pyruse/pyruse/actions/action_nftBan.py

# pyruse is intended as a replacement to both fail2ban and epylog
# Copyright © 2017–2018 Y. Gablin
# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing.
import os
import subprocess
from pyruse import ban, base, config

class Action(base.Action, ban.NetfilterBan):
    _storage = config.Config().asMap().get("storage", "/var/lib/pyruse") \
        + "/" + os.path.basename(__file__) + ".json"
    _nft = config.Config().asMap().get("nftBan", {}).get("nft", ["/usr/bin/nft"])

    def __init__(self, args):
        base.Action.__init__(self)
        ban.NetfilterBan.__init__(self, Action._storage)
        if args is None:
            return # on-boot configuration
        ipv4Set = args["nftSetIPv4"]
        ipv6Set = args["nftSetIPv6"]
        field = args["IP"]
        banSeconds = args.get("banSeconds", None)
        self.initSelf(ipv4Set, ipv6Set, field, banSeconds)

    def act(self, entry):
        ban.NetfilterBan.act(self, entry)

    def setBan(self, nfSet, ip, seconds):
        if seconds == 0:
            timeout = ""
        else:
            timeout = " timeout %ss" % seconds
        cmd = list(Action._nft)
        cmd.append("add element %s {%s%s}" % (nfSet, ip, timeout))
        subprocess.run(cmd)

    def cancelBan(self, nfSet, ip):
        cmd = list(Action._nft)
        cmd.append("delete element %s {%s}" % (nfSet, ip))
        subprocess.run(cmd)
-												filter to match any number of regex + noop action == a reject filter

											
										
										
											2017-12-16 18:59:33 +01:00
+								# pyruse is intended as a replacement to both fail2ban and epylog
-												let the whole code enter this new year 2018 :-)

											
										
										
											2018-01-31 13:07:05 +01:00
+								# Copyright © 2017–2018 Y. Gablin
-												filter to match any number of regex + noop action == a reject filter

											
										
										
											2017-12-16 18:59:33 +01:00
+								# Full licensing information in the LICENSE file, or gnu.org/licences/gpl-3.0.txt if the file is missing.
-												init

											
										
										
											2017-12-15 19:36:50 +01:00
+								import os
 								import subprocess
-												ipset support; fixes #1

											
										
										
											2018-03-17 17:46:22 +01:00
+								from pyruse import ban, base, config
-												init

											
										
										
											2017-12-15 19:36:50 +01:00
-												ipset support; fixes #1

											
										
										
											2018-03-17 17:46:22 +01:00
+								class Action(base.Action, ban.NetfilterBan):
-												init

											
										
										
											2017-12-15 19:36:50 +01:00
+								    _storage = config.Config().asMap().get("storage", "/var/lib/pyruse") \
 								        + "/" + os.path.basename(__file__) + ".json"
 								    _nft = config.Config().asMap().get("nftBan", {}).get("nft", ["/usr/bin/nft"])
 								    def __init__(self, args):
-												ipset support; fixes #1

											
										
										
											2018-03-17 17:46:22 +01:00
+								        base.Action.__init__(self)
 								        ban.NetfilterBan.__init__(self, Action._storage)
-												fix action_nftBan for usage with pyruse-boot

											
										
										
											2018-02-08 22:15:43 +01:00
+								        if args is None:
 								            return # on-boot configuration
-												ipset support; fixes #1

											
										
										
											2018-03-17 17:46:22 +01:00
+								        ipv4Set = args["nftSetIPv4"]
 								        ipv6Set = args["nftSetIPv6"]
 								        field = args["IP"]
 								        banSeconds = args.get("banSeconds", None)
 								        self.initSelf(ipv4Set, ipv6Set, field, banSeconds)
-												init

											
										
										
											2017-12-15 19:36:50 +01:00
 								    def act(self, entry):
-												ipset support; fixes #1

											
										
										
											2018-03-17 17:46:22 +01:00
+								        ban.NetfilterBan.act(self, entry)
-												init

											
										
										
											2017-12-15 19:36:50 +01:00
-												ipset support; fixes #1

											
										
										
											2018-03-17 17:46:22 +01:00
+								    def setBan(self, nfSet, ip, seconds):
-												fix action_nftBan for usage with pyruse-boot

											
										
										
											2018-02-08 22:15:43 +01:00
+								        if seconds == 0:
-												init

											
										
										
											2017-12-15 19:36:50 +01:00
+								            timeout = ""
-												fix action_nftBan for usage with pyruse-boot

											
										
										
											2018-02-08 22:15:43 +01:00
+								        else:
 								            timeout = " timeout %ss" % seconds
-												init

											
										
										
											2017-12-15 19:36:50 +01:00
+								        cmd = list(Action._nft)
-												ipset support; fixes #1

											
										
										
											2018-03-17 17:46:22 +01:00
+								        cmd.append("add element %s {%s%s}" % (nfSet, ip, timeout))
 								        subprocess.run(cmd)
 								    def cancelBan(self, nfSet, ip):
 								        cmd = list(Action._nft)
 								        cmd.append("delete element %s {%s}" % (nfSet, ip))
-												init

											
										
										
											2017-12-15 19:36:50 +01:00
+								        subprocess.run(cmd)