mirror of https://github.com/fail2ban/fail2ban
Allow unbanip of tuple IDs
As specified [here], IDs in Fail2ban can be tuples. However, when a
tuple ID is banned, there is no way to remove it via the `unbanip`
command line. If tried, the tuple will be considered as a list with each
element being an ID. Instead, we should try to parse the string to see
if it represents an object.
[here]: 226a59445a/fail2ban/server/failregex.py (L313)
pull/3533/head
parent
48c91dfb6b
commit
ee0a5273fb
|
@ -274,6 +274,13 @@ class Actions(JailThread, Mapping):
|
|||
if missed:
|
||||
raise ValueError("not banned: %r" % missed)
|
||||
return cnt
|
||||
# IPs can be represented in string format (e.g.: tuples)
|
||||
is_ip_parsed = True
|
||||
if isinstance(ip, str):
|
||||
try:
|
||||
ip = eval(ip)
|
||||
except Exception:
|
||||
is_ip_parsed = False
|
||||
# Single IP:
|
||||
# Always delete ip from database (also if currently not banned)
|
||||
if db and self._jail.database is not None:
|
||||
|
@ -285,14 +292,14 @@ class Actions(JailThread, Mapping):
|
|||
self.__unBan(ticket)
|
||||
else:
|
||||
# Multiple IPs by subnet or dns:
|
||||
if not isinstance(ip, IPAddr):
|
||||
if not is_ip_parsed and not isinstance(ip, IPAddr):
|
||||
ipa = IPAddr(ip)
|
||||
if not ipa.isSingle: # subnet (mask/cidr) or raw (may be dns/hostname):
|
||||
ips = list(filter(ipa.contains, self.banManager.getBanList()))
|
||||
if ips:
|
||||
return self.removeBannedIP(ips, db, ifexists)
|
||||
# not found:
|
||||
msg = "%s is not banned" % ip
|
||||
msg = "%s is not banned" % str(ip)
|
||||
logSys.log(logging.MSG, msg)
|
||||
if ifexists:
|
||||
return 0
|
||||
|
|
Loading…
Reference in New Issue