diff options
| author | David Sommerseth <dazo@users.sourceforge.net> | 2008-11-05 16:35:33 +0100 |
|---|---|---|
| committer | David Sommerseth <dazo@users.sourceforge.net> | 2008-11-05 16:35:33 +0100 |
| commit | cf5d35553be9269587261866e8b21904d2840857 (patch) | |
| tree | 37e1f306d3fedaaeb165c40fc4b0618e0df5722b /plugin/firewall/eurephiafw.c | |
| parent | e1d6d2f011b0a3b95517597a1e37f32445506251 (diff) | |
| download | eurephia-cf5d35553be9269587261866e8b21904d2840857.tar.gz eurephia-cf5d35553be9269587261866e8b21904d2840857.tar.xz eurephia-cf5d35553be9269587261866e8b21904d2840857.zip | |
FEATURE: Enhanced firewall blacklisting to make it more flexible
It will now support config option 'firewall_blacklist_send_to'. If set
it will send all blacklisted IP addresses to this chain (iptables -j).
If this option is not set, it will default to DROP.
Diffstat (limited to 'plugin/firewall/eurephiafw.c')
| -rw-r--r-- | plugin/firewall/eurephiafw.c | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/plugin/firewall/eurephiafw.c b/plugin/firewall/eurephiafw.c index fd3aa5e..1aba1c7 100644 --- a/plugin/firewall/eurephiafw.c +++ b/plugin/firewall/eurephiafw.c @@ -142,6 +142,16 @@ void eFW_StartFirewall(eurephiaCTX *ctx) { // Create value space for blacklisted IP addresses ctx->fwcfg->blacklisted = eCreate_value_space(ctx, 20); + + // Setup where to send the blacklisted IP addresses - default is to drop them. + ctx->fwcfg->fwblacklist_sendto = eGet_value(ctx->dbc->config, "firewall_blacklist_send_to"); + if( ctx->fwcfg->fwblacklist_sendto == NULL ) { + ctx->fwcfg->fwblacklist_sendto = strdup("DROP\0"); + eurephia_log(ctx, LOG_INFO, 2,"Blacklisted IP addresses will be dropped immediately"); + } else { + eurephia_log(ctx, LOG_INFO, 2,"Blacklisted IP addresses will be sent to '%s'", + ctx->fwcfg->fwblacklist_sendto); + } } eurephia_log(ctx, LOG_INFO, 3, "Starting eurephia firewall interface"); @@ -297,6 +307,8 @@ void eFW_StopFirewall(eurephiaCTX *ctx) { // Send acknowledge back sem_post(ctx->fwcfg->thrdata.semp_master); + // Clean up and exit + free_nullsafe(ctx->fwcfg->fwblacklist_sendto); eFree_values(ctx, ctx->fwcfg->blacklisted); free_nullsafe((*ctx->fwcfg).thrdata.fw_command); free_nullsafe(ctx->fwcfg); @@ -337,7 +349,7 @@ int eFW_UpdateFirewall(eurephiaCTX *ctx, int mode, // Check if IP address is already registered as blacklisted if( (blchk = eGet_value(ctx->fwcfg->blacklisted, addr)) == NULL ) { - snprintf(buf, 1024, "B %s %s", addr, fwdest); + snprintf(buf, 1024, "B %s %s %s", addr, fwdest, ctx->fwcfg->fwblacklist_sendto); mq_send((*ctx->fwcfg).thrdata.msgq, buf, strlen(buf)+1, 1); eAdd_value(ctx, ctx->fwcfg->blacklisted, addr, fwdest); } else { |