smecontribs/smeserver-fail2ban
6
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
smeserver-fail2ban/root/etc/e-smith/templates/etc/fail2ban/jail.conf/05IgnoreIP

39 lines
1.0 KiB
Plaintext
Raw Blame History

{
use esmith::NetworksDB;
use Net::IPv4Addr;
my $n = esmith::NetworksDB->open_ro() ||
die "Couldn't open networks DB\n";
my @ip = ("127.0.0.0/8", $LocalIP);
# Add hosts which can access the server-manager to the whitelist
unless (($fail2ban{FilterValidRemoteHosts} || 'disabled') eq 'enabled'){
foreach (split /[,;]/, (${'httpd-admin'}{'ValidFrom'} || '')){
my ($ip,$bits) = Net::IPv4Addr::ipv4_parse("$_");
push @ip, "$ip/$bits" unless "$ip" eq '0.0.0.0';
}
}
unless (($fail2ban{FilterLocalNetworks} || 'disabled') eq 'enabled'){
foreach my $net ($n->networks){
my $key = $net->key;
my $mask = $net->prop('Mask');
my ($ip,$bits) = Net::IPv4Addr::ipv4_parse("$key/$mask");
push @ip, "$ip/$bits";
}
}
# Add a local whitelist
foreach (split /[,;]/, ($fail2ban{'IgnoreIP'} || '')){
my $addr = $_;
$addr .= '/32' unless ($addr =~ m/\/\d{1,2}$/);
my ($ip,$bits) = Net::IPv4Addr::ipv4_parse("$addr");
push @ip, "$ip/$bits";
}
$OUT .= "ignoreip = " . join(" ", @ip);
}
View Git Blame Copy Permalink