Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
E
eterban
Project
Project
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Registry
Registry
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
etersoft
eterban
Commits
8ce4235c
Commit
8ce4235c
authored
Sep 12, 2022
by
Vitaly Lipatov
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
add i_interface2 support
parent
eaee486f
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
46 additions
and
8 deletions
+46
-8
settings.ini
common/etc/eterban/settings.ini
+9
-0
eterban_switcher.py
gateway/usr/share/eterban/eterban_switcher.py
+37
-8
No files found.
common/etc/eterban/settings.ini
View file @
8ce4235c
[Settings]
[Settings]
# blocking requests queue
#redis_server = 10.20.30.101
#redis_server = 10.20.30.101
# Redirect banned to
#ban_server = 192.168.0.0
#ban_server = 192.168.0.0
# Input interface
#i_interface = brlocal
#i_interface = brlocal
# Secord input interface
#i_interface2 = brlocal2
#hostname = localhost
#hostname = localhost
gateway/usr/share/eterban/eterban_switcher.py
View file @
8ce4235c
...
@@ -42,6 +42,7 @@ def parse_config (path_to_config, path_to_log):
...
@@ -42,6 +42,7 @@ def parse_config (path_to_config, path_to_log):
redis_server
=
config
.
get
(
"Settings"
,
"redis_server"
,
fallback
=
"redis_server"
)
redis_server
=
config
.
get
(
"Settings"
,
"redis_server"
,
fallback
=
"redis_server"
)
ban_server
=
config
.
get
(
"Settings"
,
"ban_server"
,
fallback
=
"ban_server"
)
ban_server
=
config
.
get
(
"Settings"
,
"ban_server"
,
fallback
=
"ban_server"
)
i_interface
=
config
.
get
(
"Settings"
,
"i_interface"
,
fallback
=
"i_interface"
)
i_interface
=
config
.
get
(
"Settings"
,
"i_interface"
,
fallback
=
"i_interface"
)
i_interface2
=
config
.
get
(
"Settings"
,
"i_interface2"
,
fallback
=
""
)
if
redis_server
==
"redis_server"
or
ban_server
==
"ban_server"
or
i_interface
==
"i_interface"
:
if
redis_server
==
"redis_server"
or
ban_server
==
"ban_server"
or
i_interface
==
"i_interface"
:
#config.set("Settings", "redis_server", "10.20.30.101")
#config.set("Settings", "redis_server", "10.20.30.101")
#with open(path_to_config, "w") as config_file:
#with open(path_to_config, "w") as config_file:
...
@@ -52,7 +53,7 @@ def parse_config (path_to_config, path_to_log):
...
@@ -52,7 +53,7 @@ def parse_config (path_to_config, path_to_log):
log_file
.
write
(
info
)
log_file
.
write
(
info
)
sys
.
exit
()
sys
.
exit
()
else
:
else
:
return
(
redis_server
,
ban_server
,
i_interface
)
return
(
redis_server
,
ban_server
,
i_interface
,
i_interface2
)
def
save_ipset_eterban_1
():
def
save_ipset_eterban_1
():
global
ipset_eterban_1
,
ipset_firehol
,
ipset_eterban_white
,
path_to_eterban
global
ipset_eterban_1
,
ipset_firehol
,
ipset_eterban_white
,
path_to_eterban
...
@@ -69,8 +70,7 @@ def restore_ipset_eterban_1():
...
@@ -69,8 +70,7 @@ def restore_ipset_eterban_1():
subprocess
.
call
(
command
,
shell
=
True
)
subprocess
.
call
(
command
,
shell
=
True
)
def
create_iptables_rules
():
def
create_iptables_rules
():
global
ban_server
,
ipset_eterban_1
,
ipset_firehol
,
ipset_eterban_white
,
i_interface
global
ban_server
,
ipset_eterban_1
,
ipset_firehol
,
ipset_eterban_white
,
i_interface
,
i_interface2
# set maxelem in config
commands
=
[
'ipset create '
+
ipset_eterban_1
+
' hash:ip maxelem 650000'
,
commands
=
[
'ipset create '
+
ipset_eterban_1
+
' hash:ip maxelem 650000'
,
'ipset create '
+
ipset_firehol
+
' hash:net'
,
'ipset create '
+
ipset_firehol
+
' hash:net'
,
'ipset create '
+
ipset_eterban_white
+
' hash:ip'
,
'ipset create '
+
ipset_eterban_white
+
' hash:ip'
,
...
@@ -83,17 +83,45 @@ def create_iptables_rules():
...
@@ -83,17 +83,45 @@ def create_iptables_rules():
for
command
in
commands
:
for
command
in
commands
:
subprocess
.
call
(
command
,
shell
=
True
)
subprocess
.
call
(
command
,
shell
=
True
)
if
not
i_interface2
:
return
commands
=
[
'iptables -t nat -I PREROUTING -i '
+
i_interface2
+
' -m set --match-set '
+
ipset_firehol
+
' src -j DNAT --to-destination '
+
ban_server
,
'iptables -t nat -I PREROUTING -i '
+
i_interface2
+
' -m set --match-set '
+
ipset_eterban_1
+
' src -j DNAT --to-destination '
+
ban_server
,
'iptables -t nat -I PREROUTING -i '
+
i_interface2
+
' -m set --match-set '
+
ipset_eterban_white
+
' src -j ACCEPT'
,
#'iptables -t nat -I PREROUTING -i ' + i_interface2 + ' -m set ! --match-set ' + ipset_eterban_1 + ' src -d ' + ban_server + ' -p tcp -m multiport --destination-port 80,443 -j DNAT --to-destination ' + ban_server + ':81',
#'iptables -t nat -I PREROUTING -i ' + i_interface2 + ' -m set --match-set ' + ipset_eterban_1 + ' src -p tcp --dport 443 -j DNAT --to-destination ' + ban_server + ':80',
'iptables -I FORWARD -i '
+
i_interface2
+
' -p tcp -m multiport ! --dport 80,81,443 -m set --match-set '
+
ipset_eterban_1
+
' src -j REJECT'
]
for
command
in
commands
:
subprocess
.
call
(
command
,
shell
=
True
)
def
destroy_iptables_rules
():
def
destroy_iptables_rules
():
global
ban_server
,
ipset_eterban_1
,
ipset_firehol
,
ipset_eterban_white
,
i_interface
global
ban_server
,
ipset_eterban_1
,
ipset_firehol
,
ipset_eterban_white
,
i_interface
,
i_interface2
commands
=
[
'iptables -t nat -D PREROUTING -i '
+
i_interface
+
' -m set --match-set '
+
ipset_firehol
+
' src -j DNAT --to-destination '
+
ban_server
,
commands
=
[
'iptables -t nat -D PREROUTING -i '
+
i_interface
+
' -m set --match-set '
+
ipset_firehol
+
' src -j DNAT --to-destination '
+
ban_server
,
'iptables -t nat -D PREROUTING -i '
+
i_interface
+
' -m set --match-set '
+
ipset_eterban_1
+
' src -j DNAT --to-destination '
+
ban_server
,
'iptables -t nat -D PREROUTING -i '
+
i_interface
+
' -m set --match-set '
+
ipset_eterban_1
+
' src -j DNAT --to-destination '
+
ban_server
,
'iptables -t nat -D PREROUTING -i '
+
i_interface
+
' -m set --match-set '
+
ipset_eterban_white
+
' src -j ACCEPT'
,
'iptables -t nat -D PREROUTING -i '
+
i_interface
+
' -m set --match-set '
+
ipset_eterban_white
+
' src -j ACCEPT'
,
#'iptables -t nat -D PREROUTING -i ' + i_interface + ' -m set ! --match-set ' + ipset_eterban_1 + ' src -d ' + ban_server + ' -p tcp -m multiport --destination-port 80,443 -j DNAT --to-destination ' + ban_server + ':81',
#'iptables -t nat -D PREROUTING -i ' + i_interface + ' -m set ! --match-set ' + ipset_eterban_1 + ' src -d ' + ban_server + ' -p tcp -m multiport --destination-port 80,443 -j DNAT --to-destination ' + ban_server + ':81',
#'iptables -t nat -D PREROUTING -i ' + i_interface + ' -m set --match-set ' + ipset_eterban_1 + ' src -p tcp --dport 443 -j DNAT --to-destination ' + ban_server + ':80',
#'iptables -t nat -D PREROUTING -i ' + i_interface + ' -m set --match-set ' + ipset_eterban_1 + ' src -p tcp --dport 443 -j DNAT --to-destination ' + ban_server + ':80',
'iptables -D FORWARD -i '
+
i_interface
+
' -p tcp -m multiport ! --dport 80,81,443 -m set --match-set '
+
ipset_eterban_1
+
' src -j REJECT'
'iptables -D FORWARD -i '
+
i_interface
+
' -p tcp -m multiport ! --dport 80,81,443 -m set --match-set '
+
ipset_eterban_1
+
' src -j REJECT'
,
'ipset destroy '
+
ipset_eterban_1
,
'ipset destroy '
+
ipset_eterban_1
,
'ipset destroy '
+
ipset_firehol
,
'ipset destroy '
+
ipset_firehol
,
'ipset destroy '
+
ipset_eterban_white
]
'ipset destroy '
+
ipset_eterban_white
]
for
command
in
commands
:
subprocess
.
call
(
command
,
shell
=
True
)
#print (command)
if
not
i_interface2
:
return
commands
=
[
'iptables -t nat -D PREROUTING -i '
+
i_interface2
+
' -m set --match-set '
+
ipset_firehol
+
' src -j DNAT --to-destination '
+
ban_server
,
'iptables -t nat -D PREROUTING -i '
+
i_interface2
+
' -m set --match-set '
+
ipset_eterban_1
+
' src -j DNAT --to-destination '
+
ban_server
,
'iptables -t nat -D PREROUTING -i '
+
i_interface2
+
' -m set --match-set '
+
ipset_eterban_white
+
' src -j ACCEPT'
,
#'iptables -t nat -D PREROUTING -i ' + i_interface + ' -m set ! --match-set ' + ipset_eterban_1 + ' src -d ' + ban_server + ' -p tcp -m multiport --destination-port 80,443 -j DNAT --to-destination ' + ban_server + ':81',
#'iptables -t nat -D PREROUTING -i ' + i_interface + ' -m set --match-set ' + ipset_eterban_1 + ' src -p tcp --dport 443 -j DNAT --to-destination ' + ban_server + ':80',
'iptables -D FORWARD -i '
+
i_interface2
+
' -p tcp -m multiport ! --dport 80,81,443 -m set --match-set '
+
ipset_eterban_1
+
' src -j REJECT'
]
for
command
in
commands
:
for
command
in
commands
:
subprocess
.
call
(
command
,
shell
=
True
)
subprocess
.
call
(
command
,
shell
=
True
)
...
@@ -111,7 +139,7 @@ signal.signal(signal.SIGTERM, exit_gracefully)
...
@@ -111,7 +139,7 @@ signal.signal(signal.SIGTERM, exit_gracefully)
#print ('1')
#print ('1')
redis_server
,
ban_server
,
i_interface
=
parse_config
(
path_to_config
,
path_to_log
)
redis_server
,
ban_server
,
i_interface
,
i_interface2
=
parse_config
(
path_to_config
,
path_to_log
)
#destroy_iptables_rules ()
#destroy_iptables_rules ()
#sys.exit()
#sys.exit()
...
@@ -168,4 +196,4 @@ for message in p.listen():
...
@@ -168,4 +196,4 @@ for message in p.listen():
log
.
write
(
info
)
log
.
write
(
info
)
log
.
flush
()
log
.
flush
()
else
:
else
:
pass
pass
\ No newline at end of file
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment
