Mercurial > syslog2iptables
diff src/syslogconfig.cpp @ 27:28fec0c67646
make add/remove commands configureable
author | carl |
---|---|
date | Sun, 12 Feb 2006 10:54:03 -0800 |
parents | ec051169fdfd |
children | 6465d8640489 |
line wrap: on
line diff
--- a/src/syslogconfig.cpp Wed Feb 01 10:58:23 2006 -0800 +++ b/src/syslogconfig.cpp Sun Feb 12 10:54:03 2006 -0800 @@ -27,8 +27,8 @@ #include <limits.h> static char* syslogconfig_version = "$Id$"; -static char* iptables = "/sbin/iptables"; +char *token_add; char *token_bucket; char *token_file; char *token_ignore; @@ -37,6 +37,7 @@ char *token_lbrace; char *token_pattern; char *token_rbrace; +char *token_remove; char *token_semi; char *token_slash; char *token_threshold; @@ -141,14 +142,14 @@ if (con.looking(ip) && (b.count > t)) { in_addr ad; ad.s_addr = htonl(ip); - snprintf(buf, maxlen, "count=%d %s -A INPUT --src %s --jump DROP", b.count, iptables, inet_ntoa(ad)); + snprintf(buf, maxlen, con.add_command, inet_ntoa(ad)); system(buf); } } else { in_addr ad; ad.s_addr = htonl(ip); - snprintf(buf, maxlen, "%s -D INPUT --src %s --jump DROP", iptables, inet_ntoa(ad)); + snprintf(buf, maxlen, con.remove_command, inet_ntoa(ad)); system(buf); } } @@ -236,6 +237,9 @@ reference_count = 0; generation = 0; load_time = 0; + threshold = 500; + add_command = "/sbin/iptables -I INPUT --src %s --jump DROP"; + remove_command = "/sbin/iptables -D INPUT --src %s --jump DROP"; } @@ -261,6 +265,9 @@ void CONFIG::dump() { printf(" threshold %d; \n\n", threshold); + printf(" add_command \"%s\"; \n", add_command); + printf(" remove_command \"%s\"; \n\n", remove_command); + printf(" ignore { \n"); for (ippair_list::iterator i=ignore.begin(); i!=ignore.end(); i++) { IPPAIR &p = *i; @@ -614,6 +621,16 @@ else if (have == token_ignore) { if (!parse_ignore(tok, dc)) return false; } + else if (have == token_add) { + have = tok.next(); + dc.set_add(have); + if (!tsa(tok, token_semi)) return false; + } + else if (have == token_remove) { + have = tok.next(); + dc.set_remove(have); + if (!tsa(tok, token_semi)) return false; + } else if (have == token_file) { if (!parse_syslogconfig(tok, dc)) return false; count++; @@ -632,6 +649,7 @@ // init the tokens // void token_init() { + token_add = register_string("add_command"); token_bucket = register_string("bucket"); token_file = register_string("file"); token_ignore = register_string("ignore"); @@ -640,6 +658,7 @@ token_lbrace = register_string("{"); token_pattern = register_string("pattern"); token_rbrace = register_string("}"); + token_remove = register_string("remove_command"); token_semi = register_string(";"); token_slash = register_string("/"); token_threshold = register_string("threshold");