Comments, README

dev v0.5
marcelb 11 months ago
parent adad9f3b31
commit 02689b498d
  1. 58
      README.md
  2. 66
      lib/ipban.hpp
  3. BIN
      test/test

@ -1,3 +1,57 @@
# ipban
A library for managing IP address bans on UFW systems # Library for the fail-ban function
IPBan is a C++ library for banning IP addresses in case of consecutive errors.
## Features
- Object oriented
- Thread safe
- Internal database of banned addresses as a protection mechanism against irreversible ban
- Automatic unbanning
- Manual fail and unfail methods
- White list of IP addresses
- It is adjustable: database file location, tracking time for errors, number of attempts before ban, ban duration.
## Installation
This library also requires my exec library to work, download the latest release:
https://git.bitelex.co/marcelb/exec or https://github.com/bandicm/exec
Then download the latest backend of these libraries and unzip to the same location. You can turn it on with:
```
#include "cppurl/lib/cppurl.hpp"
using namespace marcelb;
```
## Usage
```c++
//init
ipban myban(30); // 30 minutes
// add white list string or vector<string>
myban.add_white_list("10.0.8.1");
// ban now ip
myban.ban("10.0.8.2");
// fail ip
myban.fail("10.0.8.3");
// unfail ip
myban.unfail("10.0.8.3");
```
## License
[APACHE 2.0](http://www.apache.org/licenses/LICENSE-2.0/)
## Support & Feedback
For support and any feedback, contact the address: marcelb96@yahoo.com.
## Contributing
Contributions are always welcome!
Feel free to fork and start working with or without a later pull request. Or contact for suggest and request an option.

@ -23,8 +23,8 @@ namespace marcelb {
#define BOT_SLEEP_LOOP_TIME 1 // 1 second #define BOT_SLEEP_LOOP_TIME 1 // 1 second
/** /**
* Banovani objekt * Banned object
* IP adresa i vrijeme banovanja * IP address and ban time
*/ */
struct _ban { struct _ban {
string ip; string ip;
@ -32,7 +32,7 @@ struct _ban {
}; };
/** /**
* Pomoćna struktura - za praćenje broja pogrešaka * Auxiliary structure - to track the number of errors
*/ */
struct _fail { struct _fail {
time_t first_fail; time_t first_fail;
@ -40,9 +40,9 @@ struct _fail {
}; };
/** /**
* Biblioteka za ban IP adrese kroz UFW vatrozid na određeno vrijeme * Library to ban IP addresses through the UFW firewall for a certain period of time
* Automatski uklanja zabranu po isteku vremena * Automatically removes ban after timeout
* Posjeduje vlastiti DB mehanizam za zaštitu od nepovratnog ban-a * It has its own DB mechanism for protection against irreversible ban
*/ */
class ipban { class ipban {
mutex io, f_io, wl_io; mutex io, f_io, wl_io;
@ -55,90 +55,84 @@ class ipban {
vector<string> white_list; vector<string> white_list;
future<void> unban_bot; future<void> unban_bot;
bool run_unban_bot = true; bool run_unban_bot = true;
// interface možda bude trebao za ban
/** /**
* Metoda učitava banovane IP adrese iz baze * The method loads banned IP addresses from the database
*/ */
void load_db(); void load_db();
/** /**
* Metoda ažurira stanja baze sa stanjima iz memorije * The method updates database states with memory states
*/ */
bool update_db(); bool update_db();
/** /**
* Metoda uklanja ban za proslijeđeni iterator vektora banned i ažurira bazu * The method removes the ban for the passed iterator of the banned vector and updates the base
*/ */
bool unban(vector<_ban>::iterator ban_itr); bool unban(vector<_ban>::iterator ban_itr);
/** /**
* Metoda poziva exec i dodaje pravila u UFW vatrozid * Method calls exec and adds rules to UFW firewall
*/ */
bool ufw_ban(const string& ip); bool ufw_ban(const string& ip);
/** /**
* Metoda poziva exec i uklanja pravilo u UFW vatrozidu * The method calls exec and removes the rule in the UFW firewall
*/ */
bool ufw_unban(const string& ip); bool ufw_unban(const string& ip);
/**
* Checks whether the forwarded address is in the white list
* If it returns true, if not false
*/
bool is_in_white_list(const string& ip);
public: public:
/** /**
* Konstruktor, prima zadanu vrijednost trajanja ban-a u minutama, * Constructor, receives the default value of the duration of the ban in minutes,
* vrijeme praćenja pogreške adrese, broj dozvoljenih pogreški * address error tracking time, number of allowed errors
* i putanju datoteke baze podataka * and the database file path
*/ */
ipban(const uint& _duration, const uint& _fail_interval = 30, const uint& _fail_limit = 3, const string& db_file = "ipban.db"); // u minutama? ipban(const uint& _duration, const uint& _fail_interval = 30, const uint& _fail_limit = 3, const string& db_file = "ipban.db"); // u minutama?
/** /**
* Metoda koja banuje proslijeđenu IP adresu, dodaje je u vector banned, ažurira bazu * The method that bans the forwarded IP address, adds it to the banned vector, updates the database
* Vraća status operacije * Returns the status of the operation
*/ */
bool ban(const string& ip); bool ban(const string& ip);
/** /**
* Inkrementalno povećaj broj grešaka za prosljeđenu adresu * Incrementally increase the number of errors for the forwarded address
* ako se prekorači broj dozvoljenih grešaka u intervalu - adresa se banuje * if the number of allowed errors in the interval is exceeded - the address is banned
*/ */
bool fail(const string& ip); bool fail(const string& ip);
/** /**
* Uklanja greške za prosljeđenu adresu * Removes errors for forwarded address
*/ */
bool unfail(const string& ip); bool unfail(const string& ip);
/** /**
* Dodaje proslijeđenu adresu u white listu * Adds the forwarded address to the white list
*/ */
void add_white_list(const string& ip); void add_white_list(const string& ip);
/** /**
* Dodaje proslijeđene adrese u white listu * Adds forwarded addresses to the white list
*/ */
void add_white_list(const vector<string>& ips); void add_white_list(const vector<string>& ips);
/** /**
* Provjerava da li je prosljeđena adresa u white listi * Destructor
* Ako je vraća true, ako ne false
*/
bool is_in_white_list(const string& ip);
/**
* Destruktor, uklanja sve zabrane.
*/ */
~ipban(); ~ipban();
}; };
/** /**
* Funkcija za mirovanje tijeka, koj miruje do isteka vremena ili logičkog stanja uvijeta * Sleep function, which sleeps until timeout or logic condition condition
* Prima vrijeme u sekundama, i logički uvijet * Receives time in seconds, and logical condition
*/ */
static void sleep_if(const uint& _time, const bool& _condition); static void sleep_if(const uint& _time, const bool& _condition);

Binary file not shown.
Loading…
Cancel
Save