From 1c6d3c16b6f348a06c5da609021505d77c70985b Mon Sep 17 00:00:00 2001 From: "andre.peters" Date: Wed, 24 Jan 2018 09:25:28 +0100 Subject: [PATCH] [Web] Set Fail2ban subnet sizes --- data/web/admin.php | 14 ++++++++++++++ data/web/inc/functions.fail2ban.inc.php | 12 ++++++++++++ data/web/inc/header.inc.php | 1 + data/web/lang/lang.de.php | 2 ++ data/web/lang/lang.en.php | 2 ++ 5 files changed, 31 insertions(+) diff --git a/data/web/admin.php b/data/web/admin.php index 79bce8e3..fb92345e 100644 --- a/data/web/admin.php +++ b/data/web/admin.php @@ -346,6 +346,20 @@ $tfa_data = get_tfa(); +
+ +
+ / + +
+
+
+ +
+ / + +
+
diff --git a/data/web/inc/functions.fail2ban.inc.php b/data/web/inc/functions.fail2ban.inc.php index e1801be7..b78fb36a 100644 --- a/data/web/inc/functions.fail2ban.inc.php +++ b/data/web/inc/functions.fail2ban.inc.php @@ -12,6 +12,8 @@ function fail2ban($_action, $_data = null) { $data['ban_time'] = $redis->Get('F2B_BAN_TIME'); $data['max_attempts'] = $redis->Get('F2B_MAX_ATTEMPTS'); $data['retry_window'] = $redis->Get('F2B_RETRY_WINDOW'); + $data['netban_ipv4'] = $redis->Get('F2B_NETBAN_IPV4'); + $data['netban_ipv6'] = $redis->Get('F2B_NETBAN_IPV6'); $wl = $redis->hGetAll('F2B_WHITELIST'); if (is_array($wl)) { foreach ($wl as $key => $value) { @@ -50,6 +52,8 @@ function fail2ban($_action, $_data = null) { $ban_time = intval((isset($_data['ban_time'])) ? $_data['ban_time'] : $is_now['ban_time']); $max_attempts = intval((isset($_data['max_attempts'])) ? $_data['max_attempts'] : $is_now['active_int']); $retry_window = intval((isset($_data['retry_window'])) ? $_data['retry_window'] : $is_now['retry_window']); + $netban_ipv4 = intval((isset($_data['netban_ipv4'])) ? $_data['netban_ipv4'] : $is_now['netban_ipv4']); + $netban_ipv6 = intval((isset($_data['netban_ipv6'])) ? $_data['netban_ipv6'] : $is_now['netban_ipv6']); } else { $_SESSION['return'] = array( @@ -60,12 +64,20 @@ function fail2ban($_action, $_data = null) { } $wl = $_data['whitelist']; $ban_time = ($ban_time < 60) ? 60 : $ban_time; + + $netban_ipv4 = ($netban_ipv4 < 8) ? 8 : $netban_ipv4; + $netban_ipv6 = ($netban_ipv6 < 8) ? 8 : $netban_ipv6; + $netban_ipv4 = ($netban_ipv4 > 32) ? 32 : $netban_ipv4; + $netban_ipv6 = ($netban_ipv6 > 128) ? 128 : $netban_ipv6; + $max_attempts = ($max_attempts < 1) ? 1 : $max_attempts; $retry_window = ($retry_window < 1) ? 1 : $retry_window; try { $redis->Set('F2B_BAN_TIME', $ban_time); $redis->Set('F2B_MAX_ATTEMPTS', $max_attempts); $redis->Set('F2B_RETRY_WINDOW', $retry_window); + $redis->Set('F2B_NETBAN_IPV4', $netban_ipv4); + $redis->Set('F2B_NETBAN_IPV6', $netban_ipv6); $redis->Del('F2B_WHITELIST'); if(!empty($wl)) { $wl_array = array_map('trim', preg_split( "/( |,|;|\n)/", $wl)); diff --git a/data/web/inc/header.inc.php b/data/web/inc/header.inc.php index e7f4a6a1..f928f620 100644 --- a/data/web/inc/header.inc.php +++ b/data/web/inc/header.inc.php @@ -4,6 +4,7 @@ + <?=$UI_TEXTS['title_name'];?>