marcelb/ipban
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

Compare commits

base: marcelb:adad9f3b3122f0bc76a4bccc30083136813a6c82
Branches Tags
marcelb:dev
marcelb:v0.8
marcelb:v0.7
marcelb:v0.6
marcelb:v0.5
marcelb:v0.4
marcelb:v0.3
marcelb:v0.2
marcelb:v0.1
..
compare: marcelb:670719ad8b595fb520ffe78646d71168d1f48d0c
Branches Tags
marcelb:dev
marcelb:v0.8
marcelb:v0.7
marcelb:v0.6
marcelb:v0.5
marcelb:v0.4
marcelb:v0.3
marcelb:v0.2
marcelb:v0.1

No commits in common. "adad9f3b3122f0bc76a4bccc30083136813a6c82" and "670719ad8b595fb520ffe78646d71168d1f48d0c" have entirely different histories.
adad9f3b31 ... 670719ad8b

4 changed files with 17 additions and 67 deletions
Show Stats Expand all files Collapse all files

25
lib/ipban.hpp
View File

@ -8,7 +8,6 @@
#include <future> #include <future>
#include <mutex> #include <mutex>
#include <fstream> #include <fstream>
#include <algorithm>
#include <time.h> #include <time.h>
#include <unistd.h> #include <unistd.h>
@ -45,14 +44,13 @@ struct _fail {
* Posjeduje vlastiti DB mehanizam za zaštitu od nepovratnog ban-a * Posjeduje vlastiti DB mehanizam za zaštitu od nepovratnog ban-a
*/ */
class ipban { class ipban {
mutex io, f_io, wl_io; mutex io, f_io;
time_t ban_duration; time_t ban_duration;
uint fail_interval; uint fail_interval;
uint fail_limit; uint fail_limit;
string db_file; string db_file;
vector<_ban> banned; vector<_ban> banned;
map<string, struct _fail> failed; map<string, struct _fail> failed;
vector<string> white_list;
future<void> unban_bot; future<void> unban_bot;
bool run_unban_bot = true; bool run_unban_bot = true;
// interface možda bude trebao za ban // interface možda bude trebao za ban
@ -102,7 +100,7 @@ class ipban {
* ako se prekorači broj dozvoljenih grešaka u intervalu - adresa se banuje * ako se prekorači broj dozvoljenih grešaka u intervalu - adresa se banuje
*/ */
bool fail(const string& ip); void fail(const string& ip);
/** /**
* Uklanja greške za prosljeđenu adresu * Uklanja greške za prosljeđenu adresu
@ -110,25 +108,6 @@ class ipban {
bool unfail(const string& ip); bool unfail(const string& ip);
/**
* Dodaje proslijeđenu adresu u white listu
*/
void add_white_list(const string& ip);
/**
* Dodaje proslijeđene adrese u white listu
*/
void add_white_list(const vector<string>& ips);
/**
* Provjerava da li je prosljeđena adresa u white listi
* Ako je vraća true, ako ne false
*/
bool is_in_white_list(const string& ip);
/** /**
* Destruktor, uklanja sve zabrane. * Destruktor, uklanja sve zabrane.
*/ */

53
src/ipban.cpp
View File

@ -73,14 +73,11 @@ bool marcelb::ipban::update_db() {
} }
bool marcelb::ipban::ban(const string& ip) { bool marcelb::ipban::ban(const string& ip) {
bool status = !is_in_white_list(ip); bool status = ufw_ban(ip);
if (status) { io.lock();
status = ufw_ban(ip); banned.push_back({ip, time(NULL)});
io.lock(); status = status && update_db();
banned.push_back({ip, time(NULL)}); io.unlock();
status = status && update_db();
io.unlock();
}
return status; return status;
} }
@ -94,7 +91,7 @@ bool marcelb::ipban::unban(vector<_ban>::iterator ban_itr) {
} }
bool marcelb::ipban::ufw_ban(const string& ip) { bool marcelb::ipban::ufw_ban(const string& ip) {
string ufw_cmd = "sudo ufw insert 1 deny from " + ip + " to any"; string ufw_cmd = "sudo ufw deny from " + ip + " to any";
try { try {
string execute_res = exec(ufw_cmd); string execute_res = exec(ufw_cmd);
if (execute_res == "Rule added\n") { if (execute_res == "Rule added\n") {
@ -121,19 +118,15 @@ bool marcelb::ipban::ufw_unban(const string& ip) {
} }
bool marcelb::ipban::fail(const string& ip) { void marcelb::ipban::fail(const string& ip) {
lock_guard<mutex> _io(f_io); lock_guard<mutex> _io(f_io);
bool status = !is_in_white_list(ip); if (failed[ip].n_fails == 0) {
if (status) { failed[ip].n_fails = 1;
if (failed[ip].n_fails == 0) { failed[ip].first_fail = time(NULL);
failed[ip].n_fails = 1; } else if (++failed[ip].n_fails >= fail_limit) {
failed[ip].first_fail = time(NULL); ban(ip);
} else if (++failed[ip].n_fails >= fail_limit) { failed.erase(ip);
ban(ip);
failed.erase(ip);
}
} }
return status;
} }
@ -143,26 +136,6 @@ bool marcelb::ipban::unfail(const string& ip) {
} }
void marcelb::ipban::add_white_list(const string& ip) {
lock_guard<mutex> _io(wl_io);
if (find(white_list.begin(), white_list.end(), ip) == white_list.end()) {
white_list.push_back(ip);
}
}
void marcelb::ipban::add_white_list(const vector<string>& ips) {
for (auto ip : ips) {
add_white_list(ip);
}
}
bool marcelb::ipban::is_in_white_list(const string& ip) {
return find(white_list.begin(), white_list.end(), ip) != white_list.end();
}
static void marcelb::sleep_if(const uint& _time, const bool& _condition) { static void marcelb::sleep_if(const uint& _time, const bool& _condition) {
time_t start_time = time(NULL); time_t start_time = time(NULL);
do { do {

BIN
test/test
View File

Binary file not shown.

6
test/test.cpp
View File

@ -33,12 +33,10 @@ int main() {
// i++; // i++;
// } // }
myban.add_white_list("192.168.2.74");
myban.fail("192.168.2.74");
cout << myban.ban("192.168.2.74") << endl;
sleep(2); sleep(2);
cout << myban.ban("192.168.2.75") << endl; myban.fail("192.168.2.74");
sleep(200); sleep(200);
// myban.fail("192.168.2.74"); // myban.fail("192.168.2.74");
// sleep(120); // sleep(120);