mirror of
https://github.com/mailcow/mailcow-dockerized.git
synced 2024-12-27 09:19:15 +08:00
Allow hostnames for fail2ban whitelist.
This commit is contained in:
parent
885b79f06f
commit
4cc63ceeb7
@ -5,6 +5,7 @@ import os
|
||||
import time
|
||||
import atexit
|
||||
import signal
|
||||
import socket
|
||||
import ipaddress
|
||||
from random import randint
|
||||
from threading import Thread
|
||||
@ -39,6 +40,13 @@ log = {}
|
||||
quit_now = False
|
||||
lock = Lock()
|
||||
|
||||
def is_ip_network(address):
|
||||
try:
|
||||
ipaddress.ip_network(address.decode('ascii'), False)
|
||||
except ValueError:
|
||||
return False
|
||||
return True
|
||||
|
||||
def refreshF2boptions():
|
||||
global f2boptions
|
||||
global quit_now
|
||||
@ -119,6 +127,19 @@ def ban(address):
|
||||
self_network = ipaddress.ip_network(address.decode('ascii'))
|
||||
if WHITELIST:
|
||||
for wl_key in WHITELIST:
|
||||
if not is_ip_network(wl_key):
|
||||
hostname = wl_key
|
||||
try:
|
||||
wl_key = socket.gethostbyname(hostname)
|
||||
except socket.gaierror as err:
|
||||
continue
|
||||
|
||||
log['time'] = int(round(time.time()))
|
||||
log['priority'] = 'info'
|
||||
log['message'] = 'Hostname %s is resolved to %s' % (hostname, wl_key)
|
||||
r.lpush('NETFILTER_LOG', json.dumps(log, ensure_ascii=False))
|
||||
print 'Hostname %s is resolved to %s' % (hostname, wl_key)
|
||||
|
||||
wl_net = ipaddress.ip_network(wl_key.decode('ascii'), False)
|
||||
if wl_net.overlaps(self_network):
|
||||
log['time'] = int(round(time.time()))
|
||||
|
@ -9,6 +9,11 @@ function valid_network($network) {
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
function valid_hostname($hostname) {
|
||||
return filter_var($hostname, FILTER_VALIDATE_DOMAIN, FILTER_FLAG_HOSTNAME);
|
||||
}
|
||||
|
||||
function fail2ban($_action, $_data = null) {
|
||||
global $redis;
|
||||
global $lang;
|
||||
@ -188,7 +193,7 @@ function fail2ban($_action, $_data = null) {
|
||||
$wl_array = array_map('trim', preg_split( "/( |,|;|\n)/", $wl));
|
||||
if (is_array($wl_array)) {
|
||||
foreach ($wl_array as $wl_item) {
|
||||
if (valid_network($wl_item)) {
|
||||
if (valid_network($wl_item) || valid_hostname($wl_item)) {
|
||||
$redis->hSet('F2B_WHITELIST', $wl_item, 1);
|
||||
}
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user