From 33c2059d1d8e6a3617e4f30f8a5f6f694dd720e4 Mon Sep 17 00:00:00 2001
From: Th4nat0s <thanspam@trollprod.org>
Date: Sun, 17 Jun 2012 00:50:17 +0200
Subject: [PATCH] ip validation and reconfiguration of iptables actions

---
 config/action.d/iptables-allports.conf      | 23 +++++++--------
 config/action.d/iptables-multiport-log.conf | 31 +++++++++++----------
 config/action.d/iptables-multiport.conf     | 21 +++++++-------
 config/action.d/iptables-new.conf           | 23 +++++++--------
 config/action.d/iptables.conf               | 21 +++++++-------
 server/filter.py                            | 18 +++++++++---
 6 files changed, 76 insertions(+), 61 deletions(-)

diff --git a/config/action.d/iptables-allports.conf b/config/action.d/iptables-allports.conf
index 1cc2daba..51dc8a5d 100644
--- a/config/action.d/iptables-allports.conf
+++ b/config/action.d/iptables-allports.conf
@@ -2,7 +2,8 @@
 #
 # Author: Cyril Jaquier
 # Modified: Yaroslav O. Halchenko <debian@onerussian.com>
-# 			made active on all ports from original iptables.conf
+# 			made active on all ports from original fail2ban-iptables.conf
+# Modified by Paul J aka Thanat0s for ipv6 support
 #
 # $Revision$
 #
@@ -13,23 +14,23 @@
 # Notes.:  command executed once at the start of Fail2Ban.
 # Values:  CMD
 #
-actionstart = iptables -N fail2ban-<name>
-              iptables -A fail2ban-<name> -j RETURN
-              iptables -I <chain> -p <protocol> -j fail2ban-<name>
+actionstart = fail2ban-iptables -N fail2ban-<name>
+              fail2ban-iptables -A fail2ban-<name> -j RETURN
+              fail2ban-iptables -I <chain> -p <protocol> -j fail2ban-<name>
 
 # Option:  actionstop
 # Notes.:  command executed once at the end of Fail2Ban
 # Values:  CMD
 #
-actionstop = iptables -D <chain> -p <protocol> -j fail2ban-<name>
-             iptables -F fail2ban-<name>
-             iptables -X fail2ban-<name>
+actionstop = fail2ban-iptables -D <chain> -p <protocol> -j fail2ban-<name>
+             fail2ban-iptables -F fail2ban-<name>
+             fail2ban-iptables -X fail2ban-<name>
 
 # Option:  actioncheck
 # Notes.:  command executed once before each actionban command
 # Values:  CMD
 #
-actioncheck = iptables -n -L <chain> | grep -q fail2ban-<name>
+actioncheck = fail2ban-iptables -n -L <chain> | grep -q fail2ban-<name>
 
 # Option:  actionban
 # Notes.:  command executed when banning an IP. Take care that the
@@ -39,7 +40,7 @@ actioncheck = iptables -n -L <chain> | grep -q fail2ban-<name>
 #          <time>  unix timestamp of the ban time
 # Values:  CMD
 #
-actionban = iptables -I fail2ban-<name> 1 -s <ip> -j DROP
+actionban = fail2ban-iptables -I fail2ban-<name> 1 -s <ip> -j DROP
 
 # Option:  actionunban
 # Notes.:  command executed when unbanning an IP. Take care that the
@@ -49,7 +50,7 @@ actionban = iptables -I fail2ban-<name> 1 -s <ip> -j DROP
 #          <time>  unix timestamp of the ban time
 # Values:  CMD
 #
-actionunban = iptables -D fail2ban-<name> -s <ip> -j DROP
+actionunban = fail2ban-iptables -D fail2ban-<name> -s <ip> -j DROP
 
 [Init]
 
@@ -64,7 +65,7 @@ name = default
 protocol = tcp
 
 # Option:  chain
-# Notes    specifies the iptables chain to which the fail2ban rules should be
+# Notes    specifies the fail2ban-iptables chain to which the fail2ban rules should be
 #          added
 # Values:  STRING  Default: INPUT
 chain = INPUT
diff --git a/config/action.d/iptables-multiport-log.conf b/config/action.d/iptables-multiport-log.conf
index 9cdc4bab..bd63b388 100644
--- a/config/action.d/iptables-multiport-log.conf
+++ b/config/action.d/iptables-multiport-log.conf
@@ -2,6 +2,7 @@
 #
 # Author: Guido Bozzetto
 # Modified: Cyril Jaquier
+# Modified by Paul J aka Thanat0s for ipv6 support
 #
 # make "fail2ban-<name>" chain to match drop IP
 # make "fail2ban-<name>-log" chain to log and drop
@@ -16,28 +17,28 @@
 # Notes.:  command executed once at the start of Fail2Ban.
 # Values:  CMD
 #
-actionstart = iptables -N fail2ban-<name>
-              iptables -A fail2ban-<name> -j RETURN
-              iptables -I <chain> 1 -p <protocol> -m multiport --dports <port> -j fail2ban-<name>
-              iptables -N fail2ban-<name>-log
-              iptables -I fail2ban-<name>-log -j LOG --log-prefix "$(expr fail2ban-<name> : '\(.\{1,23\}\)'):DROP " --log-level warning -m limit --limit 6/m --limit-burst 2
-              iptables -A fail2ban-<name>-log -j DROP
+actionstart = fail2ban-iptables -N fail2ban-<name>
+              fail2ban-iptables -A fail2ban-<name> -j RETURN
+              fail2ban-iptables -I <chain> 1 -p <protocol> -m multiport --dports <port> -j fail2ban-<name>
+              fail2ban-iptables -N fail2ban-<name>-log
+              fail2ban-iptables -I fail2ban-<name>-log -j LOG --log-prefix "$(expr fail2ban-<name> : '\(.\{1,23\}\)'):DROP " --log-level warning -m limit --limit 6/m --limit-burst 2
+              fail2ban-iptables -A fail2ban-<name>-log -j DROP
 
 # Option:  actionstop
 # Notes.:  command executed once at the end of Fail2Ban
 # Values:  CMD
 #
-actionstop = iptables -D <chain> -p <protocol> -m multiport --dports <port> -j fail2ban-<name>
-             iptables -F fail2ban-<name>
-             iptables -F fail2ban-<name>-log
-             iptables -X fail2ban-<name>
-             iptables -X fail2ban-<name>-log
+actionstop = fail2ban-iptables -D <chain> -p <protocol> -m multiport --dports <port> -j fail2ban-<name>
+             fail2ban-iptables -F fail2ban-<name>
+             fail2ban-iptables -F fail2ban-<name>-log
+             fail2ban-iptables -X fail2ban-<name>
+             fail2ban-iptables -X fail2ban-<name>-log
 
 # Option:  actioncheck
 # Notes.:  command executed once before each actionban command
 # Values:  CMD
 #
-actioncheck = iptables -n -L fail2ban-<name>-log >/dev/null
+actioncheck = fail2ban-iptables -n -L fail2ban-<name>-log >/dev/null
 
 # Option:  actionban
 # Notes.:  command executed when banning an IP. Take care that the
@@ -47,7 +48,7 @@ actioncheck = iptables -n -L fail2ban-<name>-log >/dev/null
 #          <time>  unix timestamp of the ban time
 # Values:  CMD
 #
-actionban = iptables -I fail2ban-<name> 1 -s <ip> -j fail2ban-<name>-log
+actionban = fail2ban-iptables -I fail2ban-<name> 1 -s <ip> -j fail2ban-<name>-log
 
 # Option:  actionunban
 # Notes.:  command executed when unbanning an IP. Take care that the
@@ -57,7 +58,7 @@ actionban = iptables -I fail2ban-<name> 1 -s <ip> -j fail2ban-<name>-log
 #          <time>  unix timestamp of the ban time
 # Values:  CMD
 #
-actionunban = iptables -D fail2ban-<name> -s <ip> -j fail2ban-<name>-log
+actionunban = fail2ban-iptables -D fail2ban-<name> -s <ip> -j fail2ban-<name>-log
 
 [Init]
 
@@ -78,7 +79,7 @@ port = ssh
 protocol = tcp
 
 # Option:  chain
-# Notes    specifies the iptables chain to which the fail2ban rules should be
+# Notes    specifies the fail2ban-iptables chain to which the fail2ban rules should be
 #          added
 # Values:  STRING  Default: INPUT
 chain = INPUT
diff --git a/config/action.d/iptables-multiport.conf b/config/action.d/iptables-multiport.conf
index ad554f5c..65c3a7f5 100644
--- a/config/action.d/iptables-multiport.conf
+++ b/config/action.d/iptables-multiport.conf
@@ -2,6 +2,7 @@
 #
 # Author: Cyril Jaquier
 # Modified by Yaroslav Halchenko for multiport banning
+# Modified by Paul J aka Thanat0s for ipv6 support
 # $Revision$
 #
 
@@ -11,23 +12,23 @@
 # Notes.:  command executed once at the start of Fail2Ban.
 # Values:  CMD
 #
-actionstart = iptables -N fail2ban-<name>
-              iptables -A fail2ban-<name> -j RETURN
-              iptables -I <chain> -p <protocol> -m multiport --dports <port> -j fail2ban-<name>
+actionstart = fail2ban-iptables -N fail2ban-<name>
+              fail2ban-iptables -A fail2ban-<name> -j RETURN
+              fail2ban-iptables -I <chain> -p <protocol> -m multiport --dports <port> -j fail2ban-<name>
 
 # Option:  actionstop
 # Notes.:  command executed once at the end of Fail2Ban
 # Values:  CMD
 #
-actionstop = iptables -D <chain> -p <protocol> -m multiport --dports <port> -j fail2ban-<name>
-             iptables -F fail2ban-<name>
-             iptables -X fail2ban-<name>
+actionstop = fail2ban-iptables -D <chain> -p <protocol> -m multiport --dports <port> -j fail2ban-<name>
+             fail2ban-iptables -F fail2ban-<name>
+             fail2ban-iptables -X fail2ban-<name>
 
 # Option:  actioncheck
 # Notes.:  command executed once before each actionban command
 # Values:  CMD
 #
-actioncheck = iptables -n -L <chain> | grep -q fail2ban-<name>
+actioncheck = fail2ban-iptables -n -L <chain> | grep -q fail2ban-<name>
 
 # Option:  actionban
 # Notes.:  command executed when banning an IP. Take care that the
@@ -37,7 +38,7 @@ actioncheck = iptables -n -L <chain> | grep -q fail2ban-<name>
 #          <time>  unix timestamp of the ban time
 # Values:  CMD
 #
-actionban = iptables -I fail2ban-<name> 1 -s <ip> -j DROP
+actionban = fail2ban-iptables -I fail2ban-<name> 1 -s <ip> -j DROP
 
 # Option:  actionunban
 # Notes.:  command executed when unbanning an IP. Take care that the
@@ -47,7 +48,7 @@ actionban = iptables -I fail2ban-<name> 1 -s <ip> -j DROP
 #          <time>  unix timestamp of the ban time
 # Values:  CMD
 #
-actionunban = iptables -D fail2ban-<name> -s <ip> -j DROP
+actionunban = fail2ban-iptables -D fail2ban-<name> -s <ip> -j DROP
 
 [Init]
 
@@ -68,7 +69,7 @@ port = ssh
 protocol = tcp
 
 # Option:  chain
-# Notes    specifies the iptables chain to which the fail2ban rules should be
+# Notes    specifies the fail2ban-iptables chain to which the fail2ban rules should be
 #          added
 # Values:  STRING  Default: INPUT
 chain = INPUT
diff --git a/config/action.d/iptables-new.conf b/config/action.d/iptables-new.conf
index c249de2d..049ce719 100644
--- a/config/action.d/iptables-new.conf
+++ b/config/action.d/iptables-new.conf
@@ -1,8 +1,9 @@
 # Fail2Ban configuration file
 #
 # Author: Cyril Jaquier
-# Copied from iptables.conf and modified by Yaroslav Halchenko 
+# Copied from fail2ban-iptables.conf and modified by Yaroslav Halchenko 
 #  to fullfill the needs of bugreporter dbts#350746.
+# Modified by Paul J aka Thanat0s for ipv6 support
 #
 # $Revision$
 #
@@ -13,23 +14,23 @@
 # Notes.:  command executed once at the start of Fail2Ban.
 # Values:  CMD
 #
-actionstart = iptables -N fail2ban-<name>
-              iptables -A fail2ban-<name> -j RETURN
-              iptables -I <chain> -m state --state NEW -p <protocol> --dport <port> -j fail2ban-<name>
+actionstart = fail2ban-iptables -N fail2ban-<name>
+              fail2ban-iptables -A fail2ban-<name> -j RETURN
+              fail2ban-iptables -I <chain> -m state --state NEW -p <protocol> --dport <port> -j fail2ban-<name>
 
 # Option:  actionstop
 # Notes.:  command executed once at the end of Fail2Ban
 # Values:  CMD
 #
-actionstop = iptables -D <chain> -m state --state NEW -p <protocol> --dport <port> -j fail2ban-<name>
-             iptables -F fail2ban-<name>
-             iptables -X fail2ban-<name>
+actionstop = fail2ban-iptables -D <chain> -m state --state NEW -p <protocol> --dport <port> -j fail2ban-<name>
+             fail2ban-iptables -F fail2ban-<name>
+             fail2ban-iptables -X fail2ban-<name>
 
 # Option:  actioncheck
 # Notes.:  command executed once before each actionban command
 # Values:  CMD
 #
-actioncheck = iptables -n -L <chain> | grep -q fail2ban-<name>
+actioncheck = fail2ban-iptables -n -L <chain> | grep -q fail2ban-<name>
 
 # Option:  actionban
 # Notes.:  command executed when banning an IP. Take care that the
@@ -39,7 +40,7 @@ actioncheck = iptables -n -L <chain> | grep -q fail2ban-<name>
 #          <time>  unix timestamp of the ban time
 # Values:  CMD
 #
-actionban = iptables -I fail2ban-<name> 1 -s <ip> -j DROP
+actionban = fail2ban-iptables -I fail2ban-<name> 1 -s <ip> -j DROP
 
 # Option:  actionunban
 # Notes.:  command executed when unbanning an IP. Take care that the
@@ -49,7 +50,7 @@ actionban = iptables -I fail2ban-<name> 1 -s <ip> -j DROP
 #          <time>  unix timestamp of the ban time
 # Values:  CMD
 #
-actionunban = iptables -D fail2ban-<name> -s <ip> -j DROP
+actionunban = fail2ban-iptables -D fail2ban-<name> -s <ip> -j DROP
 
 [Init]
 
@@ -70,7 +71,7 @@ port = ssh
 protocol = tcp
 
 # Option:  chain
-# Notes    specifies the iptables chain to which the fail2ban rules should be
+# Notes    specifies the fail2ban-iptables chain to which the fail2ban rules should be
 #          added
 # Values:  STRING  Default: INPUT
 chain = INPUT
diff --git a/config/action.d/iptables.conf b/config/action.d/iptables.conf
index 09cfb98b..fffee7b8 100644
--- a/config/action.d/iptables.conf
+++ b/config/action.d/iptables.conf
@@ -1,6 +1,7 @@
 # Fail2Ban configuration file
 #
 # Author: Cyril Jaquier
+# Modified by Paul J aka Thanat0s for ipv6 support
 #
 # $Revision$
 #
@@ -11,23 +12,23 @@
 # Notes.:  command executed once at the start of Fail2Ban.
 # Values:  CMD
 #
-actionstart = iptables -N fail2ban-<name>
-              iptables -A fail2ban-<name> -j RETURN
-              iptables -I <chain> -p <protocol> --dport <port> -j fail2ban-<name>
+actionstart = fail2ban-iptables -N fail2ban-<name>
+              fail2ban-iptables -A fail2ban-<name> -j RETURN
+              fail2ban-iptables -I <chain> -p <protocol> --dport <port> -j fail2ban-<name>
 
 # Option:  actionstop
 # Notes.:  command executed once at the end of Fail2Ban
 # Values:  CMD
 #
-actionstop = iptables -D <chain> -p <protocol> --dport <port> -j fail2ban-<name>
-             iptables -F fail2ban-<name>
-             iptables -X fail2ban-<name>
+actionstop = fail2ban-iptables -D <chain> -p <protocol> --dport <port> -j fail2ban-<name>
+             fail2ban-iptables -F fail2ban-<name>
+             fail2ban-iptables -X fail2ban-<name>
 
 # Option:  actioncheck
 # Notes.:  command executed once before each actionban command
 # Values:  CMD
 #
-actioncheck = iptables -n -L <chain> | grep -q fail2ban-<name>
+actioncheck = fail2ban-iptables -n -L <chain> | grep -q fail2ban-<name>
 
 # Option:  actionban
 # Notes.:  command executed when banning an IP. Take care that the
@@ -37,7 +38,7 @@ actioncheck = iptables -n -L <chain> | grep -q fail2ban-<name>
 #          <time>  unix timestamp of the ban time
 # Values:  CMD
 #
-actionban = iptables -I fail2ban-<name> 1 -s <ip> -j DROP
+actionban = fail2ban-iptables -I fail2ban-<name> 1 -s <ip> -j DROP
 
 # Option:  actionunban
 # Notes.:  command executed when unbanning an IP. Take care that the
@@ -47,7 +48,7 @@ actionban = iptables -I fail2ban-<name> 1 -s <ip> -j DROP
 #          <time>  unix timestamp of the ban time
 # Values:  CMD
 #
-actionunban = iptables -D fail2ban-<name> -s <ip> -j DROP
+actionunban = fail2ban-iptables -D fail2ban-<name> -s <ip> -j DROP
 
 [Init]
 
@@ -68,7 +69,7 @@ port = ssh
 protocol = tcp
 
 # Option:  chain
-# Notes    specifies the iptables chain to which the fail2ban rules should be
+# Notes    specifies the fail2ban-iptables chain to which the fail2ban rules should be
 #          added
 # Values:  STRING  Default: INPUT
 chain = INPUT
diff --git a/server/filter.py b/server/filter.py
index 2e9a2bc9..d09c3844 100644
--- a/server/filter.py
+++ b/server/filter.py
@@ -582,10 +582,20 @@ class DNSUtils:
 	
 	#@staticmethod
 	def isValidIP(string):
-		""" Return true if str is a valid IP
-		We Consider that logfiles didn't make errors ;) 
-		"""
-		return True
+		# Return true if str is a valid IP
+            	s = string.split('/', 1)
+          	# try to convert to ipv4
+          	try:
+      			socket.inet_aton(s[0])
+      			return True
+    		except socket.error:
+    			# if it had failed try to convert ipv6
+    			try:  
+            			socket.inet_pton(socket.AF_INET6, s[0])
+          			return True
+        		except socket.error: 
+    				# not a valid address in both stacks
+          			return False
 	isValidIP = staticmethod(isValidIP)
 	
 	#@staticmethod