MRG: from master to 0.9 2014-02-20

2014-02-20 08:35:24 +11:00 · 2014-02-20 08:35:24 +11:00 · a044517cb7
parent 1276e4d170 a90be951e9
commit a044517cb7
6 changed files with 16 additions and 8 deletions
--- a/.travis.yml
+++ b/.travis.yml
@ -12,7 +12,7 @@ before_install:
 install:
  - pip install pyinotify
  - if [[ $TRAVIS_PYTHON_VERSION == 2.7 ]]; then sudo apt-get install -qq python-gamin; cp /usr/share/pyshared/gamin.py /usr/lib/pyshared/python2.7/_gamin.so $VIRTUAL_ENV/lib/python2.7/site-packages/; fi
-  - if [[ $TRAVIS_PYTHON_VERSION == 2.7 ]]; then pip install -q coveralls; fi
+  - if [[ $TRAVIS_PYTHON_VERSION == 2.7 ]]; then cd ..; pip install -q coveralls; cd -; fi
 script:
  - if [[ $TRAVIS_PYTHON_VERSION == 2.7 ]]; then coverage run --rcfile=.travis_coveragerc setup.py test; else python setup.py test; fi
 after_success:
--- a/1
+++ b/1
@ -99,5 +99,6 @@ Yaroslav Halchenko
 Winston Smith
 ykimon
 Yehuda Katz
+Zbigniew Jędrzejewski-Szmek
 zugeschmiert
 Zurd
--- a/config/action.d/iptables-xt_recent-echo.conf
+++ b/config/action.d/iptables-xt_recent-echo.conf
@ -33,13 +33,14 @@ before = iptables-blocktype.conf
 #    own rules. The 3600 second timeout is independent and acts as a
 #    safeguard in case the fail2ban process dies unexpectedly. The
 #    shorter of the two timeouts actually matters.
-actionstart = iptables -I INPUT -m recent --update --seconds 3600 --name f2b-<name> -j <blocktype>
+actionstart = if [ `id -u` -eq 0 ];then iptables -I INPUT -m recent --update --seconds 3600 --name f2b-<name> -j <blocktype>;fi

 # Option:  actionstop
 # Notes.:  command executed once at the end of Fail2Ban
 # Values:  CMD
 #
 actionstop = echo / > /proc/net/xt_recent/f2b-<name>
+             if [ `id -u` -eq 0 ];then iptables -D INPUT -m recent --update --seconds 3600 --name f2b-<name> -j <blocktype>;fi

 # Option:  actioncheck
 # Notes.:  command executed once before each actionban command
--- a/doc/run-rootless.txt
+++ b/doc/run-rootless.txt
@ -74,12 +74,6 @@ further configuration. To run not as root, further setup is necessary:

    with <name> suitably replaced.

-  - suppress actionstart for iptables-xt_recent-echo action by creating an override file
-    iptables-xt_recent-echo.local to accompany iptables-xt_recent-echo.conf with
-
-     [Definition]
-     actionstart =
-
 - Permissions:

  make sure that configuration files under /etc/fail2ban are readable by
--- a/fail2ban/server/filter.py
+++ b/fail2ban/server/filter.py
@ -357,6 +357,9 @@ class Filter(JailThread):
 			# IP address without CIDR mask
 			if len(s) == 1:
 				s.insert(1, '32')
+			elif "." in s[1]: # 255.255.255.0 style mask
+				s[1] = len(re.search(
+					"(?<=b)1+", bin(DNSUtils.addr2bin(s[1]))).group())
 			s[1] = long(s[1])
 			try:
 				a = DNSUtils.cidr(s[0], s[1])
--- a/fail2ban/tests/filtertestcase.py
+++ b/fail2ban/tests/filtertestcase.py
@ -236,6 +236,15 @@ class IgnoreIP(LogCaptureTestCase):
 		self.assertFalse(self.filter.inIgnoreIPList('192.168.1.255'))
 		self.assertFalse(self.filter.inIgnoreIPList('192.168.0.255'))

+	def testIgnoreIPMask(self):
+		self.filter.addIgnoreIP('192.168.1.0/255.255.255.128')
+		self.assertTrue(self.filter.inIgnoreIPList('192.168.1.0'))
+		self.assertTrue(self.filter.inIgnoreIPList('192.168.1.1'))
+		self.assertTrue(self.filter.inIgnoreIPList('192.168.1.127'))
+		self.assertFalse(self.filter.inIgnoreIPList('192.168.1.128'))
+		self.assertFalse(self.filter.inIgnoreIPList('192.168.1.255'))
+		self.assertFalse(self.filter.inIgnoreIPList('192.168.0.255'))
+
 	def testIgnoreInProcessLine(self):
 		setUpMyTime()
 		self.filter.addIgnoreIP('192.168.1.0/25')