Use multiport iptables module to support several ports in one rule

tags/0.0.1
Daniel Berteaud 12 years ago
parent d373fabde8
commit 4df9a2848c
  1. 2
      root/etc/e-smith/templates/etc/rc.d/init.d/masq/90adjustFail2Ban
  2. 24
      root/sbin/e-smith/smeserver-fail2ban

@ -14,7 +14,7 @@ EOF
my $port = $ban->prop('Port') || '';
$OUT .= " /sbin/iptables --append \$NEW_Fail2Ban -s $ip";
$OUT .= " -p $proto" if ($proto =~ m/^tcp|udp|icmp$/);
$OUT .= " --dport $port" if ($proto =~ m/^tcp|udp$/ && $port =~ m/^\d+$/);
$OUT .= " -m multiport --dports $port" if ($proto =~ m/^tcp|udp$/ && $port =~ m/^\d+(,\d+)*$/);
$OUT .= " -j denylog\n"
$OUT .= " /sbin/iptables --append \$NEW_Fail2Ban" .
" -j RETURN\n";

@ -26,17 +26,19 @@ EOF
# Check if port is valid
sub is_valid_port($){
my $port = shift;
my $ports = shift;
my $ret = 0;
if ($port =~ m/^(\d+)[\-:](\d+)$/){
$ret = 1 if ($1 >= 0 &&
$1 < 65636 &&
$2 >= 0 &&
$2 < 65636);
}
else{
$ret = 1 if ($port > 0 &&
$port < 65636);
foreach my $port (split /,/, $ports){
if ($port =~ m/^(\d+):(\d+)$/){
$ret = 1 if ($1 >= 0 &&
$1 < 65636 &&
$2 >= 0 &&
$2 < 65636);
}
else{
$ret = 1 if ($port > 0 &&
$port < 65636);
}
}
return $ret;
}
@ -65,7 +67,7 @@ GetOptions(
"host=s" => \$opts{host},
"unban" => \$opts{unban},
"protocol=s" => \$opts{proto},
"port=i" => \$opts{port}
"port=s" => \$opts{port}
);
# special "undef" value for port and proto

Loading…
Cancel
Save