Codebase list fail2ban / 93dbf60
fix #2 to Cyril and mine fixes: I had to bring ExternalError exception into Firewall because of the loop in flushBanList. Also provided naming of Firewalls Yaroslav Halchenko 18 years ago
2 changed file(s) with 36 addition(s) and 22 deletion(s). Raw diff Collapse all Expand all
+5
-9
fail2ban.py less more
111111 """ Flush the ban list
112112 """
113113 logSys.warn("Restoring firewall rules...")
114 for element in logFwList:
115 # Execute end command of each section
116 try:
114 try:
115 for element in logFwList:
116 # Execute end command of each section
117117 element[2].restore(conf["debug"])
118 except ExternalError:
119 # nothing bad really - we can survive :-)
120 # but it has to be a separate exception handler
121 # for each section, so we don't miss anything
122 pass
123 try:
124118 # Execute global end command
125119 executeCmd(conf["cmdend"], conf["debug"])
126120 except ExternalError:
398392 # Creates a firewall object
399393 fObj = Firewall(l["fwstart"], l["fwend"],
400394 l["fwban"], l["fwunban"], l["fwcheck"], l["bantime"])
395 # "Name" the firewall
396 fObj.setSection(t)
401397 # Links them into a list. I'm not really happy
402398 # with this :/
403399 logFwList.append([t, lObj, fObj, dict()])
+31
-13
firewall/firewall.py less more
2626 import time, os, logging, re
2727
2828 from utils.process import executeCmd
29 # unfortunately but I have to bring ExternalError in especially
30 # for flushBanList: if one of IPs got flushed manually outside or something,
31 # we might endup with not "full" flush unless we handle exception within the loop
32 from utils.process import ExternalError
2933 from utils.strings import replaceTag
3034
3135 # Gets the instance of the logger.
4549 self.endRule = endRule
4650 self.banTime = banTime
4751 self.banList = dict()
48
52 self.section = ""
53
54 def setSection(self, section):
55 """ Set optional section name for clarify of logging
56 """
57 self.section = section
58
4959 def initialize(self, debug):
50 logSys.debug("Initialize firewall rules")
60 logSys.debug("%s: Initialize firewall rules"%self.section)
5161 executeCmd(self.startRule, debug)
5262
5363 def restore(self, debug):
54 logSys.debug("Restore firewall rules")
55 flushBanList(debug)
56 executeCmd(self.endRule, debug)
57
64 logSys.debug("%s: Restore firewall rules"%self.section)
65 try:
66 self.flushBanList(debug)
67 executeCmd(self.endRule, debug)
68 except ExternalError:
69 pass
70
5871 def addBanIP(self, aInfo, debug):
5972 """ Bans an IP.
6073 """
6174 ip = aInfo["ip"]
6275 if not self.inBanList(ip):
6376 crtTime = time.time()
64 logSys.warn("Ban " + ip)
77 logSys.warn("%s: Ban "%self.section + ip)
6578 self.banList[ip] = crtTime
6679 aInfo["bantime"] = crtTime
6780 self.runCheck(debug)
6881 executeCmd(self.banIP(aInfo), debug)
6982 else:
7083 self.runCheck(debug)
71 logSys.error(ip+" already in ban list")
84 logSys.error("%s: "%self.section+ip+" already in ban list")
7285
7386 def delBanIP(self, aInfo, debug):
7487 """ Unban an IP.
7588 """
7689 ip = aInfo["ip"]
7790 if self.inBanList(ip):
78 logSys.warn("Unban " + ip)
91 logSys.warn("%s: Unban "%self.section + ip)
7992 del self.banList[ip]
8093 self.runCheck(debug)
8194 executeCmd(self.unBanIP(aInfo), debug)
8295 else:
83 logSys.error(ip+" not in ban list")
96 logSys.error("%s: "%self.section+ip+" not in ban list")
8497
8598 def reBan(self, debug):
8699 """ Re-Bans known IPs.
89102 for ip in self.banList:
90103 aInfo = {"ip": ip,
91104 "bantime": self.banList[ip]}
92 logSys.warn("ReBan " + ip)
105 logSys.warn("%s: ReBan "%self.section + ip)
93106 # next piece is similar to the on in addBanIp
94107 # so might be one more function will not hurt
95108 self.runCheck(debug)
127140 aInfo = {"ip": element[0],
128141 "bantime": element[1],
129142 "unbantime": time.time()}
130 self.delBanIP(aInfo, debug)
131
143 try:
144 self.delBanIP(aInfo, debug)
145 except ExternalError:
146 # we must let it fail here in the loop, or we don't
147 # flush properly
148 pass
149
132150 def banIP(self, aInfo):
133151 """ Returns query to ban IP.
134152 """