mirror of
https://github.com/mailcow/mailcow-dockerized.git
synced 2024-12-09 08:50:05 +08:00
[Netfilter] Restart on invalid data via pubsub
This commit is contained in:
parent
685433b3bf
commit
8bf9ee8308
@ -301,21 +301,24 @@ def watch():
|
|||||||
pubsub.subscribe('F2B_CHANNEL')
|
pubsub.subscribe('F2B_CHANNEL')
|
||||||
|
|
||||||
while not quit_now:
|
while not quit_now:
|
||||||
for item in pubsub.listen():
|
try:
|
||||||
refreshF2bregex()
|
for item in pubsub.listen():
|
||||||
for rule_id, rule_regex in f2bregex.items():
|
refreshF2bregex()
|
||||||
if item['data'] and item['type'] == 'message':
|
for rule_id, rule_regex in f2bregex.items():
|
||||||
try:
|
if item['data'] and item['type'] == 'message':
|
||||||
result = re.search(rule_regex, item['data'])
|
try:
|
||||||
except re.error:
|
result = re.search(rule_regex, item['data'])
|
||||||
result = False
|
except re.error:
|
||||||
if result:
|
result = False
|
||||||
addr = result.group(1)
|
if result:
|
||||||
ip = ipaddress.ip_address(addr)
|
addr = result.group(1)
|
||||||
if ip.is_private or ip.is_loopback:
|
ip = ipaddress.ip_address(addr)
|
||||||
continue
|
if ip.is_private or ip.is_loopback:
|
||||||
logWarn('%s matched rule id %s (%s)' % (addr, rule_id, item['data']))
|
continue
|
||||||
ban(addr)
|
logWarn('%s matched rule id %s (%s)' % (addr, rule_id, item['data']))
|
||||||
|
ban(addr)
|
||||||
|
except Exception as ex:
|
||||||
|
logWarn('Could not read logline from pubsub, skipping...')
|
||||||
|
|
||||||
def snat4(snat_target):
|
def snat4(snat_target):
|
||||||
global lock
|
global lock
|
||||||
|
Loading…
Reference in New Issue
Block a user