From 93dbf609fa3dd879c81cfddccc252651e8de441c Mon Sep 17 00:00:00 2001 From: Yaroslav Halchenko Date: Fri, 14 Oct 2005 16:30:20 +0000 Subject: [PATCH] fix #2 to Cyril and mine fixes: I had to bring ExternalError exception into Firewall because of the loop in flushBanList. Also provided naming of Firewalls --- fail2ban.py | 14 +++++--------- firewall/firewall.py | 44 +++++++++++++++++++++++++++++++------------- 2 files changed, 36 insertions(+), 22 deletions(-) diff --git a/fail2ban.py b/fail2ban.py index 3c4a611f..fa8a5cb5 100755 --- a/fail2ban.py +++ b/fail2ban.py @@ -112,16 +112,10 @@ def restoreFwRules(): """ Flush the ban list """ logSys.warn("Restoring firewall rules...") - for element in logFwList: - # Execute end command of each section - try: - element[2].restore(conf["debug"]) - except ExternalError: - # nothing bad really - we can survive :-) - # but it has to be a separate exception handler - # for each section, so we don't miss anything - pass try: + for element in logFwList: + # Execute end command of each section + element[2].restore(conf["debug"]) # Execute global end command executeCmd(conf["cmdend"], conf["debug"]) except ExternalError: @@ -399,6 +393,8 @@ def main(): # Creates a firewall object fObj = Firewall(l["fwstart"], l["fwend"], l["fwban"], l["fwunban"], l["fwcheck"], l["bantime"]) + # "Name" the firewall + fObj.setSection(t) # Links them into a list. I'm not really happy # with this :/ logFwList.append([t, lObj, fObj, dict()]) diff --git a/firewall/firewall.py b/firewall/firewall.py index 2b50fbe7..37f419e4 100644 --- a/firewall/firewall.py +++ b/firewall/firewall.py @@ -27,6 +27,10 @@ __license__ = "GPL" import time, os, logging, re from utils.process import executeCmd +# unfortunately but I have to bring ExternalError in especially +# for flushBanList: if one of IPs got flushed manually outside or something, +# we might endup with not "full" flush unless we handle exception within the loop +from utils.process import ExternalError from utils.strings import replaceTag # Gets the instance of the logger. @@ -46,42 +50,51 @@ class Firewall: self.endRule = endRule self.banTime = banTime self.banList = dict() - + self.section = "" + + def setSection(self, section): + """ Set optional section name for clarify of logging + """ + self.section = section + def initialize(self, debug): - logSys.debug("Initialize firewall rules") + logSys.debug("%s: Initialize firewall rules"%self.section) executeCmd(self.startRule, debug) def restore(self, debug): - logSys.debug("Restore firewall rules") - flushBanList(debug) - executeCmd(self.endRule, debug) - + logSys.debug("%s: Restore firewall rules"%self.section) + try: + self.flushBanList(debug) + executeCmd(self.endRule, debug) + except ExternalError: + pass + def addBanIP(self, aInfo, debug): """ Bans an IP. """ ip = aInfo["ip"] if not self.inBanList(ip): crtTime = time.time() - logSys.warn("Ban " + ip) + logSys.warn("%s: Ban "%self.section + ip) self.banList[ip] = crtTime aInfo["bantime"] = crtTime self.runCheck(debug) executeCmd(self.banIP(aInfo), debug) else: self.runCheck(debug) - logSys.error(ip+" already in ban list") + logSys.error("%s: "%self.section+ip+" already in ban list") def delBanIP(self, aInfo, debug): """ Unban an IP. """ ip = aInfo["ip"] if self.inBanList(ip): - logSys.warn("Unban " + ip) + logSys.warn("%s: Unban "%self.section + ip) del self.banList[ip] self.runCheck(debug) executeCmd(self.unBanIP(aInfo), debug) else: - logSys.error(ip+" not in ban list") + logSys.error("%s: "%self.section+ip+" not in ban list") def reBan(self, debug): """ Re-Bans known IPs. @@ -90,7 +103,7 @@ class Firewall: for ip in self.banList: aInfo = {"ip": ip, "bantime": self.banList[ip]} - logSys.warn("ReBan " + ip) + logSys.warn("%s: ReBan "%self.section + ip) # next piece is similar to the on in addBanIp # so might be one more function will not hurt self.runCheck(debug) @@ -128,8 +141,13 @@ class Firewall: aInfo = {"ip": element[0], "bantime": element[1], "unbantime": time.time()} - self.delBanIP(aInfo, debug) - + try: + self.delBanIP(aInfo, debug) + except ExternalError: + # we must let it fail here in the loop, or we don't + # flush properly + pass + def banIP(self, aInfo): """ Returns query to ban IP. """