diff options
author | David Sommerseth <dazo@users.sourceforge.net> | 2008-10-21 17:03:09 +0200 |
---|---|---|
committer | David Sommerseth <dazo@users.sourceforge.net> | 2008-10-21 17:03:09 +0200 |
commit | 1a9355f84232b835654de0a1088ea88de027d0a9 (patch) | |
tree | f8755083983da5651f68e6e345fc9cd39c2ffa5e /plugin/eurephia.c | |
parent | 0ea1a3e2e6a10300388e01ac89504abe3624ae56 (diff) | |
download | eurephia-1a9355f84232b835654de0a1088ea88de027d0a9.tar.gz eurephia-1a9355f84232b835654de0a1088ea88de027d0a9.tar.xz eurephia-1a9355f84232b835654de0a1088ea88de027d0a9.zip |
Added (untested) firewall block when IP addresses are blacklisted
If the configuration variable 'firewall_blacklist_destination' is
set, it will insert DROP rules when a blacklisted IP address is
attempted.
Feature not tested yet.
Diffstat (limited to 'plugin/eurephia.c')
-rw-r--r-- | plugin/eurephia.c | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/plugin/eurephia.c b/plugin/eurephia.c index 7454b1f..0e8e39c 100644 --- a/plugin/eurephia.c +++ b/plugin/eurephia.c @@ -257,6 +257,11 @@ int eurephia_tlsverify(eurephiaCTX *ctx, const char **env, const char *depth) ipaddr = (char *) get_env(ctx, 0, env, "untrusted_ip"); if( eDBblacklist_check(ctx, attempt_IPADDR, ipaddr) == 1 ) { eDBregister_attempt(ctx, attempt_IPADDR, ATTEMPT_REGISTER, ipaddr); + + // If fw blacklisting is configured, also blacklist there too + if( (ctx->fwcfg != NULL) && (ctx->fwcfg->fwblacklist != NULL ) ) { + eFW_UpdateFirewall(ctx, FWRULE_BLACKLIST, ipaddr, ctx->fwcfg->fwblacklist, NULL); + } return 0; } @@ -311,6 +316,11 @@ int eurephia_userauth(eurephiaCTX *ctx, const char **env) ipaddr = (char *) get_env(ctx, 0, env, "untrusted_ip"); if( eDBblacklist_check(ctx, attempt_IPADDR, ipaddr) == 1 ) { eDBregister_attempt(ctx, attempt_IPADDR, ATTEMPT_REGISTER, ipaddr); + + // If fw blacklisting is configured, also blacklist there too + if( (ctx->fwcfg != NULL) && (ctx->fwcfg->fwblacklist != NULL ) ) { + eFW_UpdateFirewall(ctx, FWRULE_BLACKLIST, ipaddr, ctx->fwcfg->fwblacklist, NULL); + } return 0; } |