[Netfilter] Fix table refresh and rule injection in snat loop
parent
73a566b25a
commit
17d3a24d89
|
@ -151,12 +151,12 @@ def unban(net):
|
|||
log['time'] = int(round(time.time()))
|
||||
log['priority'] = 'info'
|
||||
r.lpush('NETFILTER_LOG', json.dumps(log, ensure_ascii=False))
|
||||
#if not net in bans:
|
||||
# log['message'] = '%s is not banned, skipping unban and deleting from queue (if any)' % net
|
||||
# r.lpush('NETFILTER_LOG', json.dumps(log, ensure_ascii=False))
|
||||
# print '%s is not banned, skipping unban and deleting from queue (if any)' % net
|
||||
# r.hdel('F2B_QUEUE_UNBAN', '%s' % net)
|
||||
# return
|
||||
if not net in bans:
|
||||
log['message'] = '%s is not banned, skipping unban and deleting from queue (if any)' % net
|
||||
r.lpush('NETFILTER_LOG', json.dumps(log, ensure_ascii=False))
|
||||
print '%s is not banned, skipping unban and deleting from queue (if any)' % net
|
||||
r.hdel('F2B_QUEUE_UNBAN', '%s' % net)
|
||||
return
|
||||
log['message'] = 'Unbanning %s' % net
|
||||
r.lpush('NETFILTER_LOG', json.dumps(log, ensure_ascii=False))
|
||||
print 'Unbanning %s' % net
|
||||
|
@ -243,7 +243,6 @@ def watch():
|
|||
def snat(snat_target):
|
||||
def get_snat_rule():
|
||||
rule = iptc.Rule()
|
||||
rule.position = 1
|
||||
rule.src = os.getenv('IPV4_NETWORK', '172.22.1') + '.0/24'
|
||||
rule.dst = '!' + rule.src
|
||||
target = rule.create_target("SNAT")
|
||||
|
@ -252,6 +251,7 @@ def snat(snat_target):
|
|||
|
||||
while True:
|
||||
table = iptc.Table('nat')
|
||||
table.refresh()
|
||||
table.autocommit = False
|
||||
chain = iptc.Chain(table, 'POSTROUTING')
|
||||
if get_snat_rule() not in chain.rules:
|
||||
|
@ -262,7 +262,12 @@ def snat(snat_target):
|
|||
print log['message']
|
||||
chain.insert_rule(get_snat_rule())
|
||||
table.commit()
|
||||
table.refresh()
|
||||
else:
|
||||
for i, rule in enumerate(chain.rules):
|
||||
if rule == get_snat_rule():
|
||||
if i != 0:
|
||||
chain.delete_rule(get_snat_rule())
|
||||
table.commit()
|
||||
time.sleep(10)
|
||||
|
||||
def autopurge():
|
||||
|
|
|
@ -325,7 +325,7 @@ services:
|
|||
- acme
|
||||
|
||||
netfilter-mailcow:
|
||||
image: mailcow/netfilter:1.13
|
||||
image: mailcow/netfilter:1.14
|
||||
build: ./data/Dockerfiles/netfilter
|
||||
stop_grace_period: 30s
|
||||
depends_on:
|
||||
|
|
Loading…
Reference in New Issue