Pridan modul IPset (ipset - rychly lookup adres pro iptables)

6e29272b · Pavel Kácha · c7fe0197 · 6e29272b · 6e29272b · 6e29272b
Commit 6e29272b authored 11 years ago by Pavel Kácha
--- a/src/contrib/warden-app/Modules/IPset.pm
+++ b/src/contrib/warden-app/Modules/IPset.pm
+package IPset;
+use strict;
+use warnings;
+use Data::Dumper;
+
+my %CONSTANTS =    (
+                        enabled    =>  "no",
+                        outputfile =>  "tmp/ipset.txt",
+                        threshold  =>  250,
+                        excludedip =>  [],
+                        eventtype  =>  [],
+                        setname  =>  "BLOCK",
+                        maxage     =>  "1D",
+                     );
+
+my %FORMAT   =      (   maxage     => qr/\d+[hdmHDM]/, logging  => qr/enable|disable/,);
+
+sub run {
+    my (undef, $modprefix, $cfg, $dbh, $db_engine) = @_;
+   
+    my $v = Constants::mergeConfigs($cfg, $modprefix, \%CONSTANTS, \%FORMAT);
+    
+    my $eventtype_query = DB::joinIN("type", \@{$v->{'eventtype'}});
+    my $excluded_query  = DB::joinNotIN("source", \@{$v->{'excludedip'}});
+
+    my $condition = substr($excluded_query . $eventtype_query, 0, -5);
+    my @columns= ("source");
+    my @params = ($condition, DB::getOldDataDB($db_engine, "NEWER", $v->{'maxage'}));
+    my $query = DB::getQueryCondThreshold($db_engine, "events", \@columns, \@params, $v->{'threshold'});
+
+    my @rows = Utils::fetchall_array_hashref($dbh, $query);
+
+    sub header { my $v = shift; return "create $v->{'setname'}_tmp hash:ip\n"; };
+    sub record { my ($r, $v) = @_; return "add $v->{'setname'}_tmp $r->{'source'}\n" if ($r->{'source'}=~/\d+\.\d+\.\d+\.\d+/); };
+    sub footer { my ($v) = @_; return "swap $v->{'setname'}_tmp $v->{'setname'}\ndestroy $v->{'setname'}_tmp\nquit\n"; };
+
+    my $ret = Utils::generateOutput($v->{'outputfile'}, \@rows, \&header, \&record, \&footer, $v);
+    return $ret;
+}
+1;
--- a/src/contrib/warden-app/doc/WApp.README
+++ b/src/contrib/warden-app/doc/WApp.README
@@ -50,6 +50,7 @@ A. Overall Information
    |   |-- DNSblacklist.pm
    |   |-- IPblacklist.pm
    |   |-- IPtables.pm
+    |   |-- IPset.pm
    |   `-- MailReport.pm
    |-- sh
    |   |-- create_tables_mysql.sh
@@ -145,6 +146,7 @@ F. Modules
   DNSblacklist	- generates zone file for the most widely used DNS software on the Internet.
   IPblacklist	- generates traditional CSV file with IP addresses.
   IPtables 	- generates iptables rules.
+   IPset 	- generates ipset rules (use on big sets of addresses rather than iptables).
   MailReport	- generates reports which are sent to specific recipients.

   Section XX. describes how to write own module.

--- a/src/contrib/warden-app/etc/factory.conf
+++ b/src/contrib/warden-app/etc/factory.conf
@@ -40,6 +40,24 @@ destchain="DROP"
 # Time interval for generating data [D - Days, M - Months, H - Hours]; 
 maxage="4M"

+[MOD_IPSET_1]
+# Enabling module [yes, no]
+enabled="yes"
+# Type of module; see 'moddir' directory
+module="IPset"
+# Where will be result stored
+outputfile="/opt/warden-app/var/ipset.txt"
+# Threshold for SQL query (events grouped by source IP) [number]
+threshold="10"
+# Which source IP we want to exclude from result [ip1, ip2, ipN]
+excludedip="1.1.1.1"
+# Which type of events we want to process [ see Warden manual ]
+eventtype=
+# Chain in which will be iptables rules inserted
+setname="BLOCK"
+# Time interval for generating data [D - Days, M - Months, H - Hours]; 
+maxage="4M"
+
 [MOD_DNSBL_1]
 # Enabling module [yes, no]
 enabled="yes"