# Fail2Ban filter for xinetd failures
#
# Cfr.: /var/log/(daemon\.|sys)log
#
#

[INCLUDES]

# Read common prefixes. If any customizations available -- read them from
# common.local
before = common.conf

[Definition]

_daemon = xinetd

prefregex = ^%(__prefix_line)sFAIL: <F-CONTENT>.+</F-CONTENT>$

failregex = ^\S+ address from=<HOST>$
            ^\S+ libwrap from=<HOST>$

ignoreregex = 

# DEV Notes:
#
# libwrap => tcp wrappers: hosts.(allow|deny)
# address => xinetd: deny_from|only_from
#
# Author: Guido Bozzetto