Mercurial > syslog2iptables
comparison src/syslogconfig.cpp @ 27:28fec0c67646
make add/remove commands configureable
author | carl |
---|---|
date | Sun, 12 Feb 2006 10:54:03 -0800 |
parents | ec051169fdfd |
children | 6465d8640489 |
comparison
equal
deleted
inserted
replaced
26:00bd0b0ef015 | 27:28fec0c67646 |
---|---|
25 #include <arpa/inet.h> | 25 #include <arpa/inet.h> |
26 #include <netdb.h> | 26 #include <netdb.h> |
27 #include <limits.h> | 27 #include <limits.h> |
28 | 28 |
29 static char* syslogconfig_version = "$Id$"; | 29 static char* syslogconfig_version = "$Id$"; |
30 static char* iptables = "/sbin/iptables"; | 30 |
31 | 31 char *token_add; |
32 char *token_bucket; | 32 char *token_bucket; |
33 char *token_file; | 33 char *token_file; |
34 char *token_ignore; | 34 char *token_ignore; |
35 char *token_include; | 35 char *token_include; |
36 char *token_index; | 36 char *token_index; |
37 char *token_lbrace; | 37 char *token_lbrace; |
38 char *token_pattern; | 38 char *token_pattern; |
39 char *token_rbrace; | 39 char *token_rbrace; |
40 char *token_remove; | |
40 char *token_semi; | 41 char *token_semi; |
41 char *token_slash; | 42 char *token_slash; |
42 char *token_threshold; | 43 char *token_threshold; |
43 | 44 |
44 struct ltint | 45 struct ltint |
139 if (added) { | 140 if (added) { |
140 bucket &b = violations[ip]; | 141 bucket &b = violations[ip]; |
141 if (con.looking(ip) && (b.count > t)) { | 142 if (con.looking(ip) && (b.count > t)) { |
142 in_addr ad; | 143 in_addr ad; |
143 ad.s_addr = htonl(ip); | 144 ad.s_addr = htonl(ip); |
144 snprintf(buf, maxlen, "count=%d %s -A INPUT --src %s --jump DROP", b.count, iptables, inet_ntoa(ad)); | 145 snprintf(buf, maxlen, con.add_command, inet_ntoa(ad)); |
145 system(buf); | 146 system(buf); |
146 } | 147 } |
147 } | 148 } |
148 else { | 149 else { |
149 in_addr ad; | 150 in_addr ad; |
150 ad.s_addr = htonl(ip); | 151 ad.s_addr = htonl(ip); |
151 snprintf(buf, maxlen, "%s -D INPUT --src %s --jump DROP", iptables, inet_ntoa(ad)); | 152 snprintf(buf, maxlen, con.remove_command, inet_ntoa(ad)); |
152 system(buf); | 153 system(buf); |
153 } | 154 } |
154 } | 155 } |
155 | 156 |
156 | 157 |
234 // | 235 // |
235 CONFIG::CONFIG() { | 236 CONFIG::CONFIG() { |
236 reference_count = 0; | 237 reference_count = 0; |
237 generation = 0; | 238 generation = 0; |
238 load_time = 0; | 239 load_time = 0; |
240 threshold = 500; | |
241 add_command = "/sbin/iptables -I INPUT --src %s --jump DROP"; | |
242 remove_command = "/sbin/iptables -D INPUT --src %s --jump DROP"; | |
239 } | 243 } |
240 | 244 |
241 | 245 |
242 CONFIG::~CONFIG() { | 246 CONFIG::~CONFIG() { |
243 for (syslogconfig_list::iterator i=syslogconfigs.begin(); i!=syslogconfigs.end(); i++) { | 247 for (syslogconfig_list::iterator i=syslogconfigs.begin(); i!=syslogconfigs.end(); i++) { |
258 } | 262 } |
259 | 263 |
260 | 264 |
261 void CONFIG::dump() { | 265 void CONFIG::dump() { |
262 printf(" threshold %d; \n\n", threshold); | 266 printf(" threshold %d; \n\n", threshold); |
267 | |
268 printf(" add_command \"%s\"; \n", add_command); | |
269 printf(" remove_command \"%s\"; \n\n", remove_command); | |
263 | 270 |
264 printf(" ignore { \n"); | 271 printf(" ignore { \n"); |
265 for (ippair_list::iterator i=ignore.begin(); i!=ignore.end(); i++) { | 272 for (ippair_list::iterator i=ignore.begin(); i!=ignore.end(); i++) { |
266 IPPAIR &p = *i; | 273 IPPAIR &p = *i; |
267 in_addr ip; | 274 in_addr ip; |
612 if (!tsa(tok, token_semi)) return false; | 619 if (!tsa(tok, token_semi)) return false; |
613 } | 620 } |
614 else if (have == token_ignore) { | 621 else if (have == token_ignore) { |
615 if (!parse_ignore(tok, dc)) return false; | 622 if (!parse_ignore(tok, dc)) return false; |
616 } | 623 } |
624 else if (have == token_add) { | |
625 have = tok.next(); | |
626 dc.set_add(have); | |
627 if (!tsa(tok, token_semi)) return false; | |
628 } | |
629 else if (have == token_remove) { | |
630 have = tok.next(); | |
631 dc.set_remove(have); | |
632 if (!tsa(tok, token_semi)) return false; | |
633 } | |
617 else if (have == token_file) { | 634 else if (have == token_file) { |
618 if (!parse_syslogconfig(tok, dc)) return false; | 635 if (!parse_syslogconfig(tok, dc)) return false; |
619 count++; | 636 count++; |
620 } | 637 } |
621 else { | 638 else { |
630 | 647 |
631 //////////////////////////////////////////////// | 648 //////////////////////////////////////////////// |
632 // init the tokens | 649 // init the tokens |
633 // | 650 // |
634 void token_init() { | 651 void token_init() { |
652 token_add = register_string("add_command"); | |
635 token_bucket = register_string("bucket"); | 653 token_bucket = register_string("bucket"); |
636 token_file = register_string("file"); | 654 token_file = register_string("file"); |
637 token_ignore = register_string("ignore"); | 655 token_ignore = register_string("ignore"); |
638 token_include = register_string("include"); | 656 token_include = register_string("include"); |
639 token_index = register_string("index"); | 657 token_index = register_string("index"); |
640 token_lbrace = register_string("{"); | 658 token_lbrace = register_string("{"); |
641 token_pattern = register_string("pattern"); | 659 token_pattern = register_string("pattern"); |
642 token_rbrace = register_string("}"); | 660 token_rbrace = register_string("}"); |
661 token_remove = register_string("remove_command"); | |
643 token_semi = register_string(";"); | 662 token_semi = register_string(";"); |
644 token_slash = register_string("/"); | 663 token_slash = register_string("/"); |
645 token_threshold = register_string("threshold"); | 664 token_threshold = register_string("threshold"); |
646 } | 665 } |