diff --git a/net/yate/Makefile b/net/yate/Makefile index a5e9820..7a07d44 100644 --- a/net/yate/Makefile +++ b/net/yate/Makefile @@ -146,6 +146,7 @@ endef define Package/$(PKG_NAME)-scripts-perl/install $(INSTALL_DIR) $(1)/usr/share/yate/scripts $(INSTALL_DATA) $(PKG_INSTALL_DIR)/usr/share/yate/scripts/Yate.pm $(1)/usr/share/yate/scripts/ + $(INSTALL_BIN) ./files/banbrutes.pl $(1)/usr/share/yate/scripts/ endef define Package/$(PKG_NAME)-sounds/install diff --git a/net/yate/files/banbrutes.pl b/net/yate/files/banbrutes.pl new file mode 100755 index 0000000..fa1bb3d --- /dev/null +++ b/net/yate/files/banbrutes.pl @@ -0,0 +1,50 @@ +#!/usr/bin/perl + +# This yate module will monitor failed authentications and send the source +# IP addresses of users who fail to authenticate to the iptables extension +# "recent" for filtering. +# +# You have to have the iptables extension "recent" installed and you need to +# create and reference a "recent" list in your firewall configuration. +# For most people it's probably enough to add this custom firewall rule +# to /etc/firewall.user: +# +# iptables -A input_rule -m recent --name yate_auth_failures --rcheck --seconds 3600 --hitcount 5 -j DROP +# +# This line will drop all incoming traffic from users who have failed to +# authenticate 5 consecutive times within the last hour. +# +# To enable this script in yate, add this script to the [scripts] section +# in /etc/yate/extmodule.conf. + + +use strict; +use warnings; +use lib '/usr/share/yate/scripts'; +use Yate; + +my $RECENT_LIST_NAME = '/proc/net/xt_recent/yate_auth_failures'; + +sub OnAuthenticationRequest($) { + my $yate = shift; + my $remote_ip = $yate->param('ip_host'); + + if ($yate->header('processed') eq 'true') { + # Successful authentication, forget previous failures + `echo -$remote_ip > $RECENT_LIST_NAME`; + return; + } + + `echo +$remote_ip > $RECENT_LIST_NAME`; +} + + +my $yate = new Yate(); + +if (! -f $RECENT_LIST_NAME) { + $yate->output("iptables recent list $RECENT_LIST_NAME does not exist"); + exit 1; +} + +$yate->install_watcher('user.auth', \&OnAuthenticationRequest); +$yate->listen();