firewall restart after intruder changes

5 files changed, 79 insertions, 35 deletions

diff --git a/app/controllers/intruders_controller.rb b/app/controllers/intruders_controller.rb
index d3c767e..bdda230 100644
--- a/app/controllers/intruders_controller.rb
+++ b/app/controllers/intruders_controller.rb
@@ -2,7 +2,8 @@ class IntrudersController < ApplicationController
   load_and_authorize_resource :intruder
   
   def index
-    @intruders = Intruder.order('list_type ASC, contact_last DESC').all
+    @intruders = Intruder.order('list_type ASC, contact_last DESC')
+    @list_types = @intruders.pluck(:list_type).uniq.sort
     spread_breadcrumbs
   end
 
diff --git a/app/models/intruder.rb b/app/models/intruder.rb
index 97e3773..9a1c39a 100644
--- a/app/models/intruder.rb
+++ b/app/models/intruder.rb
@@ -17,6 +17,10 @@ class Intruder < ActiveRecord::Base
 
   before_validation :set_key_if_empty
 
+  after_create :check_if_new_entry_relevant
+  after_update :check_if_update_relevant
+  after_destroy :check_if_delete_relevant
+
   def to_s
     key
   end
@@ -31,26 +35,6 @@ class Intruder < ActiveRecord::Base
     end
   end
 
-  def self.write_firewall_blacklist
-    firewall_blacklist_file = GsParameter.get('blacklist_file', 'perimeter', 'general')
-    entry_template = GsParameter.get('blacklist_file_entry', 'perimeter', 'general')
-    comment_template = GsParameter.get('blacklist_file_comment', 'perimeter', 'general')
-    File.open(firewall_blacklist_file, 'w') do |file|
-      Intruder.where(:list_type => 'blacklist').where('bans > 0').all.each do |entry|
-        if ! comment_template.blank?
-          file.write(self.expand_variables(comment_template, entry.to_hash) + "\n")
-        end
-        file.write(self.expand_variables(entry_template, entry.to_hash) + "\n")
-      end
-    end
-  end
-
-  def self.expand_variables(line, variables)
-    return line.gsub(/\{([a-z_]+)\}/) do |m| 
-      variables[$1.to_sym]
-    end
-  end
-
   def to_hash
     return {
       :key => self.key, 
@@ -72,4 +56,66 @@ class Intruder < ActiveRecord::Base
       self.key = self.contact_ip
     end
   end
+
+  def expand_variables(line, variables)
+    return line.gsub(/\{([a-z_]+)\}/) do |m| 
+      variables[$1.to_sym]
+    end
+  end
+
+  def write_firewall_list
+    firewall_blacklist_file = GsParameter.get('blacklist_file', 'perimeter', 'general')
+    blacklist_entry_template = GsParameter.get('blacklist_file_entry', 'perimeter', 'general')
+    whitelist_entry_template = GsParameter.get('whitelist_file_entry', 'perimeter', 'general')
+    comment_template = GsParameter.get('blacklist_file_comment', 'perimeter', 'general')
+    File.open(firewall_blacklist_file, 'w') do |file|
+      Intruder.where(:list_type => ['whitelist', 'blacklist']).order('list_type DESC, contact_last ASC').all.each do |entry|
+        if !whitelist_entry_template.blank? && entry.list_type == 'whitelist'
+          if ! comment_template.blank?
+            file.write(expand_variables(comment_template, entry.to_hash) + "\n")
+          end
+          file.write(expand_variables(whitelist_entry_template, entry.to_hash) + "\n")
+        elsif !blacklist_entry_template.blank? && entry.list_type == 'blacklist' && entry.bans.to_i > 0
+          if ! comment_template.blank?
+            file.write(expand_variables(comment_template, entry.to_hash) + "\n")
+          end
+          file.write(expand_variables(blacklist_entry_template, entry.to_hash) + "\n")
+        end
+      end
+    end
+  end
+
+  def restart_firewall
+    command = GsParameter.get('ban_command', 'perimeter', 'general')
+    if !command.blank?
+      system expand_variables(command, self.to_hash)
+    end
+  end
+
+  def check_if_update_relevant
+    if key_changed? || contact_ip_changed? || list_type_changed? || bans_changed? || points_changed?
+      if !GsParameter.get("#{self.list_type}_file_entry", 'perimeter', 'general').blank?
+        write_firewall_list
+        restart_firewall
+      end
+    end
+  end
+
+  def check_if_new_entry_relevant
+    if !GsParameter.get("#{self.list_type}_file_entry", 'perimeter', 'general').blank?
+      if self.list_type != 'blacklist' || self.bans.to_i > 0
+        write_firewall_list
+        restart_firewall
+      end
+    end
+  end
+
+  def check_if_delete_relevant
+    if !GsParameter.get("#{self.list_type}_file_entry", 'perimeter', 'general').blank?
+      if self.list_type != 'blacklist' || self.bans.to_i > 0
+        write_firewall_list
+        restart_firewall
+      end
+    end
+  end 
 end
diff --git a/app/views/intruders/_form_core.html.haml b/app/views/intruders/_form_core.html.haml
index 780d8cd..a0c2eb0 100644
--- a/app/views/intruders/_form_core.html.haml
+++ b/app/views/intruders/_form_core.html.haml
@@ -1,5 +1,7 @@
 .inputs
   = f.input :list_type, :collection => Intruder::LIST_TYPES, :label => t('intruders.form.list_type.label'), :hint => conditional_hint('intruders.form.list_type.hint'), :include_blank => false
   = f.input :contact_ip, :label => t('intruders.form.contact_ip.label'), :hint => conditional_hint('intruders.form.contact_ip.hint')
-  = f.input :ban_end, :label => t('intruders.form.ban_end.label'), :hint => conditional_hint('intruders.form.ban_end.hint')
+  = f.input :points, :label => t('intruders.form.points.label'), :hint => conditional_hint('intruders.form.points.hint')
+  = f.input :bans, :label => t('intruders.form.bans.label'), :hint => conditional_hint('intruders.form.bans.hint'), as: :boolean
+
   = f.input :comment, :label => t('intruders.form.comment.label'), :hint => conditional_hint('intruders.form.comment.hint')
diff --git a/app/views/intruders/_index_core.html.haml b/app/views/intruders/_index_core.html.haml
index 63f2253..b9c5a76 100644
--- a/app/views/intruders/_index_core.html.haml
+++ b/app/views/intruders/_index_core.html.haml
@@ -2,11 +2,8 @@
   %tr
     %th
     %th= t('intruders.index.contact_ip')
-    %th= t('intruders.index.contact_port')
     %th= t('intruders.index.points')
-    %th= t('intruders.index.bans')
     %th= t('intruders.index.ban_last')
-    %th= t('intruders.index.ban_end')
     %th= t('intruders.index.contact_count')
     %th= t('intruders.index.contact_last')
     %th= t('intruders.index.contacts_per_second')
@@ -19,21 +16,16 @@
       %td
         - if intruder.list_type == 'whitelist'
           %i.icon-ok
-        - elsif intruder.bans > 0
+        - elsif intruder.bans.to_i > 0
           %i.icon-fire
-        - elsif intruder.points > 0
+        - elsif intruder.points.to_i > 0
           %i.icon-warning-sign
 
       %td= intruder.contact_ip
-      %td= intruder.contact_port
       %td= intruder.points
-      %td= intruder.bans
       %td 
         - if intruder.ban_last
           = l intruder.ban_last, :format => :short
-      %td
-        - if intruder.ban_end
-          = l intruder.ban_end, :format => :short
 
       %td= intruder.contact_count
       %td
diff --git a/app/views/intruders/index.html.haml b/app/views/intruders/index.html.haml
index 72b8882..79b4ceb 100644
--- a/app/views/intruders/index.html.haml
+++ b/app/views/intruders/index.html.haml
@@ -1,6 +1,9 @@
 - content_for :title, t("intruders.index.page_title")
 
-- if @intruders && @intruders.count > 0
-  = render "index_core", :intruders => @intruders
+- if @intruders && @intruders.count > 0 && @list_types && @list_types.count > 0
+  - @list_types.each do |list_type|
+    %h3= list_type
+    %table.table.table-striped
+      = render "index_core", :intruders => @intruders.where(:list_type => list_type)
 
-= render :partial => 'shared/create_link', :locals => {:child_class => Intruder}
\ No newline at end of file
+= render :partial => 'shared/create_link', :locals => {:child_class => Intruder}