Mercurial > syslog2iptables
changeset 27:28fec0c67646
make add/remove commands configureable
| author | carl |
|---|---|
| date | Sun, 12 Feb 2006 10:54:03 -0800 |
| parents | 00bd0b0ef015 |
| children | 6465d8640489 |
| files | ChangeLog configure.in remote src/syslogconfig.cpp src/syslogconfig.h src/tokenizer.cpp syslog2iptables.conf syslog2iptables.rc xml/syslog2iptables.in |
| diffstat | 9 files changed, 61 insertions(+), 11 deletions(-) [+] |
line wrap: on
line diff
--- a/ChangeLog Wed Feb 01 10:58:23 2006 -0800 +++ b/ChangeLog Sun Feb 12 10:54:03 2006 -0800 @@ -1,5 +1,12 @@ $Id$ +1.3 2006-02-12 + Add configuration for iptables add/remove commands. + Preserve case in config file. Some patterns may need this, and + the add/remove commands generally need this. + Add flush option for startup script to flush the INPUT chain. + The restart/reload options also flush the input chain. + 1.2 2006-02-01 Don't flush the table to remove entries, use -D option to iptables. Reduce sleep time from 10 to 2 seconds between read cycles.
--- a/configure.in Wed Feb 01 10:58:23 2006 -0800 +++ b/configure.in Sun Feb 12 10:54:03 2006 -0800 @@ -1,7 +1,7 @@ AC_INIT(configure.in) AM_CONFIG_HEADER(config.h) -AM_INIT_AUTOMAKE(syslog2iptables,1.2) +AM_INIT_AUTOMAKE(syslog2iptables,1.3) AC_PATH_PROGS(BASH, bash) AC_LANG_CPLUSPLUS
--- a/remote Wed Feb 01 10:58:23 2006 -0800 +++ b/remote Sun Feb 12 10:54:03 2006 -0800 @@ -27,6 +27,7 @@ me $i "/sbin/iptables -F INPUT" me $i "cd /tmp/$NAME-$VER; make chkconfig" me $i "ln --symbolic --force /etc/$NAME.conf /usr/local/etc/$NAME.conf" + me $i "/etc/rc.d/init.d/$NAME flush" me $i "/etc/rc.d/init.d/$NAME start" echo " install done on $i, press enter to continue"
--- a/src/syslogconfig.cpp Wed Feb 01 10:58:23 2006 -0800 +++ b/src/syslogconfig.cpp Sun Feb 12 10:54:03 2006 -0800 @@ -27,8 +27,8 @@ #include <limits.h> static char* syslogconfig_version = "$Id$"; -static char* iptables = "/sbin/iptables"; +char *token_add; char *token_bucket; char *token_file; char *token_ignore; @@ -37,6 +37,7 @@ char *token_lbrace; char *token_pattern; char *token_rbrace; +char *token_remove; char *token_semi; char *token_slash; char *token_threshold; @@ -141,14 +142,14 @@ if (con.looking(ip) && (b.count > t)) { in_addr ad; ad.s_addr = htonl(ip); - snprintf(buf, maxlen, "count=%d %s -A INPUT --src %s --jump DROP", b.count, iptables, inet_ntoa(ad)); + snprintf(buf, maxlen, con.add_command, inet_ntoa(ad)); system(buf); } } else { in_addr ad; ad.s_addr = htonl(ip); - snprintf(buf, maxlen, "%s -D INPUT --src %s --jump DROP", iptables, inet_ntoa(ad)); + snprintf(buf, maxlen, con.remove_command, inet_ntoa(ad)); system(buf); } } @@ -236,6 +237,9 @@ reference_count = 0; generation = 0; load_time = 0; + threshold = 500; + add_command = "/sbin/iptables -I INPUT --src %s --jump DROP"; + remove_command = "/sbin/iptables -D INPUT --src %s --jump DROP"; } @@ -261,6 +265,9 @@ void CONFIG::dump() { printf(" threshold %d; \n\n", threshold); + printf(" add_command \"%s\"; \n", add_command); + printf(" remove_command \"%s\"; \n\n", remove_command); + printf(" ignore { \n"); for (ippair_list::iterator i=ignore.begin(); i!=ignore.end(); i++) { IPPAIR &p = *i; @@ -614,6 +621,16 @@ else if (have == token_ignore) { if (!parse_ignore(tok, dc)) return false; } + else if (have == token_add) { + have = tok.next(); + dc.set_add(have); + if (!tsa(tok, token_semi)) return false; + } + else if (have == token_remove) { + have = tok.next(); + dc.set_remove(have); + if (!tsa(tok, token_semi)) return false; + } else if (have == token_file) { if (!parse_syslogconfig(tok, dc)) return false; count++; @@ -632,6 +649,7 @@ // init the tokens // void token_init() { + token_add = register_string("add_command"); token_bucket = register_string("bucket"); token_file = register_string("file"); token_ignore = register_string("ignore"); @@ -640,6 +658,7 @@ token_lbrace = register_string("{"); token_pattern = register_string("pattern"); token_rbrace = register_string("}"); + token_remove = register_string("remove_command"); token_semi = register_string(";"); token_slash = register_string("/"); token_threshold = register_string("threshold");
--- a/src/syslogconfig.h Wed Feb 01 10:58:23 2006 -0800 +++ b/src/syslogconfig.h Sun Feb 12 10:54:03 2006 -0800 @@ -77,10 +77,14 @@ string_set config_files; int threshold; ippair_list ignore; // owns all the ippairs + char * add_command; // owned by the string table + char * remove_command; // "" syslogconfig_list syslogconfigs; // owns all the syslogconfigs CONFIG(); ~CONFIG(); + void set_add(char *add) { add_command = add; }; + void set_remove(char *remove) { remove_command = remove; }; void set_threshold(int threshold_) { threshold = threshold_; }; int get_threshold() { return threshold; }; void add_syslogconfig(SYSLOGCONFIGP con); @@ -98,6 +102,7 @@ bool load_conf(CONFIG &dc, char *fn); void token_init(); +extern char *token_add; extern char *token_bucket; extern char *token_file; extern char *token_ignore; @@ -106,6 +111,7 @@ extern char *token_lbrace; extern char *token_pattern; extern char *token_rbrace; +extern char *token_remove; extern char *token_semi; extern char *token_slash; extern char *token_threshold;
--- a/src/tokenizer.cpp Wed Feb 01 10:58:23 2006 -0800 +++ b/src/tokenizer.cpp Sun Feb 12 10:54:03 2006 -0800 @@ -333,7 +333,8 @@ bool TOKEN::next_char(u_char &uc) { if (pushed) { - uc = (u_char)tolower((char)pushed_char); + //uc = (u_char)tolower((char)pushed_char); + uc = pushed_char; pushed = false; return true; } @@ -348,7 +349,7 @@ int &line = linenumbers.front(); line++; } - uc = (u_char)tolower((char)uc); + //uc = (u_char)tolower((char)uc); return true; }
--- a/syslog2iptables.conf Wed Feb 01 10:58:23 2006 -0800 +++ b/syslog2iptables.conf Sun Feb 12 10:54:03 2006 -0800 @@ -1,5 +1,8 @@ threshold 550; +add_command "/sbin/iptables -I INPUT --src %s --jump DROP"; +remove_command "/sbin/iptables -D INPUT --src %s --jump DROP"; + ignore { 127.0.0.0/8; // localhost };
--- a/syslog2iptables.rc Wed Feb 01 10:58:23 2006 -0800 +++ b/syslog2iptables.rc Sun Feb 12 10:54:03 2006 -0800 @@ -51,15 +51,19 @@ ;; restart|reload) $0 stop + $0 flush $0 start RETVAL=$? ;; + flush) + /sbin/iptables -F INPUT + ;; status) status syslog2iptables RETVAL=$? ;; *) - echo "Usage: syslog2iptables {start|stop|restart|status}" + echo "Usage: syslog2iptables {start|stop|restart|status|flush}" exit 1 esac exit $RETVAL
--- a/xml/syslog2iptables.in Wed Feb 01 10:58:23 2006 -0800 +++ b/xml/syslog2iptables.in Sun Feb 12 10:54:03 2006 -0800 @@ -172,17 +172,23 @@ <refsect1 id='description.5'> <title>Description</title> <para>The <command>@PACKAGE@.conf</command> configuration file is - specified by this partial bnf description.</para> + specified by this partial bnf description. The entire config file + is case sensitive. All the keywords are lower case. + </para> <literallayout class="monospaced"><![CDATA[ -CONFIG := {THRESHOLD | IGNORE | FILE}+ +CONFIG := {THRESHOLD | ADD-CMD | REM-CMD | IGNORE | FILE}+ THRESHOLD := "threshold" THRESHOLD-INTEGER-VALUE ";" +ADD-CMD := "add_command" IPT-CMD ";" +REM-CMD := "remove_command" IPT-CMD ";" IGNORE := "ignore" "{" IG-SINGLE+ "};" IG-SINGLE := IP-ADDRESS "/" CIDR-BITS ";" FILE := "file" FILENAME "{" PATTERN+ "};" PATTERN := "pattern" REGULAR-EXPRESSION "{" {INDEX | BUCKET}+ "};" INDEX := "index" REGEX-INTEGER-VALUE ";" BUCKET := "bucket" BUCKET-ADD-INTEGER-VALUE ";"]]></literallayout> +IPT-CMD := string containing exactly one %s replacement token for + the ip address </refsect1> <refsect1 id='sample.5'> @@ -190,6 +196,9 @@ <literallayout class="monospaced"><![CDATA[ threshold 550; +add_command "/sbin/iptables -I INPUT --src %s --jump DROP"; +remove_command "/sbin/iptables -D INPUT --src %s --jump DROP"; + ignore { 127.0.0.0/8; // localhost };