summaryrefslogtreecommitdiff
path: root/app/models
diff options
context:
space:
mode:
authorPeter Kozak <spag@golwen.net>2013-03-03 04:03:24 -0500
committerPeter Kozak <spag@golwen.net>2013-03-03 04:03:24 -0500
commitb8425f5453eab4a0fe475952af89d55ace45878e (patch)
treee3c94e998ae382fb33e26a529327bc3368b64b3b /app/models
parent6ed538ee9385245a7bbac838dd5b796bba2ea0c6 (diff)
firewall restart after intruder changes
Diffstat (limited to 'app/models')
-rw-r--r--app/models/intruder.rb86
1 files changed, 66 insertions, 20 deletions
diff --git a/app/models/intruder.rb b/app/models/intruder.rb
index 97e3773..9a1c39a 100644
--- a/app/models/intruder.rb
+++ b/app/models/intruder.rb
@@ -17,6 +17,10 @@ class Intruder < ActiveRecord::Base
before_validation :set_key_if_empty
+ after_create :check_if_new_entry_relevant
+ after_update :check_if_update_relevant
+ after_destroy :check_if_delete_relevant
+
def to_s
key
end
@@ -31,26 +35,6 @@ class Intruder < ActiveRecord::Base
end
end
- def self.write_firewall_blacklist
- firewall_blacklist_file = GsParameter.get('blacklist_file', 'perimeter', 'general')
- entry_template = GsParameter.get('blacklist_file_entry', 'perimeter', 'general')
- comment_template = GsParameter.get('blacklist_file_comment', 'perimeter', 'general')
- File.open(firewall_blacklist_file, 'w') do |file|
- Intruder.where(:list_type => 'blacklist').where('bans > 0').all.each do |entry|
- if ! comment_template.blank?
- file.write(self.expand_variables(comment_template, entry.to_hash) + "\n")
- end
- file.write(self.expand_variables(entry_template, entry.to_hash) + "\n")
- end
- end
- end
-
- def self.expand_variables(line, variables)
- return line.gsub(/\{([a-z_]+)\}/) do |m|
- variables[$1.to_sym]
- end
- end
-
def to_hash
return {
:key => self.key,
@@ -72,4 +56,66 @@ class Intruder < ActiveRecord::Base
self.key = self.contact_ip
end
end
+
+ def expand_variables(line, variables)
+ return line.gsub(/\{([a-z_]+)\}/) do |m|
+ variables[$1.to_sym]
+ end
+ end
+
+ def write_firewall_list
+ firewall_blacklist_file = GsParameter.get('blacklist_file', 'perimeter', 'general')
+ blacklist_entry_template = GsParameter.get('blacklist_file_entry', 'perimeter', 'general')
+ whitelist_entry_template = GsParameter.get('whitelist_file_entry', 'perimeter', 'general')
+ comment_template = GsParameter.get('blacklist_file_comment', 'perimeter', 'general')
+ File.open(firewall_blacklist_file, 'w') do |file|
+ Intruder.where(:list_type => ['whitelist', 'blacklist']).order('list_type DESC, contact_last ASC').all.each do |entry|
+ if !whitelist_entry_template.blank? && entry.list_type == 'whitelist'
+ if ! comment_template.blank?
+ file.write(expand_variables(comment_template, entry.to_hash) + "\n")
+ end
+ file.write(expand_variables(whitelist_entry_template, entry.to_hash) + "\n")
+ elsif !blacklist_entry_template.blank? && entry.list_type == 'blacklist' && entry.bans.to_i > 0
+ if ! comment_template.blank?
+ file.write(expand_variables(comment_template, entry.to_hash) + "\n")
+ end
+ file.write(expand_variables(blacklist_entry_template, entry.to_hash) + "\n")
+ end
+ end
+ end
+ end
+
+ def restart_firewall
+ command = GsParameter.get('ban_command', 'perimeter', 'general')
+ if !command.blank?
+ system expand_variables(command, self.to_hash)
+ end
+ end
+
+ def check_if_update_relevant
+ if key_changed? || contact_ip_changed? || list_type_changed? || bans_changed? || points_changed?
+ if !GsParameter.get("#{self.list_type}_file_entry", 'perimeter', 'general').blank?
+ write_firewall_list
+ restart_firewall
+ end
+ end
+ end
+
+ def check_if_new_entry_relevant
+ if !GsParameter.get("#{self.list_type}_file_entry", 'perimeter', 'general').blank?
+ if self.list_type != 'blacklist' || self.bans.to_i > 0
+ write_firewall_list
+ restart_firewall
+ end
+ end
+ end
+
+ def check_if_delete_relevant
+ if !GsParameter.get("#{self.list_type}_file_entry", 'perimeter', 'general').blank?
+ if self.list_type != 'blacklist' || self.bans.to_i > 0
+ write_firewall_list
+ restart_firewall
+ end
+ end
+ end
end