IPFW Problem with fail2ban, roundcube and ipfw

Hello,

I'm trying to make fail2ban ban IPs that make wrong attempts on roundcube (using dovecot as imap).
It works when I let the ban action "iptables-multiport". But as I'm using FreeBSD as OS, I have ipfw as firewall, and the action of iptables-multiport generate an error log on /var/log/fail2ban.log saying that can not execute the iptables.
The problem is that when I change the action of [roundcube] in jail.local from iptables-multiport to ipfw, it doesn't do nothing, and I have no logs on /var/log/fail2ban.log. It also didn't create any new rule in ipfw.

How do I make it work? I doubt that it's a problem on the roundcube filter because it works with "action = iptables-multiport"

Thank you.
 
I just find what was the problem. The failregex from filter.d/roundcube.conf was wrong for the fail2ban version that I'm using.

The failregex that worked for me is:
Code:
failregex = ^\s*(\[\])?(.* IMAP Error)?: (FAILED login|Login failed) for .*? from <HOST>(\. .* in .*?/rcube_imap\.php on line \d+ \(\S+ \S+\))?$
 
Last edited:
Back
Top