From b8425f5453eab4a0fe475952af89d55ace45878e Mon Sep 17 00:00:00 2001 From: Peter Kozak Date: Sun, 3 Mar 2013 04:03:24 -0500 Subject: firewall restart after intruder changes --- app/models/intruder.rb | 86 ++++++++++++++++++++++++++++++++++++++------------ 1 file changed, 66 insertions(+), 20 deletions(-) (limited to 'app/models/intruder.rb') diff --git a/app/models/intruder.rb b/app/models/intruder.rb index 97e3773..9a1c39a 100644 --- a/app/models/intruder.rb +++ b/app/models/intruder.rb @@ -17,6 +17,10 @@ class Intruder < ActiveRecord::Base before_validation :set_key_if_empty + after_create :check_if_new_entry_relevant + after_update :check_if_update_relevant + after_destroy :check_if_delete_relevant + def to_s key end @@ -31,26 +35,6 @@ class Intruder < ActiveRecord::Base end end - def self.write_firewall_blacklist - firewall_blacklist_file = GsParameter.get('blacklist_file', 'perimeter', 'general') - entry_template = GsParameter.get('blacklist_file_entry', 'perimeter', 'general') - comment_template = GsParameter.get('blacklist_file_comment', 'perimeter', 'general') - File.open(firewall_blacklist_file, 'w') do |file| - Intruder.where(:list_type => 'blacklist').where('bans > 0').all.each do |entry| - if ! comment_template.blank? - file.write(self.expand_variables(comment_template, entry.to_hash) + "\n") - end - file.write(self.expand_variables(entry_template, entry.to_hash) + "\n") - end - end - end - - def self.expand_variables(line, variables) - return line.gsub(/\{([a-z_]+)\}/) do |m| - variables[$1.to_sym] - end - end - def to_hash return { :key => self.key, @@ -72,4 +56,66 @@ class Intruder < ActiveRecord::Base self.key = self.contact_ip end end + + def expand_variables(line, variables) + return line.gsub(/\{([a-z_]+)\}/) do |m| + variables[$1.to_sym] + end + end + + def write_firewall_list + firewall_blacklist_file = GsParameter.get('blacklist_file', 'perimeter', 'general') + blacklist_entry_template = GsParameter.get('blacklist_file_entry', 'perimeter', 'general') + whitelist_entry_template = GsParameter.get('whitelist_file_entry', 'perimeter', 'general') + comment_template = GsParameter.get('blacklist_file_comment', 'perimeter', 'general') + File.open(firewall_blacklist_file, 'w') do |file| + Intruder.where(:list_type => ['whitelist', 'blacklist']).order('list_type DESC, contact_last ASC').all.each do |entry| + if !whitelist_entry_template.blank? && entry.list_type == 'whitelist' + if ! comment_template.blank? + file.write(expand_variables(comment_template, entry.to_hash) + "\n") + end + file.write(expand_variables(whitelist_entry_template, entry.to_hash) + "\n") + elsif !blacklist_entry_template.blank? && entry.list_type == 'blacklist' && entry.bans.to_i > 0 + if ! comment_template.blank? + file.write(expand_variables(comment_template, entry.to_hash) + "\n") + end + file.write(expand_variables(blacklist_entry_template, entry.to_hash) + "\n") + end + end + end + end + + def restart_firewall + command = GsParameter.get('ban_command', 'perimeter', 'general') + if !command.blank? + system expand_variables(command, self.to_hash) + end + end + + def check_if_update_relevant + if key_changed? || contact_ip_changed? || list_type_changed? || bans_changed? || points_changed? + if !GsParameter.get("#{self.list_type}_file_entry", 'perimeter', 'general').blank? + write_firewall_list + restart_firewall + end + end + end + + def check_if_new_entry_relevant + if !GsParameter.get("#{self.list_type}_file_entry", 'perimeter', 'general').blank? + if self.list_type != 'blacklist' || self.bans.to_i > 0 + write_firewall_list + restart_firewall + end + end + end + + def check_if_delete_relevant + if !GsParameter.get("#{self.list_type}_file_entry", 'perimeter', 'general').blank? + if self.list_type != 'blacklist' || self.bans.to_i > 0 + write_firewall_list + restart_firewall + end + end + end end -- cgit v1.2.3