ad_user
/
f2b
2
2
Fork 0
Code Issues Pull Requests Releases Activity

Compare commits

base: ad_user:e9f6b82d14616899537c68095464c79265898bba
Branches Tags
ad_user:master
..
compare: ad_user:373c4faf5643db3fa14e85c973bc96ee1fe49c0d
Branches Tags
ad_user:master

No commits in common. 'e9f6b82d14616899537c68095464c79265898bba' and '373c4faf5643db3fa14e85c973bc96ee1fe49c0d' have entirely different histories.
e9f6b82d14 ... 373c4faf56

7 changed files with 29 additions and 59 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats
  1. 9
      configs/conf-available/05-source-portknock.conf
  2. 2
      filters/dovecot.preg
  3. 1
      src/csocket.c
  4. 1
      src/filters/pcre.c
  5. 1
      src/filters/preg.c
  6. 63
      src/jail.c
  7. 11
      src/jail.h

9
configs/conf-available/05-source-portknock.conf
Unescape View File

@ -1,14 +1,5 @@
[source:portknock]
load = source_portknock.so
; listen = 0.0.0.0:21 # ftp
; listen = 0.0.0.0:23 # telnet
; listen = 0.0.0.0:25 # smtp
; listen = 0.0.0.0:110 # pop3
; listen = 0.0.0.0:143 # imap
; listen = 0.0.0.0:1080 # socks
; listen = 0.0.0.0:3128 # proxy
; listen = 0.0.0.0:3389 # rdp
; listen = 0.0.0.0:5060 # sip
; listen = 0.0.0.0:6667 # irc
; listen = 0.0.0.0:7547 # TR-069
; listen = 0.0.0.0:8080 # proxy

2
filters/dovecot.preg
Unescape View File

@ -1,5 +1,3 @@
pop3-login: Aborted login \(auth failed, [0-9]+ attempts in [0-9]+ secs\): .* rip=<HOST>
imap-login: Aborted login \(auth failed, [0-9]+ attempts in [0-9]+ secs\): .* rip=<HOST>
pop3-login: Disconnected \(auth failed, [0-9]+ attempts in [0-9]+ secs\): .* rip=<HOST>
imap-login: Disconnected \(auth failed, [0-9]+ attempts in [0-9]+ secs\): .* rip=<HOST>
# set: defscore=5

1
src/csocket.c
Unescape View File

@ -522,7 +522,6 @@ f2b_csocket_poll(void (*cb)(const f2b_cmd_t *cmd, f2b_buf_t *res)) {
if (retval < 0) {
f2b_log_msg(log_debug, "closing connection on socket %d", conn->sock);
shutdown(conn->sock, SHUT_RDWR);
close(conn->sock);
f2b_conn_destroy(conn);
csock.clients[cnum] = NULL;
}

1
src/filters/pcre.c
Unescape View File

@ -193,7 +193,6 @@ flush(cfg_t *cfg) {
free(r);
}
cfg->regexps = NULL;
cfg->defscore = MATCH_DEFSCORE;
}
void

1
src/filters/preg.c
Unescape View File

@ -150,7 +150,6 @@ flush(cfg_t *cfg) {
free(r);
}
cfg->regexps = NULL;
cfg->defscore = MATCH_DEFSCORE;
}
void

63
src/jail.c
Unescape View File

@ -71,7 +71,6 @@ f2b_jail_set_param(f2b_jail_t *jail, const char *param, const char *value) {
assert(param != NULL);
assert(value != NULL);
/* only 'safe to set at runtime' parameters here */
if (strcmp(param, "enabled") == 0) {
if (strcmp(value, "yes") == 0) {
jail->flags |= JAIL_ENABLED;
@ -80,6 +79,14 @@ f2b_jail_set_param(f2b_jail_t *jail, const char *param, const char *value) {
}
return true;
}
if (strcmp(param, "state") == 0) {
if (strcmp(value, "yes") == 0) {
jail->flags |= JAIL_HAS_STATE;
} else {
jail->flags &= ~JAIL_HAS_STATE;
}
return true;
}
if (strcmp(param, "bantime") == 0) {
jail->bantime = atoi(value);
if (jail->bantime <= 0)
@ -136,10 +143,6 @@ f2b_jail_apply_config(f2b_jail_t *jail, f2b_config_section_t *section) {
assert(section->type == t_jail || section->type == t_defaults);
for (param = section->param; param != NULL; param = param->next) {
if (strcmp(param->name, "state") == 0) {
jail->flags |= JAIL_HAS_STATE;
continue;
}
if (strcmp(param->name, "source") == 0) {
f2b_jail_parse_compound_value(param->value, name, init);
jail->source = f2b_source_create(name, init);
@ -155,7 +158,6 @@ f2b_jail_apply_config(f2b_jail_t *jail, f2b_config_section_t *section) {
if (strcmp(param->name, "backend") == 0) {
f2b_jail_parse_compound_value(param->value, name, init);
jail->backend = f2b_backend_create(name, init);
jail->flags |= JAIL_HAS_BACKEND;
continue;
}
if (f2b_jail_set_param(jail, param->name, param->value))
@ -410,14 +412,6 @@ f2b_jail_init(f2b_jail_t *jail, f2b_config_t *config) {
assert(jail != NULL);
assert(config != NULL);
if (jail->flags & JAIL_HAS_STATE) {
jail->sfile = f2b_statefile_create(appconfig.statedir_path, jail->name);
if (jail->sfile == NULL) {
f2b_log_msg(log_debug, "jail '%s': can't create statefile", jail->name);
goto cleanup0;
}
}
if (jail->flags & JAIL_HAS_SOURCE) {
if ((section = f2b_config_section_find(config->sources, jail->source->name)) == NULL) {
f2b_log_msg(log_error, "jail '%s': no source with name '%s'", jail->name, jail->source->name);
@ -467,7 +461,6 @@ f2b_jail_init(f2b_jail_t *jail, f2b_config_t *config) {
goto cleanup3;
}
jail->flags |= JAIL_CONFIGURED;
f2b_log_msg(log_debug, "jail '%s' init complete", jail->name);
return true;
@ -487,7 +480,6 @@ f2b_jail_init(f2b_jail_t *jail, f2b_config_t *config) {
f2b_source_destroy(jail->source);
jail->source = NULL;
}
cleanup0:
return false;
}
@ -499,8 +491,15 @@ f2b_jail_start(f2b_jail_t *jail) {
assert(jail != NULL);
if (jail->flags & JAIL_HAS_STATE)
jail->ipaddrs = f2b_statefile_load(jail->sfile);
if (jail->flags & JAIL_HAS_STATE) {
jail->sfile = f2b_statefile_create(appconfig.statedir_path, jail->name);
if (jail->sfile == NULL) {
/* error occured, must be already logged, just drop flag */
jail->flags &= ~JAIL_HAS_STATE;
} else {
jail->ipaddrs = f2b_statefile_load(jail->sfile);
}
}
for (f2b_ipaddr_t *addr = jail->ipaddrs; addr != NULL; addr = addr->next) {
hostc++;
@ -535,17 +534,13 @@ f2b_jail_stop(f2b_jail_t *jail) {
f2b_log_msg(log_info, "jail '%s': gracefull shutdown", jail->name);
if (jail->flags & JAIL_HAS_SOURCE) {
if (!f2b_source_stop(jail->source)) {
f2b_log_msg(log_error, "jail '%s': action 'stop' for source failed", jail->name);
errors = true;
}
f2b_source_destroy(jail->source);
if (!f2b_source_stop(jail->source)) {
f2b_log_msg(log_error, "jail '%s': action 'stop' for source failed", jail->name);
errors = true;
}
if (jail->flags & JAIL_HAS_FILTER) {
f2b_filter_destroy(jail->filter);
}
f2b_source_destroy(jail->source);
f2b_filter_destroy(jail->filter);
for (f2b_ipaddr_t *addr = jail->ipaddrs; addr != NULL; addr = addr->next) {
if (!addr->banned)
@ -556,19 +551,11 @@ f2b_jail_stop(f2b_jail_t *jail) {
}
f2b_addrlist_destroy(jail->ipaddrs);
if (jail->flags & JAIL_HAS_BACKEND) {
if (!f2b_backend_stop(jail->backend)) {
f2b_log_msg(log_error, "jail '%s': action 'stop' for backend failed", jail->name);
errors = true;
}
f2b_backend_destroy(jail->backend);
}
if (jail->flags & JAIL_HAS_STATE) {
f2b_statefile_destroy(jail->sfile);
if (!f2b_backend_stop(jail->backend)) {
f2b_log_msg(log_error, "jail '%s': action 'stop' for backend failed", jail->name);
errors = true;
}
jail->flags &= ~JAIL_CONFIGURED;
return errors;
}

11
src/jail.h
Unescape View File

@ -13,13 +13,10 @@
*/
/* jail flags */
#define JAIL_CONFIGURED 1 /* loaded all modules */
#define JAIL_ENABLED 2 /* poll for new events? */
/* reserved : 4 */
#define JAIL_HAS_STATE 8
#define JAIL_HAS_SOURCE 16
#define JAIL_HAS_FILTER 32
#define JAIL_HAS_BACKEND 64
#define JAIL_ENABLED 0x01
#define JAIL_HAS_STATE 0x02
#define JAIL_HAS_FILTER 0x04
#define JAIL_HAS_SOURCE 0x08
/** jail metadata struct */
typedef struct f2b_jail_t {

Write Preview
Loading…
Cancel
Save