Add the timestamp for unban action in the database
This commit is contained in:
parent
613b3220ef
commit
daa6416b13
|
@ -14,8 +14,8 @@ my $bantime = $f2b->prop('BanTime') || '1800';
|
|||
my $mod = 0;
|
||||
|
||||
foreach my $ban ($f->get_all_by_prop( type => 'ban')){
|
||||
my $ts = $ban->prop('Timestamp') || time;
|
||||
if ( ($ts + $bantime) < time ){
|
||||
my $ts = $ban->prop('UnbanTimestamp') || time+$bantime;
|
||||
if ( $ts < time ){
|
||||
$ban->delete;
|
||||
$mod = 1;
|
||||
}
|
||||
|
|
|
@ -6,20 +6,22 @@ use esmith::ConfigDB;
|
|||
use Getopt::Long;
|
||||
|
||||
our $f2bdb = esmith::ConfigDB->open('fail2ban');
|
||||
our $c = esmith::ConfigDB->open_ro;
|
||||
our %opts;
|
||||
|
||||
|
||||
sub usage(){
|
||||
print<<"EOF";
|
||||
|
||||
Usage: $0 --host=<ip> [--unban] [--protocol=tcp|udp|icmp|all] [--port=<port number>]
|
||||
Usage: $0 --host=<ip> [--unban] [--protocol=tcp|udp|icmp|all] [--port=<port number>] [--bantime]
|
||||
|
||||
* --host must specify a valid IPv4 adress in the form 10.11.12.13
|
||||
* --protocol can be used to specify the protocol to block. Only tcp, udp, icmp and all are valid (default is all)
|
||||
* --port can be used to specify the port to block. Only valid for tcp and udp. You can also specify a range
|
||||
of port like 10000:20000
|
||||
* --port can be used to specify the port(s) to block. Only valid for tcp and udp. You can also specify a range
|
||||
of port like 10000:20000. You can also specify several ports or range of port separated by a comma
|
||||
* if --unban is specified, the given host will be removed from the blacklist
|
||||
default is to add to the blacklist instead
|
||||
* --bantime can be used to specify how long the ban should be (in seconds)
|
||||
|
||||
EOF
|
||||
}
|
||||
|
@ -60,14 +62,19 @@ sub generate_uniq_id(){
|
|||
return $id;
|
||||
}
|
||||
|
||||
my $f2b = $c->get('fail2ban') ||
|
||||
die "fail2ban service not found in the configuration database\n"
|
||||
|
||||
# default is to ban a host
|
||||
$opts{unban} = '0';
|
||||
$opts{bantime} = $f2b->prop('BanTime') || '1800';
|
||||
|
||||
GetOptions(
|
||||
"host=s" => \$opts{host},
|
||||
"unban" => \$opts{unban},
|
||||
"protocol=s" => \$opts{proto},
|
||||
"port=s" => \$opts{port}
|
||||
"port=s" => \$opts{port},
|
||||
"bantime=i" => \$opts{bantime}
|
||||
);
|
||||
|
||||
# special "undef" value for port and proto
|
||||
|
@ -112,7 +119,9 @@ else{
|
|||
$f2bdb->set_prop($id, 'Port', $opts{port})
|
||||
if ($opts{port});
|
||||
# Set the current timestamp
|
||||
$f2bdb->set_prop($id, 'Timestamp', time());
|
||||
$f2bdb->set_prop($id, 'BanTimestamp', time());
|
||||
# Set the timestamp of the unban
|
||||
$f2bdb->set_prop($id, 'UnbanTimestamp', time()+$opts{bantime});
|
||||
}
|
||||
|
||||
die "An error occured while updating the firewall rules"
|
||||
|
|
Loading…
Reference in New Issue
Block a user