Fixed fail2ban-iptables.

2012-11-08 11:08:14 +00:00 · 2012-11-08 11:08:14 +00:00 · af2a312222
parent bad7e1428d
commit af2a312222
1 changed files with 30 additions and 30 deletions
--- a/60
+++ b/60
@ -21,39 +21,39 @@
 import sys, re, subprocess
-# Try to avoid any shell injections
+IPTABLES='/sbin/iptables'
-def noinject(str):
+IP6TABLES='/sbin/ip6tables'
 	for banned_chr in "`&;|":
 		if banned_chr in str: 
 			print "I don't like some chars in your iptables syntax"
 			sys.exit(2)                  
 	return True
 # Main procedure
 def main(argv):
- regv4 = re.compile('([0-9]{1,3}\.){3}[0-9]{1,3}')
+    pline = " ".join(argv)
- if regv4.search(argv):   
+    regv4 = re.compile('([0-9]{1,3}\.){3}[0-9]{1,3}')
-    # we are facing to a ipv4
+    if regv4.search(pline):   
-    ret = subprocess.call(["iptables", argv])
+        # we are facing to a ipv4
-    sys.exit(ret)                  
+        ret = subprocess.call([IPTABLES] + argv)
- else:
+        sys.exit(ret)                  
    # if not, maybe it's a ipv6
    regv6 = re.compile('::[A-Fa-f0-9]{1,4}|(:[A-Fa-f0-9]{1,4}){2,}')
    if regv6.search(argv):
       ret6 = subprocess.call(["ip6tables", argv])
       sys.exit(ret6)                  
    else:
-       # if it's not a ipv6 either, we call both iptables
+        # if not, maybe it's a ipv6
-       ret = subprocess.call(["iptables", argv])
+        regv6 = re.compile('::[A-Fa-f0-9]{1,4}|(:[A-Fa-f0-9]{1,4}){2,}')
-       ret6 = subprocess.call(["ip6tables", argv])
+        if regv6.search(pline):
-       # return worst error code  
+            ret6 = subprocess.call([IP6TABLES] + argv)
-       if ret > ret6:
+            sys.exit(ret6)
-	  sys.exit(ret)
+        else:
-       else:
+            # if it's not a ipv6 either, we call both iptables
-          sys.exit(ret6)
+            proc = subprocess.Popen([IPTABLES] + argv)
-	
+            proc6 = subprocess.Popen([IP6TABLES] + argv)
            # Splitting the Popen and wait() calls lets us run them in
            # parallel, rather than one after the other
            ret = proc.wait()
            ret6 = proc6.wait()
            # return worst error code
            if ret > ret6:
                sys.exit(ret)
            else:
                sys.exit(ret6)
 # Main call, pass all variables
 if __name__ == "__main__":
-	pline = " ".join(sys.argv[1:])
+    main(sys.argv[1:])
 	if noinject(pline):
 		main(pline)