From 4df9a2848c5affc96ef2054db311c479c7405313 Mon Sep 17 00:00:00 2001 From: Daniel Berteaud Date: Thu, 2 May 2013 02:13:52 +0200 Subject: [PATCH] Use multiport iptables module to support several ports in one rule --- .../etc/rc.d/init.d/masq/90adjustFail2Ban | 2 +- root/sbin/e-smith/smeserver-fail2ban | 24 ++++++++++++---------- 2 files changed, 14 insertions(+), 12 deletions(-) diff --git a/root/etc/e-smith/templates/etc/rc.d/init.d/masq/90adjustFail2Ban b/root/etc/e-smith/templates/etc/rc.d/init.d/masq/90adjustFail2Ban index 54cfad9..bae1997 100644 --- a/root/etc/e-smith/templates/etc/rc.d/init.d/masq/90adjustFail2Ban +++ b/root/etc/e-smith/templates/etc/rc.d/init.d/masq/90adjustFail2Ban @@ -14,7 +14,7 @@ EOF my $port = $ban->prop('Port') || ''; $OUT .= " /sbin/iptables --append \$NEW_Fail2Ban -s $ip"; $OUT .= " -p $proto" if ($proto =~ m/^tcp|udp|icmp$/); - $OUT .= " --dport $port" if ($proto =~ m/^tcp|udp$/ && $port =~ m/^\d+$/); + $OUT .= " -m multiport --dports $port" if ($proto =~ m/^tcp|udp$/ && $port =~ m/^\d+(,\d+)*$/); $OUT .= " -j denylog\n" $OUT .= " /sbin/iptables --append \$NEW_Fail2Ban" . " -j RETURN\n"; diff --git a/root/sbin/e-smith/smeserver-fail2ban b/root/sbin/e-smith/smeserver-fail2ban index cca134e..b9d77a7 100644 --- a/root/sbin/e-smith/smeserver-fail2ban +++ b/root/sbin/e-smith/smeserver-fail2ban @@ -26,17 +26,19 @@ EOF # Check if port is valid sub is_valid_port($){ - my $port = shift; + my $ports = shift; my $ret = 0; - if ($port =~ m/^(\d+)[\-:](\d+)$/){ - $ret = 1 if ($1 >= 0 && - $1 < 65636 && - $2 >= 0 && - $2 < 65636); - } - else{ - $ret = 1 if ($port > 0 && - $port < 65636); + foreach my $port (split /,/, $ports){ + if ($port =~ m/^(\d+):(\d+)$/){ + $ret = 1 if ($1 >= 0 && + $1 < 65636 && + $2 >= 0 && + $2 < 65636); + } + else{ + $ret = 1 if ($port > 0 && + $port < 65636); + } } return $ret; } @@ -65,7 +67,7 @@ GetOptions( "host=s" => \$opts{host}, "unban" => \$opts{unban}, "protocol=s" => \$opts{proto}, - "port=i" => \$opts{port} + "port=s" => \$opts{port} ); # special "undef" value for port and proto