From 4dbdf09dc98cb3bd624741a14713feceee4006b5 Mon Sep 17 00:00:00 2001
From: Christoph <ckubu@oopen.de>
Date: Mon, 27 Nov 2017 04:23:54 +0100
Subject: [PATCH] Initial commit

---
 0.10.2/README.install                         |   7 +
 0.10.2/action.d/helpers-common.conf           |  16 ++
 0.10.2/action.d/iptables-multiport.local      |  27 ++++
 0.10.2/action.d/sendmail-ban-unban.local      |  70 +++++++++
 0.10.2/action.d/sendmail-ban.local            |  63 ++++++++
 0.10.2/action.d/sendmail-whois-lines.local    |  46 ++++++
 0.10.2/filter.d/dovecot.local                 |   7 +
 0.10.2/filter.d/postfix.local                 |   5 +
 0.10.2/ip64tables                             |  29 ++++
 0.10.2/jail.local                             | 105 +++++++++++++
 0.8.6/action.d/firewallcmd-ipset.local        |  67 ++++++++
 0.8.6/action.d/firewallcmd-new.local          |  72 +++++++++
 0.8.6/action.d/ip64tables-multiport-log.local |  83 ++++++++++
 0.8.6/action.d/iptables-allports.local        |  70 +++++++++
 0.8.6/action.d/iptables-ipset-proto4.local    |  73 +++++++++
 .../iptables-ipset-proto6-allports.local      |  64 ++++++++
 0.8.6/action.d/iptables-ipset-proto6.local    |  76 +++++++++
 0.8.6/action.d/iptables-multiport-log.local   |  83 ++++++++++
 0.8.6/action.d/iptables-multiport.local       |  73 +++++++++
 0.8.6/action.d/iptables-new.local             |  76 +++++++++
 0.8.6/action.d/iptables-xt_recent-echo.local  |  77 ++++++++++
 0.8.6/action.d/iptables.local                 |  73 +++++++++
 0.8.6/action.d/sendmail-only-ban.local        |  69 +++++++++
 0.8.6/action.d/sendmail-only-ban_unban.local  |  76 +++++++++
 0.8.6/filter.d/apache-badbots.local           |  22 +++
 0.8.6/filter.d/http-dos.local                 |   3 +
 0.8.6/filter.d/owncloud.local                 |   2 +
 0.8.6/filter.d/postfix-auth-dos.local         |  23 +++
 0.8.6/filter.d/postfix-sasl.local             |  14 ++
 0.8.6/filter.d/sshd.local                     |  44 ++++++
 0.8.6/filter.d/wp-login.local                 |  14 ++
 0.8.6/filter.d/wp-xmlrpc.local                |   3 +
 0.8.6/ip64tables                              |  29 ++++
 0.8.6/jail.local                              | 144 ++++++++++++++++++
 0.9.6/action.d/ip64tables-allports.local      |  54 +++++++
 0.9.6/action.d/ip64tables-common.local        |  62 ++++++++
 0.9.6/action.d/ip64tables-multiport.local     |  51 +++++++
 0.9.6/action.d/sendmail-only-ban.local        |  75 +++++++++
 0.9.6/action.d/sendmail-only-ban_unban.local  |  82 ++++++++++
 0.9.6/filter.d/dovecot-pop3imap.local         |   3 +
 0.9.6/ip64tables                              |  29 ++++
 0.9.6/jail.local                              |  62 ++++++++
 42 files changed, 2123 insertions(+)
 create mode 100644 0.10.2/README.install
 create mode 100644 0.10.2/action.d/helpers-common.conf
 create mode 100644 0.10.2/action.d/iptables-multiport.local
 create mode 100644 0.10.2/action.d/sendmail-ban-unban.local
 create mode 100644 0.10.2/action.d/sendmail-ban.local
 create mode 100644 0.10.2/action.d/sendmail-whois-lines.local
 create mode 100644 0.10.2/filter.d/dovecot.local
 create mode 100644 0.10.2/filter.d/postfix.local
 create mode 100755 0.10.2/ip64tables
 create mode 100644 0.10.2/jail.local
 create mode 100644 0.8.6/action.d/firewallcmd-ipset.local
 create mode 100644 0.8.6/action.d/firewallcmd-new.local
 create mode 100644 0.8.6/action.d/ip64tables-multiport-log.local
 create mode 100644 0.8.6/action.d/iptables-allports.local
 create mode 100644 0.8.6/action.d/iptables-ipset-proto4.local
 create mode 100644 0.8.6/action.d/iptables-ipset-proto6-allports.local
 create mode 100644 0.8.6/action.d/iptables-ipset-proto6.local
 create mode 100644 0.8.6/action.d/iptables-multiport-log.local
 create mode 100644 0.8.6/action.d/iptables-multiport.local
 create mode 100644 0.8.6/action.d/iptables-new.local
 create mode 100644 0.8.6/action.d/iptables-xt_recent-echo.local
 create mode 100644 0.8.6/action.d/iptables.local
 create mode 100644 0.8.6/action.d/sendmail-only-ban.local
 create mode 100644 0.8.6/action.d/sendmail-only-ban_unban.local
 create mode 100644 0.8.6/filter.d/apache-badbots.local
 create mode 100644 0.8.6/filter.d/http-dos.local
 create mode 100644 0.8.6/filter.d/owncloud.local
 create mode 100644 0.8.6/filter.d/postfix-auth-dos.local
 create mode 100644 0.8.6/filter.d/postfix-sasl.local
 create mode 100644 0.8.6/filter.d/sshd.local
 create mode 100644 0.8.6/filter.d/wp-login.local
 create mode 100644 0.8.6/filter.d/wp-xmlrpc.local
 create mode 100755 0.8.6/ip64tables
 create mode 100644 0.8.6/jail.local
 create mode 100644 0.9.6/action.d/ip64tables-allports.local
 create mode 100644 0.9.6/action.d/ip64tables-common.local
 create mode 100644 0.9.6/action.d/ip64tables-multiport.local
 create mode 100644 0.9.6/action.d/sendmail-only-ban.local
 create mode 100644 0.9.6/action.d/sendmail-only-ban_unban.local
 create mode 100644 0.9.6/filter.d/dovecot-pop3imap.local
 create mode 100755 0.9.6/ip64tables
 create mode 100644 0.9.6/jail.local

diff --git a/0.10.2/README.install b/0.10.2/README.install
new file mode 100644
index 0000000..95e436e
--- /dev/null
+++ b/0.10.2/README.install
@@ -0,0 +1,7 @@
+
+echo "deb tor+http://ncomputers.org/debian stretch main" > /etc/apt/sources.list.d/ncomputers.org-stretch.list
+echo "deb http://ncomputers.org/debian stretch main" > /etc/apt/sources.list.d/ncomputers.org-stretch.list
+apt-get update
+apt-get install ncomputers.org-keyring
+apt-get update
+
diff --git a/0.10.2/action.d/helpers-common.conf b/0.10.2/action.d/helpers-common.conf
new file mode 100644
index 0000000..b036f68
--- /dev/null
+++ b/0.10.2/action.d/helpers-common.conf
@@ -0,0 +1,16 @@
+[DEFAULT]
+
+# Usage:
+#   _grep_logs_args = 'test'
+#   (printf %%b "Log-excerpt contains 'test':\n"; %(_grep_logs)s; printf %%b "Log-excerpt contains 'test':\n") | mail ...
+#
+_grep_logs = logpath="<logpath>"; grep <grepopts> -E %(_grep_logs_args)s $logpath | <greplimit>
+_grep_logs_args = "(^|[^0-9a-fA-F:])$(echo '<ip>' | sed 's/\./\\./g')([^0-9a-fA-F:]|$)"
+
+# Used for actions, that should not by executed if ticket was restored:
+_bypass_if_restored = if [ '<restored>' = '1' ]; then exit 0; fi;
+
+[Init]
+greplimit = tail -n <grepmax>
+grepmax = 1000
+grepopts = -m <grepmax>
diff --git a/0.10.2/action.d/iptables-multiport.local b/0.10.2/action.d/iptables-multiport.local
new file mode 100644
index 0000000..a7a1c6c
--- /dev/null
+++ b/0.10.2/action.d/iptables-multiport.local
@@ -0,0 +1,27 @@
+# Fail2Ban configuration file
+#
+# Author: Cyril Jaquier
+# Modified by Yaroslav Halchenko for multiport banning
+#
+
+[Definition]
+
+# Option:  actionstart
+# Notes.:  command executed once at the start of Fail2Ban.
+# Values:  CMD
+#
+actionstart = <ip64tables> -N f2b-<name>
+              <ip64tables> -A f2b-<name> -j <returntype>
+              <ip64tables> -I <chain> -p <protocol> -m multiport --dports <port> -j f2b-<name>
+
+# Option:  actionstop
+# Notes.:  command executed once at the end of Fail2Ban
+# Values:  CMD
+#
+actionstop = <ip64tables> -D <chain> -p <protocol> -m multiport --dports <port> -j f2b-<name>
+             <actionflush>
+             <ip64tables> -X f2b-<name>
+
+[Init]
+
+ip64tables = ip64tables <lockingopt>
diff --git a/0.10.2/action.d/sendmail-ban-unban.local b/0.10.2/action.d/sendmail-ban-unban.local
new file mode 100644
index 0000000..22421ce
--- /dev/null
+++ b/0.10.2/action.d/sendmail-ban-unban.local
@@ -0,0 +1,70 @@
+# Fail2Ban configuration file
+#
+# Author: Cyril Jaquier
+#
+# $Revision$
+#
+[INCLUDES]
+
+
+
+[Definition]
+
+# Option:  actionstart
+# Notes.:  command executed once at the start of Fail2Ban.
+# Values:  CMD
+#
+actionstart =
+
+# Option:  actionstop
+# Notes.:  command executed once at the end of Fail2Ban
+# Values:  CMD
+#
+actionstop =
+
+# Option:  actioncheck
+# Notes.:  command executed once before each actionban command
+# Values:  CMD
+#
+actioncheck =
+
+# Option:  actionban
+# Notes.:  command executed when banning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    <ip>  IP address
+#          <failures>  number of failures
+#          <time>  unix timestamp of the ban time
+# Values:  CMD
+#
+actionban = printf %%b "Subject: [Fail2Ban] <name>: banned <ip>
+            Date: `LC_ALL=C date +"%%a, %%d %%h %%Y %%T %%z"`
+            From: <sendername> <<sender>>
+            To: <dest>\n
+            Hi,\n
+            The IP <ip> has just been banned by Fail2Ban after
+            <failures> attempts against <name>.\n
+            Regards,\n
+            Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
+
+# Option:  actionunban
+# Notes.:  command executed when unbanning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    <ip>  IP address
+#          <failures>  number of failures
+#          <time>  unix timestamp of the ban time
+# Values:  CMD
+#
+actionunban = printf %%b "Subject: [Fail2Ban] <name>: freed <ip>
+            Date: `LC_ALL=C date +"%%a, %%d %%h %%Y %%T %%z"`
+            From: <sendername> <<sender>>
+            To: <dest>\n
+            Hi,\n
+            The IP <ip> has just been freed by Fail2Ban <name>.\n
+            Regards,\n
+            Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
+
+[Init]
+
+# Sender display name
+#
+sendername = Fail2Ban
diff --git a/0.10.2/action.d/sendmail-ban.local b/0.10.2/action.d/sendmail-ban.local
new file mode 100644
index 0000000..5fd836f
--- /dev/null
+++ b/0.10.2/action.d/sendmail-ban.local
@@ -0,0 +1,63 @@
+# Fail2Ban configuration file
+#
+# Author: Cyril Jaquier
+#
+# $Revision$
+#
+[INCLUDES]
+
+
+
+[Definition]
+
+# Option:  actionstart
+# Notes.:  command executed once at the start of Fail2Ban.
+# Values:  CMD
+#
+actionstart =
+
+# Option:  actionstop
+# Notes.:  command executed once at the end of Fail2Ban
+# Values:  CMD
+#
+actionstop =
+
+# Option:  actioncheck
+# Notes.:  command executed once before each actionban command
+# Values:  CMD
+#
+actioncheck =
+
+# Option:  actionban
+# Notes.:  command executed when banning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    <ip>  IP address
+#          <failures>  number of failures
+#          <time>  unix timestamp of the ban time
+# Values:  CMD
+#
+actionban = printf %%b "Subject: [Fail2Ban] <name>: banned <ip>
+            Date: `LC_ALL=C date +"%%a, %%d %%h %%Y %%T %%z"`
+            From: <sendername> <<sender>>
+            To: <dest>\n
+            Hi,\n
+            The IP <ip> has just been banned by Fail2Ban after
+            <failures> attempts against <name>.\n
+            Regards,\n
+            Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
+
+# Option:  actionunban
+# Notes.:  command executed when unbanning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    <ip>  IP address
+#          <failures>  number of failures
+#          <time>  unix timestamp of the ban time
+# Values:  CMD
+#
+actionunban =
+
+[Init]
+
+# Sender display name
+#
+sendername = Fail2Ban
diff --git a/0.10.2/action.d/sendmail-whois-lines.local b/0.10.2/action.d/sendmail-whois-lines.local
new file mode 100644
index 0000000..d55d239
--- /dev/null
+++ b/0.10.2/action.d/sendmail-whois-lines.local
@@ -0,0 +1,46 @@
+# Fail2Ban configuration file
+#
+# Author: Cyril Jaquier
+#
+# $Revision$
+#
+[INCLUDES]
+
+
+
+[Definition]
+
+# Option:  actionstart
+# Notes.:  command executed once at the start of Fail2Ban.
+# Values:  CMD
+#
+actionstart =
+
+# Option:  actionstop
+# Notes.:  command executed once at the end of Fail2Ban
+# Values:  CMD
+#
+actionstop =
+
+# Option:  actionunban
+# Notes.:  command executed when unbanning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    <ip>  IP address
+#          <failures>  number of failures
+#          <time>  unix timestamp of the ban time
+# Values:  CMD
+#
+actionunban = printf %%b "Subject: [Fail2Ban] <name>: freed <ip>
+            Date: `LC_ALL=C date +"%%a, %%d %%h %%Y %%T %%z"`
+            From: <sendername> <<sender>>
+            To: <dest>\n
+            Hi,\n
+            The IP <ip> has just been freed by Fail2Ban <name>.\n
+            Regards,\n
+            Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
+
+[Init]
+
+# Sender display name
+#
+sendername = Fail2Ban
diff --git a/0.10.2/filter.d/dovecot.local b/0.10.2/filter.d/dovecot.local
new file mode 100644
index 0000000..3eaaab8
--- /dev/null
+++ b/0.10.2/filter.d/dovecot.local
@@ -0,0 +1,7 @@
+# Fail2Ban filter Dovecot authentication and pop3/imap server
+#
+
+[Definition]
+
+mdre-sql = ^sql\([^,]+,<HOST>,<[^>]*>\): (Password mismatch|unknown user)(\(given password: \S*\))?.*$
+
diff --git a/0.10.2/filter.d/postfix.local b/0.10.2/filter.d/postfix.local
new file mode 100644
index 0000000..0e109bf
--- /dev/null
+++ b/0.10.2/filter.d/postfix.local
@@ -0,0 +1,5 @@
+
+[Definition]
+
+mdpr-sasl-dos = \w+:
+mdre-sasl-dos = ^client=[-._\w]+\[<HOST>\]\, sasl_method=(?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5)+, sasl_username=\S+@\S+\.\w+\s*$
diff --git a/0.10.2/ip64tables b/0.10.2/ip64tables
new file mode 100755
index 0000000..7b1639d
--- /dev/null
+++ b/0.10.2/ip64tables
@@ -0,0 +1,29 @@
+#!/bin/bash
+# iptables/ip6tables switch
+LINE=$*
+
+RESULT=`echo $LINE | egrep " ([0-9]{1,3}\.){3}[0-9]{1,3}" | wc -l`
+RESULT6=`echo $LINE | egrep "(::[A-Fa-f0-9])|((:[A-Fa-f0-9]{1,4}){2,})" | wc -l `
+
+if [ $RESULT -eq "1" ]; then
+  # IPv4
+  iptables $LINE
+  ERRCODE=$?
+
+elif [ $RESULT6 -eq "1" ]; then
+  # IPv6
+  ip6tables $LINE
+  ERRCODE=$?
+
+else
+  # IPv4 + IPv6
+  iptables $LINE
+  ERRCODE=$?
+  ip6tables $LINE
+  if [ $? -ge "1" ]; then
+    ERRCODE=$?
+  fi
+
+fi
+
+exit $ERRCODE
diff --git a/0.10.2/jail.local b/0.10.2/jail.local
new file mode 100644
index 0000000..d2c17c0
--- /dev/null
+++ b/0.10.2/jail.local
@@ -0,0 +1,105 @@
+[DEFAULT]
+
+#
+# ACTIONS
+#
+
+# Some options used for actions
+
+# Sender email address used solely for some actions
+sender = fail2ban@<fq-hostname>
+
+
+# Default banning action (e.g. iptables, iptables-new,
+# iptables-multiport, shorewall, etc) It is used to define
+# action_* variables. Can be overridden globally or per
+# section within jail.local file
+banaction = iptables-multiport
+
+
+# ban & send an information e-mail to the destemail. No e-mail if unban.
+#
+# Note:
+# sendmail-ban must be configured. See action.d/sendmail-ban.local
+#
+action_mb = %(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
+            %(mta)s-ban[name=%(__name__)s, sender="%(sender)s", dest="%(destemail)s", protocol="%(protocol)s", chain="%(chain)s"]
+
+# ban & send an information e-mail to the destemail. Also send an
+# information e-mail if ip was unbanned.
+#
+# Note:
+# sendmail-ban-unban must be configured. See action.d/sendmail-ban-unban.local
+#
+action_mbu = %(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
+            %(mta)s-ban-unban[name=%(__name__)s, sender="%(sender)s", dest="%(destemail)s", protocol="%(protocol)s", chain="%(chain)s"]
+
+# Choose default action
+#
+#action = %(action_mb)s
+#action = %(action_mbu)s
+action = %(action_)s
+
+
+#
+# JAIL
+#
+
+[sshd]
+
+enabled  = true
+port     = ssh
+filter   = sshd
+logpath  = /var/log/auth.log
+findtime = 600
+maxretry = 6
+bantime  = 86400
+
+
+[postfix-rbl]
+
+enabled  = true
+
+
+[postfix-sasl]
+
+enabled  = true
+# - Take care to allowh 'whois' requests from this mashine. Maybe
+# - you have configure your firewall
+action   = %(action_mwl)s
+filter   = postfix[mode=auth]
+port     = smtp,465,submission,imap2,imaps,pop3,pop3s
+findtime = 360
+maxretry = 30
+bantime  = 3600
+
+
+[postfix-sasl-dos]
+
+enabled  = true
+# - Take care to allowh 'whois' requests from this mashine. Maybe
+# - you have configure your firewall
+action   = %(action_mwl)s
+port     = smtp,465,submission
+filter   = postfix[mode=sasl-dos]
+#logpath  = /var/log/mail.log
+logpath  = %(postfix_log)s
+backend  = %(postfix_backend)s
+findtime = 60
+maxretry = 20
+bantime  = 10800
+
+
+[dovecot]
+
+enabled  = true
+action   = %(action_mbu)s
+port     = pop3,pop3s,imap2,imaps,submission,465
+filter   = dovecot[mode=sql]
+#mode     = sql
+logpath  = /var/log/dovecot/dovecot.log
+maxretry = 20
+#maxretry = 4
+findtime = 1200
+bantime  = 1800
+
diff --git a/0.8.6/action.d/firewallcmd-ipset.local b/0.8.6/action.d/firewallcmd-ipset.local
new file mode 100644
index 0000000..788dd95
--- /dev/null
+++ b/0.8.6/action.d/firewallcmd-ipset.local
@@ -0,0 +1,67 @@
+# Fail2Ban action file for firewall-cmd/ipset
+#
+# This requires:
+# ipset (package: ipset)
+# firewall-cmd (package: firewalld)
+#
+# This is for ipset protocol 6 (and hopefully later) (ipset v6.14).
+# Use ipset -V to see the protocol and version.
+#
+# IPset was a feature introduced in the linux kernel 2.6.39 and 3.0.0 kernels.
+#
+# If you are running on an older kernel you make need to patch in external
+# modules.
+
+[INCLUDES]
+
+before = iptables-blocktype.conf
+
+[Definition]
+
+actionstart = ipset create f2b-<name> hash:ip timeout <bantime>
+              firewall-cmd --direct --add-rule ipv4 filter <chain> 0 -p <protocol> -m multiport --dports <port> -m set --match-set f2b-<name> src -j <blocktype>
+
+actionstop = firewall-cmd --direct --remove-rule ipv4 filter <chain> 0 -p <protocol> -m multiport --dports <port> -m set --match-set f2b-<name> src -j <blocktype>
+             ipset flush f2b-<name>
+             ipset destroy f2b-<name>
+
+actionban = ipset add f2b-<name> <ip> timeout <bantime> -exist
+
+actionunban = ipset del f2b-<name> <ip> -exist
+
+[Init]
+
+# Default name of the chain
+#
+name = default
+
+# Option:  port
+# Notes.:  specifies port to monitor
+# Values:  [ NUM | STRING ]
+#
+port = ssh
+
+# Option:  protocol
+# Notes.:  internally used by config reader for interpolations.
+# Values:  [ tcp | udp | icmp | all ]
+#
+protocol = tcp
+
+# Option:  chain
+# Notes    specifies the iptables chain to which the fail2ban rules should be
+#          added
+# Values:  [ STRING ]
+#
+chain = INPUT_direct
+
+# Option: bantime
+# Notes:  specifies the bantime in seconds (handled internally rather than by fail2ban)
+# Values:  [ NUM ]  Default: 600
+
+bantime = 600
+
+
+# DEV NOTES:
+#
+# Author: Edgar Hoch and Daniel Black
+# firewallcmd-new / iptables-ipset-proto6 combined for maximium goodness
diff --git a/0.8.6/action.d/firewallcmd-new.local b/0.8.6/action.d/firewallcmd-new.local
new file mode 100644
index 0000000..ca5ba4d
--- /dev/null
+++ b/0.8.6/action.d/firewallcmd-new.local
@@ -0,0 +1,72 @@
+# Fail2Ban configuration file
+#
+# Because of the --remove-rules in stop this action requires firewalld-0.3.8+
+
+[INCLUDES]
+
+before = iptables-blocktype.conf
+
+[Definition]
+
+actionstart = firewall-cmd --direct --add-chain ipv4 filter f2b-<name>
+              firewall-cmd --direct --add-rule ipv4 filter f2b-<name> 1000 -j RETURN
+              firewall-cmd --direct --add-rule ipv4 filter <chain> 0 -m state --state NEW -p <protocol> --dport <port> -j f2b-<name>
+
+actionstop = firewall-cmd --direct --remove-rule ipv4 filter <chain> 0 -m state --state NEW -p <protocol> --dport <port> -j f2b-<name>
+             firewall-cmd --direct --remove-rules ipv4 filter f2b-<name>
+             firewall-cmd --direct --remove-chain ipv4 filter f2b-<name>
+
+actioncheck = firewall-cmd --direct --get-chains ipv4 filter | grep -q '^f2b-<name>$'
+
+actionban = firewall-cmd --direct --add-rule ipv4 filter f2b-<name> 0 -s <ip> -j <blocktype>
+
+actionunban = firewall-cmd --direct --remove-rule ipv4 filter f2b-<name> 0 -s <ip> -j <blocktype>
+
+[Init]
+
+# Default name of the chain
+#
+name = default
+
+# Option:  port
+# Notes.:  specifies port to monitor
+# Values:  [ NUM | STRING ]
+#
+port = ssh
+
+# Option:  protocol
+# Notes.:  internally used by config reader for interpolations.
+# Values:  [ tcp | udp | icmp | all ]
+#
+protocol = tcp
+
+# Option:  chain
+# Notes    specifies the iptables chain to which the fail2ban rules should be
+#          added
+# Values:  [ STRING ]
+#
+chain = INPUT_direct
+
+# DEV NOTES:
+#
+# Author: Edgar Hoch
+# Copied from iptables-new.conf and modified for use with firewalld by Edgar Hoch.
+#  It uses "firewall-cmd" instead of "iptables".
+#
+# Output:
+# 
+# $ firewall-cmd --direct --add-chain ipv4 filter f2b-name
+# success
+# $ firewall-cmd --direct --add-rule ipv4 filter f2b-name 1000 -j RETURN
+# success
+# $ sudo firewall-cmd --direct --add-rule ipv4 filter INPUT_direct 0 -m state --state NEW -p tcp --dport 22 -j f2b-name
+# success
+# $ firewall-cmd --direct --get-chains ipv4 filter
+# f2b-name
+# $ firewall-cmd --direct --get-chains ipv4 filter  | od -h
+# 0000000 6166 6c69 6232 6e61 6e2d 6d61 0a65
+# $ firewall-cmd --direct --get-chains ipv4 filter | grep -Eq 'f2b-name( |$)' ; echo $?
+# 0
+# $ firewall-cmd -V
+# 0.3.8
+
diff --git a/0.8.6/action.d/ip64tables-multiport-log.local b/0.8.6/action.d/ip64tables-multiport-log.local
new file mode 100644
index 0000000..aa60ddf
--- /dev/null
+++ b/0.8.6/action.d/ip64tables-multiport-log.local
@@ -0,0 +1,83 @@
+# Fail2Ban configuration file
+#
+# Author: Guido Bozzetto
+# Modified: Cyril Jaquier
+#
+# make "f2b-<name>" chain to match drop IP
+# make "f2b-<name>-log" chain to log and drop
+# insert a jump to f2b-<name> from -I <chain> if proto/port match
+#
+#
+
+[INCLUDES]
+
+before = iptables-blocktype.conf
+
+[Definition]
+
+# Option:  actionstart
+# Notes.:  command executed once at the start of Fail2Ban.
+# Values:  CMD
+#
+actionstart = ip64tables -N f2b-<name>
+              ip64tables -A f2b-<name> -j RETURN
+              ip64tables -I <chain> 1 -p <protocol> -m multiport --dports <port> -j f2b-<name>
+              ip64tables -N f2b-<name>-log
+              ip64tables -I f2b-<name>-log -j LOG --log-prefix "$(expr f2b-<name> : '\(.\{1,23\}\)'):DROP " --log-level warning -m limit --limit 6/m --limit-burst 2
+              ip64tables -A f2b-<name>-log -j <blocktype>
+
+# Option:  actionstop
+# Notes.:  command executed once at the end of Fail2Ban
+# Values:  CMD
+#
+actionstop = ip64tables -D <chain> -p <protocol> -m multiport --dports <port> -j f2b-<name>
+             ip64tables -F f2b-<name>
+             ip64tables -F f2b-<name>-log
+             ip64tables -X f2b-<name>
+             ip64tables -X f2b-<name>-log
+
+# Option:  actioncheck
+# Notes.:  command executed once before each actionban command
+# Values:  CMD
+#
+actioncheck = ip64tables -n -L f2b-<name>-log >/dev/null
+
+# Option:  actionban
+# Notes.:  command executed when banning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    See jail.conf(5) man page
+# Values:  CMD
+#
+actionban = ip64tables -I f2b-<name> 1 -s <ip> -j f2b-<name>-log
+
+# Option:  actionunban
+# Notes.:  command executed when unbanning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    See jail.conf(5) man page
+# Values:  CMD
+#
+actionunban = ip64tables -D f2b-<name> -s <ip> -j f2b-<name>-log
+
+[Init]
+
+# Default name of the chain
+#
+name = default
+
+# Option:  port
+# Notes.:  specifies port to monitor
+# Values:  [ NUM | STRING ]  Default:
+#
+port = ssh
+
+# Option:  protocol
+# Notes.:  internally used by config reader for interpolations.
+# Values:  [ tcp | udp | icmp | all ] Default: tcp
+#
+protocol = tcp
+
+# Option:  chain
+# Notes    specifies the iptables chain to which the fail2ban rules should be
+#          added
+# Values:  STRING  Default: INPUT
+chain = INPUT
diff --git a/0.8.6/action.d/iptables-allports.local b/0.8.6/action.d/iptables-allports.local
new file mode 100644
index 0000000..480badc
--- /dev/null
+++ b/0.8.6/action.d/iptables-allports.local
@@ -0,0 +1,70 @@
+# Fail2Ban configuration file
+#
+# Author: Cyril Jaquier
+# Modified: Yaroslav O. Halchenko <debian@onerussian.com>
+# 			made active on all ports from original iptables.conf
+#
+#
+
+[INCLUDES]
+
+before = iptables-blocktype.conf
+
+
+[Definition]
+
+# Option:  actionstart
+# Notes.:  command executed once at the start of Fail2Ban.
+# Values:  CMD
+#
+actionstart = iptables -N f2b-<name>
+              iptables -A f2b-<name> -j RETURN
+              iptables -I <chain> -p <protocol> -j f2b-<name>
+
+# Option:  actionstop
+# Notes.:  command executed once at the end of Fail2Ban
+# Values:  CMD
+#
+actionstop = iptables -D <chain> -p <protocol> -j f2b-<name>
+             iptables -F f2b-<name>
+             iptables -X f2b-<name>
+
+# Option:  actioncheck
+# Notes.:  command executed once before each actionban command
+# Values:  CMD
+#
+actioncheck = iptables -n -L <chain> | grep -q 'f2b-<name>[ \t]'
+
+# Option:  actionban
+# Notes.:  command executed when banning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    See jail.conf(5) man page
+# Values:  CMD
+#
+actionban = iptables -I f2b-<name> 1 -s <ip> -j <blocktype>
+
+# Option:  actionunban
+# Notes.:  command executed when unbanning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    See jail.conf(5) man page
+# Values:  CMD
+#
+actionunban = iptables -D f2b-<name> -s <ip> -j <blocktype>
+
+[Init]
+
+# Default name of the chain
+#
+name = default
+
+# Option:  protocol
+# Notes.:  internally used by config reader for interpolations.
+# Values:  [ tcp | udp | icmp | all ] Default: tcp
+#
+protocol = tcp
+
+# Option:  chain
+# Notes    specifies the iptables chain to which the fail2ban rules should be
+#          added
+# Values:  STRING  Default: INPUT
+chain = INPUT
diff --git a/0.8.6/action.d/iptables-ipset-proto4.local b/0.8.6/action.d/iptables-ipset-proto4.local
new file mode 100644
index 0000000..fc03c68
--- /dev/null
+++ b/0.8.6/action.d/iptables-ipset-proto4.local
@@ -0,0 +1,73 @@
+# Fail2Ban configuration file
+#
+# Author: Daniel Black
+#
+# This is for ipset protocol 4 (ipset v4.2). If you have a later version
+# of ipset try to use the iptables-ipset-proto6.conf as it does some things
+# nicer.
+# 
+# This requires the program ipset which is normally in package called ipset.
+#
+# IPset was a feature introduced in the linux kernel 2.6.39 and 3.0.0 kernels.
+#
+# If you are running on an older kernel you make need to patch in external
+# modules. Debian squeeze can do this with:
+#   apt-get install xtables-addons-source 
+#   module-assistant auto-install xtables-addons
+#
+# Debian wheezy and above uses protocol 6
+
+[INCLUDES]
+
+before = iptables-blocktype.conf
+
+[Definition]
+
+# Option:  actionstart
+# Notes.:  command executed once at the start of Fail2Ban.
+# Values:  CMD
+#
+actionstart = ipset --create f2b-<name> iphash
+              iptables -I INPUT -p <protocol> -m multiport --dports <port> -m set --match-set f2b-<name> src -j <blocktype>
+
+# Option:  actionstop
+# Notes.:  command executed once at the end of Fail2Ban
+# Values:  CMD
+#
+actionstop = iptables -D INPUT -p <protocol> -m multiport --dports <port> -m set --match-set f2b-<name> src -j <blocktype>
+             ipset --flush f2b-<name>
+             ipset --destroy f2b-<name>
+
+# Option:  actionban
+# Notes.:  command executed when banning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    See jail.conf(5) man page
+# Values:  CMD
+#
+actionban = ipset --test f2b-<name> <ip> ||  ipset --add f2b-<name> <ip>
+
+# Option:  actionunban
+# Notes.:  command executed when unbanning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    See jail.conf(5) man page
+# Values:  CMD
+#
+actionunban = ipset --test f2b-<name> <ip> && ipset --del f2b-<name> <ip>
+
+[Init]
+
+# Default name of the ipset
+#
+name = default
+
+# Option:  port
+# Notes.:  specifies port to monitor
+# Values:  [ NUM | STRING ]  Default: ssh
+#
+port = ssh
+
+# Option:  protocol
+# Notes.:  internally used by config reader for interpolations.
+# Values:  [ tcp | udp | icmp | all ] Default: tcp
+#
+protocol = tcp
diff --git a/0.8.6/action.d/iptables-ipset-proto6-allports.local b/0.8.6/action.d/iptables-ipset-proto6-allports.local
new file mode 100644
index 0000000..72fba9c
--- /dev/null
+++ b/0.8.6/action.d/iptables-ipset-proto6-allports.local
@@ -0,0 +1,64 @@
+# Fail2Ban configuration file
+#
+# Author: Daniel Black
+#
+# This is for ipset protocol 6 (and hopefully later) (ipset v6.14).
+# Use ipset -V to see the protocol and version. Version 4 should use
+# iptables-ipset-proto4.conf.
+#
+# This requires the program ipset which is normally in package called ipset.
+#
+# IPset was a feature introduced in the linux kernel 2.6.39 and 3.0.0 kernels.
+#
+# If you are running on an older kernel you make need to patch in external
+# modules which probably won't be protocol version 6.
+
+[INCLUDES]
+
+before = iptables-blocktype.conf
+
+
+[Definition]
+
+# Option:  actionstart
+# Notes.:  command executed once at the start of Fail2Ban.
+# Values:  CMD
+#
+actionstart = ipset create f2b-<name> hash:ip timeout <bantime>
+              iptables -I INPUT -m set --match-set f2b-<name> src -j <blocktype>
+
+# Option:  actionstop
+# Notes.:  command executed once at the end of Fail2Ban
+# Values:  CMD
+#
+actionstop = iptables -D INPUT -m set --match-set f2b-<name> src -j <blocktype>
+             ipset flush f2b-<name>
+             ipset destroy f2b-<name>
+
+# Option:  actionban
+# Notes.:  command executed when banning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    See jail.conf(5) man page
+# Values:  CMD
+#
+actionban = ipset add f2b-<name> <ip> timeout <bantime> -exist
+
+# Option:  actionunban
+# Notes.:  command executed when unbanning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    See jail.conf(5) man page
+# Values:  CMD
+#
+actionunban = ipset del f2b-<name> <ip> -exist
+
+[Init]
+
+# Default name of the ipset
+#
+name = default
+
+# Option: bantime
+# Notes:  specifies the bantime in seconds (handled internally rather than by fail2ban)
+# Values:  [ NUM ]  Default: 600
+
+bantime = 600
diff --git a/0.8.6/action.d/iptables-ipset-proto6.local b/0.8.6/action.d/iptables-ipset-proto6.local
new file mode 100644
index 0000000..5d84811
--- /dev/null
+++ b/0.8.6/action.d/iptables-ipset-proto6.local
@@ -0,0 +1,76 @@
+# Fail2Ban configuration file
+#
+# Author: Daniel Black
+#
+# This is for ipset protocol 6 (and hopefully later) (ipset v6.14).
+# Use ipset -V to see the protocol and version. Version 4 should use
+# iptables-ipset-proto4.conf.
+#
+# This requires the program ipset which is normally in package called ipset.
+#
+# IPset was a feature introduced in the linux kernel 2.6.39 and 3.0.0 kernels.
+#
+# If you are running on an older kernel you make need to patch in external
+# modules.
+
+[INCLUDES]
+
+before = iptables-blocktype.conf
+
+
+[Definition]
+
+# Option:  actionstart
+# Notes.:  command executed once at the start of Fail2Ban.
+# Values:  CMD
+#
+actionstart = ipset create f2b-<name> hash:ip timeout <bantime>
+              iptables -I INPUT -p <protocol> -m multiport --dports <port> -m set --match-set f2b-<name> src -j <blocktype>
+
+# Option:  actionstop
+# Notes.:  command executed once at the end of Fail2Ban
+# Values:  CMD
+#
+actionstop = iptables -D INPUT -p <protocol> -m multiport --dports <port> -m set --match-set f2b-<name> src -j <blocktype>
+             ipset flush f2b-<name>
+             ipset destroy f2b-<name>
+
+# Option:  actionban
+# Notes.:  command executed when banning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    See jail.conf(5) man page
+# Values:  CMD
+#
+actionban = ipset add f2b-<name> <ip> timeout <bantime> -exist
+
+# Option:  actionunban
+# Notes.:  command executed when unbanning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    See jail.conf(5) man page
+# Values:  CMD
+#
+actionunban = ipset del f2b-<name> <ip> -exist
+
+[Init]
+
+# Default name of the ipset
+#
+name = default
+
+# Option:  port
+# Notes.:  specifies port to monitor
+# Values:  [ NUM | STRING ]  Default: ssh
+#
+port = ssh
+
+# Option:  protocol
+# Notes.:  internally used by config reader for interpolations.
+# Values:  [ tcp | udp | icmp | all ] Default: tcp
+#
+protocol = tcp
+
+# Option: bantime
+# Notes:  specifies the bantime in seconds (handled internally rather than by fail2ban)
+# Values:  [ NUM ]  Default: 600
+
+bantime = 600
diff --git a/0.8.6/action.d/iptables-multiport-log.local b/0.8.6/action.d/iptables-multiport-log.local
new file mode 100644
index 0000000..5a61103
--- /dev/null
+++ b/0.8.6/action.d/iptables-multiport-log.local
@@ -0,0 +1,83 @@
+# Fail2Ban configuration file
+#
+# Author: Guido Bozzetto
+# Modified: Cyril Jaquier
+#
+# make "f2b-<name>" chain to match drop IP
+# make "f2b-<name>-log" chain to log and drop
+# insert a jump to f2b-<name> from -I <chain> if proto/port match
+#
+#
+
+[INCLUDES]
+
+before = iptables-blocktype.conf
+
+[Definition]
+
+# Option:  actionstart
+# Notes.:  command executed once at the start of Fail2Ban.
+# Values:  CMD
+#
+actionstart = iptables -N f2b-<name>
+              iptables -A f2b-<name> -j RETURN
+              iptables -I <chain> 1 -p <protocol> -m multiport --dports <port> -j f2b-<name>
+              iptables -N f2b-<name>-log
+              iptables -I f2b-<name>-log -j LOG --log-prefix "$(expr f2b-<name> : '\(.\{1,23\}\)'):DROP " --log-level warning -m limit --limit 6/m --limit-burst 2
+              iptables -A f2b-<name>-log -j <blocktype>
+
+# Option:  actionstop
+# Notes.:  command executed once at the end of Fail2Ban
+# Values:  CMD
+#
+actionstop = iptables -D <chain> -p <protocol> -m multiport --dports <port> -j f2b-<name>
+             iptables -F f2b-<name>
+             iptables -F f2b-<name>-log
+             iptables -X f2b-<name>
+             iptables -X f2b-<name>-log
+
+# Option:  actioncheck
+# Notes.:  command executed once before each actionban command
+# Values:  CMD
+#
+actioncheck = iptables -n -L f2b-<name>-log >/dev/null
+
+# Option:  actionban
+# Notes.:  command executed when banning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    See jail.conf(5) man page
+# Values:  CMD
+#
+actionban = iptables -I f2b-<name> 1 -s <ip> -j f2b-<name>-log
+
+# Option:  actionunban
+# Notes.:  command executed when unbanning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    See jail.conf(5) man page
+# Values:  CMD
+#
+actionunban = iptables -D f2b-<name> -s <ip> -j f2b-<name>-log
+
+[Init]
+
+# Default name of the chain
+#
+name = default
+
+# Option:  port
+# Notes.:  specifies port to monitor
+# Values:  [ NUM | STRING ]  Default:
+#
+port = ssh
+
+# Option:  protocol
+# Notes.:  internally used by config reader for interpolations.
+# Values:  [ tcp | udp | icmp | all ] Default: tcp
+#
+protocol = tcp
+
+# Option:  chain
+# Notes    specifies the iptables chain to which the fail2ban rules should be
+#          added
+# Values:  STRING  Default: INPUT
+chain = INPUT
diff --git a/0.8.6/action.d/iptables-multiport.local b/0.8.6/action.d/iptables-multiport.local
new file mode 100644
index 0000000..ab3225b
--- /dev/null
+++ b/0.8.6/action.d/iptables-multiport.local
@@ -0,0 +1,73 @@
+# Fail2Ban configuration file
+#
+# Author: Cyril Jaquier
+# Modified by Yaroslav Halchenko for multiport banning
+#
+
+[INCLUDES]
+
+before = iptables-blocktype.conf
+
+[Definition]
+
+# Option:  actionstart
+# Notes.:  command executed once at the start of Fail2Ban.
+# Values:  CMD
+#
+actionstart = iptables -N f2b-<name>
+              iptables -A f2b-<name> -j RETURN
+              iptables -I <chain> -p <protocol> -m multiport --dports <port> -j f2b-<name>
+
+# Option:  actionstop
+# Notes.:  command executed once at the end of Fail2Ban
+# Values:  CMD
+#
+actionstop = iptables -D <chain> -p <protocol> -m multiport --dports <port> -j f2b-<name>
+             iptables -F f2b-<name>
+             iptables -X f2b-<name>
+
+# Option:  actioncheck
+# Notes.:  command executed once before each actionban command
+# Values:  CMD
+#
+actioncheck = iptables -n -L <chain> | grep -q 'f2b-<name>[ \t]'
+
+# Option:  actionban
+# Notes.:  command executed when banning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    See jail.conf(5) man page
+# Values:  CMD
+#
+actionban = iptables -I f2b-<name> 1 -s <ip> -j <blocktype>
+
+# Option:  actionunban
+# Notes.:  command executed when unbanning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    See jail.conf(5) man page
+# Values:  CMD
+#
+actionunban = iptables -D f2b-<name> -s <ip> -j <blocktype>
+
+[Init]
+
+# Default name of the chain
+#
+name = default
+
+# Option:  port
+# Notes.:  specifies port to monitor
+# Values:  [ NUM | STRING ]  Default:
+#
+port = ssh
+
+# Option:  protocol
+# Notes.:  internally used by config reader for interpolations.
+# Values:  [ tcp | udp | icmp | all ] Default: tcp
+#
+protocol = tcp
+
+# Option:  chain
+# Notes    specifies the iptables chain to which the fail2ban rules should be
+#          added
+# Values:  STRING  Default: INPUT
+chain = INPUT
diff --git a/0.8.6/action.d/iptables-new.local b/0.8.6/action.d/iptables-new.local
new file mode 100644
index 0000000..9a4587b
--- /dev/null
+++ b/0.8.6/action.d/iptables-new.local
@@ -0,0 +1,76 @@
+# Fail2Ban configuration file
+#
+# Author: Cyril Jaquier
+# Copied from iptables.conf and modified by Yaroslav Halchenko 
+#  to fulfill the needs of bugreporter dbts#350746.
+#
+#
+
+[INCLUDES]
+
+before = iptables-blocktype.conf
+
+
+[Definition]
+
+# Option:  actionstart
+# Notes.:  command executed once at the start of Fail2Ban.
+# Values:  CMD
+#
+actionstart = iptables -N f2b-<name>
+              iptables -A f2b-<name> -j RETURN
+              iptables -I <chain> -m state --state NEW -p <protocol> --dport <port> -j f2b-<name>
+
+# Option:  actionstop
+# Notes.:  command executed once at the end of Fail2Ban
+# Values:  CMD
+#
+actionstop = iptables -D <chain> -m state --state NEW -p <protocol> --dport <port> -j f2b-<name>
+             iptables -F f2b-<name>
+             iptables -X f2b-<name>
+
+# Option:  actioncheck
+# Notes.:  command executed once before each actionban command
+# Values:  CMD
+#
+actioncheck = iptables -n -L <chain> | grep -q 'f2b-<name>[ \t]'
+
+# Option:  actionban
+# Notes.:  command executed when banning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    See jail.conf(5) man page
+# Values:  CMD
+#
+actionban = iptables -I f2b-<name> 1 -s <ip> -j <blocktype>
+
+# Option:  actionunban
+# Notes.:  command executed when unbanning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    See jail.conf(5) man page
+# Values:  CMD
+#
+actionunban = iptables -D f2b-<name> -s <ip> -j <blocktype>
+
+[Init]
+
+# Default name of the chain
+#
+name = default
+
+# Option:  port
+# Notes.:  specifies port to monitor
+# Values:  [ NUM | STRING ]  Default:
+#
+port = ssh
+
+# Option:  protocol
+# Notes.:  internally used by config reader for interpolations.
+# Values:  [ tcp | udp | icmp | all ] Default: tcp
+#
+protocol = tcp
+
+# Option:  chain
+# Notes    specifies the iptables chain to which the fail2ban rules should be
+#          added
+# Values:  STRING  Default: INPUT
+chain = INPUT
diff --git a/0.8.6/action.d/iptables-xt_recent-echo.local b/0.8.6/action.d/iptables-xt_recent-echo.local
new file mode 100644
index 0000000..5d309b5
--- /dev/null
+++ b/0.8.6/action.d/iptables-xt_recent-echo.local
@@ -0,0 +1,77 @@
+# Fail2Ban configuration file
+#
+# Author: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
+#
+#
+
+[INCLUDES]
+
+before = iptables-blocktype.conf
+
+
+[Definition]
+
+# Option:  actionstart
+# Notes.:  command executed once at the start of Fail2Ban.
+# Values:  CMD
+#
+# Changing iptables rules requires root privileges. If fail2ban is
+# configured to run as root, firewall setup can be performed by
+# fail2ban automatically. However, if fail2ban is configured to run as
+# a normal user, the configuration must be done by some other means
+# (e.g. using static firewall configuration with the
+# iptables-persistent package).
+# 
+# Explanation of the rule below:
+#    Check if any packets coming from an IP on the f2b-<name>
+#    list have been seen in the last 3600 seconds. If yes, update the
+#    timestamp for this IP and drop the packet. If not, let the packet
+#    through.
+#
+#    Fail2ban inserts blacklisted hosts into the f2b-<name> list
+#    and removes them from the list after some time, according to its
+#    own rules. The 3600 second timeout is independent and acts as a
+#    safeguard in case the fail2ban process dies unexpectedly. The
+#    shorter of the two timeouts actually matters.
+actionstart = if [ `id -u` -eq 0 ];then iptables -I INPUT -m recent --update --seconds 3600 --name f2b-<name> -j <blocktype>;fi
+
+# Option:  actionstop
+# Notes.:  command executed once at the end of Fail2Ban
+# Values:  CMD
+#
+actionstop = echo / > /proc/net/xt_recent/f2b-<name>
+             if [ `id -u` -eq 0 ];then iptables -D INPUT -m recent --update --seconds 3600 --name f2b-<name> -j <blocktype>;fi
+
+# Option:  actioncheck
+# Notes.:  command executed once before each actionban command
+# Values:  CMD
+#
+actioncheck = test -e /proc/net/xt_recent/f2b-<name>
+
+# Option:  actionban
+# Notes.:  command executed when banning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    See jail.conf(5) man page
+# Values:  CMD
+#
+actionban = echo +<ip> > /proc/net/xt_recent/f2b-<name>
+
+# Option:  actionunban
+# Notes.:  command executed when unbanning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    See jail.conf(5) man page
+# Values:  CMD
+#
+actionunban = echo -<ip> > /proc/net/xt_recent/f2b-<name>
+
+[Init]
+
+# Default name of the chain
+#
+name = default
+
+# Option:  protocol
+# Notes.:  internally used by config reader for interpolations.
+# Values:  [ tcp | udp | icmp | all ] Default: tcp
+#
+protocol = tcp
diff --git a/0.8.6/action.d/iptables.local b/0.8.6/action.d/iptables.local
new file mode 100644
index 0000000..5afe4bf
--- /dev/null
+++ b/0.8.6/action.d/iptables.local
@@ -0,0 +1,73 @@
+# Fail2Ban configuration file
+#
+# Author: Cyril Jaquier
+#
+#
+
+[INCLUDES]
+
+before = iptables-blocktype.conf
+
+[Definition]
+
+# Option:  actionstart
+# Notes.:  command executed once at the start of Fail2Ban.
+# Values:  CMD
+#
+actionstart = iptables -N f2b-<name>
+              iptables -A f2b-<name> -j RETURN
+              iptables -I <chain> -p <protocol> --dport <port> -j f2b-<name>
+
+# Option:  actionstop
+# Notes.:  command executed once at the end of Fail2Ban
+# Values:  CMD
+#
+actionstop = iptables -D <chain> -p <protocol> --dport <port> -j f2b-<name>
+             iptables -F f2b-<name>
+             iptables -X f2b-<name>
+
+# Option:  actioncheck
+# Notes.:  command executed once before each actionban command
+# Values:  CMD
+#
+actioncheck = iptables -n -L <chain> | grep -q 'f2b-<name>[ \t]'
+
+# Option:  actionban
+# Notes.:  command executed when banning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    See jail.conf(5) man page
+# Values:  CMD
+#
+actionban = iptables -I f2b-<name> 1 -s <ip> -j <blocktype>
+
+# Option:  actionunban
+# Notes.:  command executed when unbanning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    See jail.conf(5) man page
+# Values:  CMD
+#
+actionunban = iptables -D f2b-<name> -s <ip> -j <blocktype>
+
+[Init]
+
+# Default name of the chain
+#
+name = default
+
+# Option:  port
+# Notes.:  specifies port to monitor
+# Values:  [ NUM | STRING ]  Default:
+#
+port = ssh
+
+# Option:  protocol
+# Notes.:  internally used by config reader for interpolations.
+# Values:  [ tcp | udp | icmp | all ] Default: tcp
+#
+protocol = tcp
+
+# Option:  chain
+# Notes    specifies the iptables chain to which the fail2ban rules should be
+#          added
+# Values:  STRING  Default: INPUT
+chain = INPUT
diff --git a/0.8.6/action.d/sendmail-only-ban.local b/0.8.6/action.d/sendmail-only-ban.local
new file mode 100644
index 0000000..9b8deff
--- /dev/null
+++ b/0.8.6/action.d/sendmail-only-ban.local
@@ -0,0 +1,69 @@
+# Fail2Ban configuration file
+#
+# Author: Cyril Jaquier
+#
+# $Revision$
+#
+
+[Definition]
+
+# Option:  actionstart
+# Notes.:  command executed once at the start of Fail2Ban.
+# Values:  CMD
+#
+actionstart =
+
+# Option:  actionstop
+# Notes.:  command executed once at the end of Fail2Ban
+# Values:  CMD
+#
+actionstop =
+
+# Option:  actioncheck
+# Notes.:  command executed once before each actionban command
+# Values:  CMD
+#
+actioncheck =
+
+# Option:  actionban
+# Notes.:  command executed when banning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    <ip>  IP address
+#          <failures>  number of failures
+#          <time>  unix timestamp of the ban time
+# Values:  CMD
+#
+actionban = printf %%b "Subject: [Fail2Ban] <name>: banned <ip>
+            Date: `LC_TIME=C date -u +"%%a, %%d %%h %%Y %%T +0000"`
+            From: Fail2Ban <<sender>>
+            To: <dest>\n
+            Hi,\n
+            The IP <ip> has just been banned by Fail2Ban after
+            <failures> attempts against <name>.\n
+            Regards,\n
+            Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
+
+# Option:  actionunban
+# Notes.:  command executed when unbanning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    <ip>  IP address
+#          <failures>  number of failures
+#          <time>  unix timestamp of the ban time
+# Values:  CMD
+#
+actionunban =
+
+[Init]
+
+# Defaut name of the chain
+#
+name = default
+
+# Destination/Addressee of the mail
+#
+dest = root
+
+# Sender of the mail
+#
+sender = fail2ban
+
diff --git a/0.8.6/action.d/sendmail-only-ban_unban.local b/0.8.6/action.d/sendmail-only-ban_unban.local
new file mode 100644
index 0000000..c07358e
--- /dev/null
+++ b/0.8.6/action.d/sendmail-only-ban_unban.local
@@ -0,0 +1,76 @@
+# Fail2Ban configuration file
+#
+# Author: Cyril Jaquier
+#
+# $Revision$
+#
+
+[Definition]
+
+# Option:  actionstart
+# Notes.:  command executed once at the start of Fail2Ban.
+# Values:  CMD
+#
+actionstart =
+
+# Option:  actionstop
+# Notes.:  command executed once at the end of Fail2Ban
+# Values:  CMD
+#
+actionstop =
+
+# Option:  actioncheck
+# Notes.:  command executed once before each actionban command
+# Values:  CMD
+#
+actioncheck =
+
+# Option:  actionban
+# Notes.:  command executed when banning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    <ip>  IP address
+#          <failures>  number of failures
+#          <time>  unix timestamp of the ban time
+# Values:  CMD
+#
+actionban = printf %%b "Subject: [Fail2Ban] <name>: banned <ip>
+            Date: `LC_TIME=C date -u +"%%a, %%d %%h %%Y %%T +0000"`
+            From: Fail2Ban <<sender>>
+            To: <dest>\n
+            Hi,\n
+            The IP <ip> has just been banned by Fail2Ban after
+            <failures> attempts against <name>.\n
+            Regards,\n
+            Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
+
+# Option:  actionunban
+# Notes.:  command executed when unbanning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    <ip>  IP address
+#          <failures>  number of failures
+#          <time>  unix timestamp of the ban time
+# Values:  CMD
+#
+actionunban = printf %%b "Subject: [Fail2Ban] <name>: freed <ip>
+            Date: `LC_TIME=C date -u +"%%a, %%d %%h %%Y %%T +0000"`
+            From: Fail2Ban <<sender>>
+            To: <dest>\n
+            Hi,\n
+            The IP <ip> has just been freed by Fail2Ban <name>.\n
+            Regards,\n
+            Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
+
+[Init]
+
+# Defaut name of the chain
+#
+name = default
+
+# Destination/Addressee of the mail
+#
+dest = root
+
+# Sender of the mail
+#
+sender = fail2ban
+
diff --git a/0.8.6/filter.d/apache-badbots.local b/0.8.6/filter.d/apache-badbots.local
new file mode 100644
index 0000000..d15e4a7
--- /dev/null
+++ b/0.8.6/filter.d/apache-badbots.local
@@ -0,0 +1,22 @@
+# Fail2Ban configuration file
+#
+# Regexp to catch known spambots and software alike. Please verify
+# that it is your intent to block IPs which were driven by
+# above mentioned bots.
+
+
+[Definition]
+
+badbotscustom = EmailCollector|WebEMailExtrac|TrackBack/1\.02|sogou music spider
+badbots = Atomic_Email_Hunter/4\.0|atSpider/1\.0|autoemailspider|bwh3_user_agent|China Local Browse 2\.6|ContactBot/0\.2|ContentSmartz|DataCha0s/2\.0|DBrowse 1\.4b|DBrowse 1\.4d|Demo Bot DOT 16b|Demo Bot Z 16b|DSurf15a 01|DSurf15a 71|DSurf15a 81|DSurf15a VA|EBrowse 1\.4b|Educate Search VxB|EmailSiphon|EmailSpider|EmailWolf 1\.00|ESurf15a 15|ExtractorPro|Franklin Locator 1\.8|FSurf15a 01|Full Web Bot 0416B|Full Web Bot 0516B|Full Web Bot 2816B|Guestbook Auto Submitter|Industry Program 1\.0\.x|ISC Systems iRc Search 2\.1|IUPUI Research Bot v 1\.9a|LARBIN-EXPERIMENTAL \(efp@gmx\.net\)|LetsCrawl\.com/1\.0 +http\://letscrawl\.com/|Lincoln State Web Browser|LMQueueBot/0\.2|LWP\:\:Simple/5\.803|Mac Finder 1\.0\.xx|MFC Foundation Class Library 4\.0|Microsoft URL Control - 6\.00\.8xxx|Missauga Locate 1\.0\.0|Missigua Locator 1\.9|Missouri College Browse|Mizzu Labs 2\.2|Mo College 1\.9|MVAClient|Mozilla/2\.0 \(compatible; NEWT ActiveX; Win32\)|Mozilla/3\.0 \(compatible; Indy Library\)|Mozilla/3\.0 \(compatible; scan4mail \(advanced version\) http\://www\.peterspages\.net/?scan4mail\)|Mozilla/4\.0 \(compatible; Advanced Email Extractor v2\.xx\)|Mozilla/4\.0 \(compatible; Iplexx Spider/1\.0 http\://www\.iplexx\.at\)|Mozilla/4\.0 \(compatible; MSIE 5\.0; Windows NT; DigExt; DTS Agent|Mozilla/4\.0 efp@gmx\.net|Mozilla/5\.0 \(Version\: xxxx Type\:xx\)|NameOfAgent \(CMS Spider\)|NASA Search 1\.0|Nsauditor/1\.x|PBrowse 1\.4b|PEval 1\.4b|Poirot|Port Huron Labs|Production Bot 0116B|Production Bot 2016B|Production Bot DOT 3016B|Program Shareware 1\.0\.2|PSurf15a 11|PSurf15a 51|PSurf15a VA|psycheclone|RSurf15a 41|RSurf15a 51|RSurf15a 81|searchbot admin@google\.com|ShablastBot 1\.0|snap\.com beta crawler v0|Snapbot/1\.0|Snapbot/1\.0 \(Snap Shots&#44; +http\://www\.snap\.com\)|sogou develop spider|Sogou Orion spider/3\.0\(+http\://www\.sogou\.com/docs/help/webmasters\.htm#07\)|sogou spider|Sogou web spider/3\.0\(+http\://www\.sogou\.com/docs/help/webmasters\.htm#07\)|sohu agent|SSurf15a 11 |TSurf15a 11|Under the Rainbow 2\.2|User-Agent\: Mozilla/4\.0 \(compatible; MSIE 6\.0; Windows NT 5\.1\)|VadixBot|WebVulnCrawl\.unknown/1\.0 libwww-perl/5\.803|Wells Search II|WEP Search 00
+
+#failregex = ^<HOST> -.*"(GET|POST|HEAD).*HTTP.*"(?:%(badbots)s|%(badbotscustom)s)"$
+failregex = ^<HOST> .* "(?:%(badbots)s|%(badbotscustom)s)" \d\s*$
+
+ignoreregex =
+
+# DEV Notes:
+# List of bad bots fetched from http://www.user-agents.org
+# Generated on Thu Nov  7 14:23:35 PST 2013 by files/gen_badbots.
+#
+# Author: Yaroslav Halchenko
diff --git a/0.8.6/filter.d/http-dos.local b/0.8.6/filter.d/http-dos.local
new file mode 100644
index 0000000..7e5fd03
--- /dev/null
+++ b/0.8.6/filter.d/http-dos.local
@@ -0,0 +1,3 @@
+[Definition]
+failregex = ^<HOST> .*$
+ignoreregex =
diff --git a/0.8.6/filter.d/owncloud.local b/0.8.6/filter.d/owncloud.local
new file mode 100644
index 0000000..df7263b
--- /dev/null
+++ b/0.8.6/filter.d/owncloud.local
@@ -0,0 +1,2 @@
+[Definition]
+failregex={"app":"core","message":"Login failed: '.*' \(Remote IP: '<HOST>', X-Forwarded-For: '.*'\)","level":2,"time":".*"}
diff --git a/0.8.6/filter.d/postfix-auth-dos.local b/0.8.6/filter.d/postfix-auth-dos.local
new file mode 100644
index 0000000..62aab8d
--- /dev/null
+++ b/0.8.6/filter.d/postfix-auth-dos.local
@@ -0,0 +1,23 @@
+# Fail2Ban configuration file
+#
+# Author: Christoph Kuchenbuch
+#
+# $Revision$
+#
+
+[Definition]
+
+# Option: failregex
+# Notes.: regex to match the (successfully) login via smtp-auth. The
+#          host must be matched by a group named "host". The tag "<HOST>" can
+#          be used for standard IP/hostname matching and is only an alias for
+#          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
+# Values: TEXT
+#
+failregex = (?i): \w+: client=[-._\w]+\[<HOST>\]\, sasl_method=(?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5)+, sasl_username=\S+@\S+\.\w+\s*$
+
+# Option:  ignoreregex
+# Notes.:  regex to ignore. If this regex matches, the line is ignored.
+# Values:  TEXT
+#
+ignoreregex =
diff --git a/0.8.6/filter.d/postfix-sasl.local b/0.8.6/filter.d/postfix-sasl.local
new file mode 100644
index 0000000..e42ee9a
--- /dev/null
+++ b/0.8.6/filter.d/postfix-sasl.local
@@ -0,0 +1,14 @@
+# Fail2Ban filter for postfix authentication failures
+#
+
+[INCLUDES]
+
+before = common.conf
+
+[Definition]
+
+_daemon = postfix/smtpd
+
+failregex = ^%(__prefix_line)swarning: [-._\w]+\[<HOST>\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(:[ A-Za-z0-9+/]*={0,2})?\s*$
+
+# Author: Yaroslav Halchenko
diff --git a/0.8.6/filter.d/sshd.local b/0.8.6/filter.d/sshd.local
new file mode 100644
index 0000000..7a54133
--- /dev/null
+++ b/0.8.6/filter.d/sshd.local
@@ -0,0 +1,44 @@
+
+# Fail2Ban configuration file
+#
+# Author: Cyril Jaquier
+#
+# $Revision$
+#
+
+[INCLUDES]
+
+# Read common prefixes. If any customizations available -- read them from
+# common.local
+before = common.conf
+
+
+[Definition]
+
+_daemon = sshd
+
+# Option:  failregex
+# Notes.:  regex to match the password failures messages in the logfile. The
+#          host must be matched by a group named "host". The tag "<HOST>" can
+#          be used for standard IP/hostname matching and is only an alias for
+#          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
+# Values:  TEXT
+#
+failregex = ^%(__prefix_line)s(?:error: PAM: )?Authentication failure for .* from <HOST>\s*$
+            ^%(__prefix_line)s(?:error: PAM: )?User not known to the underlying authentication module for .* from <HOST>\s*$
+            ^%(__prefix_line)sFailed (?:password|publickey) for .* from <HOST>(?: port \d*)?(?: ssh\d*)?$
+            ^%(__prefix_line)sROOT LOGIN REFUSED.* FROM <HOST>\s*$
+            ^%(__prefix_line)s[iI](?:llegal|nvalid) user .* from <HOST>\s*$
+            ^%(__prefix_line)sUser .+ from <HOST> not allowed because not listed in AllowUsers$
+            ^%(__prefix_line)sauthentication failure; logname=\S* uid=\S* euid=\S* tty=\S* ruser=\S* rhost=<HOST>(?:\s+user=.*)?\s*$
+            ^%(__prefix_line)srefused connect from \S+ \(<HOST>\)\s*$
+            ^%(__prefix_line)sAddress <HOST> .* POSSIBLE BREAK-IN ATTEMPT!*\s*$
+            ^%(__prefix_line)sUser .+ from <HOST> not allowed because none of user's groups are listed in AllowGroups\s*$
+            ^%(__prefix_line)sConnection closed by <HOST> \[preauth\]$
+            ^%(__prefix_line)sReceived disconnect from <HOST>: 11: .+ \[preauth\]$
+
+# Option:  ignoreregex
+# Notes.:  regex to ignore. If this regex matches, the line is ignored.
+# Values:  TEXT
+#
+ignoreregex = 
diff --git a/0.8.6/filter.d/wp-login.local b/0.8.6/filter.d/wp-login.local
new file mode 100644
index 0000000..0553d7a
--- /dev/null
+++ b/0.8.6/filter.d/wp-login.local
@@ -0,0 +1,14 @@
+[Definition]
+
+# WordPress führt nach einem erfolgreichen Login auf der “wp-login.php” 
+# einen 302-Redirect durch, fehlgeschlagene Logins hingegen werden mit 
+# dem HTTP-Status-Code 200 im Access-Log aufgezeichnet.
+#
+# Der Login Request ist ein "POST" Request.
+#
+# Logfile Definition:
+#    LogFormat "%h %v %p %t %r %>s \"%{User-Agent}i\" %T" base_requests
+#
+
+failregex = ^<HOST> .* POST /wp-login.php HTTP.* 200 .*$
+ignoreregex =
diff --git a/0.8.6/filter.d/wp-xmlrpc.local b/0.8.6/filter.d/wp-xmlrpc.local
new file mode 100644
index 0000000..38b5ad5
--- /dev/null
+++ b/0.8.6/filter.d/wp-xmlrpc.local
@@ -0,0 +1,3 @@
+[Definition]
+failregex = ^<HOST> .* POST /xmlrpc.php HTTP.* 200 .*$
+ignoreregex =
diff --git a/0.8.6/ip64tables b/0.8.6/ip64tables
new file mode 100755
index 0000000..7b1639d
--- /dev/null
+++ b/0.8.6/ip64tables
@@ -0,0 +1,29 @@
+#!/bin/bash
+# iptables/ip6tables switch
+LINE=$*
+
+RESULT=`echo $LINE | egrep " ([0-9]{1,3}\.){3}[0-9]{1,3}" | wc -l`
+RESULT6=`echo $LINE | egrep "(::[A-Fa-f0-9])|((:[A-Fa-f0-9]{1,4}){2,})" | wc -l `
+
+if [ $RESULT -eq "1" ]; then
+  # IPv4
+  iptables $LINE
+  ERRCODE=$?
+
+elif [ $RESULT6 -eq "1" ]; then
+  # IPv6
+  ip6tables $LINE
+  ERRCODE=$?
+
+else
+  # IPv4 + IPv6
+  iptables $LINE
+  ERRCODE=$?
+  ip6tables $LINE
+  if [ $? -ge "1" ]; then
+    ERRCODE=$?
+  fi
+
+fi
+
+exit $ERRCODE
diff --git a/0.8.6/jail.local b/0.8.6/jail.local
new file mode 100644
index 0000000..bb4c45e
--- /dev/null
+++ b/0.8.6/jail.local
@@ -0,0 +1,144 @@
+[DEFAULT]
+
+#
+# ACTIONS
+#
+
+# Default banning action (e.g. iptables, iptables-new,
+# iptables-multiport, shorewall, etc) It is used to define
+# action_* variables. Can be overridden globally or per
+# section within jail.local file
+banaction = iptables-multiport-log
+
+mta = sendmail
+
+## - Note:
+## - sendmail-only-ban must be configured. See action.d/sendmail-only-ban.local
+## -
+action_m = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
+              %(mta)s-only-ban_unban[name=%(__name__)s, dest="%(destemail)s", protocol="%(protocol)s", chain="%(chain)s"]
+
+## - Choose default action
+## -
+#action = %(action_m)s
+action = %(action_)s
+
+
+#
+# JAILS
+#
+
+[ssh]
+enabled  = true
+port     = ssh
+filter   = sshd
+logpath  = /var/log/auth.log
+findtime = 600
+maxretry = 3
+bantime  = 86400
+
+[ssh-vservers]
+enabled  = true
+port     = ssh
+filter   = sshd
+logpath  = /vservers/*/var/log/auth.log
+findtime = 600
+maxretry = 3
+bantime  = 86400
+
+[sasl]
+enabled  = true
+port     = smtp,ssmtp,submission
+filter   = sasl
+logpath  = /var/log/mail.warn
+findtime = 600
+maxretry = 3
+bantime  = 43200
+
+## - MAC is sending 3 failed SASL requests before
+## - authentication succeeded
+## -
+## - If running a mailserver, consider that fact!
+## -
+[sasl-vservers]
+enabled  = true
+port     = smtp,ssmtp,submission
+filter   = sasl
+logpath  = /vservers/*/var/log/mail.warn
+findtime = 30
+maxretry = 19
+bantime  = 10800
+
+[postfix]
+enabled  = true
+port     = smtp,ssmtp
+filter   = postfix
+logpath  = /vservers/a.mx/var/log/mail.log
+findtime = 60
+maxretry = 1
+bantime  = 43200
+
+[postfix-auth-dos]
+enabled  = true
+port     = smtp,ssmtp,submission
+filter   = postfix-auth-dos
+logpath  = /vservers/a.mx/var/log/mail.log
+findtime = 60
+maxretry = 60
+bantime  = 10800
+
+[apache-badbots]
+# Ban hosts which agent identifies spammer robots crawling the web
+# for email addresses. The mail outputs are buffered.
+enabled  = true
+port     = http,https
+filter   = apache-badbots
+logpath  = /vservers/www/var/log/apache2/ipv4_requests.log
+findtime = 10
+maxretry = 1
+bantime  = 172800
+
+[http-dos]
+enabled  = true
+filter   = http-dos
+port     = http,https
+logpath  = /vservers/*/var/log/apache2/ipv4_requests.log
+maxretry = 600
+findtime = 60
+bantime  = 43200
+
+[wp-login]
+enabled  = true
+filter   = wp-login
+port     = http,https
+logpath  = /vservers/www/var/log/apache2/ipv4_requests.log
+maxretry = 5
+findtime = 60
+bantime  = 86400
+
+[wp-xmlrpc]
+enabled  = true
+filter   = wp-xmlrpc
+port     = http,https
+logpath  = /vservers/*/var/log/apache2/ipv4_requests.log
+maxretry = 5
+findtime = 60
+bantime  = 43200
+
+[owncloud]
+enabled  = true
+filter   = owncloud
+port     = http,https
+logpath  = /vservers/www/var/log/apache2/ipv4_requests.log
+maxretry = 5
+findtime = 30
+bantime  = 600
+
+[pure-ftpd]
+enabled  = true
+filter   = pure-ftpd
+port     = ftp,ftp-data,ftps,ftps-data
+logpath  = /vservers/*/var/log/pure-ftpd/ftp.log
+maxretry = 5
+findtime = 600
+bantime  = 86400
diff --git a/0.9.6/action.d/ip64tables-allports.local b/0.9.6/action.d/ip64tables-allports.local
new file mode 100644
index 0000000..b24f92e
--- /dev/null
+++ b/0.9.6/action.d/ip64tables-allports.local
@@ -0,0 +1,54 @@
+# Fail2Ban configuration file
+#
+# Based on iptables-allports.conf:
+#     Author: Cyril Jaquier
+#     Modified: Yaroslav O. Halchenko <debian@onerussian.com>
+#           made active on all ports from original iptables.conf
+#
+#
+
+[INCLUDES]
+
+before = ip64tables-common.local
+
+[Definition]
+
+# Option:  actionstart
+# Notes.:  command executed once at the start of Fail2Ban.
+# Values:  CMD
+#
+actionstart = <iptables> -N f2b-<name>
+              <iptables> -A f2b-<name> -j <returntype>
+              <iptables> -I <chain> -p <protocol> -j f2b-<name>
+
+# Option:  actionstop
+# Notes.:  command executed once at the end of Fail2Ban
+# Values:  CMD
+#
+actionstop = <iptables> -D <chain> -p <protocol> -j f2b-<name>
+             <iptables> -F f2b-<name>
+             <iptables> -X f2b-<name>
+
+# Option:  actioncheck
+# Notes.:  command executed once before each actionban command
+# Values:  CMD
+#
+actioncheck = <iptables> -n -L <chain> | grep -q 'f2b-<name>[ \t]'
+
+# Option:  actionban
+# Notes.:  command executed when banning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    See jail.conf(5) man page
+# Values:  CMD
+#
+actionban = <iptables> -I f2b-<name> 1 -s <ip> -j <blocktype>
+
+# Option:  actionunban
+# Notes.:  command executed when unbanning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    See jail.conf(5) man page
+# Values:  CMD
+#
+actionunban = <iptables> -D f2b-<name> -s <ip> -j <blocktype>
+
+[Init]
diff --git a/0.9.6/action.d/ip64tables-common.local b/0.9.6/action.d/ip64tables-common.local
new file mode 100644
index 0000000..be780dd
--- /dev/null
+++ b/0.9.6/action.d/ip64tables-common.local
@@ -0,0 +1,62 @@
+# Fail2Ban configuration file
+#
+# Based on iptables-common.local:
+#     Author: Daniel Black
+#
+# This is a included configuration file and includes the definitions for the iptables
+# used in all iptables based actions by default.
+#
+
+[INCLUDES]
+
+
+[Init]
+
+# Option:  chain
+# Notes    specifies the iptables chain to which the Fail2Ban rules should be
+#          added
+# Values:  STRING  Default: INPUT
+chain = INPUT
+
+# Default name of the chain
+#
+name = default
+
+# Option:  port
+# Notes.:  specifies port to monitor
+# Values:  [ NUM | STRING ]  Default:
+#
+port = ssh
+
+# Option:  protocol
+# Notes.:  internally used by config reader for interpolations.
+# Values:  [ tcp | udp | icmp | all ] Default: tcp
+#
+protocol = tcp
+
+# Option:  blocktype
+# Note:    This is what the action does with rules. This can be any jump target
+#          as per the iptables man page (section 8). Common values are DROP
+#          REJECT, REJECT --reject-with icmp-port-unreachable
+# Values:  STRING
+#blocktype = REJECT --reject-with icmp-port-unreachable
+blocktype = DROP
+
+# Option:  returntype
+# Note:    This is the default rule on "actionstart". This should be RETURN
+#          in all (blocking) actions, except REJECT in allowing actions.
+# Values:  STRING
+returntype = RETURN
+
+# Option:  lockingopt
+# Notes.:  Option was introduced to iptables to prevent multiple instances from
+#          running concurrently and causing irratic behavior.  -w was introduced
+#          in iptables 1.4.20, so might be absent on older systems
+#          See https://github.com/fail2ban/fail2ban/issues/1122
+# Values:  STRING
+lockingopt = -w
+
+# Option:  iptables
+# Notes.:  Actual command to be executed, including common to all calls options
+# Values:  STRING
+iptables = /usr/bin/ip64tables <lockingopt>
diff --git a/0.9.6/action.d/ip64tables-multiport.local b/0.9.6/action.d/ip64tables-multiport.local
new file mode 100644
index 0000000..831428c
--- /dev/null
+++ b/0.9.6/action.d/ip64tables-multiport.local
@@ -0,0 +1,51 @@
+# Fail2Ban configuration file
+#
+# Based on iptables-multiport.conf:
+#     Author: Cyril Jaquier
+#     Modified by Yaroslav Halchenko for multiport banning
+#
+
+[INCLUDES]
+
+before = ip64tables-common.local
+
+
+[Definition]
+
+# Option:  actionstart
+# Notes.:  command executed once at the start of Fail2Ban.
+# Values:  CMD
+#
+actionstart = <iptables> -N f2b-<name>
+              <iptables> -A f2b-<name> -j <returntype>
+              <iptables> -I <chain> -p <protocol> -m multiport --dports <port> -j f2b-<name>
+
+# Option:  actionstop
+# Notes.:  command executed once at the end of Fail2Ban
+# Values:  CMD
+#
+actionstop = <iptables> -D <chain> -p <protocol> -m multiport --dports <port> -j f2b-<name>
+             <iptables> -F f2b-<name>
+             <iptables> -X f2b-<name>
+
+# Option:  actioncheck
+# Notes.:  command executed once before each actionban command
+# Values:  CMD
+#
+actioncheck = <iptables> -n -L <chain> | grep -q 'f2b-<name>[ \t]'
+
+# Option:  actionban
+# Notes.:  command executed when banning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    See jail.conf(5) man page
+# Values:  CMD
+#
+actionban = <iptables> -I f2b-<name> 1 -s <ip> -j <blocktype>
+
+# Option:  actionunban
+# Notes.:  command executed when unbanning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    See jail.conf(5) man page
+# Values:  CMD
+#
+actionunban = <iptables> -D f2b-<name> -s <ip> -j <blocktype>
diff --git a/0.9.6/action.d/sendmail-only-ban.local b/0.9.6/action.d/sendmail-only-ban.local
new file mode 100644
index 0000000..4fa6c59
--- /dev/null
+++ b/0.9.6/action.d/sendmail-only-ban.local
@@ -0,0 +1,75 @@
+# Fail2Ban configuration file
+#
+# Author: Cyril Jaquier
+#
+# $Revision$
+#
+[INCLUDES]
+
+
+
+[Definition]
+
+# Option:  actionstart
+# Notes.:  command executed once at the start of Fail2Ban.
+# Values:  CMD
+#
+actionstart =
+
+# Option:  actionstop
+# Notes.:  command executed once at the end of Fail2Ban
+# Values:  CMD
+#
+actionstop =
+
+# Option:  actioncheck
+# Notes.:  command executed once before each actionban command
+# Values:  CMD
+#
+actioncheck =
+
+# Option:  actionban
+# Notes.:  command executed when banning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    <ip>  IP address
+#          <failures>  number of failures
+#          <time>  unix timestamp of the ban time
+# Values:  CMD
+#
+actionban = printf %%b "Subject: [Fail2Ban] <name>: banned <ip>
+            Date: `LC_TIME=C date -u +"%%a, %%d %%h %%Y %%T +0000"`
+            From: Fail2Ban <<sender>>
+            To: <dest>\n
+            Hi,\n
+            The IP <ip> has just been banned by Fail2Ban after
+            <failures> attempts against <name>.\n
+            Regards,\n
+            Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
+
+# Option:  actionunban
+# Notes.:  command executed when unbanning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    <ip>  IP address
+#          <failures>  number of failures
+#          <time>  unix timestamp of the ban time
+# Values:  CMD
+#
+actionunban =
+
+[Init]
+
+# Defaut name of the chain
+#
+name = default
+
+# Destination/Addressee of the mail
+#
+dest = root
+
+# Sender of the mail
+#
+sender = fail2ban
+
+# Sender display name
+#
+sendername = Fail2Ban
diff --git a/0.9.6/action.d/sendmail-only-ban_unban.local b/0.9.6/action.d/sendmail-only-ban_unban.local
new file mode 100644
index 0000000..234a7f0
--- /dev/null
+++ b/0.9.6/action.d/sendmail-only-ban_unban.local
@@ -0,0 +1,82 @@
+# Fail2Ban configuration file
+#
+# Author: Cyril Jaquier
+#
+# $Revision$
+#
+
+[INCLUDES]
+
+
+[Definition]
+
+# Option:  actionstart
+# Notes.:  command executed once at the start of Fail2Ban.
+# Values:  CMD
+#
+actionstart =
+
+# Option:  actionstop
+# Notes.:  command executed once at the end of Fail2Ban
+# Values:  CMD
+#
+actionstop =
+
+# Option:  actioncheck
+# Notes.:  command executed once before each actionban command
+# Values:  CMD
+#
+actioncheck =
+
+# Option:  actionban
+# Notes.:  command executed when banning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    <ip>  IP address
+#          <failures>  number of failures
+#          <time>  unix timestamp of the ban time
+# Values:  CMD
+#
+actionban = printf %%b "Subject: [Fail2Ban] <name>: banned <ip>
+            Date: `LC_TIME=C date -u +"%%a, %%d %%h %%Y %%T +0000"`
+            From: Fail2Ban <<sender>>
+            To: <dest>\n
+            Hi,\n
+            The IP <ip> has just been banned by Fail2Ban after
+            <failures> attempts against <name>.\n
+            Regards,\n
+            Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
+
+# Option:  actionunban
+# Notes.:  command executed when unbanning an IP. Take care that the
+#          command is executed with Fail2Ban user rights.
+# Tags:    <ip>  IP address
+#          <failures>  number of failures
+#          <time>  unix timestamp of the ban time
+# Values:  CMD
+#
+actionunban = printf %%b "Subject: [Fail2Ban] <name>: freed <ip>
+            Date: `LC_TIME=C date -u +"%%a, %%d %%h %%Y %%T +0000"`
+            From: Fail2Ban <<sender>>
+            To: <dest>\n
+            Hi,\n
+            The IP <ip> has just been freed by Fail2Ban <name>.\n
+            Regards,\n
+            Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
+
+[Init]
+
+# Defaut name of the chain
+#
+name = default
+
+# Destination/Addressee of the mail
+#
+dest = root
+
+# Sender of the mail
+#
+sender = fail2ban
+
+# Sender display name
+#
+sendername = Fail2Ban
diff --git a/0.9.6/filter.d/dovecot-pop3imap.local b/0.9.6/filter.d/dovecot-pop3imap.local
new file mode 100644
index 0000000..bff2af8
--- /dev/null
+++ b/0.9.6/filter.d/dovecot-pop3imap.local
@@ -0,0 +1,3 @@
+[Definition]
+failregex = (?: pop3-login|imap-login): (?:Authentication failure|Aborted login \(auth failed|Aborted login \(tried to use disabled|Disconnected \(auth failed).*rip=(?P<host>\S*),.*
+ignoreregex =
diff --git a/0.9.6/ip64tables b/0.9.6/ip64tables
new file mode 100755
index 0000000..7b1639d
--- /dev/null
+++ b/0.9.6/ip64tables
@@ -0,0 +1,29 @@
+#!/bin/bash
+# iptables/ip6tables switch
+LINE=$*
+
+RESULT=`echo $LINE | egrep " ([0-9]{1,3}\.){3}[0-9]{1,3}" | wc -l`
+RESULT6=`echo $LINE | egrep "(::[A-Fa-f0-9])|((:[A-Fa-f0-9]{1,4}){2,})" | wc -l `
+
+if [ $RESULT -eq "1" ]; then
+  # IPv4
+  iptables $LINE
+  ERRCODE=$?
+
+elif [ $RESULT6 -eq "1" ]; then
+  # IPv6
+  ip6tables $LINE
+  ERRCODE=$?
+
+else
+  # IPv4 + IPv6
+  iptables $LINE
+  ERRCODE=$?
+  ip6tables $LINE
+  if [ $? -ge "1" ]; then
+    ERRCODE=$?
+  fi
+
+fi
+
+exit $ERRCODE
diff --git a/0.9.6/jail.local b/0.9.6/jail.local
new file mode 100644
index 0000000..71c6c53
--- /dev/null
+++ b/0.9.6/jail.local
@@ -0,0 +1,62 @@
+[DEFAULT]
+
+#
+# ACTIONS
+#
+
+# Default banning action (e.g. iptables, iptables-new,
+# iptables-multiport, shorewall, etc) It is used to define
+# action_* variables. Can be overridden globally or per
+# section within jail.local file
+##banaction = iptables-multiport
+banaction = ip64tables-multiport
+
+## - Note:
+## - sendmail-only-ban must be configured. See action.d/sendmail-only-ban.local
+## -
+action_m = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
+              %(mta)s-only-ban_unban[name=%(__name__)s, dest="%(destemail)s", protocol="%(protocol)s", chain="%(chain)s"]
+
+## - Choose default action
+## -
+action = %(action_m)s
+#action = %(action_)s
+
+
+[sshd]
+
+enabled  = true
+port     = ssh
+filter   = sshd
+logpath  = /var/log/auth.log
+findtime = 600
+maxretry = 6
+bantime = 86400
+
+
+[postfix-sasl]
+
+enabled  = true
+port     = smtp,465,submission
+#port     = smtp,465,submission,143,imaps,pop3,pop3s
+filter   = postfix-sasl
+# You might consider monitoring /var/log/mail.warn instead if you are
+# running postfix since it would provide the same log lines at the
+# "warn" level but overall at the smaller filesize.
+logpath  = /var/log/mail.warn
+findtime = 60
+maxretry = 10
+bantime = 3600
+
+
+[dovecot-pop3imap]
+
+enabled = true
+filter = dovecot-pop3imap
+port = pop3,pop3s,143,imaps
+protocol = tcp
+#action = ip64tables-multiport[name=dovecot-pop3imap, port="pop3,pop3s,143,imaps", protocol=tcp]
+logpath = /var/log/dovecot/dovecot.log
+maxretry = 20
+findtime = 1200
+bantime = 1200