=*fqSrSrSrSSKrSSKrSSKrSSKrSSKrSSKrSSK r SSK J r J r J r SSKJr SSKJr SS KJrJr SS KJr SS KJr SS KJr SS KJr SSKJr SSK J!r!J"r"J#r# SSK$J%r%J&r&J'r' SSK(J)r) SSKJ*r* \RXR[\RXR]\/5S5r0Sr1\%"S5r2"SS\5r3"SS\!5r4"SS\45r5"SS\45r6"SS \Rn5r8"S!S"\Rn5r9"S#S$\5r:"S%S&\!5r;SS'Kr>J?r? "S(S)\!5r@g!\+a Sr*Nf=f)*z Cyril Jaquierz Copyright (c) 2004 Cyril JaquierGPLN)Regex FailRegexRegexException)actions)Server)DNSUtilsIPAddr)Jail) JailThread) BanTicket)Utils) DummyJail)LogCaptureTestCase with_alt_timeMyTime) getLoggerextractOptions PREFER_ENC)version) filtersystemdfilespollingfail2banc \rSrSrSrSrSrg) TestServer;cgNselfargskwargss ?/usr/lib/python3/dist-packages/fail2ban/tests/servertestcase.py setLogLevelTestServer.setLogLevel<cgr!r"r#s r' setLogTargetTestServer.setLogTarget?r*r+r"N)__name__ __module__ __qualname____firstlineno__r(r-__static_attributes__r"r+r'rr;s r+rcX^\rSrSr\rU4SjrU4SjrS SjrSSjr Sr Sr S r U=r $) TransmitterBaseCc>[[U] 5 UR5UlURR UlSUlURRUR[5 g)Call before every test case. TestJail1N) superr5setUpTEST_SRV_CLASSserver_Server__transmtransmjailNameaddJail FAST_BACKENDr$ __class__s r'r;TransmitterBase.setUpGsR$&##%$+ ++$+$-++dmm\2r+c^>URR5 [[U]5 gzCall after every test case.N)r=quitr:r5tearDownrCs r'rITransmitterBase.tearDownQs"++')r+r!cr^SX/nSU/nUb$URSU5 URSU5 US:XaUnU4Sjn URU "URRU55U "XC455 U(d:URU "URRU55U "SU455 gg)zmProcess set/get commands and compare both return values with outValue if it was given otherwise with inValuesetgetNrr!c,>T(a [U5$U$)zPrepare value for comparison)repr)xrepr_s r'v%TransmitterBase.setGetTest..vds47##r+r)insert assertEqualr?proceed) r$cmdinValueoutValueoutCodejailrQsetCmdgetCmdrRs ` r' setGetTestTransmitterBase.setGetTestWs 3 & 3<&  ==D ==D8$1T[[((011g5H3IJ Adkk))&12Aq(m4DE r+cTSX/nSU/nUb$URSU5 URSU5 URRU5SnURURRU5SS5 URURRU5SU45 g)NrLrMrr)rTr?rVrU)r$rWrXr[r\r] initValues r' setGetTestNOKTransmitterBase.setGetTestNOKms 3 & 3<&  ==D ==Dkk!!&)!,)4;;&&v.q1154;;&&v.I?r+c&SU-nSU-nURURRSX1/5S/45 [U5HupgURRSX4U/5nUR US[ [ [US554S[ [ [USUS-554SS9 URRSX1/5nUR US[ [ [US554S[ [ [USUS-554SS9 M [U5HupgURRSX5U/5nUR US[ [ [US554S[ [ [X&S-S554SS9 URRSX1/5nUR US[ [ [US554S[ [ [X&S-S554SS9 M g) NadddelrMrrLrr)level)rUr?rV enumerateassertSortedEquallistmapstr) r$rWvaluesr[cmdAddcmdDelnvaluerets r'jailAddDelTestTransmitterBase.jailAddDelTestzs 3;& 3;&;;t)*QG5F#ha   eT59 :33q64CQ(8#9:QSfUYVWXYVYlE[@\<]efg   eT/ 033q64CQ(8#9:QSfUYVWXYVYlE[@\<]efg $ F#ha   eT59 :33q64CQ(8#9:QSfWXUXUYlE[@\<]efg   eT/ 033q64CQ(8#9:QSfWXUXUYlE[@\<]efg $r+c nSU-nSU-nURURRSXA/5S/45 [U5HpupxURURRSXEU/5SUSUS-45 URURRSXA/5SUSUS-45 Mr [U5HnupxURURRSXFS/5SX7S-S45 URURRSXA/5SX7S-S45 Mp g)NrerfrMrrLr)rUr?rVrh) r$rWinValues outValuesr[rnrorprqs r'jailAddDelRegexTest#TransmitterBase.jailAddDelRegexTestsC 3;& 3;&;;t)*QG5H%haKKe45 $1Q3KK*+ $1Q3 &H%haKKa01 A#$KK*+ A#$ &r+)r@r=r?)r!rNF)r/r0r1r2rr<r;rIr^rbrsrxr3 __classcell__rDs@r'r5r5Cs.3* F, @h"r+r5cP\rSrSrSrSrSrSrSrSr Sr S r S r S r S rS rSrSrSrSrSrSr\S5rSrSrSrSrSrSrSrSrSr Sr!Sr"S r#S!r$S"S#S$S%/4/4S&S'S(S)/4/4/r%S*r&S+r'S,r(S-r)S.r*S/r+S0r,S1r-S2r.S3r/S4r0S5r1S6r2S7r3g8)9 TransmittercVURURR55 gr!) assertFalser= isStartedr$s r'testServerIsNotStarted"Transmitter.testServerIsNotStarteds4;;((*+r+c\URURRS/5S5 g)NstoprNrUr?rVrs r'testStopServerTransmitter.testStopServers#4;;&&x0)r+c|URURRS/5S[R45 g)Nrr)rUr?rVrrs r' testVersionTransmitter.testVersions,4;;&& {3a5IJr+cURURR/SQ5S5 UR[R "55 UR S5 UR5 URURR/SQ5S5 UR[R "55 UR S5 UR5 URURR/SQ5S5 UR S 5 UR5 g!URURR/SQ5S5 UR S 5 UR5 f=f) N)rL allowipv6yes)rrz IPv6 is on)rLrnorrz IPv6 is off)rLrauto)rrz IPv6 is auto) rUr?rV assertTruer IPv6IsAllowed assertLoggedpruneLogrrs r' testSetIPv6Transmitter.testSetIPv6s 6DKK''(CDjQ??8))+,\"DMMODKK''(BCYOH**,-]#T]]_DKK''(DE{S^$dmmoDKK''(DE{S^$dmmos C$D55AFc[RR(d[R"5nUR UR R SS/5S5 [R"5nX!- nURSUs=:=(a S:Os SU-S9 gUR UR R SS/5S5 g) Nsleepz0.1rg ףp= ?g?zSleep was %g sec)msgz0.0001)unittestF2BfasttimerUr?rVr)r$t0t1dts r' testSleepTransmitter.testSleeps    2DKK''%(899E 2 2??4"??s?(:R(??@DKK''((; 4;;&&! 4;;&& < ++dmm\24;;&&    88C=99[ r+cfSnSnSnURURRSUS/5SU45 URURRSU/5SU45 URURRSUS/5SS5 URURRSUS /5SU45 URURRSURS/5SS5 URURR/S Q5SS5 g) N TestJail2 TestJail3 TestJail4rerrzinvalid backendrr)re--allrrUr?rVr@)r$jail2jail3jail4s r' testAddJailTransmitter.testAddJails! % % %;;ui01Au:?4;;&&u~6E C;;u&789!TRRS5=(a: [TRR STR /5[ 5(+$)Nrstatusr=isAlive isinstancer?rVr@ RuntimeErrorrsr'/Transmitter.testStartStopJail..B4;;  q ! r*T[[5H5H(TXTaTaIb5ceq*r&r rr+r) rUr?rVr@rrrDEFAULT_SLEEP_TIMErwait_for assertNotInr=_Server__jailsrs`r'testStartStopJailTransmitter.testStartStopJail s;;/0)=**U % %&//5>>r;; ./<4==$++"<"<=r+c^TRRS[5 TRTRR STR /5S5 TRTRR SS/5S5 [R"[R5 TR[R"U4SjS55 TRTRR SS/5S5 TR[R"U4SjS55 TRTR TRR5 TRSTRR5 g) Nrrrc>TRRS5=(a: [TRR STR /5[ 5(+$)Nrrrrsr'r2Transmitter.testStartStopAllJail.."rr+rrrcL>[TRR5(+$r!)lenr=rrsr'rr%ss4;;3M3M/N+Nr+)r=rArBrUr?rVr@rrrrrrrrrs`r'testStartStopAllJail Transmitter.testStartStopAllJails++k<0;;/0)=;;-. ; **U % %&//5>>r4;;&&'899E//5>>#NPQRT4==$++"<"<=; : :;r+c`URURRSURSS/5S5 URURRSURSS/5S5 URURRSURSS/5SS 5 g) NrLidleonrToffrFCATrrrrs r' testJailIdleTransmitter.testJailIdle)s;;t}}fd;< ;;t}}fe<= ;;t}}fe<=a@r+cURSSSURS9 URSSSURS9 URSSSURS9 URSS S URS9 URSS URS9 g) Nfindtime120xr[60<30mz-60iDogr^r@rbrs r'testJailFindTimeTransmitter.testJailFindTime4s{//*eSt}}/=//*dBT]]/;//*eU/?//*eSt}}/=ZT]];r+cURSSSURS9 URSSSURS9 URSSSURS9 URSS S URS9 URSS URS9 g) Nbantimerrr502z-50iz 15d 5h 30miCatrrs r'testJailBanTimeTransmitter.testJailBanTime;s{//)UCdmm/<//)T2DMM/://)UCdmm/<//)\7/GYDMM:r+cURSSSURS9 URSSSURS9 URSSSURS9 URSS S URS9 URSS URS9 g) N datepattern%%%Y%m%d%H%M%S)rz%YearMonthDay24hourMinuteSecondrEpoch)Nrz^Epoch)Nz{^LN-BEG}EpochTAI64N)Nrz %Cat%a%%%grrs r'testDatePatternTransmitter.testDatePatternBs//-!18 //'?@//(44==J//(,4==B]Lt}}Er+crURSSSURS9 URSSURS9 g)N logtimezonezUTC+0400rznot-a-time-zonerrs r'testLogTimeZoneTransmitter.testLogTimeZoneNs4//-Zdmm/L]$5DMMJr+cURSSURS9 URSSURS9 URSSURS9 SnURURR SURSU/5S5 g) NusednsrrwarnrFishrLr)r^r@rUr?rVr$rqs r'testJailUseDNSTransmitter.testJailUseDNSRs{//(E /6//(F/7//(Dt}}/5 %;;t}}h>? r+c lURRUR5 URURR SURSSSS/5S5 UR SSSSS 9 URURR SURSS /5S 5 UR S SS 9 URURR SURSSSSS/5S5 UR SSSSS 9 UR SSSSS 9 UR5 URURR SURSSS/5SS5 URURR SURSSS/5S5 UR SSSSS 9 g)NrLbanip 192.0.2.1 192.0.2.2)rr Ban 192.0.2.1 Ban 192.0.2.2TallwaitBadgerrrz Ban Badgerrunbanipz 192.0.2.255z 192.0.2.254zUnban 192.0.2.1zUnban 192.0.2.2z192.0.2.255 is not bannedz192.0.2.254 is not bannedz--report-absentrrrr)r= startJailr@rUr?rVrrrs r' testJailBanIPTransmitter.testJailBanIP]s++ &;;t}}g{KQ\]^  O_$TJ;;t}}gx@A  Lt,;; DMM9m[+}]_  %'8dN/1LRV]ab--/;; DMM9&7GIIJLLMO;; DMM9m]CEEKM/1LRV]abr+c ^TRRTR5 U4SjnTRSSSTRS9 SH)nSH nTR U"USU-/5S 5 M" M+ TR S S S S S 9 TR U"WSVs/sHnSU-PM sn5S 5 TR SS S9 TR SS S9 TR S5 gs snf)Nc\>TRRSTRSU/U-5$)NrLattempt)r?rVr@)ipmatchesr$s r'r(.Transmitter.testJailAttemptIP..attempt}s* ++  udmmYCgM NNr+maxretry5r)rr)rrztest failure %drz 192.0.2.1:2z 192.0.2.2:2Tr)rr.z 192.0.2.2:5r rr)r=r#r@r^rUrassertNotLogged)r$r(ir)s` r'testJailAttemptIPTransmitter.testJailAttemptIPzs++ &O//*c14==/9 a 'rWR"3a"7!896B( M=dF72wGw! 1A 5wGH&QM-O$/' HsC)c^SnTRRU[5 TRRU5 SSS/4U4SjjnU"U/S9 U"USSS/S9 U"US SSS /S9 U"US /S QS 9 U"USS S /S9 U"US S /S9 U"US /S9 g)NTestJailBanListr"c>UbBTRTRRSUSU/5S5 TRSU-SS9 UbBTRTRRSUSU/5S5 TRSU-SS9 TR TRRS US/[ U5-5S U4S S 9 [ R"[ R"5S -5 g)NrLrrzBan %sTr r!zUnban %srMrF) nestedOnlyr) rUr?rVrrirjrsetTimer)r[rr!r%outListr$s r'_getBanListTest4Transmitter.testJailBanList.._getBanListTests  [[%w67   h&T2  [[%y':;   j7*6KKg.tDz9:LU$ >>&++-!#$r+)r9 127.0.0.1)z --with-timez:127.0.0.1 2005-08-14 12:00:01 + 600 = 2005-08-14 12:10:01)rr%r9 192.168.0.1z<192.168.0.1 2005-08-14 12:00:02 + 600 = 2005-08-14 12:10:02 192.168.1.10)r<r=r>)rr9)r!r9)r=rArBr#)r$r[r:s` r'testJailBanListTransmitter.testJailBanLists $++dL)++#'2r%&$ $k0@ I JL$m2BAC EF$n 79$ > *,$ ?$ r+cURSSSURS9 URSSSURS9 URSSSURS9 URSS URS9 g) N maxmatchesr-r.r2r-2Duckrrs r'testJailMaxMatchesTransmitter.testJailMaxMatchessc//,QT]]/;//,QT]]/;//,bt}}/=\6 >r+cURSSSURS9 URSSSURS9 URSSSURS9 URSS URS9 g) Nr,r-r.rrCrrDrErFrrs r'testJailMaxRetryTransmitter.testJailMaxRetrysc//*c14==/9//*c14==/9//*dBT]]/;Zdmm;; DMM<u=??@Br+cSnURRSURSU/5nUR[ US[ 55 g)Nzthis_file_shouldn't_existrLrYr)r?rVr@rrIOError)r$rqresults r'testJailLogPathInvalidFile&Transmitter.testJailLogPathInvalidFilesB %% ;;   4==,. 0&//*VAY01r+c$[R"SS9nUS-n[R"X5 URR SUR SU/5nUR[US[55 [R"U5 g)Ntmp_fail2ban_broken_symlink)prefixz.slinkrLrYr) rmktemprsymlinkr?rVr@rrrdr)r$namesnameres r'testJailLogPathBrokenSymlink(Transmitter.testJailLogPathBrokenSymlinksm  = >$ /%**T ;;   4==,. 0&//*VAY01))Er+ctURS/SQUR5 SnURURR SURSU/5SU/45 URURR SURSU/5SU/45 URURR SURS/5SU/45 URURR SURSU/5S/45 URURR SURS /5S 5 URURR SURS S /5S 5 URURR SURS /5S 5 g) Nignoreip)r<z 192.168.1.1z8.8.8.8r<rL addignoreiprrM delignoreip ignoreselfrFr)rsr@rUr?rVrs r'testJailIgnoreIPTransmitter.testJailIgnoreIP s  == %;;t}}mUCDw<;;t}}mUCDw<;;t}}j9:w<;;t}}mUCDr7 ;;t}}l;< ;;t}}lEBC ;;t}}l;< r+c:URSSURS9 g)N ignorecommandzbin/ignore-command rr^r@rs r'testJailIgnoreCommand!Transmitter.testJailIgnoreCommand2s///#<4==/Qr+cxURSS/SQURS9 URSSSURS9 g)N ignorecachez%key="",max-time=1d,max-count=9999)zi'iQrrzrs r'testJailIgnoreCacheTransmitter.testJailIgnoreCache5s<//-* //-T />r+c:URSSURS9 g)N prefregexz^Testrrzrs r'testJailPrefRegexTransmitter.testJailPrefRegex<s//+wT]]/;r+c URS/SQS[R"S5-S[R"S5-S[R"S5-/UR5 UR UR R SURSS /5S S 5 UR UR R SURSS /5S S 5 g) N failregex)zuser john at Admin user login from z failed attempt from againzuser john at %sAdmin user login from %szfailed attempt from %s againrL addfailregexz No host regexrrirxr_resolveHostTagr@rUr?rVrs r' testJailRegexTransmitter.testJailRegex?s; ..x89%"7"7"AB"e&;&;H&EF == ;; DMM>?;==>@;; DMM>3/1124r+c hURS/SQSS[R"S5-S/UR5 UR UR R SURSS /5S S 5 UR UR R SURSS /5S S 5 g) N ignoreregex) user johnrDont match me!rrrrrLaddignoreregexzInvalid [regexrrrrrs r'testJailIgnoreRegexTransmitter.testJailIgnoreRegexWs= %"7"7"AB == ;; DMM+-=>@@AC;; DMM+R02235r+FilterzCurrently failedrz Total failedr File listActionszCurrently bannedrz Total bannedrBanned IP listc UR/nURURRS/5SS[ U54SSR U54/45 UR RS[5 URS5 URURRS/5SS[ U54SSR U54/45 URURRSS/5SS[ U54SSR U54URURS./45 URURRS /5S[S S /[S S /S.45 g) NrrzNumber of jailz Jail listz, rr)r9rstatsr") r@rUr?rVrr_r=rArBappend _JAIL_STATUS)r$jailss r' testStatusTransmitter.testStatus|s` ==/%4;;&&z2 3u:&dii6F(GHIK++k<0,,{4;;&&z2 3u:&dii6F(GHIK4;;&&'':; 3u:&dii6F(G##$2C2CD4;;&&y1//r+cURURRSUR/5SUR45 g)NrrrUr?rVr@rrs r'testJailStatusTransmitter.testJailStatuss84;;&&$--'@Atr+cURURRSURS/5SUR45 g)Nrbasicrrrs r'testJailStatusBasicTransmitter.testJailStatusBasics:4;;&&$--'IJtr+cURURRSURS/5SUR45 g)NrINVALIDrrrs r'testJailStatusBasicKwarg$Transmitter.testJailStatusBasicKwargs:4;;&&$--'KLtr+c "[RR5 SSKnSSKn/nUR URRSURS/5SSSSS/4/4S S S S /4S U4SU4SU4/4/45 g![ a S/nNcf=f)NrerrorrcymrurrrrrrrrzBanned ASN listzBanned Country listzBanned RIR list) rrSkipIfNoNetwork dns.exception dns.resolver ImportErrorrUr?rVr@)r$dnsrqs r'testJailStatusCymruTransmitter.testJailStatusCymrus ,,  54;;&&$--'IJB % e$% "   95sA>> B Bc Sn/SQn/SQnURURRSURSU/5SU45 URURRSURS/5S SU5 [ X#5HAupEURURRSURS XU/5SU45 MC [ X#5H@upEURURRSURS X/5SU45 MB URURRSURS US S /5S 5 URURRSURS US /5S 5 URURRSURS US/5SS 5 URURRSURS USS/5S5 URURRSURS US/5S5 URURRSURSU/5S5 URURRSURSS/5SS 5 g)NTestCaseAction) actionstart actionstop actioncheck actionban actionunban)z Action Startz Action Stopz Action Checkz Action Banz Action UnbanrL addactionrrMrractionKEYVALUE)rr InvalidKeytimeout10)r delactionrz Doesn't exist)rUr?rVr@zip)r$rcmdList cmdValueListrWrqs r' testActionTransmitter.testActions & ',;;t}}k6BCv;;; DMM9%''(**+-  .jcKK T]]Hf59;J/ .jcKK xEFJ/;; DMM8VUG<>;; DMM8VU35;; DMM8V\:<<=?;; DMM8VY=?  ;; DMM8VY79  ;;t}}k6BC ;; DMM;8::;==>@r+c SnURRSURSU[RR [ SS5S/5nURUSU45 URURRSURS U/5S S S /5 URURRSURS US /5S5 URURRSURS US /5S5 URURRSURSU/5S /SQ5 URURRSURS USS/5S5 URURRSURS US S/5S5 URURRSURS USS/5S5 g)NrrLraction.dz action.pyz{"opt1": "value"}rrMactionpropertiesropt1opt2r)rrqr actionmethods)banrebanrr testmethodunbanrz{"text": "world!"})rzHello world! value another value)rr)rzHello world! another value) r?rVr@rr^r_r`rUri)r$routs r'$testPythonActionMethodsAndProperties0Transmitter.testPythonActionMethodsAndPropertiess &  4==+vGGLL[9 #3F $;;t}} !!"$ F;;t}}h   ;;t}}h    ;;t}}o   ;=;;t}}h&();;t}}h O;;t}}h&()$&r+cdURURRSS/5SS5 g)NrCOMMANDrrrrs r'testNOKTransmitter.testNOKs+4;;&& 9'=>qA!Dr+cdURURR/SQ5SS5 g)N)rLrrrrrrs r' testSetNOKTransmitter.testSetNOK*;;45a8 ;; H'/1% ;; H'/1y> ;; H'/1r7  >%;; H'(5025x@ABD;; H'(5!946 %x0124;; H'(5946r7 % ;;   8&. 0&//*VAY 34 % ;;   8&. 0&//*VAY 34o ( (s  K;# Lc .[(d[R"S5eURS5 SnURR US5 /SQn[ U5HMup4URURRSUSU/5SUSUS -Vs/sHoU/PM sn45 MO [ U5HLup4URURRSUS U/5SX#S -SVs/sHoU/PM sn45 MN gs snfs snf) NrTrzsystemd[journalflags=2]rrLrrrr) rrrrr=rArhrUr?rV)r$r@rmrprqrs r'testJournalFlagsMatch!Transmitter.testJournalFlagsMatchqs    C DD//$ (++h 9: & F#haKK X(%02&!A#,',3,'(*$ F#haKK X(%02&1,',3,'(*$ ( (s  D 4 Dr"N)4r/r0r1r2rrrrrrrrrrrrrrr rr$r2rr?rGrJrNrTrarfrorvr{rrrrrrrrrrrrrrrrrrr3r"r+r'r}r}sD, =?K 6 I.`;$ ><$ <; FK c:(&))V? = = B(T2#JR?<02   b $   <:@x"&HE<<?E5N*r+r}cV^\rSrSr\rU4SjrSrSrSr Sr Sr Sr S r S rU=r$) TransmitterLoggingic>[[U] 5 URR S5 URR S5 URR S5 g)N /dev/nullCRITICALr)r:rr;r=r-r(setSyslogSocketrCs r'r;TransmitterLogging.setUpsGD')++;'++*%++f%r+c/n[S5HGn[R"SS5nURUS5 [R "US5 MI UHnUR SU5 M SnURSU5 URR/SQ5 UHn[R"U5 M UR SS S 5 UR SS S 5 g) Nrr transmitterrr logtarget/this/path/should/not/exist)rLrrzSTDOUT[format="%(message)s"]STDOUTz!STDERR[datetime=off, padding=off]STDERR) rangerrrrrr^rbr?rVremove)r$ logTargets_tmpFile logTargetrqs r' testLogTarget TransmitterLogging.testLogTargets* 8a   j- 87 WQZ 88GAJ i??; * (%[%(++78i99Y//+=xH//+BHMr+cD[RRS5(d[R"S5eUR UR R5S5 URSS5 UR UR R5S5 g)N/dev/logz'/dev/log' not presentrrSYSLOG) rr^existsrrrr=getSyslogSocketr^rs r'testLogTargetSYSLOG&TransmitterLogging.testLogTargetSYSLOGsk  # #   3 44//$++--/8//+x(//$++--/>*+E Gr+cURSS5 URSS5 URSS5 URSS5 URSS5 URSS5 URSS5 URSS 5 URSS 5 URSS S 5 URSS 5 g) Nloglevel HEAVYDEBUG TRACEDEBUG9DEBUGINFONOTICEWARNINGERRORrcRiTiCaLBird)r^rbrs r' testLogLevelTransmitterLogging.testLogLevels//*l+//*l+//*c"//*g&//*f%//*h'//*i(//*g&//*j)//*j*5Z(r+cURURRS/5S5 [R"S5up[ R "U5 URRS5 URURRSSU/5SU45 [S5nURS 5 [R"S5upE[ R "U5 [ R"X%5 URS 5 URURRS/5S5 URS 5 [US 5n[U5nURS 5S:a [U5nURUR!S55 [U5nURUR!S55 [U5nURS5S:a!UR#[$UR&5 OUR)SU-5 SSS5 [US 5n[U5nURS5S:a [U5nURUR!S55 UR#[$UR&5 UR 5 SSS5 [ R*"U5 [ R*"U5 URURR/SQ5S5 URURRS/5S5 g![$a GN-f=f!,(df  GN8=f!,(df  N=f![ R*"W5 f=f![,a Nf=f![ R*"W5 f![,a ff=f=f)N flushlogs)rz rolled overz fail2ban.logr/rLrrrzBefore file movedzAfter file movedzAfter flushlogsrzChanged logging target tozBefore file moved zAfter file moved zCommand: ['flushlogs']zCException StopIteration or Command: ['flushlogs'] expected. Got: %szrollover performed onzAfter flushlogs )rLrr )rr )rflushed)rUr?rVrrrrr=r(rwarningrenameopennextfindrendswith assertRaises StopIteration__next__failr OSError) r$ffnlf2fn2line1line2rps r' testFlushLogs TransmitterLogging.testFlushLogss4;;&& }57IJ*   N +5188A;;;9%DKK'' R(@AAr7K199 !~.GBHHRLIIbII !T[[((+79KLII c#! !WU ./141ge __U^^$9:; !WU __U^^$89: q'a ( )A -  3 yyVYZZ[  b !WU *+q01ge __U^^$789 }ajj1WWY IIcN IIbM4;;&&'EF V4;;&& }5~F#      IIcN    IIbM   sBN/BN"A7M!AMM!M/M!0NA group$z^test group$z^test group$z^test group$z<^test id group: ip:port = (?::)?$z-^test id group: user:\([^\)]+\)$z#^test id group: anything = $z %%?)z%%rrz#%%inet(?:=|inet6=)?)z %%inet=testrrz(%%(?:inet(?:=|6=)?|dns=?))z%%inet=192.0.2.1rrr)z%%inet6=2001:DB8::rr 2001:DB8::)z%%dns=example.comrrz example.com)z%test id group: user:(test login name)rrztest login namez%%net=)z%%net=192.0.2.1rr)rinet4)z%%net=192.0.2.1/24rr)z 192.0.2.0/24rj)z%%net=2001:DB8:FF:FF::1rr)z2001:db8:ff:ff::1inet6)z%%net=2001:DB8:FF:FF::1/60rr)z2001:db8:ff:f0::/60rkz%%ip="", mask="?")z%%ip="192.0.2.2", mask=""rr)rrj)z%%ip="192.0.2.2", mask="24"rr)z"%%ip="2001:DB8:2FF:FF::1", mask=""rr)z2001:db8:2ff:ff::1rk)z$%%ip="2001:DB8:2FF:FF::1", mask="60"rr)z2001:db8:2ff:f0::/60rk) r?rrrr hasMatchedsearchgetHostrU getFailIDgetIP familyStr)r$frr)s r'testHostRegexTests.testHostsNIr2NI/@A//)234//)123//)123//)123//)[\]//)LMN//)BCD"2==?#))\N//"--/"NBJJ/78"2==?#)) " #$//"--/"NBJJ/<="2==?#)) ' ()//"--/"2::<-)) ) *+//"--/"2::<.)) ( )*//"--/"2::</AB"2==?#)) < =>//"--/"2<<>#45"#")) & '( xxz"B %'=>)) ) *+ xxz"B %'@A)) . /0 xxz"B %'EF)) 1 23 xxz"B %'GH12")) 0 12 xxz"B %'=>)) 2 34 xxz"B %'@A)) 9 :; xxz"B %'FG)) ; <= xxz"B %'HIr+r"N)r/r0r1r2r^rfrsr3r"r+r'rZrZs1 E DJr+rZc\rSrSrSrSrg) _BadThreadidc[S5e)Nzrun bad thread exception)rrs r'run_BadThread.runes/00r+r"N)r/r0r1r2rxr3r"r+r'rvrvds1r+rvc&\rSrSrSrSrSrSrg) LoggingTestsiic[S5nURURRS5 URURS5 g)Nzfail2ban.some.string.with.namerz fail2ban.name)rrUparentrm)r$ testLogSyss r'testGetF2BLoggerLoggingTests.testGetF2BLoggerks=9:*:$$)):6:??O4r+c^^[Rn/mU4Sj[l[5nUR5 UR 5 TR [ R"UU4SjS55 U[lTRS5 TR[T5S5 TRTSS[5 g!U[lf=f)Nc&>TRU5$r!)r)r%rPs r'r5LoggingTests.testFail2BanExceptHook..ss QXXd^r+cJ>[T5=(a TRS5$)NUnhandled exception)r _is_logged)r$rPsr'rrxsCF,]tG\7],]r+rrrr) sys__excepthook__rvrr_rrrrrUrr)r$ prev_exchook badThreadrPs` @r'testFail2BanExceptHook#LoggingTests.testFail2BanExceptHookps##,!3#%|9 ?? >>??ENN$]_`ac$3)*3q611Q47L)%3s AC Cc/n[R"SS5up#[R"U5 UR U5 [R"SS5upE[R"U5 UR U5 [ 5nUR X5SS9 URUR55 URS5 UR5 UH?n[RRU5(dM)[R"U5 MA g!UR5 UH?n[RRU5(dM)[R"U5 MA f=f)Nz fail2ban.sockzf2b-testz fail2ban.pidF)forcezServer already running)rrrrrrrrrrrHr^rr )r$ tmp_filessock_fd sock_name pidfile_fd pidfile_namer=rDs r'testStartFailedSockExists&LoggingTests.testStartFailedSockExistss )''D'((7 9%--njI*((: < <& << u<5F$$&'-. ;;= q ww~~aYYq\  ;;= q ww~~aYYq\ sAD$$8E; E;r"N)r/r0r1r2rrrr3r"r+r'r{r{is5 *r+r{) ActionReader JailsReader CONFIG_DIRc~^\rSrSrU4SjrU4SjrU4SjrSSjrSrSr Sr S r S r S r SS jrS rSrU=r$)ServerConfigReaderTestsic<>[[U] "U0UD6 0Ulgr!)r:r__init__#_ServerConfigReaderTests__share_cfg)r$r%r&rDs r'r ServerConfigReaderTests.__init__s /@@$r+c8>[[U] 5 /Ulg)r8N)r:rr; _execCmdLstrCs r'r;ServerConfigReaderTests.setUps,.$r+c*>[[U] 5 grG)r:rrIrCs r'rI ServerConfigReaderTests.tearDowns/1r+cURS5HFnURS5(d[RSU5 M1[RU5 MH g)N #zexec-cmd: `%s`T)splitrelogSysdebug)r$realCmdrrFs r' _executeCmd#ServerConfigReaderTests._executeCmdsC == a ,,s   LL!1% LLO  r+c[US5(dd[5n0UlSHMup#[U5nUR S5 [ R RXA5URU'MO UR$)N__aInfos))ipv4r)ipv6rir)hasattrr _ServerConfigReaderTests__aInfosr setBanTime_actionsr ActionInfo)r$dmyjailtr)tickets r'_testActionInfos(ServerConfigReaderTests._testActionInfossl z " " [74=?uq r]F c''226CDMM!@ r+cBURnUR5nUGHnX$RGHnX$RUn[R S5 [R SUS-UR -5 [R S5 [ U[R5(dMURUl [R S5 UR5 UR5 [R S5 UR5 URUS5 [R S5 UR5 URUS5 [R S5 UR5 URUS 5 [R S 5 UR5 URUS 5 [R S 5 UR5 UR5 GM GM g) N4# ================================================== # == %-44s == - # === start ===# === ban-ipv4 ===r# === unban ipv4 ===# === ban ipv6 ===r# === unban ipv6 ===# === stop ===)rrrrr_namerr CommandActionr executeCmdrrrrr)r$r=raInfosr[rars r'_testExecActions(ServerConfigReaderTests._testExecActionssq   %  "&d K  q [  #F LL"# LL$,"=> LL"# fh44 5 5x((F LL"#T]]_ LLN LL%&  JJvf~ LL'($--/ LL  LL%&  JJvf~ LL'($--/ LL  LL!"DMMO KKM5 r+c0[RRSS9 [[SUR S9nUR UR55 UR UR55 URSS9n[5nURnURnUGHnUSS:wdMUSS:XaSUS 'O[U5S :aUSS :Xa~US S :Xau[RR!["S US5n[RR%U5(d$[RR!["S5nXvS 'OJ[RR&(a+[U5S :aUSS;aUS S:Xa S US'SUS 'U"U5 GM [RR&(dUR-U5 gg![(a%nUR+SU<SU<35 SnAGMhSnAff=f)NTstock)basedir force_enable share_config)allow_no_filesrrrerrrrLrYlogsrrX)rLz multi-setrzDUMMY-REGEX zCommand z has failed. Received )rrSkipIfCfgMissingrrrrread getOptionsconvertrr>_Transmitter__commandHandlerrrr^r_r`rrr"rBr) r$rstreamr=r? cmdHandlerrWrEes r'testCheckStockJailActions1ServerConfigReaderTests.testCheckStockJailActionss ,,d+ jt$JZJZ [%//%**,//%""$% === -& <&  ! !&22* c !f 1vSV SA#a&E/c!f .D '',,~vs1v 6R GGNN2   77<<(8 9bV   X\c!f 44Q>9QSV"SV@_/@      @ YYsA>??@s'G&& H0HHc"URSU5n[U5up4SUS//n[X1UUR[S9nUR UR 55 UR05 URUR55 U$)Nz %(__name__)srer)rr) rdrrrrrrrextendr)r$r[actactNameactOptrrs r'getDefaultJailStream,ServerConfigReaderTests.getDefaultJailStream s ND)#"3'/' 4 &  &  * 6&//&++- B-- ! -r+c*[RRSS9 [RR5 SSKn[ 5nUR nUR [RR[SS55Hn[RRU5RSS5nURSU-U5nUH(nURU5upURUS5 M* UR!U5 M g) NTrrrz*.confz.confrzj-)rrr SkipIfFastglobrr>rr^r_rbasenamerdrrVrUr) r$rr=r?actCfgrrrWrrress r'testCheckStockAllActions0ServerConfigReaderTests.testCheckStockAllActionss ,,d+ ,, <&  ! !& "'',,z:xHIf   & ! ) )'2 63  % %d3h 46s~~c"HCS!  Jr+c.[RRSS9 SSSSSSS S S S S SSSSS. 4SSSSSSSSSSSSSSSS. 4S S!S"S#S$S%S&S'S(S)S*S+. 4S,S-S"S#S.S/S0S1S2.4S3S4S5S6S7S8S9S:S;SS?S@SASB. 4SCSDS5S6S7SESFSGSHSISJSKSLSMSNSB. 4SOSPSQSRSSSTSUSVSWSXSYSZS[S\S]SB. 4S^S_S`SaSSSbScSdSeSfSgShSiSjSkSB. 4SlSmS5S6SSSnSoSpSqSrSsStSuSvSwSB. 4SxSyS5S6SSSzS{S|S}S~SSSSSSB. 4SSSSSSSSSSSSSS. 4SSSSSSSSSSSSSS. 4SSSSSSSSSSSSSS. 4SSSSSSSSSSSSSSS. 4SSSSSSSSSSSSSS. 4SSSSSSSSSSSSSS. 4SSSSSSSSSSSSS. 4SSSSSSSSSSSSS. 4SSSSSSSSS2.4SSSSSSSSS2.44n[5nURnUR nUHEupVnUR XV5nUH(n URU 5upURU S5 M* MG URn UR5n UGHupVnXRGHnXRUn[RS5 [RSUS-UR-5 [RS5 UR[!U["R$55 UR&UlUR+S5 UR-5 UR/S5(aUR0"USSS06 OGUR/S5(a1UR/S5(aUR2"USUS-SS06 UR+S5 UR5U S5 UR/S5(a8UR0"UR/SUR/SS55US-SS06 UR/S5(aUR2"USSS06 UR0"USSS06 UR2"UGSSS06 UR+GS5 UR7U S5 UR0"UGSSS06 UR2"UGSSS06 UR+GS5 UR5U GS5 UR/S5(a8UR0"UR/SUR/SS55US-SS06 UR/S5(aUR2"USSS06 UR0"UGSSS06 UR2"UGSSS06 UR+GS5 UR7U GS5 UR0"UGSSS06 UR2"UGSSS06 UR/GS 5(aUR+GS 5 UR9U SGS 5 UR0"UR/GS UR/SS55UGS -SS06 UR/GS 5(a$UGS UGS :waUR2"UGS SS06 UR/GS 5(aUR+GS5 UR9U GSGS 5 UR0"UR/GS UR/SS55UGS -SS06 UR/GS 5(a$UGS UGS :waUR2"UGS SS06 UR/GS5(a8UR+GS5 UR;5 UR0"UGSSS06 UR+GS5 UR=5 UR/GS5(dGMeUR0"UR/SS5UGS-SS06 GM GM g(NTrz j-w-nft-mpzQnftables-multiport[name=%(__name__)s, port="http,https", protocol="tcp,udp,sctp"])zip ipv4_addrzaddr-)zip6 ipv6_addrzaddr6-)`nft add table inet f2b-table`W`nft -- add chain inet f2b-table f2b-chain \{ type filter hook input priority -1 \; \}`9`for proto in $(echo 'tcp,udp,sctp' | sed 's/,/ /g'); do``done`)zG`nft add set inet f2b-table addr-set-j-w-nft-mp \{ type ipv4_addr\; \}`z`nft add rule inet f2b-table f2b-chain $proto dport \{ $(echo 'http,https' | sed s/:/-/g) \} ip saddr @addr-set-j-w-nft-mp reject`)zH`nft add set inet f2b-table addr6-set-j-w-nft-mp \{ type ipv6_addr\; \}`z`nft add rule inet f2b-table f2b-chain $proto dport \{ $(echo 'http,https' | sed s/:/-/g) \} ip6 saddr @addr6-set-j-w-nft-mp reject`)zG`{ nft flush set inet f2b-table addr-set-j-w-nft-mp 2> /dev/null; } || zH`{ nft flush set inet f2b-table addr6-set-j-w-nft-mp 2> /dev/null; } || )z`{ nft -a list chain inet f2b-table f2b-chain | grep -oP '@addr-set-j-w-nft-mp\s+.*\s+\Khandle\s+(\d+)$'; } | while read -r hdl; do`5`nft delete rule inet f2b-table f2b-chain $hdl; done`z3`nft delete set inet f2b-table addr-set-j-w-nft-mp`z`{ nft -a list chain inet f2b-table f2b-chain | grep -oP '@addr6-set-j-w-nft-mp\s+.*\s+\Khandle\s+(\d+)$'; } | while read -r hdl; do`rz4`nft delete set inet f2b-table addr6-set-j-w-nft-mp`)zO`nft list chain inet f2b-table f2b-chain | grep -q '@addr-set-j-w-nft-mp[ \t]'`)zP`nft list chain inet f2b-table f2b-chain | grep -q '@addr6-set-j-w-nft-mp[ \t]'`)zD`nft add element inet f2b-table addr-set-j-w-nft-mp \{ 192.0.2.1 \}`)zG`nft delete element inet f2b-table addr-set-j-w-nft-mp \{ 192.0.2.1 \}`)zF`nft add element inet f2b-table addr6-set-j-w-nft-mp \{ 2001:db8:: \}`)zI`nft delete element inet f2b-table addr6-set-j-w-nft-mp \{ 2001:db8:: \}`) ip4ip6*-start ip4-start ip6-startflushr ip4-check ip6-checkip4-ban ip4-unbanip6-ban ip6-unbanz j-w-nft-apz8nftables-allports[name=%(__name__)s, protocol="tcp,udp"])rr)zG`nft add set inet f2b-table addr-set-j-w-nft-ap \{ type ipv4_addr\; \}`zg`nft add rule inet f2b-table f2b-chain meta l4proto \{ tcp,udp \} ip saddr @addr-set-j-w-nft-ap reject`)zH`nft add set inet f2b-table addr6-set-j-w-nft-ap \{ type ipv6_addr\; \}`zi`nft add rule inet f2b-table f2b-chain meta l4proto \{ tcp,udp \} ip6 saddr @addr6-set-j-w-nft-ap reject`)zG`{ nft flush set inet f2b-table addr-set-j-w-nft-ap 2> /dev/null; } || zH`{ nft flush set inet f2b-table addr6-set-j-w-nft-ap 2> /dev/null; } || )z`{ nft -a list chain inet f2b-table f2b-chain | grep -oP '@addr-set-j-w-nft-ap\s+.*\s+\Khandle\s+(\d+)$'; } | while read -r hdl; do`rz3`nft delete set inet f2b-table addr-set-j-w-nft-ap`z`{ nft -a list chain inet f2b-table f2b-chain | grep -oP '@addr6-set-j-w-nft-ap\s+.*\s+\Khandle\s+(\d+)$'; } | while read -r hdl; do`rz4`nft delete set inet f2b-table addr6-set-j-w-nft-ap`)zO`nft list chain inet f2b-table f2b-chain | grep -q '@addr-set-j-w-nft-ap[ \t]'`)zP`nft list chain inet f2b-table f2b-chain | grep -q '@addr6-set-j-w-nft-ap[ \t]'`)zD`nft add element inet f2b-table addr-set-j-w-nft-ap \{ 192.0.2.1 \}`)zG`nft delete element inet f2b-table addr-set-j-w-nft-ap \{ 192.0.2.1 \}`)zF`nft add element inet f2b-table addr6-set-j-w-nft-ap \{ 2001:db8:: \}`)zI`nft delete element inet f2b-table addr6-set-j-w-nft-ap \{ 2001:db8:: \}`zj-dummyzodummy[name=%(__name__)s, init="=='/'==bt:==bc:==", target="/tmp/fail2ban.dummy"])z family: inet4)z family: inet6)z$`printf %b "=='/'==bt:600==bc:0==\n"z7`echo "[j-dummy] dummy /tmp/fail2ban.dummy -- started"`)z9`echo "[j-dummy] dummy /tmp/fail2ban.dummy -- clear all"`)z7`echo "[j-dummy] dummy /tmp/fail2ban.dummy -- stopped"`)zP`echo "[j-dummy] dummy /tmp/fail2ban.dummy -- banned 192.0.2.1 (family: inet4)"`)zR`echo "[j-dummy] dummy /tmp/fail2ban.dummy -- unbanned 192.0.2.1 (family: inet4)"`)zQ`echo "[j-dummy] dummy /tmp/fail2ban.dummy -- banned 2001:db8:: (family: inet6)"`)zS`echo "[j-dummy] dummy /tmp/fail2ban.dummy -- unbanned 2001:db8:: (family: inet6)"`) rrrrrrrrrz j-hostsdenyzPhostsdeny[name=%(__name__)s, actionstop="rm ", file="/tmp/fail2ban.dummy"])z5`printf %b "ALL: 192.0.2.1\n" >> /tmp/fail2ban.dummy`)z^`IP=$(echo "192.0.2.1" | sed 's/[][\.]/\\\0/g') && sed -i "/^ALL: $IP$/d" /tmp/fail2ban.dummy`)z8`printf %b "ALL: [2001:db8::]\n" >> /tmp/fail2ban.dummy`)za`IP=$(echo "[2001:db8::]" | sed 's/[][\.]/\\\0/g') && sed -i "/^ALL: $IP$/d" /tmp/fail2ban.dummy`)rrrrrrzj-w-iptables-mpzwiptables-multiport[name=%(__name__)s, bantime="10m", port="http,https", protocol="tcp,udp,sctp", chain=""]) `iptables icmp-port-unreachable) `ip6tables icmp6-port-unreachable)rr)z`{ iptables -w -C f2b-j-w-iptables-mp -j RETURN >/dev/null 2>&1; } || { iptables -w -N f2b-j-w-iptables-mp || true; iptables -w -A f2b-j-w-iptables-mp -j RETURN; }`z`{ iptables -w -C INPUT -p $proto -m multiport --dports http,https -j f2b-j-w-iptables-mp >/dev/null 2>&1; } || { iptables -w -I INPUT -p $proto -m multiport --dports http,https -j f2b-j-w-iptables-mp; }`)z`{ ip6tables -w -C f2b-j-w-iptables-mp -j RETURN >/dev/null 2>&1; } || { ip6tables -w -N f2b-j-w-iptables-mp || true; ip6tables -w -A f2b-j-w-iptables-mp -j RETURN; }`zq`{ ip6tables -w -C INPUT -p $proto -m multiport --dports http,https -j f2b-j-w-iptables-mp >/dev/null 2>&1; } || z]{ ip6tables -w -I INPUT -p $proto -m multiport --dports http,https -j f2b-j-w-iptables-mp; }`)$`iptables -w -F f2b-j-w-iptables-mp`%`ip6tables -w -F f2b-j-w-iptables-mp`)zX`iptables -w -D INPUT -p $proto -m multiport --dports http,https -j f2b-j-w-iptables-mp`rz$`iptables -w -X f2b-j-w-iptables-mp`zY`ip6tables -w -D INPUT -p $proto -m multiport --dports http,https -j f2b-j-w-iptables-mp`rz%`ip6tables -w -X f2b-j-w-iptables-mp`)zX`iptables -w -C INPUT -p $proto -m multiport --dports http,https -j f2b-j-w-iptables-mp`)zY`ip6tables -w -C INPUT -p $proto -m multiport --dports http,https -j f2b-j-w-iptables-mp`)za`iptables -w -I f2b-j-w-iptables-mp 1 -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable`)z_`iptables -w -D f2b-j-w-iptables-mp -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable`)zd`ip6tables -w -I f2b-j-w-iptables-mp 1 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable`)zb`ip6tables -w -D f2b-j-w-iptables-mp -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable`) rr*-start-stop-checkrrrrrrrrrrzj-w-iptables-apzciptables-allports[name=%(__name__)s, bantime="10m", protocol="tcp,udp,sctp", chain=""])z`{ iptables -w -C f2b-j-w-iptables-ap -j RETURN >/dev/null 2>&1; } || { iptables -w -N f2b-j-w-iptables-ap || true; iptables -w -A f2b-j-w-iptables-ap -j RETURN; }`zO`{ iptables -w -C INPUT -p $proto -j f2b-j-w-iptables-ap >/dev/null 2>&1; } || z;{ iptables -w -I INPUT -p $proto -j f2b-j-w-iptables-ap; }`)z`{ ip6tables -w -C f2b-j-w-iptables-ap -j RETURN >/dev/null 2>&1; } || { ip6tables -w -N f2b-j-w-iptables-ap || true; ip6tables -w -A f2b-j-w-iptables-ap -j RETURN; }`zP`{ ip6tables -w -C INPUT -p $proto -j f2b-j-w-iptables-ap >/dev/null 2>&1; } || z<{ ip6tables -w -I INPUT -p $proto -j f2b-j-w-iptables-ap; }`)$`iptables -w -F f2b-j-w-iptables-ap`%`ip6tables -w -F f2b-j-w-iptables-ap`)z7`iptables -w -D INPUT -p $proto -j f2b-j-w-iptables-ap`rz$`iptables -w -X f2b-j-w-iptables-ap`z8`ip6tables -w -D INPUT -p $proto -j f2b-j-w-iptables-ap`rz%`ip6tables -w -X f2b-j-w-iptables-ap`)z7`iptables -w -C INPUT -p $proto -j f2b-j-w-iptables-ap`)z8`ip6tables -w -C INPUT -p $proto -j f2b-j-w-iptables-ap`)za`iptables -w -I f2b-j-w-iptables-ap 1 -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable`)z_`iptables -w -D f2b-j-w-iptables-ap -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable`)zd`ip6tables -w -I f2b-j-w-iptables-ap 1 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable`)zb`ip6tables -w -D f2b-j-w-iptables-ap -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable`zj-w-iptables-ipsetz\iptables-ipset-proto6[name=%(__name__)s, port="http", protocol="tcp", chain=""])z f2b-j-w-iptables-ipset )z f2b-j-w-iptables-ipset6 )z0`for proto in $(echo 'tcp' | sed 's/,/ /g'); do`r)zM`ipset -exist create f2b-j-w-iptables-ipset hash:ip timeout 0 maxelem 65536 `aJ`{ iptables -w -C INPUT -p $proto -m multiport --dports http -m set --match-set f2b-j-w-iptables-ipset src -j REJECT --reject-with icmp-port-unreachable >/dev/null 2>&1; } || { iptables -w -I INPUT -p $proto -m multiport --dports http -m set --match-set f2b-j-w-iptables-ipset src -j REJECT --reject-with icmp-port-unreachable; }`)zZ`ipset -exist create f2b-j-w-iptables-ipset6 hash:ip timeout 0 maxelem 65536 family inet6`aP`{ ip6tables -w -C INPUT -p $proto -m multiport --dports http -m set --match-set f2b-j-w-iptables-ipset6 src -j REJECT --reject-with icmp6-port-unreachable >/dev/null 2>&1; } || { ip6tables -w -I INPUT -p $proto -m multiport --dports http -m set --match-set f2b-j-w-iptables-ipset6 src -j REJECT --reject-with icmp6-port-unreachable; }`)$`ipset flush f2b-j-w-iptables-ipset`%`ipset flush f2b-j-w-iptables-ipset6`)z`iptables -w -D INPUT -p $proto -m multiport --dports http -m set --match-set f2b-j-w-iptables-ipset src -j REJECT --reject-with icmp-port-unreachable`r z&`ipset destroy f2b-j-w-iptables-ipset`z`ip6tables -w -D INPUT -p $proto -m multiport --dports http -m set --match-set f2b-j-w-iptables-ipset6 src -j REJECT --reject-with icmp6-port-unreachable`r z'`ipset destroy f2b-j-w-iptables-ipset6`)z`iptables -w -C INPUT -p $proto -m multiport --dports http -m set --match-set f2b-j-w-iptables-ipset src -j REJECT --reject-with icmp-port-unreachable`)z`ip6tables -w -C INPUT -p $proto -m multiport --dports http -m set --match-set f2b-j-w-iptables-ipset6 src -j REJECT --reject-with icmp6-port-unreachable`)z=`ipset -exist add f2b-j-w-iptables-ipset 192.0.2.1 timeout 0`)z3`ipset -exist del f2b-j-w-iptables-ipset 192.0.2.1`)z?`ipset -exist add f2b-j-w-iptables-ipset6 2001:db8:: timeout 0`)z5`ipset -exist del f2b-j-w-iptables-ipset6 2001:db8::`zj-w-iptables-ipset-apzHiptables-ipset-proto6-allports[name=%(__name__)s, chain=""])z f2b-j-w-iptables-ipset-ap )z f2b-j-w-iptables-ipset-ap6 )zP`ipset -exist create f2b-j-w-iptables-ipset-ap hash:ip timeout 0 maxelem 65536 `a`{ iptables -w -C INPUT -p $proto -m set --match-set f2b-j-w-iptables-ipset-ap src -j REJECT --reject-with icmp-port-unreachable >/dev/null 2>&1; } || { iptables -w -I INPUT -p $proto -m set --match-set f2b-j-w-iptables-ipset-ap src -j REJECT --reject-with icmp-port-unreachable; })z]`ipset -exist create f2b-j-w-iptables-ipset-ap6 hash:ip timeout 0 maxelem 65536 family inet6`a`{ ip6tables -w -C INPUT -p $proto -m set --match-set f2b-j-w-iptables-ipset-ap6 src -j REJECT --reject-with icmp6-port-unreachable >/dev/null 2>&1; } || { ip6tables -w -I INPUT -p $proto -m set --match-set f2b-j-w-iptables-ipset-ap6 src -j REJECT --reject-with icmp6-port-unreachable; })'`ipset flush f2b-j-w-iptables-ipset-ap`(`ipset flush f2b-j-w-iptables-ipset-ap6`)z`iptables -w -D INPUT -p $proto -m set --match-set f2b-j-w-iptables-ipset-ap src -j REJECT --reject-with icmp-port-unreachable`r z)`ipset destroy f2b-j-w-iptables-ipset-ap`z`ip6tables -w -D INPUT -p $proto -m set --match-set f2b-j-w-iptables-ipset-ap6 src -j REJECT --reject-with icmp6-port-unreachable`r z*`ipset destroy f2b-j-w-iptables-ipset-ap6`)z`iptables -w -C INPUT -p $proto -m set --match-set f2b-j-w-iptables-ipset-ap src -j REJECT --reject-with icmp-port-unreachable`)z`ip6tables -w -C INPUT -p $proto -m set --match-set f2b-j-w-iptables-ipset-ap6 src -j REJECT --reject-with icmp6-port-unreachable`)z@`ipset -exist add f2b-j-w-iptables-ipset-ap 192.0.2.1 timeout 0`)z6`ipset -exist del f2b-j-w-iptables-ipset-ap 192.0.2.1`)zB`ipset -exist add f2b-j-w-iptables-ipset-ap6 2001:db8:: timeout 0`)z8`ipset -exist del f2b-j-w-iptables-ipset-ap6 2001:db8::`z j-w-iptablesz^iptables[name=%(__name__)s, bantime="10m", port="http", protocol="tcp", chain=""])z`{ iptables -w -C f2b-j-w-iptables -j RETURN >/dev/null 2>&1; } || { iptables -w -N f2b-j-w-iptables || true; iptables -w -A f2b-j-w-iptables -j RETURN; }z`{ iptables -w -C INPUT -p $proto --dport http -j f2b-j-w-iptables >/dev/null 2>&1; } || { iptables -w -I INPUT -p $proto --dport http -j f2b-j-w-iptables; }`)z`{ ip6tables -w -C f2b-j-w-iptables -j RETURN >/dev/null 2>&1; } || { ip6tables -w -N f2b-j-w-iptables || true; ip6tables -w -A f2b-j-w-iptables -j RETURN; }z`{ ip6tables -w -C INPUT -p $proto --dport http -j f2b-j-w-iptables >/dev/null 2>&1; } || { ip6tables -w -I INPUT -p $proto --dport http -j f2b-j-w-iptables; }`)!`iptables -w -F f2b-j-w-iptables`"`ip6tables -w -F f2b-j-w-iptables`)zA`iptables -w -D INPUT -p $proto --dport http -j f2b-j-w-iptables`r z!`iptables -w -X f2b-j-w-iptables`zB`ip6tables -w -D INPUT -p $proto --dport http -j f2b-j-w-iptables`rz"`ip6tables -w -X f2b-j-w-iptables`)zA`iptables -w -C INPUT -p $proto --dport http -j f2b-j-w-iptables`)zB`ip6tables -w -C INPUT -p $proto --dport http -j f2b-j-w-iptables`)z^`iptables -w -I f2b-j-w-iptables 1 -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable`)z\`iptables -w -D f2b-j-w-iptables -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable`)za`ip6tables -w -I f2b-j-w-iptables 1 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable`)z_`ip6tables -w -D f2b-j-w-iptables -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable`zj-w-iptables-newzbiptables-new[name=%(__name__)s, bantime="10m", port="http", protocol="tcp", chain=""])z`{ iptables -w -C f2b-j-w-iptables-new -j RETURN >/dev/null 2>&1; } || { iptables -w -N f2b-j-w-iptables-new || true; iptables -w -A f2b-j-w-iptables-new -j RETURN; }`z`{ iptables -w -C INPUT -m state --state NEW -p $proto --dport http -j f2b-j-w-iptables-new >/dev/null 2>&1; } || { iptables -w -I INPUT -m state --state NEW -p $proto --dport http -j f2b-j-w-iptables-new; }`)z`{ ip6tables -w -C f2b-j-w-iptables-new -j RETURN >/dev/null 2>&1; } || { ip6tables -w -N f2b-j-w-iptables-new || true; ip6tables -w -A f2b-j-w-iptables-new -j RETURN; }`z`{ ip6tables -w -C INPUT -m state --state NEW -p $proto --dport http -j f2b-j-w-iptables-new >/dev/null 2>&1; } || { ip6tables -w -I INPUT -m state --state NEW -p $proto --dport http -j f2b-j-w-iptables-new; }`)%`iptables -w -F f2b-j-w-iptables-new`&`ip6tables -w -F f2b-j-w-iptables-new`)zZ`iptables -w -D INPUT -m state --state NEW -p $proto --dport http -j f2b-j-w-iptables-new`rz%`iptables -w -X f2b-j-w-iptables-new`z[`ip6tables -w -D INPUT -m state --state NEW -p $proto --dport http -j f2b-j-w-iptables-new`rz&`ip6tables -w -X f2b-j-w-iptables-new`)zZ`iptables -w -C INPUT -m state --state NEW -p $proto --dport http -j f2b-j-w-iptables-new`)z[`ip6tables -w -C INPUT -m state --state NEW -p $proto --dport http -j f2b-j-w-iptables-new`)zb`iptables -w -I f2b-j-w-iptables-new 1 -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable`)z``iptables -w -D f2b-j-w-iptables-new -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable`)ze`ip6tables -w -I f2b-j-w-iptables-new 1 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable`)zc`ip6tables -w -D f2b-j-w-iptables-new -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable`zj-w-iptables-xtrezPiptables-xt_recent-echo[name=%(__name__)s, bantime="10m", chain=""])rz/f2b-j-w-iptables-xtre`)rz/f2b-j-w-iptables-xtre6`)a"`{ iptables -w -C INPUT -m recent --update --seconds 3600 --name f2b-j-w-iptables-xtre -j REJECT --reject-with icmp-port-unreachable >/dev/null 2>&1; } || { iptables -w -I INPUT -m recent --update --seconds 3600 --name f2b-j-w-iptables-xtre -j REJECT --reject-with icmp-port-unreachable; }`)a(`{ ip6tables -w -C INPUT -m recent --update --seconds 3600 --name f2b-j-w-iptables-xtre6 -j REJECT --reject-with icmp6-port-unreachable >/dev/null 2>&1; } || { ip6tables -w -I INPUT -m recent --update --seconds 3600 --name f2b-j-w-iptables-xtre6 -j REJECT --reject-with icmp6-port-unreachable; }`)z4`echo / > /proc/net/xt_recent/f2b-j-w-iptables-xtre``if [ `id -u` -eq 0 ];then`z`iptables -w -D INPUT -m recent --update --seconds 3600 --name f2b-j-w-iptables-xtre -j REJECT --reject-with icmp-port-unreachable;``fi`z5`echo / > /proc/net/xt_recent/f2b-j-w-iptables-xtre6`rz`ip6tables -w -D INPUT -m recent --update --seconds 3600 --name f2b-j-w-iptables-xtre6 -j REJECT --reject-with icmp6-port-unreachable;`r)z`{ iptables -w -C INPUT -m recent --update --seconds 3600 --name f2b-j-w-iptables-xtre -j REJECT --reject-with icmp-port-unreachable; } && test -e /proc/net/xt_recent/f2b-j-w-iptables-xtre`)z`{ ip6tables -w -C INPUT -m recent --update --seconds 3600 --name f2b-j-w-iptables-xtre6 -j REJECT --reject-with icmp6-port-unreachable; } && test -e /proc/net/xt_recent/f2b-j-w-iptables-xtre6`)z=`echo +192.0.2.1 > /proc/net/xt_recent/f2b-j-w-iptables-xtre`)z=`echo -192.0.2.1 > /proc/net/xt_recent/f2b-j-w-iptables-xtre`)z?`echo +2001:db8:: > /proc/net/xt_recent/f2b-j-w-iptables-xtre6`)z?`echo -2001:db8:: > /proc/net/xt_recent/f2b-j-w-iptables-xtre6`) rrrrrrrrrrrzj-w-pfz2pf[name=%(__name__)s, actionstart_on_demand=false]r")zF`echo "table persist counters" | pfctl -a f2b/j-w-pf -f-`z port=""z\`echo "block quick $protocol from to any port $port" | pfctl -a f2b/j-w-pf -f-`),`pfctl -a f2b/j-w-pf -t f2b-j-w-pf -T flush`)zT`pfctl -a f2b/j-w-pf -sr 2>/dev/null | grep -v f2b-j-w-pf | pfctl -a f2b/j-w-pf -f-`rz+`pfctl -a f2b/j-w-pf -t f2b-j-w-pf -T kill`)z.`pfctl -a f2b/j-w-pf -sr | grep -q f2b-j-w-pf`)z4`pfctl -a f2b/j-w-pf -t f2b-j-w-pf -T add 192.0.2.1`)z7`pfctl -a f2b/j-w-pf -t f2b-j-w-pf -T delete 192.0.2.1`)z5`pfctl -a f2b/j-w-pf -t f2b-j-w-pf -T add 2001:db8::`)z8`pfctl -a f2b/j-w-pf -t f2b-j-w-pf -T delete 2001:db8::`) rrrrrrrrrrrz j-w-pf-mpz@pf[actiontype=][name=%(__name__)s, port="http,https"])zL`echo "table persist counters" | pfctl -a f2b/j-w-pf-mp -f-`zport="http,https"zb`echo "block quick $protocol from to any port $port" | pfctl -a f2b/j-w-pf-mp -f-`)2`pfctl -a f2b/j-w-pf-mp -t f2b-j-w-pf-mp -T flush`)z]`pfctl -a f2b/j-w-pf-mp -sr 2>/dev/null | grep -v f2b-j-w-pf-mp | pfctl -a f2b/j-w-pf-mp -f-`rz1`pfctl -a f2b/j-w-pf-mp -t f2b-j-w-pf-mp -T kill`)z4`pfctl -a f2b/j-w-pf-mp -sr | grep -q f2b-j-w-pf-mp`)z:`pfctl -a f2b/j-w-pf-mp -t f2b-j-w-pf-mp -T add 192.0.2.1`)z=`pfctl -a f2b/j-w-pf-mp -t f2b-j-w-pf-mp -T delete 192.0.2.1`)z;`pfctl -a f2b/j-w-pf-mp -t f2b-j-w-pf-mp -T add 2001:db8::`)z>`pfctl -a f2b/j-w-pf-mp -t f2b-j-w-pf-mp -T delete 2001:db8::`z j-w-pf-apzHpf[actiontype=, actionstart_on_demand=true][name=%(__name__)s])zL`echo "table persist counters" | pfctl -a f2b/j-w-pf-ap -f-`zW`echo "block quick $protocol from to any" | pfctl -a f2b/j-w-pf-ap -f-`)2`pfctl -a f2b/j-w-pf-ap -t f2b-j-w-pf-ap -T flush`)z]`pfctl -a f2b/j-w-pf-ap -sr 2>/dev/null | grep -v f2b-j-w-pf-ap | pfctl -a f2b/j-w-pf-ap -f-`rz1`pfctl -a f2b/j-w-pf-ap -t f2b-j-w-pf-ap -T kill`)z4`pfctl -a f2b/j-w-pf-ap -sr | grep -q f2b-j-w-pf-ap`)z:`pfctl -a f2b/j-w-pf-ap -t f2b-j-w-pf-ap -T add 192.0.2.1`)z=`pfctl -a f2b/j-w-pf-ap -t f2b-j-w-pf-ap -T delete 192.0.2.1`)z;`pfctl -a f2b/j-w-pf-ap -t f2b-j-w-pf-ap -T add 2001:db8::`)z>`pfctl -a f2b/j-w-pf-ap -t f2b-j-w-pf-ap -T delete 2001:db8::`) rrrrrrrrrrrrz j-w-fwcmd-mpzqfirewallcmd-multiport[name=%(__name__)s, bantime="10m", port="http,https", protocol="tcp", chain=""])z ipv4 r)z ipv6 r)z@`firewall-cmd --direct --add-chain ipv4 filter f2b-j-w-fwcmd-mp`zN`firewall-cmd --direct --add-rule ipv4 filter f2b-j-w-fwcmd-mp 1000 -j RETURN`z`firewall-cmd --direct --add-rule ipv4 filter INPUT_direct 0 -m conntrack --ctstate NEW -p tcp -m multiport --dports http,https -j f2b-j-w-fwcmd-mp`)z@`firewall-cmd --direct --add-chain ipv6 filter f2b-j-w-fwcmd-mp`zN`firewall-cmd --direct --add-rule ipv6 filter f2b-j-w-fwcmd-mp 1000 -j RETURN`z`firewall-cmd --direct --add-rule ipv6 filter INPUT_direct 0 -m conntrack --ctstate NEW -p tcp -m multiport --dports http,https -j f2b-j-w-fwcmd-mp`)z`firewall-cmd --direct --remove-rule ipv4 filter INPUT_direct 0 -m conntrack --ctstate NEW -p tcp -m multiport --dports http,https -j f2b-j-w-fwcmd-mp`zC`firewall-cmd --direct --remove-rules ipv4 filter f2b-j-w-fwcmd-mp`zC`firewall-cmd --direct --remove-chain ipv4 filter f2b-j-w-fwcmd-mp`z`firewall-cmd --direct --remove-rule ipv6 filter INPUT_direct 0 -m conntrack --ctstate NEW -p tcp -m multiport --dports http,https -j f2b-j-w-fwcmd-mp`zC`firewall-cmd --direct --remove-rules ipv6 filter f2b-j-w-fwcmd-mp`zC`firewall-cmd --direct --remove-chain ipv6 filter f2b-j-w-fwcmd-mp`)zc`firewall-cmd --direct --get-chains ipv4 filter | sed -e 's, ,\n,g' | grep -q '^f2b-j-w-fwcmd-mp$'`)zc`firewall-cmd --direct --get-chains ipv6 filter | sed -e 's, ,\n,g' | grep -q '^f2b-j-w-fwcmd-mp$'`)z|`firewall-cmd --direct --add-rule ipv4 filter f2b-j-w-fwcmd-mp 0 -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable`)z`firewall-cmd --direct --remove-rule ipv4 filter f2b-j-w-fwcmd-mp 0 -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable`)z~`firewall-cmd --direct --add-rule ipv6 filter f2b-j-w-fwcmd-mp 0 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable`)z`firewall-cmd --direct --remove-rule ipv6 filter f2b-j-w-fwcmd-mp 0 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable`z j-w-fwcmd-apz]firewallcmd-allports[name=%(__name__)s, bantime="10m", protocol="tcp", chain=""])z@`firewall-cmd --direct --add-chain ipv4 filter f2b-j-w-fwcmd-ap`zN`firewall-cmd --direct --add-rule ipv4 filter f2b-j-w-fwcmd-ap 1000 -j RETURN`zQ`firewall-cmd --direct --add-rule ipv4 filter INPUT_direct 0 -j f2b-j-w-fwcmd-ap`)z@`firewall-cmd --direct --add-chain ipv6 filter f2b-j-w-fwcmd-ap`zN`firewall-cmd --direct --add-rule ipv6 filter f2b-j-w-fwcmd-ap 1000 -j RETURN`zQ`firewall-cmd --direct --add-rule ipv6 filter INPUT_direct 0 -j f2b-j-w-fwcmd-ap`)zT`firewall-cmd --direct --remove-rule ipv4 filter INPUT_direct 0 -j f2b-j-w-fwcmd-ap`zC`firewall-cmd --direct --remove-rules ipv4 filter f2b-j-w-fwcmd-ap`zC`firewall-cmd --direct --remove-chain ipv4 filter f2b-j-w-fwcmd-ap`zT`firewall-cmd --direct --remove-rule ipv6 filter INPUT_direct 0 -j f2b-j-w-fwcmd-ap`zC`firewall-cmd --direct --remove-rules ipv6 filter f2b-j-w-fwcmd-ap`zC`firewall-cmd --direct --remove-chain ipv6 filter f2b-j-w-fwcmd-ap`)zc`firewall-cmd --direct --get-chains ipv4 filter | sed -e 's, ,\n,g' | grep -q '^f2b-j-w-fwcmd-ap$'`)zc`firewall-cmd --direct --get-chains ipv6 filter | sed -e 's, ,\n,g' | grep -q '^f2b-j-w-fwcmd-ap$'`)z|`firewall-cmd --direct --add-rule ipv4 filter f2b-j-w-fwcmd-ap 0 -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable`)z`firewall-cmd --direct --remove-rule ipv4 filter f2b-j-w-fwcmd-ap 0 -s 192.0.2.1 -j REJECT --reject-with icmp-port-unreachable`)z~`firewall-cmd --direct --add-rule ipv6 filter f2b-j-w-fwcmd-ap 0 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable`)z`firewall-cmd --direct --remove-rule ipv6 filter f2b-j-w-fwcmd-ap 0 -s 2001:db8:: -j REJECT --reject-with icmp6-port-unreachable`zj-w-fwcmd-ipsetzXfirewallcmd-ipset[name=%(__name__)s, port="http", protocol="tcp", chain=""])z f2b-j-w-fwcmd-ipset )z f2b-j-w-fwcmd-ipset6 )zJ`ipset -exist create f2b-j-w-fwcmd-ipset hash:ip timeout 0 maxelem 65536 `z`firewall-cmd --direct --add-rule ipv4 filter INPUT_direct 0 -p tcp -m multiport --dports http -m set --match-set f2b-j-w-fwcmd-ipset src -j REJECT --reject-with icmp-port-unreachable`)zW`ipset -exist create f2b-j-w-fwcmd-ipset6 hash:ip timeout 0 maxelem 65536 family inet6`z`firewall-cmd --direct --add-rule ipv6 filter INPUT_direct 0 -p tcp -m multiport --dports http -m set --match-set f2b-j-w-fwcmd-ipset6 src -j REJECT --reject-with icmp6-port-unreachable`)!`ipset flush f2b-j-w-fwcmd-ipset`"`ipset flush f2b-j-w-fwcmd-ipset6`)z`firewall-cmd --direct --remove-rule ipv4 filter INPUT_direct 0 -p tcp -m multiport --dports http -m set --match-set f2b-j-w-fwcmd-ipset src -j REJECT --reject-with icmp-port-unreachable`rz#`ipset destroy f2b-j-w-fwcmd-ipset`z`firewall-cmd --direct --remove-rule ipv6 filter INPUT_direct 0 -p tcp -m multiport --dports http -m set --match-set f2b-j-w-fwcmd-ipset6 src -j REJECT --reject-with icmp6-port-unreachable`rz$`ipset destroy f2b-j-w-fwcmd-ipset6`)z:`ipset -exist add f2b-j-w-fwcmd-ipset 192.0.2.1 timeout 0`)z0`ipset -exist del f2b-j-w-fwcmd-ipset 192.0.2.1`)z<`ipset -exist add f2b-j-w-fwcmd-ipset6 2001:db8:: timeout 0`)z2`ipset -exist del f2b-j-w-fwcmd-ipset6 2001:db8::`) rrrrrrrrrrzj-w-fwcmd-ipset-apzbfirewallcmd-ipset[name=%(__name__)s, actiontype=, protocol="tcp", chain=""])z f2b-j-w-fwcmd-ipset-ap )z f2b-j-w-fwcmd-ipset-ap6 )zM`ipset -exist create f2b-j-w-fwcmd-ipset-ap hash:ip timeout 0 maxelem 65536 `z`firewall-cmd --direct --add-rule ipv4 filter INPUT_direct 0 -p tcp -m set --match-set f2b-j-w-fwcmd-ipset-ap src -j REJECT --reject-with icmp-port-unreachable`)zZ`ipset -exist create f2b-j-w-fwcmd-ipset-ap6 hash:ip timeout 0 maxelem 65536 family inet6`z`firewall-cmd --direct --add-rule ipv6 filter INPUT_direct 0 -p tcp -m set --match-set f2b-j-w-fwcmd-ipset-ap6 src -j REJECT --reject-with icmp6-port-unreachable`)$`ipset flush f2b-j-w-fwcmd-ipset-ap`%`ipset flush f2b-j-w-fwcmd-ipset-ap6`)z`firewall-cmd --direct --remove-rule ipv4 filter INPUT_direct 0 -p tcp -m set --match-set f2b-j-w-fwcmd-ipset-ap src -j REJECT --reject-with icmp-port-unreachable`rz&`ipset destroy f2b-j-w-fwcmd-ipset-ap`z`firewall-cmd --direct --remove-rule ipv6 filter INPUT_direct 0 -p tcp -m set --match-set f2b-j-w-fwcmd-ipset-ap6 src -j REJECT --reject-with icmp6-port-unreachable`rz'`ipset destroy f2b-j-w-fwcmd-ipset-ap6`)z=`ipset -exist add f2b-j-w-fwcmd-ipset-ap 192.0.2.1 timeout 0`)z3`ipset -exist del f2b-j-w-fwcmd-ipset-ap 192.0.2.1`)z?`ipset -exist add f2b-j-w-fwcmd-ipset-ap6 2001:db8:: timeout 0`)z5`ipset -exist del f2b-j-w-fwcmd-ipset-ap6 2001:db8::`z j-fwcmd-rrz4firewallcmd-rich-rules[port="22:24", protocol="tcp"])z family='ipv4'r)z family='ipv6'r)z`ports="22:24"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --add-rich-rule="rule family='ipv4' source address='192.0.2.1' port port='$p' protocol='tcp' reject type='icmp-port-unreachable'"; done`)z`ports="22:24"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --remove-rich-rule="rule family='ipv4' source address='192.0.2.1' port port='$p' protocol='tcp' reject type='icmp-port-unreachable'"; done`)z `ports="22:24"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --add-rich-rule="rule family='ipv6' source address='2001:db8::' port port='$p' protocol='tcp' reject type='icmp6-port-unreachable'"; done`)z`ports="22:24"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --remove-rich-rule="rule family='ipv6' source address='2001:db8::' port port='$p' protocol='tcp' reject type='icmp6-port-unreachable'"; done`z j-fwcmd-rlz6firewallcmd-rich-logging[port="22:24", protocol="tcp"])a `ports="22:24"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --add-rich-rule="rule family='ipv4' source address='192.0.2.1' port port='$p' protocol='tcp' log prefix='f2b-j-fwcmd-rl' level='info' limit value='1/m' reject type='icmp-port-unreachable'"; done`)a `ports="22:24"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --remove-rich-rule="rule family='ipv4' source address='192.0.2.1' port port='$p' protocol='tcp' log prefix='f2b-j-fwcmd-rl' level='info' limit value='1/m' reject type='icmp-port-unreachable'"; done`)a  `ports="22:24"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --add-rich-rule="rule family='ipv6' source address='2001:db8::' port port='$p' protocol='tcp' log prefix='f2b-j-fwcmd-rl' level='info' limit value='1/m' reject type='icmp6-port-unreachable'"; done`)a`ports="22:24"; for p in $(echo $ports | tr ", " " "); do firewall-cmd --remove-rich-rule="rule family='ipv6' source address='2001:db8::' port port='$p' protocol='tcp' log prefix='f2b-j-fwcmd-rl' level='info' limit value='1/m' reject type='icmp6-port-unreachable'"; done`rrrrrrrrrrrrrrrrrrrrrrrrz# === check ipv4 ===familyz*-checkrz# === check ipv6 ===rz# === flush ===rr)rrrrr>rrrVrUrrrrrrrrrrrrrrrMrr0rr_invariantCheckrr)r$testJailsActionsr=r?rr[rtestsrrWrrrrrrars r'testCheckStockCommandActions4ServerConfigReaderTests.testCheckStockCommandActions.s  ,,d+e (1P Y/h/bL (1P S,O,\E &8 +G4e &8h Q 2;d    ]1S1f| 2;d    ]11fx (1O    Y/{/bg +4U    Y/j/bt 2;d    ]1w1f| 2;d    ]11fk 4=h C$n$L B b   EDJMKN)E.S b   KJPSQT)V.[ b  KJPSQT)^.H .7[   G&J&Ps .7[   G&v&Pq %.I ?"t"H~ (1O ?"A"HH 6?kK J 6?kMY[ x <&  ! !&22**d  % %d 06 s~~c"HCS!+   %  "&*d K  q [  #F LL"# LL$,"=> LL"#OOJvx'='=>?((FMM#$ LLN yy g1D1 ;  EIIk$:$: 5-eK.@@KdKMM&' JJvf~ yyt00%))IuyyQegiGj2klqr}l~2~ JEI J yyt33U;5GRTRuY'2T2%,1D1MM() LL u[)4t4%,1D1MM&' JJvf~ yyt00%))IuyyQegiGj2klqr}l~2~ JEI J yyt33U;5GRTRuY'2T2%,1D1MM() LL u[)4t4%,1D1 yy ]])* F6N845  )UYY7KR-PQRWXcRddojno +5#5{9K#K E+.9D9 yy ]])* F6N845  )UYY7KR-PQRWXcRddojno +5#5{9K#K E+.9D9 yy ]]$% \\^ g1D1MM"# KKM yy$++UYY7KR-PQVW]Q^-^idhiy +r+cUn[U[5(aUSn[R"SSU5n[R"SSUS5n[U[5(aX1S'OUn[R R XS9$)Nrz\)\s*\|\s*(\S*mail\b[^\n]*)z$) | cat; printf "\\n... | "; echo \1z\bADDRESSES=\$\(dig\s[^\n]+cg)Nz@ADDRESSES="abuse-1@abuse-test-server, abuse-2@abuse-test-server"r")ms r'r9ServerConfigReaderTests._executeMailCmd..ns Or+r)r)rrjresubrrr)r$rrrWs r'_executeMailCmd'ServerConfigReaderTests._executeMailCmdes# 3 -*C 1# -O #1: 7    * *7 * DDr+c.[RRSS9 SS[RR [ S5-S-S-[RR [ S5-S -S S 04S S [RR [ S5-S-S-[RR [ S5-S -S S04SS[RR [ S5-S-S-[RR [ S5-S-SSS.4SSSSS.44n[5nURnURnUHEupVnURXV5nUH(n URU 5upURU S5 M* MG URn [S5n [S5n[5nUGHCupVnXR GH)nXR Un["R%S5 ["R%SUS-UR&-5 ["R%S5 UR(UlS U 4SU44HunnUR-U5(dMUR/S U-5 [1U5nUR3S!5 UR5S"S#/5 [6R8R;UU5nUR=U5 UR>"UUS$S06 M GM, GMF g)%NTrzj-mail-whois-linesz\mail-whois-lines[name=%(__name__)s, grepopts="-m 1", grepmax=2, mailcmd="mail -s", logpath="rXrz ztestcase01a.logz8", _whois_command="echo '-- information about --'"]r);The IP 87.142.124.10 has just been banned by Fail2Ban afterz(100 attempts against j-mail-whois-lines..Here is more information about 87.142.124.10 :%-- information about 87.142.124.10 --2Lines containing failures of 87.142.124.10 (max 2)etestcase01.log:Dec 31 11:59:59 [sshd] error: PAM: Authentication failure for kevin from 87.142.124.10etestcase01a.log:Dec 31 11:55:01 [sshd] error: PAM: Authentication failure for test from 87.142.124.10zj-sendmail-whois-lineszxsendmail-whois-lines[name=%(__name__)s, grepopts="-m 1", grepmax=2, mailcmd='testmail -f "" ""', logpath=")r)z,100 attempts against j-sendmail-whois-lines.r*r+r,r-r.zj-complain-abusezcomplain[name=%(__name__)s, grepopts="-m 1", grepmax=2, mailcmd="mail -s 'Hostname: , family: ' - ",debug=1,logpath="z", ])6try to resolve 10.124.142.87.abuse-contacts.abusix.orgr,r-r.zymail -s Hostname: test-host, family: inet4 - Abuse from 87.142.124.10 abuse-1@abuse-test-server abuse-2@abuse-test-server)htry to resolve 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.b.d.0.1.0.0.2.abuse-contacts.abusix.orgz0Lines containing failures of 2001:db8::1 (max 2)zwmail -s Hostname: test-host, family: inet6 - Abuse from 2001:db8::1 abuse-1@abuse-test-server abuse-2@abuse-test-server)rrz j-xarf-abusezIxarf-login-attack[name=%(__name__)s, mailcmd="mail", mailargs="",debug=1])r/z8We have detected abuse from the IP address 87.142.124.10VDec 31 11:59:59 [sshd] error: PAM: Authentication failure for kevin from 87.142.124.10UDec 31 11:55:01 [sshd] error: PAM: Authentication failure for test from 87.142.124.108mail abuse-1@abuse-test-server abuse-2@abuse-test-server)r0z6We have detected abuse from the IP address 2001:db8::1r3rz 87.142.124.10z 2001:db8::1rrrrz # === %s ===rr1r2r) rrrrr^r_r`rr>rrrVrUrr rrrrrr&rrMrr setAttempt setMatchesrrrrr)r$rr=r?rr[rrrrWrrrrrrrrartestr)rs r'testComplexMailActionMultiLog5ServerConfigReaderTests.testComplexMailActionMultiLogwsT ,,d+GGLL1ABCFJJ WW\\.2CD EH   (GGLL1ABCFJJ WW\\.2CD EH   ( GGLL1AB C FJ J   WW\\.2CD E H  8  M^~ <&  ! !&22**d  % %d 06 s~~c"HCS!+   %  $  $ K'*d K  q [  #F LL"# LL$,"=> LL"#,,F!4(9d*;< r IIdOOX ]]>D()mV s ^]))&':V ZZ d ..= +r+)r __share_cfgr)r)r/r0r1r2rr;rIrrrrrrrr&r7r3rzr{s@r'rrsL 2 D1!f !(u jnE$K/K/r+r)A __author__ __copyright__ __license__rrrrr$rr#server.failregexrrrr=rr server.serverr server.ipdnsr r server.jailr server.jailthreadr server.ticketr server.utilsr dummyjailrutilsrrrhelpersrrrrrrrr^r_dirname__file__r`rBrrr5r}rTestCaserSrZrvr{clientreadertestcaserrrrr"r+r'rKs@. 2    ??("+*% <<;;#bggooh7A : [([|d */d *N{N{N|(!!(RJ""RJj11 '%'THGm/0m/G#s:EE  E