Hi, > > Ideally, I'd like to not have to modify that regexp and be able to > > add my own, much like what appears to be happening with mdre-errors. > > You don't have to. Append your own rules in a new line and test your > changed rule file with > > fail2ban-regex /log/file postfix > > and it should reply with text output like >
Yes, I understand that - I suppose it's the actual details of doing that which I don't understand. What's the difference between the pr and re rules? For example: mdpr-errors = too many errors after \S+ mdre-errors = ^from [^[]*\[<HOST>\]%(_port)s$ I'm assuming the re version is the regexp necessary just to capture the IP? So to add a new rule, I would simply copy this format with a new name, like: mdpr-proto = Protocol error; mdre-proto = ^from [^[]*\[<HOST>\]%(_port)s$ (One thing i never fixed was this: After editing my filter file, > previously working regexes started failing, e. g. they didn't match > any more - despite being unmodified.) Did you change the mode to no longer include those other regexes? mode = errors Or specific in the jail.conf? [postfix] filter = postfix[mode=aggressive] maxretry = 1 bantime = 48h enabled = true Thanks, Alex
_______________________________________________ Fail2ban-users mailing list Fail2ban-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fail2ban-users
