[Netfilter] Restart on invalid data via pubsub

This commit is contained in:
andryyy 2021-03-22 21:19:24 +01:00
parent 685433b3bf
commit 8bf9ee8308
No known key found for this signature in database
GPG Key ID: 8EC34FF2794E25EF

View File

@ -301,21 +301,24 @@ def watch():
pubsub.subscribe('F2B_CHANNEL') pubsub.subscribe('F2B_CHANNEL')
while not quit_now: while not quit_now:
for item in pubsub.listen(): try:
refreshF2bregex() for item in pubsub.listen():
for rule_id, rule_regex in f2bregex.items(): refreshF2bregex()
if item['data'] and item['type'] == 'message': for rule_id, rule_regex in f2bregex.items():
try: if item['data'] and item['type'] == 'message':
result = re.search(rule_regex, item['data']) try:
except re.error: result = re.search(rule_regex, item['data'])
result = False except re.error:
if result: result = False
addr = result.group(1) if result:
ip = ipaddress.ip_address(addr) addr = result.group(1)
if ip.is_private or ip.is_loopback: ip = ipaddress.ip_address(addr)
continue if ip.is_private or ip.is_loopback:
logWarn('%s matched rule id %s (%s)' % (addr, rule_id, item['data'])) continue
ban(addr) logWarn('%s matched rule id %s (%s)' % (addr, rule_id, item['data']))
ban(addr)
except Exception as ex:
logWarn('Could not read logline from pubsub, skipping...')
def snat4(snat_target): def snat4(snat_target):
global lock global lock