michael/webmin
1
0
Fork 0
mirror of https://github.com/webmin/webmin.git synced 2026-05-04 22:30:33 +01:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Parital version of fail2ban merge support

Browse Source
This commit is contained in:
Jamie Cameron
2020-02-16 22:47:29 -08:00
parent 25fe0fc4f0
commit f44988264c
1 changed files with 20 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
firewall/firewall-lib.pl
View File

@@ -459,6 +459,7 @@ sub apply_configuration
{
local $err = &run_before_apply_command();
return $err if ($err);
local @oldlive = &get_iptables_save("direct");
if (defined(&apply_iptables)) {
# Call distro's apply command
$err = &apply_iptables();
@@ -468,10 +469,29 @@ else {
$err = &iptables_restore();
}
return $err if ($err);
if (!$config{"direct${ipvx}"}) {
# Put back fail2ban rules
local @newlive = &get_iptables_save("direct");
&merge_fail2ban_rules(\@oldlive, \@newlive);
}
&run_after_apply_command();
return undef;
}
# merge_fail2ban_rules(&old-live, &new-live)
# If there were fail2ban rules before applying but not after, re-create them
sub merge_fail2ban_rules
{
local ($oldlive, $newlive) = @_;
local ($oldchain) = grep { $_->{'name'} eq 'f2b-default' } @$oldlive;
local ($newchain) = grep { $_->{'name'} eq 'f2b-default' } @$newlive;
return if (!$oldchain); # fail2ban was never used
local ($oldinput) = grep { $_->{'name'} eq 'INPUT' } @$oldlive;
return if (!$oldinput);
local $oldrule;
# XXX not complete yet
}
# list_cluster_servers()
# Returns a list of servers on which the firewall is managed
sub list_cluster_servers