-
-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
GeoIP ignore support #3467
base: master
Are you sure you want to change the base?
GeoIP ignore support #3467
Conversation
Thx for the PR! |
Thanks. I have added also maxminds mmdblookup, as I have recently found out that the geoiplookup may have outdated dbs? ref1 ref2 Either way, currently it should be working with geoiplookup and mmdblookup with file And sorry for the commit hell, made a typo and accidentally pushed the converted files by 2to3 😅. Using sqlite with rtree is also an option. It could be better to be more general to allow any db. After this PR, we can probably continue with that. |
@Neustradamus please stop to ask on every PR "any news about"... |
Before submitting your PR, please review the following checklist:
against certain release version, choose
0.9
,0.10
or0.11
branch,for dev-edition use
master
branchfailregex
for filterX
with sample log lineswithin
fail2ban/tests/files/logs/X
fileAdded geoip lookup in filter in method _inIgnoreIPList, which checks the countries that should be ignored in __ignoreGeoSet attribute. The __ignoreGeoSet is managed either by ignoregeo statement in jail config or by addignoregeo/delignoregeo commands. If the IP has geolocation country code from the __ignoreGeoSet the IP is ignored.
This PR was inspired by our implementation in websupport.sk that was just hardcoded. It was not sustainable to patch f2b every time a new version was available and it may be a generally good idea to have a geo IP ignore option available.
This will resolve #1854.