[Netfilter] Exit on log line error in pubsub

2021-04-25 09:23:02 +02:00 · 2021-04-25 09:23:02 +02:00 · edf1a4fb1f
commit edf1a4fb1f
parent dfe43f56bf
1 changed files with 22 additions and 18 deletions
--- a/data/Dockerfiles/netfilter/server.py
+++ b/data/Dockerfiles/netfilter/server.py
@ -309,26 +309,30 @@ def watch():
  logInfo('Watching Redis channel F2B_CHANNEL')
  pubsub.subscribe('F2B_CHANNEL')
  global quit_now
  global exit_code
  while not quit_now:
    try:
      for item in pubsub.listen():
-        try:
+        refreshF2bregex()
-          refreshF2bregex()
+        for rule_id, rule_regex in f2bregex.items():
-          for rule_id, rule_regex in f2bregex.items():
+          if item['data'] and item['type'] == 'message':
-            if item['data'] and item['type'] == 'message':
+            try:
-              try:
+              result = re.search(rule_regex, item['data'])
-                result = re.search(rule_regex, item['data'])
+            except re.error:
-              except re.error:
+              result = False
-                result = False
+            if result:
-              if result:
+              addr = result.group(1)
-                addr = result.group(1)
+              ip = ipaddress.ip_address(addr)
-                ip = ipaddress.ip_address(addr)
+              if ip.is_private or ip.is_loopback:
-                if ip.is_private or ip.is_loopback:
+                continue
-                  continue
+              logWarn('%s matched rule id %s (%s)' % (addr, rule_id, item['data']))
-                logWarn('%s matched rule id %s (%s)' % (addr, rule_id, item['data']))
+              ban(addr)
-                ban(addr)
+    except Exception as ex:
-        except Exception as ex:
+      logWarn('Error reading log line from pubsub')
-          logWarn('Could not read logline from pubsub, skipping...')
+      quit_now = True
-          continue
+      exit_code = 2
 def snat4(snat_target):
  global lock