- Added "ipfw-start-rule" option (thanks to Robert Edeker)

- Added "enabled" option


git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@68 a942ae1a-1317-0410-a47c-b1dcaea8d605

fail2ban.py

@@ -206,6 +206,7 @@ if __name__ == "__main__":
 	conf["ignoreip"] = ''
 	conf["interface"] = "eth0"
 	conf["firewall"] = "iptables"
+	conf["ipfw-start-rule"] = 0
 	conf["polltime"] = 1
 	
 	# Reads the command line options.
@@ -312,6 +313,17 @@ if __name__ == "__main__":
 	except NoOptionError:
 		logSys.warn("firewall option not in config file")
 		logSys.warn("Using default value")
+	
+	# ipfw-start-rule
+	try:
+		conf["ipfw-start-rule"] = configParser.getint("DEFAULT",
+													"ipfw-start-rule")
+	except ValueError:
+		logSys.warn("ipfw-start-rule option should be an integer")
+		logSys.warn("Using default value")
+	except NoOptionError:
+		logSys.warn("ipfw-start-rule option not in config file")
+		logSys.warn("Using default value")
 
 	# polltime
 	try:
@@ -408,16 +420,22 @@ if __name__ == "__main__":
 	logList = list()
 	for t in confReader.getSections():
 		l = confReader.getLogOptions(t)
-		lObj = LogReader(logSys, l["logfile"], l["timeregex"],
+		if l["enabled"]:
-						l["timepattern"], l["failregex"], conf["bantime"])
+			lObj = LogReader(logSys, l["logfile"], l["timeregex"],
-		lObj.setName(t)
+							l["timepattern"], l["failregex"], conf["bantime"])
-		logList.append(lObj)
+			lObj.setName(t)
+			logList.append(lObj)
 	
 	# Creates one instance of Iptables (thanks to Pyhton dynamic
-	# features) and one of LogReader.
+	# features).
 	fireWallObj = eval(fireWallName)
 	fireWall = fireWallObj(conf["bantime"], logSys, conf["interface"])
 	
+	# IPFW needs rules number. The configuration option "ipfw-start-rule"
+	# defines the first rule number used by Fail2Ban.
+	if fireWallName == "Ipfw":
+		fireWall.setCrtRuleNbr(conf["ipfw-start-rule"])
+	
 	# We add 127.0.0.1 to the ignore list has we do not want
 	# to be ban ourself.
 	for element in logList: