mirror of
https://github.com/mailcow/mailcow-dockerized.git
synced 2024-12-27 09:19:15 +08:00
Allow hostnames for fail2ban whitelist.
This commit is contained in:
parent
885b79f06f
commit
4cc63ceeb7
@ -5,6 +5,7 @@ import os
|
|||||||
import time
|
import time
|
||||||
import atexit
|
import atexit
|
||||||
import signal
|
import signal
|
||||||
|
import socket
|
||||||
import ipaddress
|
import ipaddress
|
||||||
from random import randint
|
from random import randint
|
||||||
from threading import Thread
|
from threading import Thread
|
||||||
@ -39,6 +40,13 @@ log = {}
|
|||||||
quit_now = False
|
quit_now = False
|
||||||
lock = Lock()
|
lock = Lock()
|
||||||
|
|
||||||
|
def is_ip_network(address):
|
||||||
|
try:
|
||||||
|
ipaddress.ip_network(address.decode('ascii'), False)
|
||||||
|
except ValueError:
|
||||||
|
return False
|
||||||
|
return True
|
||||||
|
|
||||||
def refreshF2boptions():
|
def refreshF2boptions():
|
||||||
global f2boptions
|
global f2boptions
|
||||||
global quit_now
|
global quit_now
|
||||||
@ -119,6 +127,19 @@ def ban(address):
|
|||||||
self_network = ipaddress.ip_network(address.decode('ascii'))
|
self_network = ipaddress.ip_network(address.decode('ascii'))
|
||||||
if WHITELIST:
|
if WHITELIST:
|
||||||
for wl_key in WHITELIST:
|
for wl_key in WHITELIST:
|
||||||
|
if not is_ip_network(wl_key):
|
||||||
|
hostname = wl_key
|
||||||
|
try:
|
||||||
|
wl_key = socket.gethostbyname(hostname)
|
||||||
|
except socket.gaierror as err:
|
||||||
|
continue
|
||||||
|
|
||||||
|
log['time'] = int(round(time.time()))
|
||||||
|
log['priority'] = 'info'
|
||||||
|
log['message'] = 'Hostname %s is resolved to %s' % (hostname, wl_key)
|
||||||
|
r.lpush('NETFILTER_LOG', json.dumps(log, ensure_ascii=False))
|
||||||
|
print 'Hostname %s is resolved to %s' % (hostname, wl_key)
|
||||||
|
|
||||||
wl_net = ipaddress.ip_network(wl_key.decode('ascii'), False)
|
wl_net = ipaddress.ip_network(wl_key.decode('ascii'), False)
|
||||||
if wl_net.overlaps(self_network):
|
if wl_net.overlaps(self_network):
|
||||||
log['time'] = int(round(time.time()))
|
log['time'] = int(round(time.time()))
|
||||||
|
@ -9,6 +9,11 @@ function valid_network($network) {
|
|||||||
}
|
}
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function valid_hostname($hostname) {
|
||||||
|
return filter_var($hostname, FILTER_VALIDATE_DOMAIN, FILTER_FLAG_HOSTNAME);
|
||||||
|
}
|
||||||
|
|
||||||
function fail2ban($_action, $_data = null) {
|
function fail2ban($_action, $_data = null) {
|
||||||
global $redis;
|
global $redis;
|
||||||
global $lang;
|
global $lang;
|
||||||
@ -188,7 +193,7 @@ function fail2ban($_action, $_data = null) {
|
|||||||
$wl_array = array_map('trim', preg_split( "/( |,|;|\n)/", $wl));
|
$wl_array = array_map('trim', preg_split( "/( |,|;|\n)/", $wl));
|
||||||
if (is_array($wl_array)) {
|
if (is_array($wl_array)) {
|
||||||
foreach ($wl_array as $wl_item) {
|
foreach ($wl_array as $wl_item) {
|
||||||
if (valid_network($wl_item)) {
|
if (valid_network($wl_item) || valid_hostname($wl_item)) {
|
||||||
$redis->hSet('F2B_WHITELIST', $wl_item, 1);
|
$redis->hSet('F2B_WHITELIST', $wl_item, 1);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user