From ee0a5273fb304c594a13b3b7edf38271bbe6a8c2 Mon Sep 17 00:00:00 2001 From: Laurent Desausoi Date: Thu, 22 Jun 2023 12:10:27 +0200 Subject: [PATCH] Allow unbanip of tuple IDs As specified [here], IDs in Fail2ban can be tuples. However, when a tuple ID is banned, there is no way to remove it via the `unbanip` command line. If tried, the tuple will be considered as a list with each element being an ID. Instead, we should try to parse the string to see if it represents an object. [here]: https://github.com/fail2ban/fail2ban/blob/226a59445a8046b7f86c3bc072be1d78555ccdb0/fail2ban/server/failregex.py#L313 --- fail2ban/server/actions.py | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/fail2ban/server/actions.py b/fail2ban/server/actions.py index b052d342..74e2a615 100644 --- a/fail2ban/server/actions.py +++ b/fail2ban/server/actions.py @@ -274,6 +274,13 @@ class Actions(JailThread, Mapping): if missed: raise ValueError("not banned: %r" % missed) return cnt + # IPs can be represented in string format (e.g.: tuples) + is_ip_parsed = True + if isinstance(ip, str): + try: + ip = eval(ip) + except Exception: + is_ip_parsed = False # Single IP: # Always delete ip from database (also if currently not banned) if db and self._jail.database is not None: @@ -285,14 +292,14 @@ class Actions(JailThread, Mapping): self.__unBan(ticket) else: # Multiple IPs by subnet or dns: - if not isinstance(ip, IPAddr): + if not is_ip_parsed and not isinstance(ip, IPAddr): ipa = IPAddr(ip) if not ipa.isSingle: # subnet (mask/cidr) or raw (may be dns/hostname): ips = list(filter(ipa.contains, self.banManager.getBanList())) if ips: return self.removeBannedIP(ips, db, ifexists) # not found: - msg = "%s is not banned" % ip + msg = "%s is not banned" % str(ip) logSys.log(logging.MSG, msg) if ifexists: return 0