[Web] Set Fail2ban subnet sizes

data/web/admin.php

@@ -346,6 +346,20 @@ $tfa_data = get_tfa();
             <label for="retry_window"><?=$lang['admin']['f2b_retry_window'];?>:</label>
             <input type="number" class="form-control" id="retry_window" name="retry_window" value="<?=$f2b_data['retry_window'];?>" required>
           </div>
+          <div class="form-group">
+            <label for="netban_ipv4"><?=$lang['admin']['f2b_netban_ipv4'];?>:</label>
+            <div class="input-group">
+              <span class="input-group-addon">/</span>
+              <input type="number" class="form-control" id="netban_ipv4" name="netban_ipv4" value="<?=$f2b_data['netban_ipv4'];?>" required>
+            </div>
+          </div>
+          <div class="form-group">
+            <label for="netban_ipv6"><?=$lang['admin']['f2b_netban_ipv6'];?>:</label>
+            <div class="input-group">
+              <span class="input-group-addon">/</span>
+              <input type="number" class="form-control" id="netban_ipv6" name="netban_ipv6" value="<?=$f2b_data['netban_ipv6'];?>" required>
+            </div>
+          </div>
           <div class="form-group">
             <label for="whitelist"><?=$lang['admin']['f2b_whitelist'];?>:</label>
             <textarea class="form-control" id="whitelist" name="whitelist" rows="5"><?=$f2b_data['whitelist'];?></textarea>

data/web/inc/functions.fail2ban.inc.php

@@ -12,6 +12,8 @@ function fail2ban($_action, $_data = null) {
         $data['ban_time'] = $redis->Get('F2B_BAN_TIME');
         $data['max_attempts'] = $redis->Get('F2B_MAX_ATTEMPTS');
         $data['retry_window'] = $redis->Get('F2B_RETRY_WINDOW');
+        $data['netban_ipv4'] = $redis->Get('F2B_NETBAN_IPV4');
+        $data['netban_ipv6'] = $redis->Get('F2B_NETBAN_IPV6');
         $wl = $redis->hGetAll('F2B_WHITELIST');
         if (is_array($wl)) {
           foreach ($wl as $key => $value) {
@@ -50,6 +52,8 @@ function fail2ban($_action, $_data = null) {
         $ban_time = intval((isset($_data['ban_time'])) ? $_data['ban_time'] : $is_now['ban_time']);
         $max_attempts = intval((isset($_data['max_attempts'])) ? $_data['max_attempts'] : $is_now['active_int']);
         $retry_window = intval((isset($_data['retry_window'])) ? $_data['retry_window'] : $is_now['retry_window']);
+        $netban_ipv4 = intval((isset($_data['netban_ipv4'])) ? $_data['netban_ipv4'] : $is_now['netban_ipv4']);
+        $netban_ipv6 = intval((isset($_data['netban_ipv6'])) ? $_data['netban_ipv6'] : $is_now['netban_ipv6']);
       }
       else {
         $_SESSION['return'] = array(
@@ -60,12 +64,20 @@ function fail2ban($_action, $_data = null) {
       }
       $wl = $_data['whitelist'];
       $ban_time = ($ban_time < 60) ? 60 : $ban_time;
+
+      $netban_ipv4 = ($netban_ipv4 < 8) ? 8 : $netban_ipv4;
+      $netban_ipv6 = ($netban_ipv6 < 8) ? 8 : $netban_ipv6;
+      $netban_ipv4 = ($netban_ipv4 > 32) ? 32 : $netban_ipv4;
+      $netban_ipv6 = ($netban_ipv6 > 128) ? 128 : $netban_ipv6;
+
       $max_attempts = ($max_attempts < 1) ? 1 : $max_attempts;
       $retry_window = ($retry_window < 1) ? 1 : $retry_window;
       try {
         $redis->Set('F2B_BAN_TIME', $ban_time);
         $redis->Set('F2B_MAX_ATTEMPTS', $max_attempts);
         $redis->Set('F2B_RETRY_WINDOW', $retry_window);
+        $redis->Set('F2B_NETBAN_IPV4', $netban_ipv4);
+        $redis->Set('F2B_NETBAN_IPV6', $netban_ipv6);
         $redis->Del('F2B_WHITELIST');
         if(!empty($wl)) {
           $wl_array = array_map('trim', preg_split( "/( |,|;|\n)/", $wl));

data/web/inc/header.inc.php

@@ -4,6 +4,7 @@
 <meta charset="utf-8">
 <meta http-equiv="X-UA-Compatible" content="IE=edge">
 <meta name="viewport" content="width=device-width, initial-scale=1">
+<meta http-equiv="Referrer-Policy" content="same-origin">
 <title><?=$UI_TEXTS['title_name'];?></title>
 <!--[if lt IE 9]>
   <script src="/js/html5shiv.min.js"></script>

data/web/lang/lang.de.php

@@ -466,6 +466,8 @@ $lang['admin']['f2b_parameters'] = 'Fail2ban Parameter';
 $lang['admin']['f2b_ban_time'] = 'Banzeit (s)';
 $lang['admin']['f2b_max_attempts'] = 'Max. Versuche';
 $lang['admin']['f2b_retry_window'] = 'Wiederholungen im Zeitraum von (s)';
+$lang['admin']['f2b_netban_ipv4'] = 'Netzbereich für IPv4 Bans (8-32)';
+$lang['admin']['f2b_netban_ipv6'] = 'Netzbereich für IPv6 Bans (8-128)';
 $lang['admin']['f2b_whitelist'] = 'Whitelist für Netzwerke und Hosts';
 $lang['admin']['restrictions'] = 'Postfix Restriktionen';
 $lang['admin']['rr'] = 'Postfix Empfänger Restriktionen';

data/web/lang/lang.en.php

@@ -466,6 +466,8 @@ $lang['admin']['f2b_parameters'] = 'Fail2ban parameters';
 $lang['admin']['f2b_ban_time'] = 'Ban time (s)';
 $lang['admin']['f2b_max_attempts'] = 'Max. attempts';
 $lang['admin']['f2b_retry_window'] = 'Retry window (s) for max. attempts';
+$lang['admin']['f2b_netban_ipv4'] = 'IPv4 subnet size to apply ban on (8-32)';
+$lang['admin']['f2b_netban_ipv6'] = 'IPv6 subnet size to apply ban on (8-128)';
 $lang['admin']['f2b_whitelist'] = 'Whitelisted networks/hosts';
 $lang['admin']['search_domain_da'] = 'Search domains';
 $lang['admin']['restrictions'] = 'Postfix Restrictions';