diff options
author | Peter Kozak <spag@golwen.net> | 2013-03-03 04:03:24 -0500 |
---|---|---|
committer | Peter Kozak <spag@golwen.net> | 2013-03-03 04:03:24 -0500 |
commit | b8425f5453eab4a0fe475952af89d55ace45878e (patch) | |
tree | e3c94e998ae382fb33e26a529327bc3368b64b3b /app/models | |
parent | 6ed538ee9385245a7bbac838dd5b796bba2ea0c6 (diff) |
firewall restart after intruder changes
Diffstat (limited to 'app/models')
-rw-r--r-- | app/models/intruder.rb | 86 |
1 files changed, 66 insertions, 20 deletions
diff --git a/app/models/intruder.rb b/app/models/intruder.rb index 97e3773..9a1c39a 100644 --- a/app/models/intruder.rb +++ b/app/models/intruder.rb @@ -17,6 +17,10 @@ class Intruder < ActiveRecord::Base before_validation :set_key_if_empty + after_create :check_if_new_entry_relevant + after_update :check_if_update_relevant + after_destroy :check_if_delete_relevant + def to_s key end @@ -31,26 +35,6 @@ class Intruder < ActiveRecord::Base end end - def self.write_firewall_blacklist - firewall_blacklist_file = GsParameter.get('blacklist_file', 'perimeter', 'general') - entry_template = GsParameter.get('blacklist_file_entry', 'perimeter', 'general') - comment_template = GsParameter.get('blacklist_file_comment', 'perimeter', 'general') - File.open(firewall_blacklist_file, 'w') do |file| - Intruder.where(:list_type => 'blacklist').where('bans > 0').all.each do |entry| - if ! comment_template.blank? - file.write(self.expand_variables(comment_template, entry.to_hash) + "\n") - end - file.write(self.expand_variables(entry_template, entry.to_hash) + "\n") - end - end - end - - def self.expand_variables(line, variables) - return line.gsub(/\{([a-z_]+)\}/) do |m| - variables[$1.to_sym] - end - end - def to_hash return { :key => self.key, @@ -72,4 +56,66 @@ class Intruder < ActiveRecord::Base self.key = self.contact_ip end end + + def expand_variables(line, variables) + return line.gsub(/\{([a-z_]+)\}/) do |m| + variables[$1.to_sym] + end + end + + def write_firewall_list + firewall_blacklist_file = GsParameter.get('blacklist_file', 'perimeter', 'general') + blacklist_entry_template = GsParameter.get('blacklist_file_entry', 'perimeter', 'general') + whitelist_entry_template = GsParameter.get('whitelist_file_entry', 'perimeter', 'general') + comment_template = GsParameter.get('blacklist_file_comment', 'perimeter', 'general') + File.open(firewall_blacklist_file, 'w') do |file| + Intruder.where(:list_type => ['whitelist', 'blacklist']).order('list_type DESC, contact_last ASC').all.each do |entry| + if !whitelist_entry_template.blank? && entry.list_type == 'whitelist' + if ! comment_template.blank? + file.write(expand_variables(comment_template, entry.to_hash) + "\n") + end + file.write(expand_variables(whitelist_entry_template, entry.to_hash) + "\n") + elsif !blacklist_entry_template.blank? && entry.list_type == 'blacklist' && entry.bans.to_i > 0 + if ! comment_template.blank? + file.write(expand_variables(comment_template, entry.to_hash) + "\n") + end + file.write(expand_variables(blacklist_entry_template, entry.to_hash) + "\n") + end + end + end + end + + def restart_firewall + command = GsParameter.get('ban_command', 'perimeter', 'general') + if !command.blank? + system expand_variables(command, self.to_hash) + end + end + + def check_if_update_relevant + if key_changed? || contact_ip_changed? || list_type_changed? || bans_changed? || points_changed? + if !GsParameter.get("#{self.list_type}_file_entry", 'perimeter', 'general').blank? + write_firewall_list + restart_firewall + end + end + end + + def check_if_new_entry_relevant + if !GsParameter.get("#{self.list_type}_file_entry", 'perimeter', 'general').blank? + if self.list_type != 'blacklist' || self.bans.to_i > 0 + write_firewall_list + restart_firewall + end + end + end + + def check_if_delete_relevant + if !GsParameter.get("#{self.list_type}_file_entry", 'perimeter', 'general').blank? + if self.list_type != 'blacklist' || self.bans.to_i > 0 + write_firewall_list + restart_firewall + end + end + end end |