af5f5cc9e2
Do not print a log warning for IPs in local mailcow network to prevent watchdog spam in the log
2023-04-13 13:00:33 +02:00
ed9b239af7
Added error handling code to regex, do not refresh regex for each parsed line, indicated maintenance steps to remedy regex error, hint on ignored private IPs for proxy debug
2023-04-13 12:15:58 +02:00
fd0205aafd
Merge pull request #5127 from th-joerger/feature/bantime-increment
...
[Netfilter] Implemented exponentially incrementing bantime
2023-03-30 07:53:33 +02:00
096e2a41e9
Push verified options to redis after each check
2023-03-29 17:09:25 +02:00
e010f08143
verify options after loading them, set defaults if options are missing or invalid
2023-03-29 15:24:14 +02:00
3d2483ca37
Merge pull request #5093 from brunoleon/fix_snat
...
Fix SNAT never being added because of exception
2023-03-29 08:13:11 +02:00
5bc3d93545
log exception of redis pubsub subscription
2023-03-21 11:14:52 +01:00
1233613bea
implemented handling of max_bantime and ban_time_increment flag
2023-03-21 11:06:13 +01:00
0206e0886c
implemented exponentially incrementing bantime, removed active_window code that did nothing, cleanly initialized dictionary
2023-03-21 11:06:13 +01:00
f77c65411d
Fix SNAT never being added because of exception
...
Some firewall rule object (iptc) do not have a parameter
attribute, which results in an exception being triggered,
and the mailcow SNAT rule to never be created.
Firewall rules that trigger such exception are:
- -A POSTROUTING -s 192.168.122.0/24 -d 224.0.0.0/24 -j RETURN
This commit just verify attribute presence, and skip the rule
properly instead of triggering an exception.
2023-02-27 12:04:32 +01:00
04403aaf70
[Netfilter] fix setting SNAT Rule if chain is empty
2023-02-17 13:15:44 +01:00
50e9a3ec8a
Merge pull request #4835 from VermiumSifell/master
...
✏️ Fixed invalid regexs for banning.
2022-12-23 16:10:32 +01:00
77f04d10c7
Update Base Images to Alpine 3.17
2022-12-01 23:02:03 +01:00
a9871d05b2
✏️ Fixed invalid regexs for banning
2022-11-02 23:42:37 +01:00
f34d3620b1
Remove trailing whitespaces
2022-08-22 22:16:01 +02:00
70e99447f9
Fix adding same SNAT rule endless to the ipv4 POSTROUTING chain
2022-08-22 22:15:56 +02:00
d13be25f45
Update base image to alpine 3.16
2022-06-05 18:38:16 +02:00
6c5ab7800e
[Netfilter] Exclude banning IPs when dovecot server not reacheble
2022-04-13 13:01:58 +03:00
fac8d9d28a
[Netfilter] Update to Alpine 3.15 + GeoIP Fix
...
Added xtables-addon to netfilter container to handle iptables rules with geoip
**Commited by: @marcvorwerk**
2022-01-21 09:22:25 +01:00
9c7faa9fe8
[Netfilter] Update to Alpine 3.15
2022-01-20 10:11:39 +01:00
f16d36eb74
Added xtables-addon to netfilter container to handle iptables rules with geoip
2022-01-18 16:27:40 +01:00
a0b0d36e22
Fix pip3 uninstall error
2022-01-02 03:51:09 +03:00
819f2876e6
[Netfilter] Add non-SMTP command rule ( #4289 )
2021-10-08 12:38:29 +03:00
19dda55d96
[Alpine] Upgrade to 3.14
2021-08-30 21:01:09 +02:00
08e9ab18a8
[Netfilter] Implement protocol error regex, fulfills #4093
2021-05-10 08:44:34 +02:00
edf1a4fb1f
[Netfilter] Exit on log line error in pubsub
2021-04-25 09:23:02 +02:00
dfe43f56bf
[netfilter] Use exit code 2 if an error occurs ( #4040 )
2021-04-25 09:13:26 +02:00
8eb757bea3
[Netfilter] Further improvements to catch invalid input
2021-03-23 20:53:04 +01:00
8bf9ee8308
[Netfilter] Restart on invalid data via pubsub
2021-03-22 21:19:24 +01:00
27b18373cc
[Alpine] Update Alpine base images to v3.13
2021-02-18 08:48:12 +01:00
0884f42379
[Netfilter] Skip invalid regex
2020-08-27 21:13:30 +02:00
d4dd1024c9
[Netfilter] Replace query by resolve (deprecated)
2020-08-27 20:50:22 +02:00
d47652d7e4
[Netfilter] Reload regex filters from Redis
2020-08-27 20:42:20 +02:00
816c779ac2
[Netfilter] Fix Netfilter image
2020-07-12 05:20:57 +02:00
b5502fb52a
netfilter - Python 3.8 - SyntaxWarning for 'is not' ( #3537 )
2020-05-12 18:26:03 +02:00
02a74914b4
Update to Alpine 3.11
2020-05-11 11:50:45 +02:00
731f5cb354
[Netfilter] Log matching string instead of regex
2020-04-20 20:27:27 +02:00
32ef5508a0
[Netfilter] Log matched regex
2020-03-19 12:23:31 +01:00
423104db61
[Netfilter] Use Redis master if set
2020-02-05 10:57:14 +01:00
158fb20c83
[Netfilter] Add new rule
...
[Compose] Update Postfix and netfilter
2019-11-12 20:45:23 +01:00
2811b498ab
[Netfilter] Punish failed logins to /rspamd
2019-10-12 13:15:59 +02:00
3bd32072f1
[Compose] UPDATE MARIADB TO 10.3 - Please check your installations after upgrading and WAIT a few minutes for the upgrade to complete!
...
[Postfix] Remove old python lib
[Compose] Add a grace period for MySQL when shutting down
[Netfilter] It is okay to be number two :( (fixes chain order in ip6tables FORWARD chain)
2019-09-20 22:54:40 +02:00
1d45c563b7
[Netfilter] Set default ban masks to 32 and 128
2019-09-20 14:30:48 +02:00
22d17390df
[Netfilter] Alpine 3.10 with dirty, dirty hack to workaround iptables issue with Python
2019-07-22 21:08:44 +02:00
104fbae0d9
[Netfilter] Set some f2boptions to int
2019-06-25 22:16:38 +02:00
090e14ee8d
[Netfilter] Keep musl-dev, update pip
2019-06-13 21:10:49 +02:00
8984240e44
[Watchdog, Config] Added WATCHDOG_NOTIFY_BAN to disable IP ban notifications
...
[Netfilter] Remove unused files after installation
[Compose] Some new images and a new option for watchdog: WATCHDOG_NOTIFY_BAN - defaults to y
2019-06-13 19:38:53 +02:00
b862ce2bfb
Add hostnames for blacklist.
2019-05-20 09:02:40 +02:00
e6de9c299d
Fix wrong python version.
2019-05-20 07:02:42 +02:00
9b02c9272e
clear whitelist, if it gets cleard.
2019-05-19 10:55:11 +02:00
Thorbjörn Jörger
Patrick Schult
Bruno Léon
FreddleSpl0it
Niklas Meyer
DerLinkman
Vermium Sifell
Martin Wilhelmi
Peter
Dmitriy Alekseev
Marc Vorwerk
Alex Beakes
andryyy
monsterry
Christian Burmeister
Kraeutergarten