|dz}tj|||jd|jd|g}|t|dttj |dS)Ntmp_fail2ban_broken_symlink)prefixz.slinkrDr3r) rmktemprsymlinkr9rMr:rrr=r)r#namesnamer>s r&testJailLogPathBrokenSymlinkz(Transmitter.testJailLogPathBrokenSymlinks  = > > >$ /%*T5 ;   4=,. 0 0&//*VAY00111)Er)cX|dgd|jd}||jd|jd|gd|gf||jd|jd|gd|gf||jd|jdgd|gf||jd|jd|gdgf||jd|jd gd ||jd|jd d gd ||jd|jd gd dS) Nignoreip)rz 192.168.1.1z8.8.8.8rrD addignoreiprrE delignoreip ignoreselfrFr)rhr:rLr9rMrs r&testJailIgnoreIPzTransmitter.testJailIgnoreIP s  = %;t}mUCDDw<;t}mUCDDw<;t}j9::w<;t}mUCDDr7   ;t}l;<< ;t}lEBCC ;t}l;<< r)c@|dd|jdS)N ignorecommandzbin/ignore-command rrUr:rts r&testJailIgnoreCommandz!Transmitter.testJailIgnoreCommand2s#///#<4=/QQQQQr)c|ddgd|j|ddd|jdS)N ignorecachez%key="",max-time=1d,max-count=9999)zi'iQrrPrts r&testJailIgnoreCachezTransmitter.testJailIgnoreCache5sT//-* //-T />>>>>r)c@|dd|jdS)N prefregexz^TestrrPrts r&testJailPrefRegexzTransmitter.testJailPrefRegex<s"//+wT]/;;;;;r)c |dgddtjdzdtjdzdtjdzg|j||jd|jdd gd d ||jd|jdd gd d dS) N failregex)zuser john at Admin user login from z failed attempt from againzuser john at %sAdmin user login from %szfailed attempt from %s againrD addfailregexz No host regexrrirlr_resolveHostTagr:rLr9rMrts r& testJailRegexzTransmitter.testJailRegex?s ; .x889%"7"A"AB"e&;H&E&EF =   ; DM>?;===>@; DM>3/11124r)c h|dgdddtjdzdg|j||jd|jdd gd d ||jd|jdd gd d dS) N ignoreregex) user johnr[Dont match me!rdr]r\rerDaddignoreregexzInvalid [regexrrrr_rts r&testJailIgnoreRegexzTransmitter.testJailIgnoreRegexWs= %"7"A"AB =   ; DM+-=>@@@AC; DM+R022235r)c |jg}||jdgddt |fdd|fgf|jdt| d||jdgddt |fdd|fgfdS)NrrzNumber of jailz Jail listz, r) r:rLr9rMrr9r7r;r<append)r#jailss r& testStatuszTransmitter.testStatusos =/%4;&&z22 3u::&dii6F6F(GHIKKK+k<000,,{4;&&z22 3u::&dii6F6F(GHIKKKKKr)c ||jd|jgdddddgfgfddd d gfgfgfdS) NrrFilterzCurrently failedrz Total failedr File listActionszCurrently bannedrz Total bannedrBanned IP listrrts r&testJailStatuszTransmitter.testJailStatusxs4;&&$-'@AAB   r)c ||jd|jdgdddddgfgfdd d d gfgfgfdS) Nrbasicrrmrnrorprqrrrsrtrrts r&testJailStatusBasiczTransmitter.testJailStatusBasics4;&&$-'IJJB   r)c ||jd|jdgdddddgfgfdd d d gfgfgfdS) NrINVALIDrrmrnrorprqrrrsrtrrts r&testJailStatusBasicKwargz$Transmitter.testJailStatusBasicKwargs4;&&$-'KLLB   r)c "tj ddl}ddl}g}n#t $rdg}YnwxYw||jd|j dgdddddgfgfd d d d gfd |fd|fd|fgfgfdS)NrerrorrcymrurmrnrorprqrrrsrtzBanned ASN listzBanned Country listzBanned RIR list) rrSkipIfNoNetwork dns.exception dns.resolver ImportErrorrLr9rMr:)r#dnsrfs r&testJailStatusCymruzTransmitter.testJailStatusCymrus ,    55  9555 4;&&$-'IJJB % e$% " s + ;;c zd}gd}gd}||jd|jd|gd|f||jd|jdgd d|t ||D]@\}}||jd|jd |||gd|fAt ||D]?\}}||jd|jd ||gd|f@||jd|jd |d d gd ||jd|jd |d gd ||jd|jd |dgdd ||jd|jd |ddgd||jd|jd |dgd||jd|jd|gd||jd|jddgdd dS)NTestCaseAction) actionstart actionstop actioncheck actionban actionunban)z Action Startz Action Stopz Action Checkz Action Banz Action UnbanrD addactionrrErractionKEYVALUE)rr InvalidKeytimeout10)r delactionrxz Doesn't exist)rLr9rMr:zip)r#rcmdList cmdValueListrNrfs r& testActionzTransmitter.testActionsk &   ',;t}k6BCCv;; DM9%'''(**+-    ..jc5K T]Hfc59;;J..jc5K xEFFJ; DM8VUG<>>; DM8VU355; DM8V\:<<<=?; DM8VY=??    ; DM8VY799    ;t}k6BCC ; DM;8:::;==>@@@@@r)c d}|jd|jd|tjt dddg}||d|f||jd|jd |gd d d g||jd|jd |d gd||jd|jd |d gd||jd|jd|gd gd||jd|jd |ddgd||jd|jd |d dgd||jd|jd |ddgddS)NrrDraction.dz action.pyz{"opt1": "value"}rrEactionpropertiesropt1opt2r)rrfrx actionmethods)banrebanrrw testmethodunbanrz{"text": "world!"})rzHello world! value another value)rr)rzHello world! another value) r9rMr:rr8r9r:rLr^)r#routs r&$testPythonActionMethodsAndPropertiesz0Transmitter.testPythonActionMethodsAndPropertiesse &  4=+vGLL[99  #3F $$$;t} !!!"$ F;t}h    ;t}h     ;t}o    ;;;===;t}h&());t}h O;t}h&())$&&&&&r)cr||jddgdddS)NrzCOMMANDrrryrts r&testNOKzTransmitter.testNOK,s84;&& 9'=>>qA!DDDDDr)cr||jgddddS)N)rDrzrrrryrts r& testSetNOKzTransmitter.testSetNOK/E;44455a8<<<<.I'''3#'''r)rdeljournalmatchcg|]}|gSr!r!rs r&rz0Transmitter.testJournalMatch..Nrr) _COMM=sshd)r+r_UID=0rrrzThis isn't valid!zFIELD=NotPresent) rrSkipTestr7r;r]rLr9rMrr ValueError)r#r:rbrerfr>s r&testJournalMatchzTransmitter.testJournalMatch;s E  C D DD (+h ***   & F##**haK X(%022''&!A#,'''(****F##**haK X(%022''&1,'''(**** %; H'/11y> ; H'/11% ; H'/11y> ; H'/11r7    > > >%; H'(50225x@ABDDD; H'(5!9466 %x012444; H'(59466r7   % ;   8&. 0 0&//*VAY 33444 % ;   8&. 0 0&//*VAY 3344444r)c  tstjd|dd}|j|dgd}t |D]N\}}||j d|d|gdd |d|d zDfOt |D]N\}}||j d|d |gdd ||d zdDfOdS) NrTrzsystemd[journalflags=2]rrDrrcg|]}|gSr!r!rs r&rz5Transmitter.testJournalFlagsMatch..rr)rrcg|]}|gSr!r!rs r&rz5Transmitter.testJournalFlagsMatch..rr)) rrrrr7r;r]rLr9rM)r#r:rbrerfs r&testJournalFlagsMatchz!Transmitter.testJournalFlagsMatchsf E  C D DD//$ (+h 9:::   & F##**haK X(%022''&!A#,'''(****F##**haK X(%022''&1,'''(******r)N)1r,r-r.rurzr~rrrrrrrrrrrrrrrrrr%r'r*r/r;r?rGrMrQrUrXrargrkrurxr{rrrrrrrrrr!r)r&rprps,,, ===???KKK 6 6 6 I I I...`;;;$ > > ><<<$   <<<;;; F F FKKK   ccc:(((&))-)V??? === === BBB(((T222###JRRR???<<<00KKK$$$<:@:@:@x"&"&"&HEEE<<<<<<???E5E5E5N*****r)rpcLeZdZeZfdZdZdZdZdZ dZ dZ dZ xZ S) TransmitterLoggingctt||jd|jd|jddS)N /dev/nullCRITICALr)r4rr5r7r+r'setSyslogSocketr=s r&r5zTransmitterLogging.setUpshD!!'')))+;'''+*%%%+f%%%%%r)cg}tdD]L}tjdd}||dt j|dM|D]}|d|d}|d||j gd|D]}t j ||dd d |dd d dS) Nrr transmitterrr logtarget/this/path/should/not/exist)rDrrzSTDOUT[format="%(message)s"]STDOUTz!STDERR[datetime=off, padding=off]STDERR) rangerrrirrrUrXr9rMremove)r# logTargets_tmpFile logTargetrfs r& testLogTargetz TransmitterLogging.testLogTargets* 88a  j- 8 87 WQZ   8GAJ++i??; **** (%[%(((+777888i9Y//+=xHHH//+BHMMMMMr)cLtjdstjd||jd|dd||jddS)N/dev/logz'/dev/log' not presentrrSYSLOG) rr8existsrrrr7getSyslogSocketrUrts r&testLogTargetSYSLOGz&TransmitterLogging.testLogTargetSYSLOGs  # #5  3 4 44//$+--//888//+x(((//$+--//<<<<>*+E+E Gr)c|dd|dd|dd|dd|dd|dd|dd|dd |dd |dd d |dd dS) Nloglevel HEAVYDEBUG TRACEDEBUG9DEBUGINFONOTICEWARNINGERRORrcRiTiCaLBird)rUrXrts r& testLogLevelzTransmitterLogging.testLogLevels//*l+++//*l+++//*c"""//*g&&&//*f%%%//*h'''//*i(((//*g&&&//*j)))//*j*555Z(((((r)cf||jdgd tjd\}}t j||jd||jdd|gd|ftd}| d  tjd\}}t j|t j ||| d ||jdgd| d t|d 5}t|}|d dkrt|}||dt|}||d t|}|ddkr!|t$|jn|d|zn#t$$rYnwxYwdddn #1swxYwYt|d 5}t|}|ddkrt|}||d|t$|j|dddn #1swxYwYt j|n#t j|wxYw t j|n:#t,$rYn.wxYw# t j|w#t,$rYwwxYwxYw||jgdd||jdgddS)N flushlogs)rz rolled overz fail2ban.logrrDrrrzBefore file movedzAfter file movedzAfter flushlogsrzChanged logging target tozBefore file moved zAfter file moved zCommand: ['flushlogs']zCException StopIteration or Command: ['flushlogs'] expected. Got: %szrollover performed onzAfter flushlogs )rDrr)rr)rflushed)rLr9rMrrrrr7r'rwarningrenameopennextfindrendswith assertRaises StopIteration__next__failrOSError) r#ffnlf2fn2line1line2res r& testFlushLogsz TransmitterLogging.testFlushLogssS4;&& }557IJJJ*  N + +51b8A;;;;9%%%DK'' R(@AAAr7KKK199 !!!~..GBHRLLLIb#II !!!T[((+779KLLLII   c# ! !WWU .//1441gge __U^^$9::;;; !WWU __U^^$899::: q''a ( ) )A - -  3333 yyVYZZ[[[     d                 b !WWU *++q001gge __U^^$788999 }aj111WWYYY IcNNNNBIcNNNNN IbMMMM    D  IbMMMM    D 4;&&'E'E'EFF VVV4;&& }55~FFFFFsBN(B)M(7BJ A!I10J 1 I>;J =I>>J  M( JM(JM((BM< M(M  M(M M(N((M>>N(N N%$N%(O*N?>O? O  O O  Oc|ddd|j|ddd|j|dd d |j|d d d |j|d d|j|ddd|j|ddd|jdS)Nzbantime.incrementtrueTrzbantime.rndtime30minrzbantime.maxtimez 1000 daysi\&zbantime.factorr!zbantime.formulazGban.Time * math.exp(float(ban.Count+1)*banFactor)/math.exp(1*banFactor)zbantime.multipliersz1 5 30 60 300 720 1440 2880zbantime.overalljailsrPrts r&testBanTimeIncrz"TransmitterLogging.testBanTimeIncr s//%vt$-/HHH//#We$-/HHH//#[-dm/TTT//"C4=/AAA//#%nuyvC/DDD//')FHelply/zzz//(&&t}/MMMMMr))r,r-r.r r6r5rrrrrr rrmrns@r&rrs&&&&& NNN(===777    ) ) ).G.G.G`NNNNNNNr)rceZdZdZdS) JailTestsc^d}t|}||j|dS)Nveryveryverylongname)r rLrE)r#longnamerRs r& testLongNamezJailTests.testLongNames0 #( h$49h'''''r)N)r,r-r.rr!r)r&rrs#(((((r)rc eZdZdZdZdZdS) RegexTestsc|ttd|ttd|ttddS)NrT  )rrrrts r&testInitzRegexTests.testInit"sPNE2...NE3///NE400000r)c|ttdddd|tt dddS)Na"'z Regex('a')r\z FailRegex()rLrarreplacerr startswithrts r&testStrzRegexTests.testStr(sj3uSzz??**344lCCC//#i))**55lCCDDDDDr)c^ |ttd|ttd|td|td|td|td|td|td|td td }|||d g|||t|jtd }|||d g|||t|jtd}|||dg||||d|dg||||d|dg||||dtd}|||dg|||| dtd}|dg| }|||j fd|dg| }|||j fd|dg| }|||j fd|dg| }|||j fdtd }|d!g| }|||j fd"|d#g| }|||j fd|d$g| }|||j fd%|d&g| }|||j fd'dS)(NrTz^test no group$z^test group$z^test group$z^test group$z^test group$z<^test id group: ip:port = (?::)?$z-^test id group: user:\([^\)]+\)$z#^test id group: anything = $z %%?)z%%rTrTz#%%inet(?:=|inet6=)?)z %%inet=testrTrTz(%%(?:inet(?:=|6=)?|dns=?))z%%inet=192.0.2.1rTrTr)z%%inet6=2001:DB8::rTrT 2001:DB8::)z%%dns=example.comrTrTz example.com)z%test id group: user:(test login name)rTrTztest login namez%%net=)z%%net=192.0.2.1rTrT)rinet4)z%%net=192.0.2.1/24rTrT)z 192.0.2.0/24r&)z%%net=2001:DB8:FF:FF::1rTrT)z2001:db8:ff:ff::1inet6)z%%net=2001:DB8:FF:FF::1/60rTrT)z2001:db8:ff:f0::/60r'z%%ip="", mask="?")z%%ip="192.0.2.2", mask=""rTrT)rr&)z%%ip="192.0.2.2", mask="24"rTrT)z"%%ip="2001:DB8:2FF:FF::1", mask=""rTrT)z2001:db8:2ff:ff::1r')z$%%ip="2001:DB8:2FF:FF::1", mask="60"rTrT)z2001:db8:2ff:f0::/60r') rrrrrr hasMatchedsearchgetHostrL getFailIDgetIP familyStr)r#frrs r&testHostzRegexTests.testHost.sNIr222NI/@AAA//)233444//)122333//)122333//)122333//)[\\]]]//)LMMNNN//)BCCDDD"2==??###))\N//"--//"""NBJ///788"2==??###)) " #$$$//"--//"""NBJ///<=="2==??###)) ' ()))//"--//"""2::<<---)) ) *+++//"--//"""2::<<...)) ( )***//"--//"""2::<<///ABB"2==??###)) < =>>>//"--//"""2<<>>#4555"##")) & '((( xxzz"B %'=>>>)) ) *+++ xxzz"B %'@AAA)) . /000 xxzz"B %'EFFF)) 1 2333 xxzz"B %'GHHH122")) 0 1222 xxzz"B %'=>>>)) 2 3444 xxzz"B %'@AAA)) 9 :;;; xxzz"B %'FGGG)) ; <=== xxzz"B %'HIIIIIr)N)r,r-r.rr#r/r!r)r&rr sN111 EEE DJDJDJDJDJr)rceZdZdZdS) _BadThreadc td)Nzrun bad thread exception)rrts r&runz_BadThread.runvs/000r)N)r,r-r.r3r!r)r&r1r1us#11111r)r1c eZdZdZdZdZdS) LoggingTestsctd}||jjd||jddS)Nzfail2ban.some.string.with.namerz fail2ban.name)rrLparentrE)r# testLogSyss r&testGetF2BLoggerzLoggingTests.testGetF2BLogger|sJ9::*:$):666:?O44444r)ctj}gfdt_ t}||t jfdd|t_n#|t_wxYwd td ddtdS)Nc.|Sr )ri)r$rHs r&rz5LoggingTests.testFail2BanExceptHook..sQXXd^^r)cLtodS)NUnhandled exception)r _is_logged)r#rHsr&rz5LoggingTests.testFail2BanExceptHook..sCFF,]tG\7]7]r)rr=rr) sys__excepthook__r1rr9rrrrrLrr)r# prev_exchook badThreadrHs` @r&testFail2BanExceptHookz#LoggingTests.testFail2BanExceptHooks#,!3333#%||9 ?? >>??EN$]$]$]$]$]_`aaccc$3 3$$$$)***3q6611Q47L)))))s A"BBcg}tjdd\}}tj|||tjdd\}}tj|||t } |||d||| d| |D]5}tj |rtj |6dS#| |D]5}tj |rtj |6wxYw)Nz fail2ban.sockzf2b-testz fail2ban.pidF)forcezServer already running)rrrrrirrrrrsrrAr8rr)r# tmp_filessock_fd sock_name pidfile_fd pidfile_namer7rs r&testStartFailedSockExistsz&LoggingTests.testStartFailedSockExistssm)'DD'9(7 9%-njII*l(: <   <<& << s r&rRz ServerConfigReaderTests.__init__s4/%&&/@@@@$r)cdtt|g|_dS)r2N)r4rPr5 _execCmdLstr=s r&r5zServerConfigReaderTests.setUps.&&,,...$r)cVtt|dSr@)r4rPrBr=s r&rBz ServerConfigReaderTests.tearDowns&&&//11111r)rc|dD]M}|dstd|3t|NdS)N #zexec-cmd: `%s`T)splitr"logSysdebug)r#realCmdrrs r& _executeCmdz#ServerConfigReaderTests._executeCmds_ ==  a ,,s   LL!1%%%% LLOOOO r)ct|dsit}i|_dD]Q\}}t|}|dt j|||j|<R|jS)N__aInfos))ipv4r)ipv6r%r)hasattrr _ServerConfigReaderTests__aInfosr setBanTime_actionsrq ActionInfo)r#dmyjailtrtickets r&_testActionInfosz(ServerConfigReaderTests._testActionInfoss z " "D [[74=?DDuq" r]]F c'2267CCDM! r)c|j}|}|D]Q}||jD]?}||j|}tdtd|dz|jztdt |tjs|j |_ td| | td| | |dtd| ||dtd| | |d td | ||d td | |ASdS) N4# ================================================== # == %-44s == - # === start ===# === ban-ipv4 ===ra# === unban ipv4 ===# === ban ipv6 ===rb# === unban ipv6 ===# === stop ===)rrkrr[r\_namerrf CommandActionr^ executeCmdrrrrrw)r#r7rjaInfosrRrrs r&_testExecActionsz(ServerConfigReaderTests._testExecActionss  %  " "&d $K q 4[  #F LL"### LL$,"=>>> LL"### fh4 5 5?x(F LL"###T]]___ LLNNN LL%&&&  JJvf~ LL'((($--/// LL    LL%&&&  JJvf~ LL'((($--/// LL    LL!"""DMMOOO KKMMMM5r)cftjdttd|j}||||| d}t}|j }|j }|D]H}|ddkr8|ddkrd|d <nt|d kr|dd kr|d d krvtjt"d |d}tj|s%tjt"d}||d <nDtjjr3t|d kr |ddvr|d dkr d |d<d|d < ||#t($r&}|d|d|Yd}~@d}~wwxYwJtjjs||dSdS)NTstock)basedir force_enable share_config)allow_no_filesrrrZrrrrDr3logsrr2)rDz multi-setr^zDUMMY-REGEX zCommand z has failed. Received )rrSkipIfCfgMissingrMrNrSrread getOptionsconvertrr8_Transmitter__commandHandlerrrr8r9r:rrrrrz) r#rjstreamr7r9 cmdHandlerrNres r&testCheckStockJailActionsz1ServerConfigReaderTests.testCheckStockJailActionss: ,d+++ jt$JZ [ [ [%//%**,,//%""$$%%% === - -& <<&  !&2* @@c !f 1vSVV SA#a&E//c!f .D.D ',,~vs1v 6 6R GNN2  : 7<<(8 9 9bSVV  #XX\\c!f 444Q>9Q9QSV"SV@Z____ @@@ YYYsssAA>????????@/>  !     !!s G HG??Hcd|d|}t|\}}d|dgg}t||||jt}|||i|| |S)Nz %(__name__)srZr)rr~) r!rrLrSrNrrrextendr)r#rRactactNameactOptrrs r&getDefaultJailStreamz,ServerConfigReaderTests.getDefaultJailStreams ND))#"3''/'6 4 &  D& * 6 6 6&//&++--   B--  !!! -r)cTtjdtjddl}t }|j}|tj tddD]}tj | dd}| d|z|}|D]0}||\}} ||d1||dS) NTr|rrz*.confz.confrTzj-)rrr SkipIfFastglobrr8rr8r9rNbasenamer!rrMrLrz) r#rr7r9actCfgrrrNrgress r&testCheckStockAllActionsz0ServerConfigReaderTests.testCheckStockAllActions+s ,d+++ , +++ <<&  !& "',,z:xHHII ! !f   & ! ! ) )'2 6 63  % %d3h 4 46s~~c""HCS!     ! !r)ctjdddddddd d d d d ddddd fdddddddddddddddd fd d!d"d#d$d%d&d'd(d)d*d+ fd,d-d"d#d.d/d0d1d2fd3d4d5d6d7d8d9d:d;dd?d@dAdB fdCdDd5d6d7dEdFdGdHdIdJdKdLdMdNdB fdOdPdQdRdSdTdUdVdWdXdYdZd[d\d]dB fd^d_d`dadSdbdcdddedfdgdhdidjdkdB fdldmd5d6dSdndodpdqdrdsdtdudvdwdB fdxdyd5d6dSdzd{d|d}d~ddddddB fdddddddddddddd fdddddddddddddd fdddddddddddddd fddddddddddddddd fdddddddddddddd fdddddddddddddd fdddddddddddddל fdddddddddddddל fddddddddd2fddddddddd2ff}t}|j}|j}|D]O\}}}|||}|D]0} || \} } || d1P|j } | } |D] \}}}| |j D]}| |j |}t dt d|dz|jzt d|t!|t"j|j|_|d||dr|j|dddinF|dr1|dr|j|d|dzddi|d|| d|dr>|j|d|dd|dzddi|dr|j|dddi|j|dddi|j|dddi|d|| d|j|dddi|j|dddi|d|| d|dr>|j|d|dd|dzddi|dr|j|dddi|j|dddi|j|dddi|d|| d|j|dddi|j|dddi|d r|d || dd |j|d |dd|d zddi|d r(|d |d kr|j|d ddi|d r|d|| dd |j|d |dd|d zddi|d r(|d |d kr|j|d ddi|dr>|d||j|dddi|d||dr+|j|dd|dzddi dS(NTr|z j-w-nft-mpzQnftables-multiport[name=%(__name__)s, port="http,https", protocol="tcp,udp,sctp"])zip ipv4_addrzaddr-)zip6 ipv6_addrzaddr6-)`nft add table inet f2b-table`W`nft -- add chain inet f2b-table f2b-chain \{ type filter hook input priority -1 \; \}`9`for proto in $(echo 'tcp,udp,sctp' | sed 's/,/ /g'); do``done`)zG`nft add set inet f2b-table addr-set-j-w-nft-mp \{ type ipv4_addr\; \}`z`nft add rule inet f2b-table f2b-chain $proto dport \{ $(echo 'http,https' | sed s/:/-/g) \} ip saddr @addr-set-j-w-nft-mp reject`)zH`nft add set inet f2b-table addr6-set-j-w-nft-mp \{ type ipv6_addr\; \}`z`nft add rule inet f2b-table f2b-chain $proto dport \{ $(echo 'http,https' | sed s/:/-/g) \} ip6 saddr @addr6-set-j-w-nft-mp reject`)zG`{ nft flush set inet f2b-table addr-set-j-w-nft-mp 2> /dev/null; } || zH`{ nft flush set inet f2b-table addr6-set-j-w-nft-mp 2> /dev/null; } || )z`{ nft -a list chain inet f2b-table f2b-chain | grep -oP '@addr-set-j-w-nft-mp\s+.*\s+\Khandle\s+(\d+)$'; } | while read -r hdl; do`5`nft delete rule inet f2b-table f2b-chain $hdl; done`z3`nft delete set inet f2b-table addr-set-j-w-nft-mp`z`{ nft -a list chain inet f2b-table f2b-chain | grep -oP '@addr6-set-j-w-nft-mp\s+.*\s+\Khandle\s+(\d+)$'; } | while read -r hdl; do`rz4`nft delete set inet f2b-table addr6-set-j-w-nft-mp`)zO`nft list chain inet f2b-table f2b-chain | grep -q '@addr-set-j-w-nft-mp[ \t]'`)zP`nft list chain inet f2b-table f2b-chain | grep -q '@addr6-set-j-w-nft-mp[ \t]'`)zD`nft add element inet f2b-table addr-set-j-w-nft-mp \{ 192.0.2.1 \}`)zG`nft delete element inet f2b-table addr-set-j-w-nft-mp \{ 192.0.2.1 \}`)zF`nft add element inet f2b-table addr6-set-j-w-nft-mp \{ 2001:db8:: \}`)zI`nft delete element inet f2b-table addr6-set-j-w-nft-mp \{ 2001:db8:: \}`) ip4ip6*-start ip4-start ip6-startflushrw ip4-check ip6-checkip4-ban ip4-unbanip6-ban ip6-unbanz j-w-nft-apz8nftables-allports[name=%(__name__)s, protocol="tcp,udp"])rr)zG`nft add set inet f2b-table addr-set-j-w-nft-ap \{ type ipv4_addr\; \}`zg`nft add rule inet f2b-table f2b-chain meta l4proto \{ tcp,udp \} ip saddr @addr-set-j-w-nft-ap reject`)zH`nft add set inet f2b-table addr6-set-j-w-nft-ap \{ type ipv6_addr\; \}`zi`nft add rule inet f2b-table f2b-chain meta l4proto \{ tcp,udp \} ip6 saddr @addr6-set-j-w-nft-ap reject`)zG`{ nft flush set inet f2b-table addr-set-j-w-nft-ap 2> /dev/null; } || zH`{ nft flush set inet f2b-table addr6-set-j-w-nft-ap 2> /dev/null; } || )z`{ nft -a list chain inet f2b-table f2b-chain | grep -oP '@addr-set-j-w-nft-ap\s+.*\s+\Khandle\s+(\d+)$'; } | while read -r hdl; do`rz3`nft delete set inet f2b-table addr-set-j-w-nft-ap`z`{ nft -a list chain inet f2b-table f2b-chain | grep -oP '@addr6-set-j-w-nft-ap\s+.*\s+\Khandle\s+(\d+)$'; } | while read -r hdl; do`rz4`nft delete set inet f2b-table addr6-set-j-w-nft-ap`)zO`nft list chain inet f2b-table f2b-chain | grep -q '@addr-set-j-w-nft-ap[ \t]'`)zP`nft list chain inet f2b-table f2b-chain | grep -q '@addr6-set-j-w-nft-ap[ \t]'`)zD`nft add element inet f2b-table addr-set-j-w-nft-ap \{ 192.0.2.1 \}`)zG`nft delete element inet f2b-table addr-set-j-w-nft-ap \{ 192.0.2.1 \}`)zF`nft add element inet f2b-table addr6-set-j-w-nft-ap \{ 2001:db8:: \}`)zI`nft delete element inet f2b-table addr6-set-j-w-nft-ap \{ 2001:db8:: \}`zj-dummyzodummy[name=%(__name__)s, init="=='/'==bt:==bc:==", target="/tmp/fail2ban.dummy"])z family: inet4)z family: inet6)z$`printf %b "=='/'==bt:600==bc:0==\n"z7`echo "[j-dummy] dummy /tmp/fail2ban.dummy -- started"`)z9`echo "[j-dummy] dummy /tmp/fail2ban.dummy -- clear all"`)z7`echo "[j-dummy] dummy /tmp/fail2ban.dummy -- stopped"`)zP`echo "[j-dummy] dummy /tmp/fail2ban.dummy -- banned 192.0.2.1 (family: inet4)"`)zR`echo "[j-dummy] dummy /tmp/fail2ban.dummy -- unbanned 192.0.2.1 (family: inet4)"`)zQ`echo "[j-dummy] dummy /tmp/fail2ban.dummy -- banned 2001:db8:: (family: inet6)"`)zS`echo "[j-dummy] dummy /tmp/fail2ban.dummy -- unbanned 2001:db8:: (family: inet6)"`) rrrrrwrrrrz j-hostsdenyzPhostsdeny[name=%(__name__)s, actionstop="rm ", file="/tmp/fail2ban.dummy"])z5`printf %b "ALL: 192.0.2.1\n" >> /tmp/fail2ban.dummy`)z^`IP=$(echo "192.0.2.1" | sed 's/[][\.]/\\\0/g') && sed -i "/^ALL: $IP$/d" /tmp/fail2ban.dummy`)z8`printf %b "ALL: [2001:db8::]\n" >> /tmp/fail2ban.dummy`)za`IP=$(echo "[2001:db8::]" | sed 's/[][\.]/\\\0/g') && sed -i "/^ALL: $IP$/d" /tmp/fail2ban.dummy`)rrrrrrzj-w-iptables-mpzwiptables-multiport[name=%(__name__)s, bantime="10m", port="http,https", protocol="tcp,udp,sctp", chain=""]) `iptables icmp-port-unreachable) `ip6tables icmp6-port-unreachable)rr)z`{ iptables -w -C f2b-j-w-iptables-mp -j RETURN >/dev/null 2>&1; } || { iptables -w -N f2b-j-w-iptables-mp || true; iptables -w -A f2b-j-w-iptables-mp -j RETURN; }`z`{ iptables -w -C INPUT -p $proto -m multiport --dports http,https -j f2b-j-w-iptables-mp >/dev/null 2>&1; } || { iptables -w -I INPUT -p $proto -m multiport --dports http,https -j f2b-j-w-iptables-mp; }`)z`{ ip6tables -w -C f2b-j-w-iptables-mp -j RETURN >/dev/null 2>&1; } || { ip6tables -w -N f2b-j-w-iptables-mp || true; ip6tables -w -A f2b-j-w-iptables-mp -j RETURN; }`zq`{ ip6tables -w -C INPUT -p $proto -m multiport --dports http,https -j f2b-j-w-iptables-mp >/dev/null 2>&1; } || z]{ ip6tables -w -I INPUT -p $proto -m multiport --dports http,https -j f2b-j-w-iptables-mp; }`)$`iptables -w -F f2b-j-w-iptables-mp`%`ip6tables -w -F f2b-j-w-iptables-mp`)zX`iptables -w -D INPUT -p $proto -m multiport --dports http,https -j f2b-j-w-iptables-mp`rz$`iptables -w -X f2b-j-w-iptables-mp`zY`ip6tables -w -D INPUT -p $proto -m multiport --dports http,https -j f2b-j-w-iptables-mp`rz%`ip6tables -w -X f2b-j-w-iptables-mp`)zX`iptables -w -C INPUT -p $proto -m multiport --dports http,https -j f2b-j-w-iptables-mp`)zY`ip6tables -w -C INPUT -p $proto -m multiport --dports http,https -j f2b-j-w-iptables-mp`)za`iptables -w -I f2b-j-w-iptables-mp 1 -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable`)z_`iptables -w -D f2b-j-w-iptables-mp -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable`)zd`ip6tables -w -I f2b-j-w-iptables-mp 1 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable`)zb`ip6tables -w -D f2b-j-w-iptables-mp -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable`) rr*-start-stop-checkrrrrwrrrrrrzj-w-iptables-apzciptables-allports[name=%(__name__)s, bantime="10m", protocol="tcp,udp,sctp", chain=""])z`{ iptables -w -C f2b-j-w-iptables-ap -j RETURN >/dev/null 2>&1; } || { iptables -w -N f2b-j-w-iptables-ap || true; iptables -w -A f2b-j-w-iptables-ap -j RETURN; }`zO`{ iptables -w -C INPUT -p $proto -j f2b-j-w-iptables-ap >/dev/null 2>&1; } || z;{ iptables -w -I INPUT -p $proto -j f2b-j-w-iptables-ap; }`)z`{ ip6tables -w -C f2b-j-w-iptables-ap -j RETURN >/dev/null 2>&1; } || { ip6tables -w -N f2b-j-w-iptables-ap || true; ip6tables -w -A f2b-j-w-iptables-ap -j RETURN; }`zP`{ ip6tables -w -C INPUT -p $proto -j f2b-j-w-iptables-ap >/dev/null 2>&1; } || z<{ ip6tables -w -I INPUT -p $proto -j f2b-j-w-iptables-ap; }`)$`iptables -w -F f2b-j-w-iptables-ap`%`ip6tables -w -F f2b-j-w-iptables-ap`)z7`iptables -w -D INPUT -p $proto -j f2b-j-w-iptables-ap`rz$`iptables -w -X f2b-j-w-iptables-ap`z8`ip6tables -w -D INPUT -p $proto -j f2b-j-w-iptables-ap`rz%`ip6tables -w -X f2b-j-w-iptables-ap`)z7`iptables -w -C INPUT -p $proto -j f2b-j-w-iptables-ap`)z8`ip6tables -w -C INPUT -p $proto -j f2b-j-w-iptables-ap`)za`iptables -w -I f2b-j-w-iptables-ap 1 -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable`)z_`iptables -w -D f2b-j-w-iptables-ap -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable`)zd`ip6tables -w -I f2b-j-w-iptables-ap 1 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable`)zb`ip6tables -w -D f2b-j-w-iptables-ap -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable`zj-w-iptables-ipsetz\iptables-ipset-proto6[name=%(__name__)s, port="http", protocol="tcp", chain=""])z f2b-j-w-iptables-ipset )z f2b-j-w-iptables-ipset6 )z0`for proto in $(echo 'tcp' | sed 's/,/ /g'); do`r)z?`ipset -exist create f2b-j-w-iptables-ipset hash:ip timeout 0 `aJ`{ iptables -w -C INPUT -p $proto -m multiport --dports http -m set --match-set f2b-j-w-iptables-ipset src -j REJECT --reject-with icmp-port-unreachable >/dev/null 2>&1; } || { iptables -w -I INPUT -p $proto -m multiport --dports http -m set --match-set f2b-j-w-iptables-ipset src -j REJECT --reject-with icmp-port-unreachable; }`)zL`ipset -exist create f2b-j-w-iptables-ipset6 hash:ip timeout 0 family inet6`aP`{ ip6tables -w -C INPUT -p $proto -m multiport --dports http -m set --match-set f2b-j-w-iptables-ipset6 src -j REJECT --reject-with icmp6-port-unreachable >/dev/null 2>&1; } || { ip6tables -w -I INPUT -p $proto -m multiport --dports http -m set --match-set f2b-j-w-iptables-ipset6 src -j REJECT --reject-with icmp6-port-unreachable; }`)$`ipset flush f2b-j-w-iptables-ipset`%`ipset flush f2b-j-w-iptables-ipset6`)z`iptables -w -D INPUT -p $proto -m multiport --dports http -m set --match-set f2b-j-w-iptables-ipset src -j REJECT --reject-with icmp-port-unreachable`rz&`ipset destroy f2b-j-w-iptables-ipset`z`ip6tables -w -D INPUT -p $proto -m multiport --dports http -m set --match-set f2b-j-w-iptables-ipset6 src -j REJECT --reject-with icmp6-port-unreachable`rz'`ipset destroy f2b-j-w-iptables-ipset6`)z`iptables -w -C INPUT -p $proto -m multiport --dports http -m set --match-set f2b-j-w-iptables-ipset src -j REJECT --reject-with icmp-port-unreachable`)z`ip6tables -w -C INPUT -p $proto -m multiport --dports http -m set --match-set f2b-j-w-iptables-ipset6 src -j REJECT --reject-with icmp6-port-unreachable`)z=`ipset -exist add f2b-j-w-iptables-ipset 192.0.2.1 timeout 0`)z3`ipset -exist del f2b-j-w-iptables-ipset 192.0.2.1`)z?`ipset -exist add f2b-j-w-iptables-ipset6 2001:db8:: timeout 0`)z5`ipset -exist del f2b-j-w-iptables-ipset6 2001:db8::`zj-w-iptables-ipset-apzHiptables-ipset-proto6-allports[name=%(__name__)s, chain=""])z f2b-j-w-iptables-ipset-ap )z f2b-j-w-iptables-ipset-ap6 )zB`ipset -exist create f2b-j-w-iptables-ipset-ap hash:ip timeout 0 `a`{ iptables -w -C INPUT -p $proto -m set --match-set f2b-j-w-iptables-ipset-ap src -j REJECT --reject-with icmp-port-unreachable >/dev/null 2>&1; } || { iptables -w -I INPUT -p $proto -m set --match-set f2b-j-w-iptables-ipset-ap src -j REJECT --reject-with icmp-port-unreachable; })zO`ipset -exist create f2b-j-w-iptables-ipset-ap6 hash:ip timeout 0 family inet6`a`{ ip6tables -w -C INPUT -p $proto -m set --match-set f2b-j-w-iptables-ipset-ap6 src -j REJECT --reject-with icmp6-port-unreachable >/dev/null 2>&1; } || { ip6tables -w -I INPUT -p $proto -m set --match-set f2b-j-w-iptables-ipset-ap6 src -j REJECT --reject-with icmp6-port-unreachable; })'`ipset flush f2b-j-w-iptables-ipset-ap`(`ipset flush f2b-j-w-iptables-ipset-ap6`)z`iptables -w -D INPUT -p $proto -m set --match-set f2b-j-w-iptables-ipset-ap src -j REJECT --reject-with icmp-port-unreachable`rz)`ipset destroy f2b-j-w-iptables-ipset-ap`z`ip6tables -w -D INPUT -p $proto -m set --match-set f2b-j-w-iptables-ipset-ap6 src -j REJECT --reject-with icmp6-port-unreachable`rz*`ipset destroy f2b-j-w-iptables-ipset-ap6`)z`iptables -w -C INPUT -p $proto -m set --match-set f2b-j-w-iptables-ipset-ap src -j REJECT --reject-with icmp-port-unreachable`)z`ip6tables -w -C INPUT -p $proto -m set --match-set f2b-j-w-iptables-ipset-ap6 src -j REJECT --reject-with icmp6-port-unreachable`)z@`ipset -exist add f2b-j-w-iptables-ipset-ap 192.0.2.1 timeout 0`)z6`ipset -exist del f2b-j-w-iptables-ipset-ap 192.0.2.1`)zB`ipset -exist add f2b-j-w-iptables-ipset-ap6 2001:db8:: timeout 0`)z8`ipset -exist del f2b-j-w-iptables-ipset-ap6 2001:db8::`z j-w-iptablesz^iptables[name=%(__name__)s, bantime="10m", port="http", protocol="tcp", chain=""])z`{ iptables -w -C f2b-j-w-iptables -j RETURN >/dev/null 2>&1; } || { iptables -w -N f2b-j-w-iptables || true; iptables -w -A f2b-j-w-iptables -j RETURN; }z`{ iptables -w -C INPUT -p $proto --dport http -j f2b-j-w-iptables >/dev/null 2>&1; } || { iptables -w -I INPUT -p $proto --dport http -j f2b-j-w-iptables; }`)z`{ ip6tables -w -C f2b-j-w-iptables -j RETURN >/dev/null 2>&1; } || { ip6tables -w -N f2b-j-w-iptables || true; ip6tables -w -A f2b-j-w-iptables -j RETURN; }z`{ ip6tables -w -C INPUT -p $proto --dport http -j f2b-j-w-iptables >/dev/null 2>&1; } || { ip6tables -w -I INPUT -p $proto --dport http -j f2b-j-w-iptables; }`)!`iptables -w -F f2b-j-w-iptables`"`ip6tables -w -F f2b-j-w-iptables`)zA`iptables -w -D INPUT -p $proto --dport http -j f2b-j-w-iptables`rz!`iptables -w -X f2b-j-w-iptables`zB`ip6tables -w -D INPUT -p $proto --dport http -j f2b-j-w-iptables`rz"`ip6tables -w -X f2b-j-w-iptables`)zA`iptables -w -C INPUT -p $proto --dport http -j f2b-j-w-iptables`)zB`ip6tables -w -C INPUT -p $proto --dport http -j f2b-j-w-iptables`)z^`iptables -w -I f2b-j-w-iptables 1 -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable`)z\`iptables -w -D f2b-j-w-iptables -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable`)za`ip6tables -w -I f2b-j-w-iptables 1 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable`)z_`ip6tables -w -D f2b-j-w-iptables -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable`zj-w-iptables-newzbiptables-new[name=%(__name__)s, bantime="10m", port="http", protocol="tcp", chain=""])z`{ iptables -w -C f2b-j-w-iptables-new -j RETURN >/dev/null 2>&1; } || { iptables -w -N f2b-j-w-iptables-new || true; iptables -w -A f2b-j-w-iptables-new -j RETURN; }`z`{ iptables -w -C INPUT -m state --state NEW -p $proto --dport http -j f2b-j-w-iptables-new >/dev/null 2>&1; } || { iptables -w -I INPUT -m state --state NEW -p $proto --dport http -j f2b-j-w-iptables-new; }`)z`{ ip6tables -w -C f2b-j-w-iptables-new -j RETURN >/dev/null 2>&1; } || { ip6tables -w -N f2b-j-w-iptables-new || true; ip6tables -w -A f2b-j-w-iptables-new -j RETURN; }`z`{ ip6tables -w -C INPUT -m state --state NEW -p $proto --dport http -j f2b-j-w-iptables-new >/dev/null 2>&1; } || { ip6tables -w -I INPUT -m state --state NEW -p $proto --dport http -j f2b-j-w-iptables-new; }`)%`iptables -w -F f2b-j-w-iptables-new`&`ip6tables -w -F f2b-j-w-iptables-new`)zZ`iptables -w -D INPUT -m state --state NEW -p $proto --dport http -j f2b-j-w-iptables-new`rz%`iptables -w -X f2b-j-w-iptables-new`z[`ip6tables -w -D INPUT -m state --state NEW -p $proto --dport http -j f2b-j-w-iptables-new`rz&`ip6tables -w -X f2b-j-w-iptables-new`)zZ`iptables -w -C INPUT -m state --state NEW -p $proto --dport http -j f2b-j-w-iptables-new`)z[`ip6tables -w -C INPUT -m state --state NEW -p $proto --dport http -j f2b-j-w-iptables-new`)zb`iptables -w -I f2b-j-w-iptables-new 1 -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable`)z``iptables -w -D f2b-j-w-iptables-new -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable`)ze`ip6tables -w -I f2b-j-w-iptables-new 1 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable`)zc`ip6tables -w -D f2b-j-w-iptables-new -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable`zj-w-iptables-xtrezPiptables-xt_recent-echo[name=%(__name__)s, bantime="10m", chain=""])rz/f2b-j-w-iptables-xtre`)rz/f2b-j-w-iptables-xtre6`)a"`{ iptables -w -C INPUT -m recent --update --seconds 3600 --name f2b-j-w-iptables-xtre -j REJECT --reject-with icmp-port-unreachable >/dev/null 2>&1; } || { iptables -w -I INPUT -m recent --update --seconds 3600 --name f2b-j-w-iptables-xtre -j REJECT --reject-with icmp-port-unreachable; }`)a(`{ ip6tables -w -C INPUT -m recent --update --seconds 3600 --name f2b-j-w-iptables-xtre6 -j REJECT --reject-with icmp6-port-unreachable >/dev/null 2>&1; } || { ip6tables -w -I INPUT -m recent --update --seconds 3600 --name f2b-j-w-iptables-xtre6 -j REJECT --reject-with icmp6-port-unreachable; }`)z4`echo / > /proc/net/xt_recent/f2b-j-w-iptables-xtre``if [ `id -u` -eq 0 ];then`z`iptables -w -D INPUT -m recent --update --seconds 3600 --name f2b-j-w-iptables-xtre -j REJECT --reject-with icmp-port-unreachable;``fi`z5`echo / > /proc/net/xt_recent/f2b-j-w-iptables-xtre6`rz`ip6tables -w -D INPUT -m recent --update --seconds 3600 --name f2b-j-w-iptables-xtre6 -j REJECT --reject-with icmp6-port-unreachable;`r)z`{ iptables -w -C INPUT -m recent --update --seconds 3600 --name f2b-j-w-iptables-xtre -j REJECT --reject-with icmp-port-unreachable; } && test -e /proc/net/xt_recent/f2b-j-w-iptables-xtre`)z`{ ip6tables -w -C INPUT -m recent --update --seconds 3600 --name f2b-j-w-iptables-xtre6 -j REJECT --reject-with icmp6-port-unreachable; } && test -e /proc/net/xt_recent/f2b-j-w-iptables-xtre6`)z=`echo +192.0.2.1 > /proc/net/xt_recent/f2b-j-w-iptables-xtre`)z=`echo -192.0.2.1 > /proc/net/xt_recent/f2b-j-w-iptables-xtre`)z?`echo +2001:db8:: > /proc/net/xt_recent/f2b-j-w-iptables-xtre6`)z?`echo -2001:db8:: > /proc/net/xt_recent/f2b-j-w-iptables-xtre6`) rrrrrwrrrrrrzj-w-pfz2pf[name=%(__name__)s, actionstart_on_demand=false]r!)zF`echo "table persist counters" | pfctl -a f2b/j-w-pf -f-`z port=""z\`echo "block quick proto tcp from to any port $port" | pfctl -a f2b/j-w-pf -f-`),`pfctl -a f2b/j-w-pf -t f2b-j-w-pf -T flush`)zT`pfctl -a f2b/j-w-pf -sr 2>/dev/null | grep -v f2b-j-w-pf | pfctl -a f2b/j-w-pf -f-`rz+`pfctl -a f2b/j-w-pf -t f2b-j-w-pf -T kill`)z.`pfctl -a f2b/j-w-pf -sr | grep -q f2b-j-w-pf`)z4`pfctl -a f2b/j-w-pf -t f2b-j-w-pf -T add 192.0.2.1`)z7`pfctl -a f2b/j-w-pf -t f2b-j-w-pf -T delete 192.0.2.1`)z5`pfctl -a f2b/j-w-pf -t f2b-j-w-pf -T add 2001:db8::`)z8`pfctl -a f2b/j-w-pf -t f2b-j-w-pf -T delete 2001:db8::`) rrrrrwrrrrrrz j-w-pf-mpz@pf[actiontype=][name=%(__name__)s, port="http,https"])zL`echo "table persist counters" | pfctl -a f2b/j-w-pf-mp -f-`zport="http,https"zb`echo "block quick proto tcp from to any port $port" | pfctl -a f2b/j-w-pf-mp -f-`)2`pfctl -a f2b/j-w-pf-mp -t f2b-j-w-pf-mp -T flush`)z]`pfctl -a f2b/j-w-pf-mp -sr 2>/dev/null | grep -v f2b-j-w-pf-mp | pfctl -a f2b/j-w-pf-mp -f-`rz1`pfctl -a f2b/j-w-pf-mp -t f2b-j-w-pf-mp -T kill`)z4`pfctl -a f2b/j-w-pf-mp -sr | grep -q f2b-j-w-pf-mp`)z:`pfctl -a f2b/j-w-pf-mp -t f2b-j-w-pf-mp -T add 192.0.2.1`)z=`pfctl -a f2b/j-w-pf-mp -t f2b-j-w-pf-mp -T delete 192.0.2.1`)z;`pfctl -a f2b/j-w-pf-mp -t f2b-j-w-pf-mp -T add 2001:db8::`)z>`pfctl -a f2b/j-w-pf-mp -t f2b-j-w-pf-mp -T delete 2001:db8::`z j-w-pf-apzHpf[actiontype=, actionstart_on_demand=true][name=%(__name__)s])zL`echo "table persist counters" | pfctl -a f2b/j-w-pf-ap -f-`zW`echo "block quick proto tcp from to any" | pfctl -a f2b/j-w-pf-ap -f-`)2`pfctl -a f2b/j-w-pf-ap -t f2b-j-w-pf-ap -T flush`)z]`pfctl -a f2b/j-w-pf-ap -sr 2>/dev/null | grep -v f2b-j-w-pf-ap | pfctl -a f2b/j-w-pf-ap -f-`rz1`pfctl -a f2b/j-w-pf-ap -t f2b-j-w-pf-ap -T kill`)z4`pfctl -a f2b/j-w-pf-ap -sr | grep -q f2b-j-w-pf-ap`)z:`pfctl -a f2b/j-w-pf-ap -t f2b-j-w-pf-ap -T add 192.0.2.1`)z=`pfctl -a f2b/j-w-pf-ap -t f2b-j-w-pf-ap -T delete 192.0.2.1`)z;`pfctl -a f2b/j-w-pf-ap -t f2b-j-w-pf-ap -T add 2001:db8::`)z>`pfctl -a f2b/j-w-pf-ap -t f2b-j-w-pf-ap -T delete 2001:db8::`) rrrrrrwrrrrrrz j-w-fwcmd-mpzqfirewallcmd-multiport[name=%(__name__)s, bantime="10m", port="http,https", protocol="tcp", chain=""])z ipv4 r)z ipv6 r)z@`firewall-cmd --direct --add-chain ipv4 filter f2b-j-w-fwcmd-mp`zN`firewall-cmd --direct --add-rule ipv4 filter f2b-j-w-fwcmd-mp 1000 -j RETURN`z`firewall-cmd --direct --add-rule ipv4 filter INPUT_direct 0 -m conntrack --ctstate NEW -p tcp -m multiport --dports http,https -j f2b-j-w-fwcmd-mp`)z@`firewall-cmd --direct --add-chain ipv6 filter f2b-j-w-fwcmd-mp`zN`firewall-cmd --direct --add-rule ipv6 filter f2b-j-w-fwcmd-mp 1000 -j RETURN`z`firewall-cmd --direct --add-rule ipv6 filter INPUT_direct 0 -m conntrack --ctstate NEW -p tcp -m multiport --dports http,https -j f2b-j-w-fwcmd-mp`)z`firewall-cmd --direct --remove-rule ipv4 filter INPUT_direct 0 -m conntrack --ctstate NEW -p tcp -m multiport --dports http,https -j f2b-j-w-fwcmd-mp`zC`firewall-cmd --direct --remove-rules ipv4 filter f2b-j-w-fwcmd-mp`zC`firewall-cmd --direct --remove-chain ipv4 filter f2b-j-w-fwcmd-mp`z`firewall-cmd --direct --remove-rule ipv6 filter INPUT_direct 0 -m conntrack --ctstate NEW -p tcp -m multiport --dports http,https -j f2b-j-w-fwcmd-mp`zC`firewall-cmd --direct --remove-rules ipv6 filter f2b-j-w-fwcmd-mp`zC`firewall-cmd --direct --remove-chain ipv6 filter f2b-j-w-fwcmd-mp`)zc`firewall-cmd --direct --get-chains ipv4 filter | sed -e 's, ,\n,g' | grep -q '^f2b-j-w-fwcmd-mp$'`)zc`firewall-cmd --direct --get-chains ipv6 filter | sed -e 's, ,\n,g' | grep -q '^f2b-j-w-fwcmd-mp$'`)z|`firewall-cmd --direct --add-rule ipv4 filter f2b-j-w-fwcmd-mp 0 -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable`)z`firewall-cmd --direct --remove-rule ipv4 filter f2b-j-w-fwcmd-mp 0 -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable`)z~`firewall-cmd --direct --add-rule ipv6 filter f2b-j-w-fwcmd-mp 0 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable`)z`firewall-cmd --direct --remove-rule ipv6 filter f2b-j-w-fwcmd-mp 0 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable`z j-w-fwcmd-apz]firewallcmd-allports[name=%(__name__)s, bantime="10m", protocol="tcp", chain=""])z@`firewall-cmd --direct --add-chain ipv4 filter f2b-j-w-fwcmd-ap`zN`firewall-cmd --direct --add-rule ipv4 filter f2b-j-w-fwcmd-ap 1000 -j RETURN`zQ`firewall-cmd --direct --add-rule ipv4 filter INPUT_direct 0 -j f2b-j-w-fwcmd-ap`)z@`firewall-cmd --direct --add-chain ipv6 filter f2b-j-w-fwcmd-ap`zN`firewall-cmd --direct --add-rule ipv6 filter f2b-j-w-fwcmd-ap 1000 -j RETURN`zQ`firewall-cmd --direct --add-rule ipv6 filter INPUT_direct 0 -j f2b-j-w-fwcmd-ap`)zT`firewall-cmd --direct --remove-rule ipv4 filter INPUT_direct 0 -j f2b-j-w-fwcmd-ap`zC`firewall-cmd --direct --remove-rules ipv4 filter f2b-j-w-fwcmd-ap`zC`firewall-cmd --direct --remove-chain ipv4 filter f2b-j-w-fwcmd-ap`zT`firewall-cmd --direct --remove-rule ipv6 filter INPUT_direct 0 -j f2b-j-w-fwcmd-ap`zC`firewall-cmd --direct --remove-rules ipv6 filter f2b-j-w-fwcmd-ap`zC`firewall-cmd --direct --remove-chain ipv6 filter f2b-j-w-fwcmd-ap`)zc`firewall-cmd --direct --get-chains ipv4 filter | sed -e 's, ,\n,g' | grep -q '^f2b-j-w-fwcmd-ap$'`)zc`firewall-cmd --direct --get-chains ipv6 filter | sed -e 's, ,\n,g' | grep -q '^f2b-j-w-fwcmd-ap$'`)z|`firewall-cmd --direct --add-rule ipv4 filter f2b-j-w-fwcmd-ap 0 -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable`)z`firewall-cmd --direct --remove-rule ipv4 filter f2b-j-w-fwcmd-ap 0 -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable`)z~`firewall-cmd --direct --add-rule ipv6 filter f2b-j-w-fwcmd-ap 0 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable`)z`firewall-cmd --direct --remove-rule ipv6 filter f2b-j-w-fwcmd-ap 0 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable`zj-w-fwcmd-ipsetzXfirewallcmd-ipset[name=%(__name__)s, port="http", protocol="tcp", chain=""])z f2b-j-w-fwcmd-ipset )z f2b-j-w-fwcmd-ipset6 )z<`ipset -exist create f2b-j-w-fwcmd-ipset hash:ip timeout 0 `z`firewall-cmd --direct --add-rule ipv4 filter INPUT_direct 0 -p tcp -m multiport --dports http -m set --match-set f2b-j-w-fwcmd-ipset src -j REJECT --reject-with icmp-port-unreachable`)zI`ipset -exist create f2b-j-w-fwcmd-ipset6 hash:ip timeout 0 family inet6`z`firewall-cmd --direct --add-rule ipv6 filter INPUT_direct 0 -p tcp -m multiport --dports http -m set --match-set f2b-j-w-fwcmd-ipset6 src -j REJECT --reject-with icmp6-port-unreachable`)!`ipset flush f2b-j-w-fwcmd-ipset`"`ipset flush f2b-j-w-fwcmd-ipset6`)z`firewall-cmd --direct --remove-rule ipv4 filter INPUT_direct 0 -p tcp -m multiport --dports http -m set --match-set f2b-j-w-fwcmd-ipset src -j REJECT --reject-with icmp-port-unreachable`rz#`ipset destroy f2b-j-w-fwcmd-ipset`z`firewall-cmd --direct --remove-rule ipv6 filter INPUT_direct 0 -p tcp -m multiport --dports http -m set --match-set f2b-j-w-fwcmd-ipset6 src -j REJECT --reject-with icmp6-port-unreachable`rz$`ipset destroy f2b-j-w-fwcmd-ipset6`)z:`ipset -exist add f2b-j-w-fwcmd-ipset 192.0.2.1 timeout 0`)z0`ipset -exist del f2b-j-w-fwcmd-ipset 192.0.2.1`)z<`ipset -exist add f2b-j-w-fwcmd-ipset6 2001:db8:: timeout 0`)z2`ipset -exist del f2b-j-w-fwcmd-ipset6 2001:db8::`) rrrrrrwrrrrzj-w-fwcmd-ipset-apzbfirewallcmd-ipset[name=%(__name__)s, actiontype=, protocol="tcp", chain=""])z f2b-j-w-fwcmd-ipset-ap )z f2b-j-w-fwcmd-ipset-ap6 )z?`ipset -exist create f2b-j-w-fwcmd-ipset-ap hash:ip timeout 0 `z`firewall-cmd --direct --add-rule ipv4 filter INPUT_direct 0 -p tcp -m set --match-set f2b-j-w-fwcmd-ipset-ap src -j REJECT --reject-with icmp-port-unreachable`)zL`ipset -exist create f2b-j-w-fwcmd-ipset-ap6 hash:ip timeout 0 family inet6`z`firewall-cmd --direct --add-rule ipv6 filter INPUT_direct 0 -p tcp -m set --match-set f2b-j-w-fwcmd-ipset-ap6 src -j REJECT --reject-with icmp6-port-unreachable`)$`ipset flush f2b-j-w-fwcmd-ipset-ap`%`ipset flush f2b-j-w-fwcmd-ipset-ap6`)z`firewall-cmd --direct --remove-rule ipv4 filter INPUT_direct 0 -p tcp -m set --match-set f2b-j-w-fwcmd-ipset-ap src -j REJECT --reject-with icmp-port-unreachable`rz&`ipset destroy f2b-j-w-fwcmd-ipset-ap`z`firewall-cmd --direct --remove-rule ipv6 filter INPUT_direct 0 -p tcp -m set --match-set f2b-j-w-fwcmd-ipset-ap6 src -j REJECT --reject-with icmp6-port-unreachable`rz'`ipset destroy f2b-j-w-fwcmd-ipset-ap6`)z=`ipset -exist add f2b-j-w-fwcmd-ipset-ap 192.0.2.1 timeout 0`)z3`ipset -exist del f2b-j-w-fwcmd-ipset-ap 192.0.2.1`)z?`ipset -exist add f2b-j-w-fwcmd-ipset-ap6 2001:db8:: timeout 0`)z5`ipset -exist del f2b-j-w-fwcmd-ipset-ap6 2001:db8::`z j-fwcmd-rrz4firewallcmd-rich-rules[port="22:24", protocol="tcp"])z family='ipv4'r)z family='ipv6'r)z`ports="22:24"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --add-rich-rule="rule family='ipv4' source address='192.0.2.1' port port='$p' protocol='tcp' reject type='icmp-port-unreachable'"; done`)z`ports="22:24"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --remove-rich-rule="rule family='ipv4' source address='192.0.2.1' port port='$p' protocol='tcp' reject type='icmp-port-unreachable'"; done`)z `ports="22:24"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --add-rich-rule="rule family='ipv6' source address='2001:db8::' port port='$p' protocol='tcp' reject type='icmp6-port-unreachable'"; done`)z`ports="22:24"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --remove-rich-rule="rule family='ipv6' source address='2001:db8::' port port='$p' protocol='tcp' reject type='icmp6-port-unreachable'"; done`z j-fwcmd-rlz6firewallcmd-rich-logging[port="22:24", protocol="tcp"])a `ports="22:24"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --add-rich-rule="rule family='ipv4' source address='192.0.2.1' port port='$p' protocol='tcp' log prefix='f2b-j-fwcmd-rl' level='info' limit value='1/m' reject type='icmp-port-unreachable'"; done`)a `ports="22:24"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --remove-rich-rule="rule family='ipv4' source address='192.0.2.1' port port='$p' protocol='tcp' log prefix='f2b-j-fwcmd-rl' level='info' limit value='1/m' reject type='icmp-port-unreachable'"; done`)a  `ports="22:24"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --add-rich-rule="rule family='ipv6' source address='2001:db8::' port port='$p' protocol='tcp' log prefix='f2b-j-fwcmd-rl' level='info' limit value='1/m' reject type='icmp6-port-unreachable'"; done`)a`ports="22:24"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --remove-rich-rule="rule family='ipv6' source address='2001:db8::' port port='$p' protocol='tcp' log prefix='f2b-j-fwcmd-rl' level='info' limit value='1/m' reject type='icmp6-port-unreachable'"; done`rrmrnrorprrrrrqrarrrrrrrrsrbrrrtrrz# === check ipv4 ===familyz*-checkrz# === check ipv6 ===rz# === flush ===rurw)rrrrr8rrrMrLrrkrr[r\rvrrrfrwr^rxrrrErrrr_invariantCheckrrw)r#testJailsActionsr7r9rrRrtestsrrNrgrrjryrrs r&testCheckStockCommandActionsz4ServerConfigReaderTests.testCheckStockCommandActions?s  ,d+++e (1P Y/h/h/bL (1P S,O,O,\E &8 +GG4e &8hh Q 2;d    ]1S1S1f| 2;d    ]111fx (1O    Y/{/{/bg +4U    Y/j/j/bt 2;d    ]1w1w1f| 2;d    ]111fk 4=h C$n$n$L B b   EDJMKN)EE.S b   KJPSQT)VV.[ b  KJPSQT)^^.H .7[   G&J&J&Ps .7[   G&v&v&Pq %.I ?"t"t"H~ (1O ?"A"A"HH 6?kKK J 6?kMMY[ x <<&  !&2**  dC  % %dC 0 06 s~~c""HCS!  %  " "&*>j>jdC $K <j<jq 4[  #F LL"### LL$,"=>>> LL"###OOJvx'=>>???(FMM#$$$ LLNNN yyLTg1D1111 ;  LEIIk$:$:LT5-eK.@@KdKKKMM&''' JJvf~ yyJ0t0%))IuyyQegiGjGj2k2klqr}l~2~ JEI J J J yyR3t3U;5GRTRRRDuY'2T222D%,1D111MM())) LL   Du[)4t444D%,1D111MM&''' JJvf~ yyJ0t0%))IuyyQegiGjGj2k2klqr}l~2~ JEI J J J yyR3t3U;5GRTRRRDuY'2T222D%,1D111MM())) LL   Du[)4t444D%,1D111 yy: ]])*** F6N84555T )UYY7KR-P-PQQRWXcRddojnooo +:5#5{9K#K#KdE+.9D999 yy: ]])*** F6N84555T )UYY7KR-P-PQQRWXcRddojnooo +:5#5{9K#K#KdE+.9D999 yy2 ]]$%%% \\^^^Tg1D111MM"### KKMMM yyi+$+UYY7KR-P-PQVW]Q^-^idhiiiy<j>j>jr)c|}t|tr|d}tjdd|}tjdd|d}t|tr||d<n|}tj||S)Nrz\)\s*\|\s*(\S*mail\b[^\n]*)z$) | cat; printf "\\n... | "; echo \1z\bADDRESSES=\$\(dig\s[^\n]+cdS)Nz@ADDRESSES="abuse-1@abuse-test-server, abuse-2@abuse-test-server"r!)ms r&rz9ServerConfigReaderTests._executeMailCmd..s Or)r)r)rr_resubrfrwrx)r#r]rrNs r&_executeMailCmdz'ServerConfigReaderTests._executeMailCmdvs# 3 -*C 1 1# -OO  #71:: 7   * *7G * D DDr)chtjdddtjt dzdzdztjt dzd zd d ifd d tjt dzdzdztjt dzd zd difddtjt dzdzdztjt dzdzdddfdddddff}t}|j}|j }|D]O\}}}| ||}|D]0} | | \} } | | d1P|j } td} td}t}|D]Q\}}}| |jD];}| |j|}t"dt"d|dz|jzt"d|j|_d | fd|ffD]\}}||s|d |zt1|}|d!|d"d#gt6j||}|||j||d$di=SdS)%NTr|zj-mail-whois-linesz\mail-whois-lines[name=%(__name__)s, grepopts="-m 1", grepmax=2, mailcmd="mail -s", logpath="r2rXz ztestcase01a.logz8", _whois_command="echo '-- information about --'"]r);The IP 87.142.124.10 has just been banned by Fail2Ban afterz(100 attempts against j-mail-whois-lines..Here is more information about 87.142.124.10 :%-- information about 87.142.124.10 --2Lines containing failures of 87.142.124.10 (max 2)etestcase01.log:Dec 31 11:59:59 [sshd] error: PAM: Authentication failure for kevin from 87.142.124.10etestcase01a.log:Dec 31 11:55:01 [sshd] error: PAM: Authentication failure for test from 87.142.124.10zj-sendmail-whois-lineszxsendmail-whois-lines[name=%(__name__)s, grepopts="-m 1", grepmax=2, mailcmd='testmail -f "" ""', logpath=")rz,100 attempts against j-sendmail-whois-lines.rrrrrzj-complain-abusezcomplain[name=%(__name__)s, grepopts="-m 1", grepmax=2, mailcmd="mail -s 'Hostname: , family: ' - ",debug=1,logpath="z", ])6try to resolve 10.124.142.87.abuse-contacts.abusix.orgrrrzymail -s Hostname: test-host, family: inet4 - Abuse from 87.142.124.10 abuse-1@abuse-test-server abuse-2@abuse-test-server)htry to resolve 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.abuse-contacts.abusix.orgz0Lines containing failures of 2001:db8::1 (max 2)zwmail -s Hostname: test-host, family: inet6 - Abuse from 2001:db8::1 abuse-1@abuse-test-server abuse-2@abuse-test-server)rrz j-xarf-abusezIxarf-login-attack[name=%(__name__)s, mailcmd="mail", mailargs="",debug=1])rz8We have detected abuse from the IP address 87.142.124.10VDec 31 11:59:59 [sshd] error: PAM: Authentication failure for kevin from 87.142.124.10UDec 31 11:55:01 [sshd] error: PAM: Authentication failure for test from 87.142.124.108mail abuse-1@abuse-test-server abuse-2@abuse-test-server)rz6We have detected abuse from the IP address 2001:db8::1rrz 87.142.124.10z 2001:db8::1rmrnrorz # === %s ===rrrr) rrrrr8r9r:rr8rrrMrLrr rrr[r\rvrrxrErr setAttempt setMatchesrfrqrgrr)r#rr7r9rrRrrrrNrgrrjrarbrhrrtestrrjs r&testComplexMailActionMultiLogz5ServerConfigReaderTests.testComplexMailActionMultiLogs ,d+++GLL1ABBCFJJ W\\.2CDD EH   (GLL1ABBCFJJ W\\.2CDD EH   ( GLL1ABB C FJ J   W\\.2CDD E H  8  M^~ <<&  !&2**  dC  % %dC 0 06 s~~c""HCS!  %  $   $ KK'*//dC $K //q 4[  #F LL"### LL$,"=>>> LL"###,F!4(9d*;< / / r IIdOO%X ]]>D()))mmV s ^]))&'::V ZZTd ..... ////r))r)r,r-r.rRr5rBr^rkrzrrrrrrrmrns@r&rPrPs 22222   D1!1!1!f   !!!(u ju ju jnEEEE$K/K/K/K/K/K/K/r)rP)A __author__ __copyright__ __license__rrrrrr?rserver.failregexrrrr7rrf server.serverr server.ipdnsr r server.jailr server.jailthreadr server.ticketr server.utilsr dummyjailrutilsrrrhelpersrrrrTrrrr8r9dirname__file__r:r<r[rr0rprTestCaserrr1r5clientreadertestcaserLrMrNrPr!r)r&rs. 2    ??????????((((((""""""++++++++******%%%%%% <<<<<<<<<<;;;;;;;;;;#######bgooh77AA :  [[[[[([[[|u *u *u *u *u */u *u *u *p{N{N{N{N{N{N{N{N|(((((!(((RJRJRJRJRJ"RJRJRJj11111111 '''''%'''THGGGGGGGGGm/m/m/m/m/0m/m/m/m/m/s:BB  B