6 年之前 · 4cc63ceeb7
--- a/data/Dockerfiles/netfilter/server.py
+++ b/data/Dockerfiles/netfilter/server.py
@@ -5,6 +5,7 @@ import os
 
				 import time

			
 
				 import atexit

			
 
				 import signal

			
 
				+import socket

			
 
				 import ipaddress

			
 
				 from random import randint

			
 
				 from threading import Thread

			
@@ -39,6 +40,13 @@ log = {}
 
				 quit_now = False

			
 
				 lock = Lock()

			
 
				 

			
 
				+def is_ip_network(address):

			
 
				+  try:

			
 
				+    ipaddress.ip_network(address.decode('ascii'), False)

			
 
				+  except ValueError:

			
 
				+    return False

			
 
				+  return True

			
 
				+

			
 
				 def refreshF2boptions():

			
 
				   global f2boptions

			
 
				   global quit_now

			
@@ -119,6 +127,19 @@ def ban(address):
 
				   self_network = ipaddress.ip_network(address.decode('ascii'))

			
 
				   if WHITELIST:

			
 
				     for wl_key in WHITELIST:

			
 
				+      if not is_ip_network(wl_key):

			
 
				+        hostname = wl_key

			
 
				+        try:

			
 
				+          wl_key = socket.gethostbyname(hostname)

			
 
				+        except socket.gaierror as err:

			
 
				+          continue

			
 
				+          

			
 
				+        log['time'] = int(round(time.time()))

			
 
				+        log['priority'] = 'info'

			
 
				+        log['message'] = 'Hostname %s is resolved to %s' % (hostname, wl_key)

			
 
				+        r.lpush('NETFILTER_LOG', json.dumps(log, ensure_ascii=False))

			
 
				+        print 'Hostname %s is resolved to %s' % (hostname, wl_key)

			
 
				+

			
 
				       wl_net = ipaddress.ip_network(wl_key.decode('ascii'), False)

			
 
				       if wl_net.overlaps(self_network):

			
 
				         log['time'] = int(round(time.time()))

			
--- a/data/web/inc/functions.fail2ban.inc.php
+++ b/data/web/inc/functions.fail2ban.inc.php
@@ -9,6 +9,11 @@ function valid_network($network) {
 
				   }

			
 
				   return false;

			
 
				 }

			
 
				+

			
 
				+function valid_hostname($hostname) {

			
 
				+    return filter_var($hostname, FILTER_VALIDATE_DOMAIN, FILTER_FLAG_HOSTNAME);

			
 
				+}

			
 
				+

			
 
				 function fail2ban($_action, $_data = null) {

			
 
				   global $redis;

			
 
				   global $lang;

			
@@ -188,7 +193,7 @@ function fail2ban($_action, $_data = null) {
 
				           $wl_array = array_map('trim', preg_split( "/( |,|;|\n)/", $wl));

			
 
				           if (is_array($wl_array)) {

			
 
				             foreach ($wl_array as $wl_item) {

			
 
				-              if (valid_network($wl_item)) {

			
 
				+              if (valid_network($wl_item) || valid_hostname($wl_item)) {

			
 
				                 $redis->hSet('F2B_WHITELIST', $wl_item, 1);

			
 
				               }

			
 
				             }