diff options
author | Holger Weiss <holger@zedat.fu-berlin.de> | 2015-04-18 11:08:05 +0200 |
---|---|---|
committer | Holger Weiss <holger@zedat.fu-berlin.de> | 2015-04-18 11:08:05 +0200 |
commit | aa36742a406e11124eb79554f8b31eaa14e7a856 (patch) | |
tree | 086fdd6674eb044cd1b273fbe9305e704d7ff245 /src | |
parent | ejabberd_s2s_out: Remove Erlang/OTP version check (diff) |
mod_fail2ban: Add 'access' option for whitelisting
Closes #535.
Diffstat (limited to '')
-rw-r--r-- | src/mod_fail2ban.erl | 39 |
1 files changed, 25 insertions, 14 deletions
diff --git a/src/mod_fail2ban.erl b/src/mod_fail2ban.erl index 7c9eba88..63c09db2 100644 --- a/src/mod_fail2ban.erl +++ b/src/mod_fail2ban.erl @@ -53,20 +53,25 @@ start_link(Host, Opts) -> gen_server:start_link({local, Proc}, ?MODULE, [Host, Opts], []). c2s_auth_result(false, _User, LServer, {Addr, _Port}) -> - BanLifetime = gen_mod:get_module_opt( - LServer, ?MODULE, c2s_auth_ban_lifetime, - fun(T) when is_integer(T), T > 0 -> T end, - ?C2S_AUTH_BAN_LIFETIME), - MaxFailures = gen_mod:get_module_opt( - LServer, ?MODULE, c2s_max_auth_failures, - fun(I) when is_integer(I), I > 0 -> I end, - ?C2S_MAX_AUTH_FAILURES), - UnbanTS = unban_timestamp(BanLifetime), - case ets:lookup(failed_auth, Addr) of - [{Addr, N, _, _}] -> - ets:insert(failed_auth, {Addr, N+1, UnbanTS, MaxFailures}); - [] -> - ets:insert(failed_auth, {Addr, 1, UnbanTS, MaxFailures}) + case is_whitelisted(LServer, Addr) of + true -> + ok; + false -> + BanLifetime = gen_mod:get_module_opt( + LServer, ?MODULE, c2s_auth_ban_lifetime, + fun(T) when is_integer(T), T > 0 -> T end, + ?C2S_AUTH_BAN_LIFETIME), + MaxFailures = gen_mod:get_module_opt( + LServer, ?MODULE, c2s_max_auth_failures, + fun(I) when is_integer(I), I > 0 -> I end, + ?C2S_MAX_AUTH_FAILURES), + UnbanTS = unban_timestamp(BanLifetime), + case ets:lookup(failed_auth, Addr) of + [{Addr, N, _, _}] -> + ets:insert(failed_auth, {Addr, N+1, UnbanTS, MaxFailures}); + [] -> + ets:insert(failed_auth, {Addr, 1, UnbanTS, MaxFailures}) + end end; c2s_auth_result(true, _User, _Server, _AddrPort) -> ok. @@ -160,6 +165,12 @@ code_change(_OldVsn, State, _Extra) -> %%%=================================================================== %%% Internal functions %%%=================================================================== +is_whitelisted(Host, Addr) -> + Access = gen_mod:get_module_opt(Host, ?MODULE, access, + fun(A) when is_atom(A) -> A end, + none), + acl:match_rule(Host, Access, Addr) == allow. + unban_timestamp(BanLifetime) -> {MegaSecs, MSecs, USecs} = now(), UnbanSecs = MegaSecs * 1000000 + MSecs + BanLifetime, |