Use multiport iptables module to support several ports in one rule

tags/0.0.1
Daniel Berteaud 12 years ago
parent d373fabde8
commit 4df9a2848c
  1. 2
      root/etc/e-smith/templates/etc/rc.d/init.d/masq/90adjustFail2Ban
  2. 8
      root/sbin/e-smith/smeserver-fail2ban

@ -14,7 +14,7 @@ EOF
my $port = $ban->prop('Port') || ''; my $port = $ban->prop('Port') || '';
$OUT .= " /sbin/iptables --append \$NEW_Fail2Ban -s $ip"; $OUT .= " /sbin/iptables --append \$NEW_Fail2Ban -s $ip";
$OUT .= " -p $proto" if ($proto =~ m/^tcp|udp|icmp$/); $OUT .= " -p $proto" if ($proto =~ m/^tcp|udp|icmp$/);
$OUT .= " --dport $port" if ($proto =~ m/^tcp|udp$/ && $port =~ m/^\d+$/); $OUT .= " -m multiport --dports $port" if ($proto =~ m/^tcp|udp$/ && $port =~ m/^\d+(,\d+)*$/);
$OUT .= " -j denylog\n" $OUT .= " -j denylog\n"
$OUT .= " /sbin/iptables --append \$NEW_Fail2Ban" . $OUT .= " /sbin/iptables --append \$NEW_Fail2Ban" .
" -j RETURN\n"; " -j RETURN\n";

@ -26,9 +26,10 @@ EOF
# Check if port is valid # Check if port is valid
sub is_valid_port($){ sub is_valid_port($){
my $port = shift; my $ports = shift;
my $ret = 0; my $ret = 0;
if ($port =~ m/^(\d+)[\-:](\d+)$/){ foreach my $port (split /,/, $ports){
if ($port =~ m/^(\d+):(\d+)$/){
$ret = 1 if ($1 >= 0 && $ret = 1 if ($1 >= 0 &&
$1 < 65636 && $1 < 65636 &&
$2 >= 0 && $2 >= 0 &&
@ -38,6 +39,7 @@ sub is_valid_port($){
$ret = 1 if ($port > 0 && $ret = 1 if ($port > 0 &&
$port < 65636); $port < 65636);
} }
}
return $ret; return $ret;
} }
@ -65,7 +67,7 @@ GetOptions(
"host=s" => \$opts{host}, "host=s" => \$opts{host},
"unban" => \$opts{unban}, "unban" => \$opts{unban},
"protocol=s" => \$opts{proto}, "protocol=s" => \$opts{proto},
"port=i" => \$opts{port} "port=s" => \$opts{port}
); );
# special "undef" value for port and proto # special "undef" value for port and proto

Loading…
Cancel
Save