Home Explore Help
Sign In
mirrors
/
mailcow-dockerized
mirror of https://github.com/mailcow/mailcow-dockerized
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

Merge branch 'staging' into nightly

DerLinkman 2 years ago
parent
ba9f2bc376 0d7fe2e347
commit
b8656763ec
2 changed files with 51 additions and 17 deletions
Split View Show Diff Stats
  1. 25 0
      .github/workflows/pr_to_nightly.yml
  2. 26 17
      data/Dockerfiles/netfilter/server.py

+ 25 - 0
.github/workflows/pr_to_nightly.yml
View File 

@@ -0,0 +1,25 @@
 
+name: Create PR to merge to nightly from staging
 
+on:
 
+  push:
 
+    branches:
 
+      - staging
 
+jobs:
 
+  action-pull-request:
 
+    runs-on: ubuntu-latest
 
+    steps:
 
+      - name: Checkout repository
 
+        uses: actions/checkout@v2
 
+        with:
 
+          fetch-depth: 0
 
+      - name: Run the Action
 
+        uses: devops-infra/action-pull-request@v0.5.0
 
+        with:
 
+          github_token: ${{ secrets.GITHUB_TOKEN }}
 
+          title: Automatic PR to nightly from ${{ github.event.repository.updated_at}}
 
+          assignee: DerLinkman
 
+          source_branch: staging
 
+          target_branch: nightly
 
+          reviewer: DerLinkman
 
+          label: upstream
 
+          body: Merge current staging state to nightly branch
 
+          get_diff: true

+ 26 - 17
data/Dockerfiles/netfilter/server.py
View File 

@@ -252,7 +252,7 @@ def permBan(net, unban=False):
 
       if rule not in chain.rules and not unban:

         logCrit('Add host/network %s to blacklist' % net)

         chain.insert_rule(rule)

-        r.hset('F2B_PERM_BANS', '%s' % net, int(round(time.time()))) 

+        r.hset('F2B_PERM_BANS', '%s' % net, int(round(time.time())))

       elif rule in chain.rules and unban:

         logCrit('Remove host/network %s from blacklist' % net)

         chain.delete_rule(rule)

@@ -267,7 +267,7 @@ def permBan(net, unban=False):
 
       if rule not in chain.rules and not unban:

         logCrit('Add host/network %s to blacklist' % net)

         chain.insert_rule(rule)

-        r.hset('F2B_PERM_BANS', '%s' % net, int(round(time.time()))) 

+        r.hset('F2B_PERM_BANS', '%s' % net, int(round(time.time())))

       elif rule in chain.rules and unban:

         logCrit('Remove host/network %s from blacklist' % net)

         chain.delete_rule(rule)

@@ -346,6 +346,8 @@ def snat4(snat_target):
 
     rule.dst = '!' + rule.src

     target = rule.create_target("SNAT")

     target.to_source = snat_target

+    match = rule.create_match("comment")

+    match.comment = f'{int(round(time.time()))}'

     return rule

 

   while not quit_now:

@@ -356,19 +358,26 @@ def snat4(snat_target):
 
         table.refresh()

         chain = iptc.Chain(table, 'POSTROUTING')

         table.autocommit = False

-        if get_snat4_rule() not in chain.rules:

-          logCrit('Added POSTROUTING rule for source network %s to SNAT target %s' % (get_snat4_rule().src, snat_target))

-          chain.insert_rule(get_snat4_rule())

-          table.commit()

-        else:

-          for position, item in enumerate(chain.rules):

-            if item == get_snat4_rule():

-              if position != 0:

-                chain.delete_rule(get_snat4_rule())

-          table.commit()

+        new_rule = get_snat4_rule()

+        for position, rule in enumerate(chain.rules):

+          match = all((

+            new_rule.get_src() == rule.get_src(),

+            new_rule.get_dst() == rule.get_dst(),

+            new_rule.target.parameters == rule.target.parameters,

+            new_rule.target.name == rule.target.name

+          ))

+          if position == 0:

+            if not match:

+              logInfo(f'Added POSTROUTING rule for source network {new_rule.src} to SNAT target {snat_target}')

+              chain.insert_rule(new_rule)

+          else:

+            if match:

+              logInfo(f'Remove rule for source network {new_rule.src} to SNAT target {snat_target} from POSTROUTING chain at position {position}')

+              chain.delete_rule(rule)

+        table.commit()

         table.autocommit = True

       except:

-        print('Error running SNAT4, retrying...') 

+        print('Error running SNAT4, retrying...')

 

 def snat6(snat_target):

   global lock

@@ -402,7 +411,7 @@ def snat6(snat_target):
 
           table.commit()

         table.autocommit = True

       except:

-        print('Error running SNAT6, retrying...') 

+        print('Error running SNAT6, retrying...')

 

 def autopurge():

   while not quit_now:

@@ -468,7 +477,7 @@ def whitelistUpdate():
 
       if Counter(new_whitelist) != Counter(WHITELIST):

         WHITELIST = new_whitelist

         logInfo('Whitelist was changed, it has %s entries' % len(WHITELIST))

-    time.sleep(60.0 - ((time.time() - start_time) % 60.0)) 

+    time.sleep(60.0 - ((time.time() - start_time) % 60.0))

 

 def blacklistUpdate():

   global quit_now

@@ -479,7 +488,7 @@ def blacklistUpdate():
 
     new_blacklist = []

     if list:

       new_blacklist = genNetworkList(list)

-    if Counter(new_blacklist) != Counter(BLACKLIST): 

+    if Counter(new_blacklist) != Counter(BLACKLIST):

       addban = set(new_blacklist).difference(BLACKLIST)

       delban = set(BLACKLIST).difference(new_blacklist)

       BLACKLIST = new_blacklist

@@ -490,7 +499,7 @@ def blacklistUpdate():
 
       if delban:

         for net in delban:

           permBan(net=net, unban=True)

-    time.sleep(60.0 - ((time.time() - start_time) % 60.0)) 

+    time.sleep(60.0 - ((time.time() - start_time) % 60.0))

 

 def initChain():

   # Is called before threads start, no locking