combine ignoreregex into single expression

asifbacchus · Jan 17, 2020 · 610aa09 · 610aa09
1 parent aaab4e5
commit 610aa09
Showing 1 changed file with 1 addition and 2 deletions.
diff --git a/etc/fail2ban/filter.d/ufw-probe.conf b/etc/fail2ban/filter.d/ufw-probe.conf
@@ -3,8 +3,7 @@ failregex = .*\[UFW BLOCK\] IN=.* SRC=<HOST>
 
 # ignore common multicast device discovery calls on LOCAL IPv4/IPv6 networks
 # still ban non-local (WAN) calls to any associated ports
-ignoreregex = SRC=(10\.|172\.1[6-9]\.|172\.2[0-9]\.|172\.3[0-1]\.|192\.168\.).* DST=224\.0\.0.* DF PROTO=2\s+$
-              SRC=(10\.|172\.1[6-9]\.|172\.2[0-9]\.|172\.3[0-1]\.|192\.168\.|fe\w*\:).* DST=.* PROTO=UDP.* DPT=(1900|3702|5353|5355) LEN=\d*\s+$
+ignoreregex = SRC=(10\.|172\.1[6-9]\.|172\.2[0-9]\.|172\.3[0-1]\.|192\.168\.|fe\w*:).* DST=(static.ip.address.here|224\.0\.0\.*).* PROTO=(2|UDP)(\s+|.* DPT=(1900|3702|5353|5355) LEN=\d*\s+)$
 
 
 # NOTES: