26 | 26 |
import time, os, logging, re
|
27 | 27 |
|
28 | 28 |
from utils.process import executeCmd
|
|
29 |
# unfortunately but I have to bring ExternalError in especially
|
|
30 |
# for flushBanList: if one of IPs got flushed manually outside or something,
|
|
31 |
# we might endup with not "full" flush unless we handle exception within the loop
|
|
32 |
from utils.process import ExternalError
|
29 | 33 |
from utils.strings import replaceTag
|
30 | 34 |
|
31 | 35 |
# Gets the instance of the logger.
|
|
45 | 49 |
self.endRule = endRule
|
46 | 50 |
self.banTime = banTime
|
47 | 51 |
self.banList = dict()
|
48 | |
|
|
52 |
self.section = ""
|
|
53 |
|
|
54 |
def setSection(self, section):
|
|
55 |
""" Set optional section name for clarify of logging
|
|
56 |
"""
|
|
57 |
self.section = section
|
|
58 |
|
49 | 59 |
def initialize(self, debug):
|
50 | |
logSys.debug("Initialize firewall rules")
|
|
60 |
logSys.debug("%s: Initialize firewall rules"%self.section)
|
51 | 61 |
executeCmd(self.startRule, debug)
|
52 | 62 |
|
53 | 63 |
def restore(self, debug):
|
54 | |
logSys.debug("Restore firewall rules")
|
55 | |
flushBanList(debug)
|
56 | |
executeCmd(self.endRule, debug)
|
57 | |
|
|
64 |
logSys.debug("%s: Restore firewall rules"%self.section)
|
|
65 |
try:
|
|
66 |
self.flushBanList(debug)
|
|
67 |
executeCmd(self.endRule, debug)
|
|
68 |
except ExternalError:
|
|
69 |
pass
|
|
70 |
|
58 | 71 |
def addBanIP(self, aInfo, debug):
|
59 | 72 |
""" Bans an IP.
|
60 | 73 |
"""
|
61 | 74 |
ip = aInfo["ip"]
|
62 | 75 |
if not self.inBanList(ip):
|
63 | 76 |
crtTime = time.time()
|
64 | |
logSys.warn("Ban " + ip)
|
|
77 |
logSys.warn("%s: Ban "%self.section + ip)
|
65 | 78 |
self.banList[ip] = crtTime
|
66 | 79 |
aInfo["bantime"] = crtTime
|
67 | 80 |
self.runCheck(debug)
|
68 | 81 |
executeCmd(self.banIP(aInfo), debug)
|
69 | 82 |
else:
|
70 | 83 |
self.runCheck(debug)
|
71 | |
logSys.error(ip+" already in ban list")
|
|
84 |
logSys.error("%s: "%self.section+ip+" already in ban list")
|
72 | 85 |
|
73 | 86 |
def delBanIP(self, aInfo, debug):
|
74 | 87 |
""" Unban an IP.
|
75 | 88 |
"""
|
76 | 89 |
ip = aInfo["ip"]
|
77 | 90 |
if self.inBanList(ip):
|
78 | |
logSys.warn("Unban " + ip)
|
|
91 |
logSys.warn("%s: Unban "%self.section + ip)
|
79 | 92 |
del self.banList[ip]
|
80 | 93 |
self.runCheck(debug)
|
81 | 94 |
executeCmd(self.unBanIP(aInfo), debug)
|
82 | 95 |
else:
|
83 | |
logSys.error(ip+" not in ban list")
|
|
96 |
logSys.error("%s: "%self.section+ip+" not in ban list")
|
84 | 97 |
|
85 | 98 |
def reBan(self, debug):
|
86 | 99 |
""" Re-Bans known IPs.
|
|
89 | 102 |
for ip in self.banList:
|
90 | 103 |
aInfo = {"ip": ip,
|
91 | 104 |
"bantime": self.banList[ip]}
|
92 | |
logSys.warn("ReBan " + ip)
|
|
105 |
logSys.warn("%s: ReBan "%self.section + ip)
|
93 | 106 |
# next piece is similar to the on in addBanIp
|
94 | 107 |
# so might be one more function will not hurt
|
95 | 108 |
self.runCheck(debug)
|
|
127 | 140 |
aInfo = {"ip": element[0],
|
128 | 141 |
"bantime": element[1],
|
129 | 142 |
"unbantime": time.time()}
|
130 | |
self.delBanIP(aInfo, debug)
|
131 | |
|
|
143 |
try:
|
|
144 |
self.delBanIP(aInfo, debug)
|
|
145 |
except ExternalError:
|
|
146 |
# we must let it fail here in the loop, or we don't
|
|
147 |
# flush properly
|
|
148 |
pass
|
|
149 |
|
132 | 150 |
def banIP(self, aInfo):
|
133 | 151 |
""" Returns query to ban IP.
|
134 | 152 |
"""
|