mod_fail2ban: Add 'access' option for whitelisting

Closes #535.
2015-04-18 11:08:05 +02:00 · 2015-04-18 11:08:05 +02:00 · aa36742a40
parent afdc269825
commit aa36742a40
1 changed files with 25 additions and 14 deletions
--- a/src/mod_fail2ban.erl
+++ b/src/mod_fail2ban.erl
@ -53,20 +53,25 @@ start_link(Host, Opts) ->
    gen_server:start_link({local, Proc}, ?MODULE, [Host, Opts], []).

 c2s_auth_result(false, _User, LServer, {Addr, _Port}) ->
-    BanLifetime = gen_mod:get_module_opt(
-		    LServer, ?MODULE, c2s_auth_ban_lifetime,
-		    fun(T) when is_integer(T), T > 0 -> T end,
-		    ?C2S_AUTH_BAN_LIFETIME),
-    MaxFailures = gen_mod:get_module_opt(
-		    LServer, ?MODULE, c2s_max_auth_failures,
-		    fun(I) when is_integer(I), I > 0 -> I end,
-		    ?C2S_MAX_AUTH_FAILURES),
-    UnbanTS = unban_timestamp(BanLifetime),
-    case ets:lookup(failed_auth, Addr) of
-	[{Addr, N, _, _}] ->
-	    ets:insert(failed_auth, {Addr, N+1, UnbanTS, MaxFailures});
-	[] ->
-	    ets:insert(failed_auth, {Addr, 1, UnbanTS, MaxFailures})
+    case is_whitelisted(LServer, Addr) of
+	true ->
+	    ok;
+	false ->
+	    BanLifetime = gen_mod:get_module_opt(
+			    LServer, ?MODULE, c2s_auth_ban_lifetime,
+			    fun(T) when is_integer(T), T > 0 -> T end,
+			    ?C2S_AUTH_BAN_LIFETIME),
+	    MaxFailures = gen_mod:get_module_opt(
+			    LServer, ?MODULE, c2s_max_auth_failures,
+			    fun(I) when is_integer(I), I > 0 -> I end,
+			    ?C2S_MAX_AUTH_FAILURES),
+	    UnbanTS = unban_timestamp(BanLifetime),
+	    case ets:lookup(failed_auth, Addr) of
+		[{Addr, N, _, _}] ->
+		    ets:insert(failed_auth, {Addr, N+1, UnbanTS, MaxFailures});
+		[] ->
+		    ets:insert(failed_auth, {Addr, 1, UnbanTS, MaxFailures})
+	    end
    end;
 c2s_auth_result(true, _User, _Server, _AddrPort) ->
    ok.
@ -160,6 +165,12 @@ code_change(_OldVsn, State, _Extra) ->
 %%%===================================================================
 %%% Internal functions
 %%%===================================================================
+is_whitelisted(Host, Addr) ->
+    Access = gen_mod:get_module_opt(Host, ?MODULE, access,
+				    fun(A) when is_atom(A) -> A end,
+				    none),
+    acl:match_rule(Host, Access, Addr) == allow.
+
 unban_timestamp(BanLifetime) ->
    {MegaSecs, MSecs, USecs} = now(),
    UnbanSecs = MegaSecs * 1000000 + MSecs + BanLifetime,