- Added permanent banning feature

git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@222 a942ae1a-1317-0410-a47c-b1dcaea8d605
2005-12-16 23:48:52 +00:00 · 2005-12-16 23:48:52 +00:00 · 15806fc3da
parent 716e0840fc
commit 15806fc3da
2 changed files with 12 additions and 3 deletions
--- a/config/fail2ban.conf.default
+++ b/config/fail2ban.conf.default
@ -48,7 +48,8 @@ pidlock = /var/run/fail2ban.pid
 maxfailures = 5

 # Option:  bantime
-# Notes.:  number of seconds an IP will be banned.
+# Notes.:  number of seconds an IP will be banned. If set to a negative
+#          value, IP will never be unbanned (permanent banning).
 # Values:  NUM  Default:  600
 #
 bantime = 600
--- a/firewall/firewall.py
+++ b/firewall/firewall.py
@ -86,7 +86,11 @@ class Firewall:
 		ip = aInfo["ip"]
 		if not self.inBanList(ip):
 			crtTime = time.time()
-			logSys.warn("%s: Ban "%self.section + ip)
+			if self.banTime < 0:
+				banMsg = "Ban (permanent)"
+			else:
+				banMsg = "Ban (%d s)"%self.banTime
+			logSys.warn("%s: %s "%(self.section, banMsg) + ip)
 			self.banList[ip] = crtTime
 			aInfo["bantime"] = crtTime
 			self.runCheck(debug)
@ -138,8 +142,12 @@ class Firewall:
 			return None

 	def checkForUnBan(self, debug):
-		""" Check for IP to remove from ban list.
+		""" Check for IP to remove from ban list. If banTime is smaller than
+			zero, IP will be never removed.
 		"""
+		if self.banTime < 0:
+			# Permanent banning
+			return
 		banListTemp = self.banList.copy()
 		for element in banListTemp.iteritems():
 			btime = element[1]