github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity

RF: make fail2ban-46 accept any two commands to dispatch + --help, etc

_tent/ipv6_adapter_cmd
Yaroslav Halchenko 2012-11-08 21:40:11 -05:00
parent 3b16ec3dee
commit 2715bda1d7
1 changed files with 30 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
fail2ban-46
View File

@ -17,34 +17,33 @@
# You should have received a copy of the GNU General Public License # You should have received a copy of the GNU General Public License
# along with Fail2Ban; if not, write to the Free Software # along with Fail2Ban; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
#
# Wrapper to dispatch different commands depending of the IP address
# Iptable wrapper, call the right iptables depending of the ip proposed # space present in the command line.
#
# Author: Paul J Aka "Thanat0s" # Author: Paul J Aka "Thanat0s"
import sys, re, subprocess import sys
import re, subprocess
IPTABLES='/sbin/iptables'
IP6TABLES='/sbin/ip6tables'
# Main procedure # Main procedure
def main(argv): def main(cmd4, cmd6, argv):
pline = " ".join(argv) pline = " ".join(argv)
regv4 = re.compile('([0-9]{1,3}\.){3}[0-9]{1,3}') regv4 = re.compile('([0-9]{1,3}\.){3}[0-9]{1,3}')
if regv4.search(pline): if regv4.search(pline):
# we are facing to an ipv4 # we are facing to an ipv4
ret = subprocess.call([IPTABLES] + argv) ret = subprocess.call([cmd4] + argv)
sys.exit(ret) sys.exit(ret)
else: else:
# if not, maybe it's an ipv6 # if not, maybe it's an ipv6
regv6 = re.compile('::[A-Fa-f0-9]{1,4}|(:[A-Fa-f0-9]{1,4}){2,}') regv6 = re.compile('::[A-Fa-f0-9]{1,4}|(:[A-Fa-f0-9]{1,4}){2,}')
if regv6.search(pline): if regv6.search(pline):
ret6 = subprocess.call([IP6TABLES] + argv) ret6 = subprocess.call([cmd6] + argv)
sys.exit(ret6) sys.exit(ret6)
else: else:
# if it's not an ipv6 either, we call both iptables # if it's not an ipv6 either, we call both
proc = subprocess.Popen([IPTABLES] + argv) proc = subprocess.Popen([cmd4] + argv)
proc6 = subprocess.Popen([IP6TABLES] + argv) proc6 = subprocess.Popen([cmd6] + argv)
# Splitting the Popen and wait() calls lets us run them in # Splitting the Popen and wait() calls lets us run them in
# parallel, rather than one after the other # parallel, rather than one after the other
@ -54,6 +53,23 @@ def main(argv):
# return worst error code # return worst error code
sys.exit(max(ret, ret6)) sys.exit(max(ret, ret6))
def dispUsage(exit_code=None):
print """Usage: %s ipv4_command ipv6_command [options]
Fail2Ban's ipv4/ipv6 dispatcher would call ipv4_command if detects an
IPv4 address among options, and ipv6_command if an IPv6. If none --
it would call both ipv4_command and ipv6_command.
[options] are passed to each corresponding ipv*_command call.
""" % argv[0]
if exit_code is not None:
sys.exit(exit_code)
# Main call, pass all variables # Main call, pass all variables
if __name__ == "__main__": if __name__ == "__main__":
main(sys.argv[1:]) argv = sys.argv
if len(argv)>1 and argv[1] in ('-h', '--help'):
dispUsage(0)
if len(argv) < 3:
dispUsage(1)
main(argv[1], argv[2], argv[3:])