Mercurial > syslog2iptables

diff src/syslogconfig.cpp @ 27:28fec0c67646

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
make add/remove commands configureable
author carl
date Sun, 12 Feb 2006 10:54:03 -0800
parents ec051169fdfd
children 6465d8640489
line wrap: on
line diff
--- a/src/syslogconfig.cpp	Wed Feb 01 10:58:23 2006 -0800
+++ b/src/syslogconfig.cpp	Sun Feb 12 10:54:03 2006 -0800
@@ -27,8 +27,8 @@
 #include <limits.h>
 
 static char* syslogconfig_version = "$Id$";
-static char* iptables = "/sbin/iptables";
 
+char *token_add;
 char *token_bucket;
 char *token_file;
 char *token_ignore;
@@ -37,6 +37,7 @@
 char *token_lbrace;
 char *token_pattern;
 char *token_rbrace;
+char *token_remove;
 char *token_semi;
 char *token_slash;
 char *token_threshold;
@@ -141,14 +142,14 @@
 		if (con.looking(ip) && (b.count > t)) {
 			in_addr ad;
 			ad.s_addr = htonl(ip);
-			snprintf(buf, maxlen, "count=%d %s -A INPUT --src %s --jump DROP", b.count, iptables, inet_ntoa(ad));
+			snprintf(buf, maxlen, con.add_command, inet_ntoa(ad));
 			system(buf);
 		}
 	}
 	else {
 		in_addr ad;
 		ad.s_addr = htonl(ip);
-		snprintf(buf, maxlen, "%s -D INPUT --src %s --jump DROP", iptables, inet_ntoa(ad));
+		snprintf(buf, maxlen, con.remove_command, inet_ntoa(ad));
 		system(buf);
 	}
 }
@@ -236,6 +237,9 @@
 	reference_count    = 0;
 	generation		   = 0;
 	load_time		   = 0;
+	threshold		   = 500;
+	add_command 	   = "/sbin/iptables -I INPUT --src %s --jump DROP";
+	remove_command	   = "/sbin/iptables -D INPUT --src %s --jump DROP";
 }
 
 
@@ -261,6 +265,9 @@
 void CONFIG::dump() {
 	printf(" threshold %d; \n\n", threshold);
 
+	printf(" add_command \"%s\"; \n",      add_command);
+	printf(" remove_command \"%s\"; \n\n", remove_command);
+
 	printf(" ignore { \n");
 	for (ippair_list::iterator i=ignore.begin(); i!=ignore.end(); i++) {
 		IPPAIR &p = *i;
@@ -614,6 +621,16 @@
 		else if (have == token_ignore) {
 			if (!parse_ignore(tok, dc)) return false;
 		}
+		else if (have == token_add) {
+			have = tok.next();
+			dc.set_add(have);
+			if (!tsa(tok, token_semi)) return false;
+		}
+		else if (have == token_remove) {
+			have = tok.next();
+			dc.set_remove(have);
+			if (!tsa(tok, token_semi)) return false;
+		}
 		else if (have == token_file) {
 			if (!parse_syslogconfig(tok, dc)) return false;
 			count++;
@@ -632,6 +649,7 @@
 // init the tokens
 //
 void token_init() {
+	token_add		 = register_string("add_command");
 	token_bucket	 = register_string("bucket");
 	token_file		 = register_string("file");
 	token_ignore	 = register_string("ignore");
@@ -640,6 +658,7 @@
 	token_lbrace	 = register_string("{");
 	token_pattern	 = register_string("pattern");
 	token_rbrace	 = register_string("}");
+	token_remove	 = register_string("remove_command");
 	token_semi		 = register_string(";");
 	token_slash 	 = register_string("/");
 	token_threshold  = register_string("threshold");