# Fail2Ban filter for port scans detected by scanlogd [INCLUDES] # Read common prefixes. If any customizations available -- read them from # common.local before = common.conf [Definition] _daemon = scanlogd failregex = ^%(__prefix_line)s<ADDR>(?::<F-PORT/>)? to \S+ ports\b ignoreregex = # Author: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>