ad_user
/
f2b
2
2
Fork 0
Code Issues Pull Requests Releases Activity
Browse Source

* jail.[ch] 

* add 'findtime' option
  * rename 'tries' -> 'maxretry'
master
Alex 'AdUser' Z 8 years ago
parent
1e7e4d7d5d
commit
f61a538131
2 changed files with 21 additions and 12 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 30
      src/jail.c
  2. 3
      src/jail.h

30
src/jail.c
Unescape View File

@ -1,14 +1,16 @@
#include "common.h" #include "common.h"
#include "jail.h" #include "jail.h"
#define DEFAULT_STATE true #define DEFAULT_STATE true
#define DEFAULT_BANTIME 3600 /* in seconds, 1 hour */ #define DEFAULT_BANTIME 3600 /* in seconds, 1 hour */
#define DEFAULT_TRIES 5 #define DEFAULT_FINDTIME 300 /* in seconds, 5 min */
#define DEFAULT_MAXRETRY 5
static f2b_jail_t defaults = { static f2b_jail_t defaults = {
.enabled = DEFAULT_STATE, .enabled = DEFAULT_STATE,
.bantime = DEFAULT_BANTIME, .bantime = DEFAULT_BANTIME,
.tries = DEFAULT_TRIES, .findtime = DEFAULT_FINDTIME,
.maxretry = DEFAULT_MAXRETRY,
}; };
void void
@ -54,10 +56,16 @@ f2b_jail_apply_config(f2b_jail_t *jail, f2b_config_section_t *section) {
jail->bantime = DEFAULT_BANTIME; jail->bantime = DEFAULT_BANTIME;
continue; continue;
} }
if (strcmp(param->name, "tries") == 0) { if (strcmp(param->name, "findtime") == 0) {
jail->bantime = atoi(param->value); jail->findtime = atoi(param->value);
if (jail->tries <= 0) if (jail->findtime <= 0)
jail->tries = DEFAULT_TRIES; jail->findtime = DEFAULT_FINDTIME;
continue;
}
if (strcmp(param->name, "maxretry") == 0) {
jail->maxretry = atoi(param->value);
if (jail->maxretry <= 0)
jail->maxretry = DEFAULT_MAXRETRY;
continue; continue;
} }
if (strcmp(param->name, "source") == 0) { if (strcmp(param->name, "source") == 0) {
@ -170,7 +178,7 @@ f2b_jail_process(f2b_jail_t *jail) {
addr = f2b_addrlist_lookup(jail->ipaddrs, matchbuf); addr = f2b_addrlist_lookup(jail->ipaddrs, matchbuf);
if (!addr) { if (!addr) {
/* new ip */ /* new ip */
addr = f2b_ipaddr_create(matchbuf, jail->tries); addr = f2b_ipaddr_create(matchbuf, jail->maxretry);
addr->lastseen = now; addr->lastseen = now;
f2b_matches_append(&addr->matches, now); f2b_matches_append(&addr->matches, now);
jail->ipaddrs = f2b_addrlist_append(jail->ipaddrs, addr); jail->ipaddrs = f2b_addrlist_append(jail->ipaddrs, addr);
@ -183,9 +191,9 @@ f2b_jail_process(f2b_jail_t *jail) {
f2b_log_msg(log_warn, "found ip that was already banned by jail '%s': %s", jail->name, matchbuf); f2b_log_msg(log_warn, "found ip that was already banned by jail '%s': %s", jail->name, matchbuf);
continue; continue;
} }
f2b_matches_expire(&addr->matches, now - jail->bantime); f2b_matches_expire(&addr->matches, now - jail->findtime);
f2b_matches_append(&addr->matches, now); f2b_matches_append(&addr->matches, now);
if (addr->matches.used < jail->tries) { if (addr->matches.used < jail->maxretry) {
f2b_log_msg(log_debug, "new match in jail '%s': %s (%d/%d)", jail->name, matchbuf, addr->matches.used, addr->matches.max); f2b_log_msg(log_debug, "new match in jail '%s': %s (%d/%d)", jail->name, matchbuf, addr->matches.used, addr->matches.max);
continue; continue;
} }

3
src/jail.h
Unescape View File

@ -13,7 +13,8 @@ typedef struct f2b_jail_t {
struct f2b_jail_t *next; struct f2b_jail_t *next;
bool enabled; bool enabled;
time_t bantime; time_t bantime;
size_t tries; time_t findtime;
size_t maxretry;
char name[CONFIG_KEY_MAX]; char name[CONFIG_KEY_MAX];
char glob[PATH_MAX]; char glob[PATH_MAX];
char backend_name[CONFIG_KEY_MAX]; char backend_name[CONFIG_KEY_MAX];

Write Preview
Loading…
Cancel
Save