fix action_nftBan for usage with pyruse-boot
parent
d0b33c7191
commit
2cd37db196
|
@ -14,6 +14,8 @@ class Action(base.Action):
|
||||||
|
|
||||||
def __init__(self, args):
|
def __init__(self, args):
|
||||||
super().__init__()
|
super().__init__()
|
||||||
|
if args is None:
|
||||||
|
return # on-boot configuration
|
||||||
self.ipv4Set = args["nftSetIPv4"]
|
self.ipv4Set = args["nftSetIPv4"]
|
||||||
self.ipv6Set = args["nftSetIPv6"]
|
self.ipv6Set = args["nftSetIPv6"]
|
||||||
self.field = args["IP"]
|
self.field = args["IP"]
|
||||||
|
@ -30,7 +32,7 @@ class Action(base.Action):
|
||||||
try:
|
try:
|
||||||
with open(Action._storage) as dataFile:
|
with open(Action._storage) as dataFile:
|
||||||
for ban in json.load(dataFile):
|
for ban in json.load(dataFile):
|
||||||
if ban["timestamp"] <= now.timestamp():
|
if ban["timestamp"] > 0 and ban["timestamp"] <= now.timestamp():
|
||||||
continue
|
continue
|
||||||
elif {k: ban[k] for k in newBan.keys()} == newBan:
|
elif {k: ban[k] for k in newBan.keys()} == newBan:
|
||||||
# should not happen, since the IP is banned…
|
# should not happen, since the IP is banned…
|
||||||
|
@ -40,7 +42,7 @@ class Action(base.Action):
|
||||||
except IOError:
|
except IOError:
|
||||||
pass # new file
|
pass # new file
|
||||||
|
|
||||||
if previousTS:
|
if previousTS is not None:
|
||||||
try:
|
try:
|
||||||
cmd = list(Action._nft)
|
cmd = list(Action._nft)
|
||||||
cmd.append("delete element %s {%s}" % (nftSet, ip))
|
cmd.append("delete element %s {%s}" % (nftSet, ip))
|
||||||
|
@ -48,9 +50,15 @@ class Action(base.Action):
|
||||||
except Exception:
|
except Exception:
|
||||||
pass # too late: not a problem
|
pass # too late: not a problem
|
||||||
|
|
||||||
until = self._doBan(now, ip, nftSet)
|
if self.banSeconds:
|
||||||
|
until = now + datetime.timedelta(seconds = self.banSeconds)
|
||||||
|
newBan["timestamp"] = until.timestamp()
|
||||||
|
timeout = self.banSeconds
|
||||||
|
else:
|
||||||
|
newBan["timestamp"] = 0
|
||||||
|
timeout = 0
|
||||||
|
|
||||||
newBan["timestamp"] = until.timestamp()
|
self._doBan(timeout, ip, nftSet)
|
||||||
bans.append(newBan)
|
bans.append(newBan)
|
||||||
with open(Action._storage, "w") as dataFile:
|
with open(Action._storage, "w") as dataFile:
|
||||||
json.dump(bans, dataFile)
|
json.dump(bans, dataFile)
|
||||||
|
@ -61,27 +69,29 @@ class Action(base.Action):
|
||||||
try:
|
try:
|
||||||
with open(Action._storage) as dataFile:
|
with open(Action._storage) as dataFile:
|
||||||
for ban in json.load(dataFile):
|
for ban in json.load(dataFile):
|
||||||
if ban["timestamp"] <= now.timestamp():
|
if ban["timestamp"] == 0:
|
||||||
|
self._doBan(0, ban["IP"], ban["nftSet"])
|
||||||
|
bans.append(ban)
|
||||||
|
elif ban["timestamp"] <= now.timestamp():
|
||||||
continue
|
continue
|
||||||
else:
|
else:
|
||||||
|
until = datetime.datetime.utcfromtimestamp(ban["timestamp"])
|
||||||
|
timeout = (until - now).total_seconds()
|
||||||
|
self._doBan(int(timeout), ban["IP"], ban["nftSet"])
|
||||||
bans.append(ban)
|
bans.append(ban)
|
||||||
self._doBan(now, ip, nftSet)
|
|
||||||
except IOError:
|
except IOError:
|
||||||
pass # no file
|
pass # no file
|
||||||
|
|
||||||
with open(Action._storage, "w") as dataFile:
|
with open(Action._storage, "w") as dataFile:
|
||||||
json.dump(bans, dataFile)
|
json.dump(bans, dataFile)
|
||||||
|
|
||||||
def _doBan(self, now, ip, nftSet):
|
def _doBan(self, seconds, ip, nftSet):
|
||||||
if self.banSeconds:
|
if seconds < 0:
|
||||||
until = now + datetime.timedelta(seconds = self.banSeconds)
|
return # can happen when the threshold is crossed while computing the duration
|
||||||
timeout = " timeout %ss" % str(self.banSeconds)
|
if seconds == 0:
|
||||||
else:
|
|
||||||
until = now + datetime.timedelta(days = 365)
|
|
||||||
timeout = ""
|
timeout = ""
|
||||||
|
else:
|
||||||
|
timeout = " timeout %ss" % seconds
|
||||||
cmd = list(Action._nft)
|
cmd = list(Action._nft)
|
||||||
cmd.append("add element %s {%s%s}" % (nftSet, ip, timeout))
|
cmd.append("add element %s {%s%s}" % (nftSet, ip, timeout))
|
||||||
subprocess.run(cmd)
|
subprocess.run(cmd)
|
||||||
|
|
||||||
return until
|
|
||||||
|
|
|
@ -37,9 +37,9 @@ def boot(modName):
|
||||||
_setPyrusePaths()
|
_setPyrusePaths()
|
||||||
conf = config.Config(PYRUSE_PATHS)
|
conf = config.Config(PYRUSE_PATHS)
|
||||||
if "action_" in modName:
|
if "action_" in modName:
|
||||||
module.get({"action": modName}).module.boot()
|
module.get({"action": modName, "args": None}).module.boot()
|
||||||
elif "filter_" in modName:
|
elif "filter_" in modName:
|
||||||
module.get({"filter": modName}).module.boot()
|
module.get({"filter": modName, "args": None}).module.boot()
|
||||||
else:
|
else:
|
||||||
raise ValueError("Neither “action_” nor “filter_” found in the module name; the `boot` feature cannot work for %s\n" % modName)
|
raise ValueError("Neither “action_” nor “filter_” found in the module name; the `boot` feature cannot work for %s\n" % modName)
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue