Add proto and port support in masq templates

tags/0.0.1
Daniel Berteaud 12 years ago
parent a99711dd02
commit bc6518ba96
  1. 12
      root/etc/e-smith/templates/etc/rc.d/init.d/masq/90adjustFail2Ban

@ -7,13 +7,19 @@
/sbin/iptables --new-chain $NEW_Fail2Ban /sbin/iptables --new-chain $NEW_Fail2Ban
EOF EOF
if ( ($fail2ban{'status'} || 'disabled') eq 'enabled' ){
foreach my $ban ( $f2bdb->get_all_by_prop(type=>('ban')) ){ foreach my $ban ( $f2bdb->get_all_by_prop(type=>('ban')) ){
$OUT .= " /sbin/iptables --append \$NEW_Fail2Ban" . my $ip = $ban->prop('Host');
" -s " . $ban->key . " -j denylog\n" my $proto = $ban->prop('Protocol') || '';
if ( ($fail2ban{'status'} || 'disabled') eq 'enabled' ); my $port = $ban->prop('Port') || '';
$OUT .= " /sbin/iptables --append \$NEW_Fail2Ban -s $ip";
$OUT .= " -p $proto" if ($proto =~ m/^tcp|udp|icmp$/);
$OUT .= " --dport $port" if ($proto =~ m/^tcp|udp$/ && $port =~ m/^\d+$/);
$OUT .= " -j denylog\n"
$OUT .= " /sbin/iptables --append \$NEW_Fail2Ban" . $OUT .= " /sbin/iptables --append \$NEW_Fail2Ban" .
" -j RETURN\n"; " -j RETURN\n";
} }
}
# Having created a new Fail2Ban chain, activate it and destroy the old. # Having created a new Fail2Ban chain, activate it and destroy the old.
$OUT .=<<'EOF'; $OUT .=<<'EOF';

Loading…
Cancel
Save