firewall/Blacklist: irc support

dcd8639d · Bach Dániel · baebe8ef · dcd8639d · dcd8639d
Commit dcd8639d authored Feb 21, 2013 by Bach Dániel
Hide whitespace changes
Inline Side-by-side

Showing with 23 additions and 6 deletions

firewall/fw.py
+2 -2

miscellaneous/celery/fw.py
+21 -4

No files found.
--- a/firewall/fw.py
+++ b/firewall/fw.py
@@ -300,8 +300,8 @@ class firewall:
                '\n'.join(self.RULES_NAT) + '\n')

 def ipset():
-    week = datetime.now()-timedelta(days=7)
-    return models.Blacklist.objects.filter(Q(type='tempban', modified_at__gte=week) | Q(type='permban')).values_list('ipv4', flat=True)
+    week = datetime.now()-timedelta(days=2)
+    return models.Blacklist.objects.filter(Q(type='tempban', modified_at__gte=week) | Q(type='permban')).values('ipv4', 'reason')


 def ipv6_to_octal(ipv6):

--- a/miscellaneous/celery/fw.py
+++ b/miscellaneous/celery/fw.py
 from celery import Celery, task
 import subprocess
 import time, re
+import socket
+
+BROKER_URL = 'amqp://nyuszi:teszt@localhost:5672/django'
+IRC_CHANNEL = '/home/cloud/irc/irc.atw.hu/#ik/in'
+try:
+        from local_settings import *
+except:
+        pass

 CELERY_CREATE_MISSING_QUEUES=True
-celery = Celery('tasks', broker='amqp://nyuszi:teszt@localhost:5672/django')
+celery = Celery('tasks', broker=BROKER_URL)
+

 @task(name="firewall.tasks.reload_firewall_task")
 def t(data4, data6):
@@ -28,7 +37,7 @@ def t(data):
    print "blacklist"
    r = re.compile(r'^add blacklist ([0-9.]+)$')

-    data_new = data
+    data_new = [ x['ipv4'] for x in data]
    data_old = []

    p = subprocess.Popen(['/usr/bin/sudo', '/usr/sbin/ipset', 'save', 'blacklist'], shell=False, stdout=subprocess.PIPE)
@@ -37,8 +46,8 @@ def t(data):
        if x:
            data_old.append(x.group(1))

-    l_add = list(set(data).difference(set(data_old)))
-    l_del = list(set(data_old).difference(set(data)))
+    l_add = list(set(data_new).difference(set(data_old)))
+    l_del = list(set(data_old).difference(set(data_new)))

    ipset = []
    ipset.append('create blacklist hash:ip family inet hashsize 4096 maxelem 65536')
@@ -50,4 +59,12 @@ def t(data):
    p = subprocess.Popen(['/usr/bin/sudo', '/usr/sbin/ipset', 'restore', '-exist'], shell=False, stdin=subprocess.PIPE)
    p.communicate("\n".join(ipset) + "\n")

+    try:
+        with open(IRC_CHANNEL, 'w') as f:
+            for x in data:
+                if x['ipv4'] in l_add:
+                    f.write('%(ip)s(%(hostname)s) kibachva %(reason)s miatt\n' % { 'ip': x['ipv4'], 'reason': x['reason'], 'hostname': socket.gethostbyaddr(x['ipv4'])[0]})
+    except:
+        print "nem sikerult mircre irni"
+        raise