aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorHolger Weiss <holger@zedat.fu-berlin.de>2015-04-18 11:08:05 +0200
committerHolger Weiss <holger@zedat.fu-berlin.de>2015-04-18 11:08:05 +0200
commitaa36742a406e11124eb79554f8b31eaa14e7a856 (patch)
tree086fdd6674eb044cd1b273fbe9305e704d7ff245
parentejabberd_s2s_out: Remove Erlang/OTP version check (diff)
mod_fail2ban: Add 'access' option for whitelisting
Closes #535.
Diffstat
-rw-r--r--src/mod_fail2ban.erl39
1 files changed, 25 insertions, 14 deletions
diff --git a/src/mod_fail2ban.erl b/src/mod_fail2ban.erl
index 7c9eba88a..63c09db26 100644
--- a/src/mod_fail2ban.erl
+++ b/src/mod_fail2ban.erl
@@ -53,20 +53,25 @@ start_link(Host, Opts) ->
gen_server:start_link({local, Proc}, ?MODULE, [Host, Opts], []).
c2s_auth_result(false, _User, LServer, {Addr, _Port}) ->
- BanLifetime = gen_mod:get_module_opt(
- LServer, ?MODULE, c2s_auth_ban_lifetime,
- fun(T) when is_integer(T), T > 0 -> T end,
- ?C2S_AUTH_BAN_LIFETIME),
- MaxFailures = gen_mod:get_module_opt(
- LServer, ?MODULE, c2s_max_auth_failures,
- fun(I) when is_integer(I), I > 0 -> I end,
- ?C2S_MAX_AUTH_FAILURES),
- UnbanTS = unban_timestamp(BanLifetime),
- case ets:lookup(failed_auth, Addr) of
- [{Addr, N, _, _}] ->
- ets:insert(failed_auth, {Addr, N+1, UnbanTS, MaxFailures});
- [] ->
- ets:insert(failed_auth, {Addr, 1, UnbanTS, MaxFailures})
+ case is_whitelisted(LServer, Addr) of
+ true ->
+ ok;
+ false ->
+ BanLifetime = gen_mod:get_module_opt(
+ LServer, ?MODULE, c2s_auth_ban_lifetime,
+ fun(T) when is_integer(T), T > 0 -> T end,
+ ?C2S_AUTH_BAN_LIFETIME),
+ MaxFailures = gen_mod:get_module_opt(
+ LServer, ?MODULE, c2s_max_auth_failures,
+ fun(I) when is_integer(I), I > 0 -> I end,
+ ?C2S_MAX_AUTH_FAILURES),
+ UnbanTS = unban_timestamp(BanLifetime),
+ case ets:lookup(failed_auth, Addr) of
+ [{Addr, N, _, _}] ->
+ ets:insert(failed_auth, {Addr, N+1, UnbanTS, MaxFailures});
+ [] ->
+ ets:insert(failed_auth, {Addr, 1, UnbanTS, MaxFailures})
+ end
end;
c2s_auth_result(true, _User, _Server, _AddrPort) ->
ok.
@@ -160,6 +165,12 @@ code_change(_OldVsn, State, _Extra) ->
%%%===================================================================
%%% Internal functions
%%%===================================================================
+is_whitelisted(Host, Addr) ->
+ Access = gen_mod:get_module_opt(Host, ?MODULE, access,
+ fun(A) when is_atom(A) -> A end,
+ none),
+ acl:match_rule(Host, Access, Addr) == allow.
+
unban_timestamp(BanLifetime) ->
{MegaSecs, MSecs, USecs} = now(),
UnbanSecs = MegaSecs * 1000000 + MSecs + BanLifetime,
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-09 13:27:39 +0000