Allow hostnames for fail2ban whitelist.

This commit is contained in:
Kraeutergarten 2019-05-17 19:38:34 +02:00
parent 885b79f06f
commit 4cc63ceeb7
2 changed files with 27 additions and 1 deletions

View File

@ -5,6 +5,7 @@ import os
import time
import atexit
import signal
import socket
import ipaddress
from random import randint
from threading import Thread
@ -39,6 +40,13 @@ log = {}
quit_now = False
lock = Lock()
def is_ip_network(address):
try:
ipaddress.ip_network(address.decode('ascii'), False)
except ValueError:
return False
return True
def refreshF2boptions():
global f2boptions
global quit_now
@ -119,6 +127,19 @@ def ban(address):
self_network = ipaddress.ip_network(address.decode('ascii'))
if WHITELIST:
for wl_key in WHITELIST:
if not is_ip_network(wl_key):
hostname = wl_key
try:
wl_key = socket.gethostbyname(hostname)
except socket.gaierror as err:
continue
log['time'] = int(round(time.time()))
log['priority'] = 'info'
log['message'] = 'Hostname %s is resolved to %s' % (hostname, wl_key)
r.lpush('NETFILTER_LOG', json.dumps(log, ensure_ascii=False))
print 'Hostname %s is resolved to %s' % (hostname, wl_key)
wl_net = ipaddress.ip_network(wl_key.decode('ascii'), False)
if wl_net.overlaps(self_network):
log['time'] = int(round(time.time()))

View File

@ -9,6 +9,11 @@ function valid_network($network) {
}
return false;
}
function valid_hostname($hostname) {
return filter_var($hostname, FILTER_VALIDATE_DOMAIN, FILTER_FLAG_HOSTNAME);
}
function fail2ban($_action, $_data = null) {
global $redis;
global $lang;
@ -188,7 +193,7 @@ function fail2ban($_action, $_data = null) {
$wl_array = array_map('trim', preg_split( "/( |,|;|\n)/", $wl));
if (is_array($wl_array)) {
foreach ($wl_array as $wl_item) {
if (valid_network($wl_item)) {
if (valid_network($wl_item) || valid_hostname($wl_item)) {
$redis->hSet('F2B_WHITELIST', $wl_item, 1);
}
}