conversion of iptable wrapper to python

config/action.d/iptables-multiport-46.conf

@@ -1,69 +0,0 @@
-# Fail2Ban configuration file
-#
-# Author: Cyril Jaquier
-# Modified by Yaroslav Halchenko for multiport banning
-# Modified by Paul Jung for calling wrapper in dual stack ipv6 and v4 banning
-#
-
-[Definition]
-
-# Option:  actionstart
-# Notes.:  command executed once at the start of Fail2Ban.
-# Values:  CMD
-#
-actionstart = fail2ban-iptwrp -N fail2ban-<name>
-              fail2ban-iptwrp -A fail2ban-<name> -j RETURN
-              fail2ban-iptwrp -I INPUT -p <protocol> -m multiport --dports <port> -j fail2ban-<name>
-
-# Option:  actionstop
-# Notes.:  command executed once at the end of Fail2Ban
-# Values:  CMD
-#
-actionstop = fail2ban-iptwrp -D INPUT -p <protocol> -m multiport --dports <port> -j fail2ban-<name>
-             fail2ban-iptwrp -F fail2ban-<name>
-             fail2ban-iptwrp -X fail2ban-<name>
-
-# Option:  actioncheck
-# Notes.:  command executed once before each actionban command
-# Values:  CMD
-#
-actioncheck = fail2ban-iptwrp -n -L INPUT | grep -q fail2ban-<name>
-
-# Option:  actionban
-# Notes.:  command executed when banning an IP. Take care that the
-#          command is executed with Fail2Ban user rights.
-# Tags:    <ip>  IP address
-#          <failures>  number of failures
-#          <time>  unix timestamp of the ban time
-# Values:  CMD
-#
-actionban = fail2ban-iptwrp -I fail2ban-<name> 1 -s <ip> -j DROP
-
-# Option:  actionunban
-# Notes.:  command executed when unbanning an IP. Take care that the
-#          command is executed with Fail2Ban user rights.
-# Tags:    <ip>  IP address
-#          <failures>  number of failures
-#          <time>  unix timestamp of the ban time
-# Values:  CMD
-#
-actionunban = fail2ban-iptwrp -D fail2ban-<name> -s <ip> -j DROP
-
-[Init]
-
-# Defaut name of the chain
-#
-name = default
-
-# Option:  port
-# Notes.:  specifies port to monitor
-# Values:  [ NUM | STRING ]  Default:
-#
-port = ssh
-
-# Option:  protocol
-# Notes.:  internally used by config reader for interpolations.
-# Values:  [ tcp | udp | icmp | all ] Default: tcp
-#
-protocol = tcp
-

fail2ban-iptables

@@ -0,0 +1,43 @@
+#!/usr/bin/python
+# This file is part of Fail2Ban.
+#
+# Fail2Ban is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# Fail2Ban is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Fail2Ban; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+
+
+# Iptable wrapper, call the right iptables depending of the ip proposed
+# Author: Paul J Aka "Thanat0s"
+
+import sys, re, subprocess
+
+def main(argv):
+ regv4 = re.compile('([0-9]{1,3}\.){3}[0-9]{1,3}')
+ if regv4.search(str(argv)):   
+    # we are facing to a ipv4
+    subprocess.call(["iptables", " ".join(argv)])
+    sys.exit                  
+ else:
+    # if not, maybe it's a ipv6
+    regv6 = re.compile('::[A-Fa-f0-9]{1,4}|(:[A-Fa-f0-9]{1,4}){2,}')
+    if regv6.search(str(argv)):
+       subprocess.call(["ip6tables", " ".join(argv)])
+       sys.exit                  
+    else:
+       # if it's not a ipv6 either, we call both iptables
+       subprocess.call(["iptables", " ".join(argv)])
+       subprocess.call(["ip6tables", " ".join(argv)])
+
+# Main call, pass all variables
+if __name__ == "__main__":
+    main(sys.argv[1:])

fail2ban-iptwrp

@@ -1,49 +0,0 @@
-#!/bin/sh
-
-# This file is part of Fail2Ban.
-#
-# Fail2Ban is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of the License, or
-# (at your option) any later version.
-#
-# Fail2Ban is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with Fail2Ban; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
-
-# Author: Paul Jung aka 'Thanat0s' 
-
-# IPTable WRaPper
-# This script will call iptable or ip6tables6 depending of the ip format
-
-LINE=$@
-
-# try to be simple, keep regexes 'approximatives'
-RESULT4=`echo $LINE | egrep -c -e "([0-9]{1,3}\.){3}[0-9]{1,3}"`
-RESULT6=`echo $LINE | egrep -c -e "(::[A-Fa-f0-9]{1,4}|(:[A-Fa-f0-9]{1,4}){2,})"`
-
-if [ $RESULT4 -ne "0" ]; then
-     # action for ipv4
-     iptables $LINE
-     ERRCODE=$?
-elif [ $RESULT6 -ne "0" ]; then
-     # action for ipv6
-     ip6tables $LINE
-     ERRCODE=$?
-else
-     # action for both iptables if no ip is present
-     iptables $LINE
-     ERRCODE=$?
-     ip6tables $LINE
-     if [ $? -ge "1" ]; then
-        ERRCODE=$?
-     fi
-fi
-
-# always report the error
-exit $ERRCODE

setup.py

@@ -55,7 +55,7 @@ setup(
 					'fail2ban-client', 
 					'fail2ban-server', 
 					'fail2ban-regex' ,
-					'fail2ban-iptwrp'
+					'fail2ban-iptables'
 				], 
 	packages =	[
 					'common',