Gnous/mailcow
2
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

[Netfilter] only perform cleanup at exit if SIGTERM was recieved

Browse Source
This commit is contained in:
FreddleSpl0it 2024-02-02 12:46:50 +01:00
parent 2e57325dde
commit 39589bd441
No known key found for this signature in database
GPG Key ID: 00E14E7634F4BEC5
1 changed files with 23 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
data/Dockerfiles/netfilter/main.py
View File

@ -30,6 +30,8 @@ exit_code = 0
lock = Lock() lock = Lock()
chain_name = "MAILCOW" chain_name = "MAILCOW"
r = None r = None
pubsub = None
clear_before_quit = False
def refreshF2boptions(): def refreshF2boptions():
@ -218,10 +220,12 @@ def clear():
with lock: with lock:
tables.clearIPv4Table() tables.clearIPv4Table()
tables.clearIPv6Table() tables.clearIPv6Table()
if r: try:
if r is not None:
r.delete('F2B_ACTIVE_BANS') r.delete('F2B_ACTIVE_BANS')
r.delete('F2B_PERM_BANS') r.delete('F2B_PERM_BANS')
pubsub.unsubscribe() except Exception as ex:
logger.logWarn('Error clearing redis keys F2B_ACTIVE_BANS and F2B_PERM_BANS: %s' % ex)
def watch(): def watch():
logger.logInfo('Watching Redis channel F2B_CHANNEL') logger.logInfo('Watching Redis channel F2B_CHANNEL')
@ -229,6 +233,7 @@ def watch():
global quit_now global quit_now
global exit_code global exit_code
global pubsub
while not quit_now: while not quit_now:
try: try:
@ -249,6 +254,7 @@ def watch():
ban(addr) ban(addr)
except Exception as ex: except Exception as ex:
logger.logWarn('Error reading log line from pubsub: %s' % ex) logger.logWarn('Error reading log line from pubsub: %s' % ex)
pubsub = None
quit_now = True quit_now = True
exit_code = 2 exit_code = 2
@ -372,17 +378,22 @@ def blacklistUpdate():
permBan(net=net, unban=True) permBan(net=net, unban=True)
time.sleep(60.0 - ((time.time() - start_time) % 60.0)) time.sleep(60.0 - ((time.time() - start_time) % 60.0))
def quit(signum, frame): def sigterm_quit(signum, frame):
global quit_now global clear_before_quit
quit_now = True clear_before_quit = True
def quit_clear(signum, frame):
global exit_code
clear()
sys.exit(exit_code) sys.exit(exit_code)
def berfore_quit():
if clear_before_quit:
clear()
if pubsub is not None:
pubsub.unsubscribe()
if __name__ == '__main__': if __name__ == '__main__':
atexit.register(berfore_quit)
signal.signal(signal.SIGTERM, sigterm_quit)
# init Logger # init Logger
logger = Logger(None) logger = Logger(None)
@ -420,12 +431,12 @@ if __name__ == '__main__':
else: else:
r = redis.StrictRedis(host=redis_slaveof_ip, decode_responses=True, port=redis_slaveof_port, db=0) r = redis.StrictRedis(host=redis_slaveof_ip, decode_responses=True, port=redis_slaveof_port, db=0)
r.ping() r.ping()
pubsub = r.pubsub()
except Exception as ex: except Exception as ex:
print('%s - trying again in 3 seconds' % (ex)) print('%s - trying again in 3 seconds' % (ex))
time.sleep(3) time.sleep(3)
else: else:
break break
pubsub = r.pubsub()
Logger.r = r Logger.r = r
# rename fail2ban to netfilter # rename fail2ban to netfilter
@ -479,8 +490,6 @@ if __name__ == '__main__':
whitelistupdate_thread.daemon = True whitelistupdate_thread.daemon = True
whitelistupdate_thread.start() whitelistupdate_thread.start()
signal.signal(signal.SIGTERM, quit_clear)
while not quit_now: while not quit_now:
time.sleep(0.5) time.sleep(0.5)