From b1db4bf4bcb2f3819dcd2594aa7f486a3eee42c1 Mon Sep 17 00:00:00 2001 From: andryyy Date: Thu, 4 Jun 2020 16:22:54 +0200 Subject: [PATCH] [Web] Disallow blacklisting of some special networks --- data/web/inc/functions.fail2ban.inc.php | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/data/web/inc/functions.fail2ban.inc.php b/data/web/inc/functions.fail2ban.inc.php index d607cc2a..6e2eb079 100644 --- a/data/web/inc/functions.fail2ban.inc.php +++ b/data/web/inc/functions.fail2ban.inc.php @@ -113,7 +113,13 @@ function fail2ban($_action, $_data = null) { } } elseif ($_data['action'] == "blacklist") { - if (valid_network($network)) { + if (valid_network($network) && !in_array($network, array( + '0.0.0.0', + '0.0.0.0/0', + getenv('IPV4_NETWORK') . '0/24', + getenv('IPV4_NETWORK') . '0', + getenv('IPV6_NETWORK') + ))) { $redis->hSet('F2B_BLACKLIST', $network, 1); $redis->hDel('F2B_WHITELIST', $network, 1); //$response = docker('post', 'netfilter-mailcow', 'restart'); @@ -176,6 +182,7 @@ function fail2ban($_action, $_data = null) { $redis->Del('F2B_BLACKLIST'); if(!empty($wl)) { $wl_array = array_map('trim', preg_split( "/( |,|;|\n)/", $wl)); + $wl_array = array_filter($wl_array); if (is_array($wl_array)) { foreach ($wl_array as $wl_item) { if (valid_network($wl_item) || valid_hostname($wl_item)) { @@ -194,9 +201,16 @@ function fail2ban($_action, $_data = null) { } if(!empty($bl)) { $bl_array = array_map('trim', preg_split( "/( |,|;|\n)/", $bl)); + $bl_array = array_filter($bl_array); if (is_array($bl_array)) { foreach ($bl_array as $bl_item) { - if (valid_network($bl_item) || valid_hostname($bl_item)) { + if (valid_network($bl_item) && !in_array($bl_item, array( + '0.0.0.0', + '0.0.0.0/0', + getenv('IPV4_NETWORK') . '0/24', + getenv('IPV4_NETWORK') . '0', + getenv('IPV6_NETWORK') + ))) { $redis->hSet('F2B_BLACKLIST', $bl_item, 1); } else {