Add proto and port support in masq templates

tags/0.0.1
Daniel Berteaud 12 years ago
parent a99711dd02
commit bc6518ba96
  1. 18
      root/etc/e-smith/templates/etc/rc.d/init.d/masq/90adjustFail2Ban

@ -7,12 +7,18 @@
/sbin/iptables --new-chain $NEW_Fail2Ban /sbin/iptables --new-chain $NEW_Fail2Ban
EOF EOF
foreach my $ban ( $f2bdb->get_all_by_prop(type=>('ban')) ){ if ( ($fail2ban{'status'} || 'disabled') eq 'enabled' ){
$OUT .= " /sbin/iptables --append \$NEW_Fail2Ban" . foreach my $ban ( $f2bdb->get_all_by_prop(type=>('ban')) ){
" -s " . $ban->key . " -j denylog\n" my $ip = $ban->prop('Host');
if ( ($fail2ban{'status'} || 'disabled') eq 'enabled' ); my $proto = $ban->prop('Protocol') || '';
$OUT .= " /sbin/iptables --append \$NEW_Fail2Ban" . my $port = $ban->prop('Port') || '';
" -j RETURN\n"; $OUT .= " /sbin/iptables --append \$NEW_Fail2Ban -s $ip";
$OUT .= " -p $proto" if ($proto =~ m/^tcp|udp|icmp$/);
$OUT .= " --dport $port" if ($proto =~ m/^tcp|udp$/ && $port =~ m/^\d+$/);
$OUT .= " -j denylog\n"
$OUT .= " /sbin/iptables --append \$NEW_Fail2Ban" .
" -j RETURN\n";
}
} }
# Having created a new Fail2Ban chain, activate it and destroy the old. # Having created a new Fail2Ban chain, activate it and destroy the old.

Loading…
Cancel
Save