From f1e6f0ec21b5dff4aa9b7944eb504ec5fb67381f Mon Sep 17 00:00:00 2001
From: Michele Bologna <michele.bologna@gmail.com>
Date: Mon, 3 Apr 2023 18:56:30 +0000
Subject: [PATCH] Fix: use a safer regex

---
 config/filter.d/ufw-port-scan.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/config/filter.d/ufw-port-scan.conf b/config/filter.d/ufw-port-scan.conf
index 9a6f1189..ace09d8b 100644
--- a/config/filter.d/ufw-port-scan.conf
+++ b/config/filter.d/ufw-port-scan.conf
@@ -11,5 +11,5 @@
 # Author: Michele Bologna https://www.michelebologna.net/
 
 [Definition]
-failregex = .*\[UFW BLOCK\] IN=.* SRC=<HOST>
+failregex = ^\s*\S+ kernel:(?: +\[[^\]]+\])? \[UFW (?:LIMIT )?BLOCK\] (?:\b(?:IN=\w+|OUT=|(?:(?!OUT=|IN=)[A-Z]+=[^ \[]*)+) )*SRC=<ADDR> DST=\S+
 ignoreregex =