|
|
|
@ -1,24 +1,33 @@ |
|
|
|
{ |
|
|
|
{ |
|
|
|
|
|
|
|
|
|
|
|
use esmith::NetworksDB; |
|
|
|
use esmith::NetworksDB; |
|
|
|
|
|
|
|
use Net::IPv4Addr; |
|
|
|
|
|
|
|
|
|
|
|
my $n = esmith::NetworksDB->open_ro() || |
|
|
|
my $n = esmith::NetworksDB->open_ro() || |
|
|
|
die "Couldn't open networks DB\n"; |
|
|
|
die "Couldn't open networks DB\n"; |
|
|
|
|
|
|
|
|
|
|
|
my @ip = ("127.0.0.0/8"); |
|
|
|
my @ip = ("127.0.0.0/8"); |
|
|
|
|
|
|
|
|
|
|
|
# Add hosts which can access the server-manager to the whitelist |
|
|
|
# Add hosts which can access the server-manager to the whitelist |
|
|
|
push @ip, $_ foreach (split /[,;]/, (${'httpd-admin'}{'ValidFrom'} || '')); |
|
|
|
foreach (split /[,;]/, (${'httpd-admin'}{'ValidFrom'} || '')){ |
|
|
|
|
|
|
|
my ($ip,$bits) = Net::IPv4Addr::ipv4_parse("$_"); |
|
|
|
|
|
|
|
push @ip, "$ip/$bits"; |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
unless (($fail2ban{FilterLocalNetworks} || 'disabled') eq 'enabled'){ |
|
|
|
unless (($fail2ban{FilterLocalNetworks} || 'disabled') eq 'enabled'){ |
|
|
|
foreach my $net ($n->networks){ |
|
|
|
foreach my $net ($n->networks){ |
|
|
|
my $key = $net->key; |
|
|
|
my $key = $net->key; |
|
|
|
my $mask = $net->prop('Mask'); |
|
|
|
my $mask = $net->prop('Mask'); |
|
|
|
push @ip, "$key/$mask"; |
|
|
|
my ($ip,$bits) = Net::IPv4Addr::ipv4_parse("$key/$mask"); |
|
|
|
|
|
|
|
push @ip, "$ip/$bits"; |
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
# Add a local whitelist |
|
|
|
# Add a local whitelist |
|
|
|
push @ip, $_ foreach (split /[,;]/, ($fail2ban{'IgnoreIP'} || '')); |
|
|
|
foreach (split /[,;]/, ($fail2ban{'IgnoreIP'} || '')){ |
|
|
|
|
|
|
|
my ($ip,$bits) = Net::IPv4Addr::ipv4_parse("$_"); |
|
|
|
|
|
|
|
push @ip, "$ip/$bits"; |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
$OUT .= "ignoreip = " . join(" ", @ip); |
|
|
|
$OUT .= "ignoreip = " . join(" ", @ip); |
|
|
|
|
|
|
|
|
|
|
|
|
Daniel Berteaud
12 years ago