diff options
| author | David Sommerseth <dazo@users.sourceforge.net> | 2008-11-01 13:12:46 +0100 |
|---|---|---|
| committer | David Sommerseth <dazo@users.sourceforge.net> | 2008-11-01 13:12:46 +0100 |
| commit | 77213d9adb87fc557b59a2562718e1a1b32b6511 (patch) | |
| tree | 2f5e37bc2014b2a6394aae25323567bb89931762 /plugin | |
| parent | 64f6478a2dac17994566c4d59a302bd4f816b31f (diff) | |
| download | eurephia-77213d9adb87fc557b59a2562718e1a1b32b6511.tar.gz eurephia-77213d9adb87fc557b59a2562718e1a1b32b6511.tar.xz eurephia-77213d9adb87fc557b59a2562718e1a1b32b6511.zip | |
Registering all IP addr blacklisted via eFW_UpdateFirewall(...) to avoid duplicates in firewall rules
Diffstat (limited to 'plugin')
| -rw-r--r-- | plugin/eurephia_struct.h | 1 | ||||
| -rw-r--r-- | plugin/firewall/eurephiafw.c | 17 |
2 files changed, 16 insertions, 2 deletions
diff --git a/plugin/eurephia_struct.h b/plugin/eurephia_struct.h index 7211e96..9fea9ca 100644 --- a/plugin/eurephia_struct.h +++ b/plugin/eurephia_struct.h @@ -80,6 +80,7 @@ typedef struct { // Where to update firewall if we block blackisted // IP addr in firewall too char *fwblacklist; + eurephiaVALUES *blacklisted; // Contains all IP addresses we have blacklisted } eurephiaFWINTF; diff --git a/plugin/firewall/eurephiafw.c b/plugin/firewall/eurephiafw.c index 4c57ae5..444f471 100644 --- a/plugin/firewall/eurephiafw.c +++ b/plugin/firewall/eurephiafw.c @@ -138,7 +138,11 @@ void eFW_StartFirewall(eurephiaCTX *ctx) { eurephia_log(ctx, LOG_INFO, 1, "Blacklisted IP addresses will also be blocked in '%s'", ctx->fwcfg->fwblacklist); + + // Create value space for blacklisted IP addresses + ctx->fwcfg->blacklisted = eCreate_value_space(ctx, 20); } + eurephia_log(ctx, LOG_INFO, 3, "Starting eurephia firewall interface"); // Setup semaphores we need @@ -271,6 +275,7 @@ void eFW_StopFirewall(eurephiaCTX *ctx) { // Send acknowledge back sem_post(ctx->fwcfg->thrdata.semp_master); + eFree_values(ctx, ctx->fwcfg->blacklisted); free_nullsafe((*ctx->fwcfg).thrdata.fw_command); free_nullsafe(ctx->fwcfg); eurephia_log(ctx, LOG_INFO, 2, "eurephia firewall interface is stopped"); @@ -280,6 +285,7 @@ void eFW_StopFirewall(eurephiaCTX *ctx) { int eFW_UpdateFirewall(eurephiaCTX *ctx, int mode, const char *addr, const char *fwdest, const char *fwprofile) { char buf[1026]; + char *blchk = NULL; if( (*ctx->fwcfg).thrdata.fw_command == NULL ) { eurephia_log(ctx, LOG_FATAL, 0, "Function call: eFW_UpdateFirewall() -- " @@ -306,8 +312,15 @@ int eFW_UpdateFirewall(eurephiaCTX *ctx, int mode, case FWRULE_BLACKLIST: eurephia_log(ctx, LOG_INFO, 3, "Function call: eFW_UpdateFirewall(ctx, %s, '%s','%s', NULL)", "BLACKLIST", addr, fwdest); - snprintf(buf, 1024, "B %s %s", addr, fwdest); - mq_send((*ctx->fwcfg).thrdata.msgq, buf, strlen(buf)+1, 1); + + // Check if IP address is already registered as blacklisted + if( (blchk = eGet_value(ctx->fwcfg->blacklisted, addr)) == NULL ) { + snprintf(buf, 1024, "B %s %s", addr, fwdest); + mq_send((*ctx->fwcfg).thrdata.msgq, buf, strlen(buf)+1, 1); + eAdd_value(ctx, ctx->fwcfg->blacklisted, addr, fwdest); + } else { + eurephia_log(ctx, LOG_INFO, 5, "IP address already blacklisted in '%s'", blchk); + } return 1; default: |