From 8cf614e2219c999564ce669c5ce0dc29364acb29 Mon Sep 17 00:00:00 2001 From: Yaroslav Halchenko Date: Wed, 23 Sep 2015 12:13:52 -0400 Subject: [PATCH] ENH: allow to split ignoreip by space and/or comma (Closes #1197) Way too many people ran into this gotcha, so lets just do it --- ChangeLog | 1 + config/jail.conf | 2 +- fail2ban/client/jailreader.py | 7 +++---- fail2ban/helpers.py | 10 ++++++++++ fail2ban/tests/misctestcase.py | 9 +++++++++ 5 files changed, 24 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index fea070ba..e2dbf69d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -25,6 +25,7 @@ ver. 0.9.4 (2015/XX/XXX) - wanna-be-released * Added new date pattern with year after day (e.g. Sun Jan 23 2005 21:59:59) http://bugs.debian.org/798923 * Added openSUSE path configuration (Thanks Johannes Weberhofer) + * Allow to split ignoreip entries by ',' as well as by ' ' (gh-1197) ver. 0.9.3 (2015/08/01) - lets-all-stay-friends ---------- diff --git a/config/jail.conf b/config/jail.conf index b6f13840..7500f4ff 100644 --- a/config/jail.conf +++ b/config/jail.conf @@ -46,7 +46,7 @@ before = paths-debian.conf # "ignoreip" can be an IP address, a CIDR mask or a DNS host. Fail2ban will not # ban a host which matches an address in this list. Several addresses can be -# defined using space separator. +# defined using space (and/or comma) separator. ignoreip = 127.0.0.1/8 # External command that will take an tagged arguments to ignore, e.g. , diff --git a/fail2ban/client/jailreader.py b/fail2ban/client/jailreader.py index 6d0fddfa..54ac59fa 100644 --- a/fail2ban/client/jailreader.py +++ b/fail2ban/client/jailreader.py @@ -33,6 +33,7 @@ from .configreader import ConfigReaderUnshared, ConfigReader from .filterreader import FilterReader from .actionreader import ActionReader from ..helpers import getLogger +from ..helpers import splitcommaspace # Gets the instance of the logger. logSys = getLogger(__name__) @@ -208,10 +209,8 @@ class JailReader(ConfigReader): elif opt == "maxretry": stream.append(["set", self.__name, "maxretry", self.__opts[opt]]) elif opt == "ignoreip": - for ip in self.__opts[opt].split(): - # Do not send a command if the rule is empty. - if ip != '': - stream.append(["set", self.__name, "addignoreip", ip]) + for ip in splitcommaspace(self.__opts[opt]): + stream.append(["set", self.__name, "addignoreip", ip]) elif opt == "findtime": stream.append(["set", self.__name, "findtime", self.__opts[opt]]) elif opt == "bantime": diff --git a/fail2ban/helpers.py b/fail2ban/helpers.py index f5c3163a..8e1b0e32 100644 --- a/fail2ban/helpers.py +++ b/fail2ban/helpers.py @@ -127,3 +127,13 @@ def excepthook(exctype, value, traceback): getLogger("fail2ban").critical( "Unhandled exception in Fail2Ban:", exc_info=True) return sys.__excepthook__(exctype, value, traceback) + +def splitcommaspace(s): + """Helper to split on any comma or space + + Returns empty list if input is empty (or None) and filters + out empty entries + """ + if not s: + return [] + return filter(bool, re.split('[ ,]', s)) diff --git a/fail2ban/tests/misctestcase.py b/fail2ban/tests/misctestcase.py index c95efa43..e28ce422 100644 --- a/fail2ban/tests/misctestcase.py +++ b/fail2ban/tests/misctestcase.py @@ -33,6 +33,7 @@ from glob import glob from StringIO import StringIO from ..helpers import formatExceptionInfo, mbasename, TraceBack, FormatterWithTraceBack, getLogger +from ..helpers import splitcommaspace from ..server.datetemplate import DatePatternRegex @@ -55,6 +56,14 @@ class HelpersTest(unittest.TestCase): # might be fragile due to ' vs " self.assertEqual(args, "('Very bad', None)") + def testsplitcommaspace(self): + self.assertEqual(splitcommaspace(None), []) + self.assertEqual(splitcommaspace(''), []) + self.assertEqual(splitcommaspace(' '), []) + self.assertEqual(splitcommaspace('1'), ['1']) + self.assertEqual(splitcommaspace(' 1 2 '), ['1', '2']) + self.assertEqual(splitcommaspace(' 1, 2 , '), ['1', '2']) + class SetupTest(unittest.TestCase):