Permalink
Browse files

fix #2 to Cyril and mine fixes:

 I had to bring ExternalError exception into Firewall because of the loop in flushBanList.
 Also provided naming of Firewalls
  • Loading branch information...
1 parent 14fbb34 commit 93dbf609fa3dd879c81cfddccc252651e8de441c @yarikoptic yarikoptic committed Oct 14, 2005
Showing with 36 additions and 22 deletions.
  1. +5 −9 fail2ban.py
  2. +31 −13 firewall/firewall.py
View
@@ -112,16 +112,10 @@ def restoreFwRules():
""" Flush the ban list
"""
logSys.warn("Restoring firewall rules...")
- for element in logFwList:
- # Execute end command of each section
- try:
- element[2].restore(conf["debug"])
- except ExternalError:
- # nothing bad really - we can survive :-)
- # but it has to be a separate exception handler
- # for each section, so we don't miss anything
- pass
try:
+ for element in logFwList:
+ # Execute end command of each section
+ element[2].restore(conf["debug"])
# Execute global end command
executeCmd(conf["cmdend"], conf["debug"])
except ExternalError:
@@ -399,6 +393,8 @@ def main():
# Creates a firewall object
fObj = Firewall(l["fwstart"], l["fwend"],
l["fwban"], l["fwunban"], l["fwcheck"], l["bantime"])
+ # "Name" the firewall
+ fObj.setSection(t)
# Links them into a list. I'm not really happy
# with this :/
logFwList.append([t, lObj, fObj, dict()])
View
@@ -27,6 +27,10 @@
import time, os, logging, re
from utils.process import executeCmd
+# unfortunately but I have to bring ExternalError in especially
+# for flushBanList: if one of IPs got flushed manually outside or something,
+# we might endup with not "full" flush unless we handle exception within the loop
+from utils.process import ExternalError
from utils.strings import replaceTag
# Gets the instance of the logger.
@@ -46,42 +50,51 @@ def __init__(self, startRule, endRule,
self.endRule = endRule
self.banTime = banTime
self.banList = dict()
-
+ self.section = ""
+
+ def setSection(self, section):
+ """ Set optional section name for clarify of logging
+ """
+ self.section = section
+
def initialize(self, debug):
- logSys.debug("Initialize firewall rules")
+ logSys.debug("%s: Initialize firewall rules"%self.section)
executeCmd(self.startRule, debug)
def restore(self, debug):
- logSys.debug("Restore firewall rules")
- flushBanList(debug)
- executeCmd(self.endRule, debug)
-
+ logSys.debug("%s: Restore firewall rules"%self.section)
+ try:
+ self.flushBanList(debug)
+ executeCmd(self.endRule, debug)
+ except ExternalError:
+ pass
+
def addBanIP(self, aInfo, debug):
""" Bans an IP.
"""
ip = aInfo["ip"]
if not self.inBanList(ip):
crtTime = time.time()
- logSys.warn("Ban " + ip)
+ logSys.warn("%s: Ban "%self.section + ip)
self.banList[ip] = crtTime
aInfo["bantime"] = crtTime
self.runCheck(debug)
executeCmd(self.banIP(aInfo), debug)
else:
self.runCheck(debug)
- logSys.error(ip+" already in ban list")
+ logSys.error("%s: "%self.section+ip+" already in ban list")
def delBanIP(self, aInfo, debug):
""" Unban an IP.
"""
ip = aInfo["ip"]
if self.inBanList(ip):
- logSys.warn("Unban " + ip)
+ logSys.warn("%s: Unban "%self.section + ip)
del self.banList[ip]
self.runCheck(debug)
executeCmd(self.unBanIP(aInfo), debug)
else:
- logSys.error(ip+" not in ban list")
+ logSys.error("%s: "%self.section+ip+" not in ban list")
def reBan(self, debug):
""" Re-Bans known IPs.
@@ -90,7 +103,7 @@ def reBan(self, debug):
for ip in self.banList:
aInfo = {"ip": ip,
"bantime": self.banList[ip]}
- logSys.warn("ReBan " + ip)
+ logSys.warn("%s: ReBan "%self.section + ip)
# next piece is similar to the on in addBanIp
# so might be one more function will not hurt
self.runCheck(debug)
@@ -128,8 +141,13 @@ def flushBanList(self, debug):
aInfo = {"ip": element[0],
"bantime": element[1],
"unbantime": time.time()}
- self.delBanIP(aInfo, debug)
-
+ try:
+ self.delBanIP(aInfo, debug)
+ except ExternalError:
+ # we must let it fail here in the loop, or we don't
+ # flush properly
+ pass
+
def banIP(self, aInfo):
""" Returns query to ban IP.
"""

0 comments on commit 93dbf60

Please sign in to comment.