Commit Graph

69 Commits

Author SHA1 Message Date
Patrick Schult
fd0205aafd
Merge pull request #5127 from th-joerger/feature/bantime-increment
[Netfilter] Implemented exponentially incrementing bantime
2023-03-30 07:53:33 +02:00
Thorbjörn Jörger
096e2a41e9
Push verified options to redis after each check 2023-03-29 17:09:25 +02:00
Thorbjörn Jörger
e010f08143
verify options after loading them, set defaults if options are missing or invalid 2023-03-29 15:24:14 +02:00
Patrick Schult
3d2483ca37
Merge pull request #5093 from brunoleon/fix_snat
Fix SNAT never being added because of exception
2023-03-29 08:13:11 +02:00
Thorbjörn Jörger
5bc3d93545
log exception of redis pubsub subscription 2023-03-21 11:14:52 +01:00
Thorbjörn Jörger
1233613bea
implemented handling of max_bantime and ban_time_increment flag 2023-03-21 11:06:13 +01:00
Thorbjörn Jörger
0206e0886c
implemented exponentially incrementing bantime, removed active_window code that did nothing, cleanly initialized dictionary 2023-03-21 11:06:13 +01:00
Bruno Léon
f77c65411d Fix SNAT never being added because of exception
Some firewall rule object (iptc) do not have a parameter
attribute, which results in an exception being triggered,
and the mailcow SNAT rule to never be created.

Firewall rules that trigger such exception are:
- -A POSTROUTING -s 192.168.122.0/24 -d 224.0.0.0/24 -j RETURN

This commit just verify attribute presence, and skip the rule
properly instead of triggering an exception.
2023-02-27 12:04:32 +01:00
FreddleSpl0it
04403aaf70
[Netfilter] fix setting SNAT Rule if chain is empty 2023-02-17 13:15:44 +01:00
Niklas Meyer
50e9a3ec8a
Merge pull request #4835 from VermiumSifell/master
✏️ Fixed invalid regexs for banning.
2022-12-23 16:10:32 +01:00
DerLinkman
77f04d10c7 Update Base Images to Alpine 3.17 2022-12-01 23:02:03 +01:00
Vermium Sifell
a9871d05b2 ✏️ Fixed invalid regexs for banning 2022-11-02 23:42:37 +01:00
Martin Wilhelmi
f34d3620b1
Remove trailing whitespaces 2022-08-22 22:16:01 +02:00
Martin Wilhelmi
70e99447f9
Fix adding same SNAT rule endless to the ipv4 POSTROUTING chain 2022-08-22 22:15:56 +02:00
Peter
d13be25f45
Update base image to alpine 3.16 2022-06-05 18:38:16 +02:00
Dmitriy Alekseev
6c5ab7800e
[Netfilter] Exclude banning IPs when dovecot server not reacheble 2022-04-13 13:01:58 +03:00
Niklas Meyer
fac8d9d28a
[Netfilter] Update to Alpine 3.15 + GeoIP Fix
Added xtables-addon to netfilter container to handle iptables rules with geoip
**Commited by: @marcvorwerk**
2022-01-21 09:22:25 +01:00
Niklas Meyer
9c7faa9fe8
[Netfilter] Update to Alpine 3.15 2022-01-20 10:11:39 +01:00
Marc Vorwerk
f16d36eb74 Added xtables-addon to netfilter container to handle iptables rules with geoip 2022-01-18 16:27:40 +01:00
Alex Beakes
a0b0d36e22
Fix pip3 uninstall error 2022-01-02 03:51:09 +03:00
Dmitriy Alekseev
819f2876e6
[Netfilter] Add non-SMTP command rule (#4289) 2021-10-08 12:38:29 +03:00
andryyy
19dda55d96
[Alpine] Upgrade to 3.14 2021-08-30 21:01:09 +02:00
andryyy
08e9ab18a8
[Netfilter] Implement protocol error regex, fulfills #4093 2021-05-10 08:44:34 +02:00
andryyy
edf1a4fb1f
[Netfilter] Exit on log line error in pubsub 2021-04-25 09:23:02 +02:00
monsterry
dfe43f56bf
[netfilter] Use exit code 2 if an error occurs (#4040) 2021-04-25 09:13:26 +02:00
andryyy
8eb757bea3
[Netfilter] Further improvements to catch invalid input 2021-03-23 20:53:04 +01:00
andryyy
8bf9ee8308
[Netfilter] Restart on invalid data via pubsub 2021-03-22 21:19:24 +01:00
andryyy
27b18373cc
[Alpine] Update Alpine base images to v3.13 2021-02-18 08:48:12 +01:00
andryyy
0884f42379
[Netfilter] Skip invalid regex 2020-08-27 21:13:30 +02:00
andryyy
d4dd1024c9
[Netfilter] Replace query by resolve (deprecated) 2020-08-27 20:50:22 +02:00
andryyy
d47652d7e4
[Netfilter] Reload regex filters from Redis 2020-08-27 20:42:20 +02:00
andryyy
816c779ac2
[Netfilter] Fix Netfilter image 2020-07-12 05:20:57 +02:00
Christian Burmeister
b5502fb52a
netfilter - Python 3.8 - SyntaxWarning for 'is not' (#3537) 2020-05-12 18:26:03 +02:00
andryyy
02a74914b4
Update to Alpine 3.11 2020-05-11 11:50:45 +02:00
andryyy
731f5cb354
[Netfilter] Log matching string instead of regex 2020-04-20 20:27:27 +02:00
andryyy
32ef5508a0
[Netfilter] Log matched regex 2020-03-19 12:23:31 +01:00
andryyy
423104db61
[Netfilter] Use Redis master if set 2020-02-05 10:57:14 +01:00
andryyy
158fb20c83 [Netfilter] Add new rule
[Compose] Update Postfix and netfilter
2019-11-12 20:45:23 +01:00
andryyy
2811b498ab
[Netfilter] Punish failed logins to /rspamd 2019-10-12 13:15:59 +02:00
andryyy
3bd32072f1
[Compose] UPDATE MARIADB TO 10.3 - Please check your installations after upgrading and WAIT a few minutes for the upgrade to complete!
[Postfix] Remove old python lib
[Compose] Add a grace period for MySQL when shutting down
[Netfilter] It is okay to be number two :( (fixes chain order in ip6tables FORWARD chain)
2019-09-20 22:54:40 +02:00
andryyy
1d45c563b7
[Netfilter] Set default ban masks to 32 and 128 2019-09-20 14:30:48 +02:00
andryyy
22d17390df
[Netfilter] Alpine 3.10 with dirty, dirty hack to workaround iptables issue with Python 2019-07-22 21:08:44 +02:00
andryyy
104fbae0d9
[Netfilter] Set some f2boptions to int 2019-06-25 22:16:38 +02:00
andryyy
090e14ee8d
[Netfilter] Keep musl-dev, update pip 2019-06-13 21:10:49 +02:00
andryyy
8984240e44
[Watchdog, Config] Added WATCHDOG_NOTIFY_BAN to disable IP ban notifications
[Netfilter] Remove unused files after installation
[Compose] Some new images and a new option for watchdog: WATCHDOG_NOTIFY_BAN - defaults to y
2019-06-13 19:38:53 +02:00
Kraeutergarten
b862ce2bfb Add hostnames for blacklist. 2019-05-20 09:02:40 +02:00
Kraeutergarten
e6de9c299d Fix wrong python version. 2019-05-20 07:02:42 +02:00
Kraeutergarten
9b02c9272e clear whitelist, if it gets cleard. 2019-05-19 10:55:11 +02:00
Kraeutergarten
5af250398c Redo complete logging.
Do some other fixes caused by python3
2019-05-19 10:36:16 +02:00
Kraeutergarten
d6af494789 update to python3 2019-05-19 09:55:49 +02:00