1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
|
class Intruder < ActiveRecord::Base
attr_accessible :list_type, :key, :points, :bans, :ban_last, :ban_end, :contact_ip, :contact_port, :contact_count, :contact_last, :contacts_per_second, :contacts_per_second_max, :user_agent, :to_user, :comment
LIST_TYPES = ['blacklist', 'whitelist']
validates :list_type,
:presence => true,
:inclusion => { :in => LIST_TYPES }
validates :key,
:presence => true,
:uniqueness => true
validates :contact_ip,
:presence => true,
:uniqueness => true
before_validation :set_key_if_empty
after_create :check_if_new_entry_relevant
after_update :check_if_update_relevant
after_destroy :check_if_delete_relevant
def to_s
key
end
def whois(ip_address = self.contact_ip)
if ! ip_address.blank?
begin
return Whois.whois(ip_address).to_s.gsub(/[^\u{0000}-\u{007F}]/, '')
rescue
return nil
end
end
end
def to_hash
return {
:key => self.key,
:points => self.points,
:bans => self.bans,
:received_port => self.contact_port,
:received_ip => self.contact_ip,
:contact_count => self.contact_count,
:user_agent => self.user_agent,
:to_user => self.to_user,
:comment => self.comment,
:date => DateTime.now.strftime('%Y-%m-%d %X')
}
end
private
def set_key_if_empty
if self.key.blank?
self.key = self.contact_ip
end
end
def expand_variables(line, variables)
return line.gsub(/\{([a-z_]+)\}/) do |m|
variables[$1.to_sym]
end
end
def write_firewall_list
firewall_blacklist_file = GsParameter.get('blacklist_file', 'perimeter', 'general')
blacklist_entry_template = GsParameter.get('blacklist_file_entry', 'perimeter', 'general')
whitelist_entry_template = GsParameter.get('whitelist_file_entry', 'perimeter', 'general')
comment_template = GsParameter.get('blacklist_file_comment', 'perimeter', 'general')
File.open(firewall_blacklist_file, 'w') do |file|
Intruder.where(:list_type => ['whitelist', 'blacklist']).order('list_type DESC, contact_last ASC').all.each do |entry|
if !whitelist_entry_template.blank? && entry.list_type == 'whitelist'
if ! comment_template.blank?
file.write(expand_variables(comment_template, entry.to_hash) + "\n")
end
file.write(expand_variables(whitelist_entry_template, entry.to_hash) + "\n")
elsif !blacklist_entry_template.blank? && entry.list_type == 'blacklist' && entry.bans.to_i > 0
if ! comment_template.blank?
file.write(expand_variables(comment_template, entry.to_hash) + "\n")
end
file.write(expand_variables(blacklist_entry_template, entry.to_hash) + "\n")
end
end
end
end
def restart_firewall
command = GsParameter.get('ban_command', 'perimeter', 'general')
if !command.blank?
system expand_variables(command, self.to_hash)
end
end
def check_if_update_relevant
if key_changed? || contact_ip_changed? || list_type_changed? || bans_changed? || points_changed?
if !GsParameter.get("#{self.list_type}_file_entry", 'perimeter', 'general').blank?
write_firewall_list
restart_firewall
end
end
end
def check_if_new_entry_relevant
if !GsParameter.get("#{self.list_type}_file_entry", 'perimeter', 'general').blank?
if self.list_type != 'blacklist' || self.bans.to_i > 0
write_firewall_list
restart_firewall
end
end
end
def check_if_delete_relevant
if !GsParameter.get("#{self.list_type}_file_entry", 'perimeter', 'general').blank?
if self.list_type != 'blacklist' || self.bans.to_i > 0
write_firewall_list
restart_firewall
end
end
end
end
|
