[Netfilter] Further improvements to catch invalid input

master
andryyy 2021-03-23 20:53:04 +01:00
parent 3fcf260dde
commit 8eb757bea3
No known key found for this signature in database
GPG Key ID: 8EC34FF2794E25EF
2 changed files with 19 additions and 18 deletions

View File

@ -301,24 +301,25 @@ def watch():
pubsub.subscribe('F2B_CHANNEL')
while not quit_now:
try:
for item in pubsub.listen():
refreshF2bregex()
for rule_id, rule_regex in f2bregex.items():
if item['data'] and item['type'] == 'message':
try:
result = re.search(rule_regex, item['data'])
except re.error:
result = False
if result:
addr = result.group(1)
ip = ipaddress.ip_address(addr)
if ip.is_private or ip.is_loopback:
continue
logWarn('%s matched rule id %s (%s)' % (addr, rule_id, item['data']))
ban(addr)
except Exception as ex:
logWarn('Could not read logline from pubsub, skipping...')
try:
refreshF2bregex()
for rule_id, rule_regex in f2bregex.items():
if item['data'] and item['type'] == 'message':
try:
result = re.search(rule_regex, item['data'])
except re.error:
result = False
if result:
addr = result.group(1)
ip = ipaddress.ip_address(addr)
if ip.is_private or ip.is_loopback:
continue
logWarn('%s matched rule id %s (%s)' % (addr, rule_id, item['data']))
ban(addr)
except Exception as ex:
logWarn('Could not read logline from pubsub, skipping...')
continue
def snat4(snat_target):
global lock

View File

@ -390,7 +390,7 @@ services:
- acme
netfilter-mailcow:
image: mailcow/netfilter:1.40
image: mailcow/netfilter:1.41
stop_grace_period: 30s
depends_on:
- dovecot-mailcow