[Web] Disallow blacklisting of some special networks

master
andryyy 2020-06-04 16:22:54 +02:00
parent 60e5868dc7
commit b1db4bf4bc
No known key found for this signature in database
GPG Key ID: 8EC34FF2794E25EF
1 changed files with 16 additions and 2 deletions

View File

@ -113,7 +113,13 @@ function fail2ban($_action, $_data = null) {
} }
} }
elseif ($_data['action'] == "blacklist") { elseif ($_data['action'] == "blacklist") {
if (valid_network($network)) { if (valid_network($network) && !in_array($network, array(
'0.0.0.0',
'0.0.0.0/0',
getenv('IPV4_NETWORK') . '0/24',
getenv('IPV4_NETWORK') . '0',
getenv('IPV6_NETWORK')
))) {
$redis->hSet('F2B_BLACKLIST', $network, 1); $redis->hSet('F2B_BLACKLIST', $network, 1);
$redis->hDel('F2B_WHITELIST', $network, 1); $redis->hDel('F2B_WHITELIST', $network, 1);
//$response = docker('post', 'netfilter-mailcow', 'restart'); //$response = docker('post', 'netfilter-mailcow', 'restart');
@ -176,6 +182,7 @@ function fail2ban($_action, $_data = null) {
$redis->Del('F2B_BLACKLIST'); $redis->Del('F2B_BLACKLIST');
if(!empty($wl)) { if(!empty($wl)) {
$wl_array = array_map('trim', preg_split( "/( |,|;|\n)/", $wl)); $wl_array = array_map('trim', preg_split( "/( |,|;|\n)/", $wl));
$wl_array = array_filter($wl_array);
if (is_array($wl_array)) { if (is_array($wl_array)) {
foreach ($wl_array as $wl_item) { foreach ($wl_array as $wl_item) {
if (valid_network($wl_item) || valid_hostname($wl_item)) { if (valid_network($wl_item) || valid_hostname($wl_item)) {
@ -194,9 +201,16 @@ function fail2ban($_action, $_data = null) {
} }
if(!empty($bl)) { if(!empty($bl)) {
$bl_array = array_map('trim', preg_split( "/( |,|;|\n)/", $bl)); $bl_array = array_map('trim', preg_split( "/( |,|;|\n)/", $bl));
$bl_array = array_filter($bl_array);
if (is_array($bl_array)) { if (is_array($bl_array)) {
foreach ($bl_array as $bl_item) { foreach ($bl_array as $bl_item) {
if (valid_network($bl_item) || valid_hostname($bl_item)) { if (valid_network($bl_item) && !in_array($bl_item, array(
'0.0.0.0',
'0.0.0.0/0',
getenv('IPV4_NETWORK') . '0/24',
getenv('IPV4_NETWORK') . '0',
getenv('IPV6_NETWORK')
))) {
$redis->hSet('F2B_BLACKLIST', $bl_item, 1); $redis->hSet('F2B_BLACKLIST', $bl_item, 1);
} }
else { else {