From 1a9bc1905dc273e2977a29e802e3b6df64d613a6 Mon Sep 17 00:00:00 2001 From: sebres Date: Tue, 7 Jan 2020 17:01:47 +0100 Subject: [PATCH] auto-detection of IPv6 subsystem availability (important for not on-demand actions or jails, like pass2allow) --- fail2ban/server/action.py | 6 +++--- fail2ban/server/ipdns.py | 5 +++++ 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/fail2ban/server/action.py b/fail2ban/server/action.py index df0e3b8d..f26b6bc8 100644 --- a/fail2ban/server/action.py +++ b/fail2ban/server/action.py @@ -45,8 +45,8 @@ logSys = getLogger(__name__) # Create a lock for running system commands _cmd_lock = threading.Lock() -# Todo: make it configurable resp. automatically set, ex.: `[ -f /proc/net/if_inet6 ] && echo 'yes' || echo 'no'`: -allowed_ipv6 = True +# Specifies whether IPv6 subsystem is available: +allowed_ipv6 = DNSUtils.IPv6IsAllowed # capture groups from filter for map to ticket data: FCUSTAG_CRE = re.compile(r''); # currently uppercase only @@ -459,7 +459,7 @@ class CommandAction(ActionBase): v = splitwords(v) elif self._hasCondSection: # all conditional families: # todo: check it is needed at all # common (resp. ipv4) + ipv6 if allowed: - v = ['inet4', 'inet6'] if allowed_ipv6 else ['inet4'] + v = ['inet4', 'inet6'] if allowed_ipv6() else ['inet4'] else: # all action tags seems to be the same v = [''] self._properties['__families'] = v diff --git a/fail2ban/server/ipdns.py b/fail2ban/server/ipdns.py index aeb5102d..6648dac6 100644 --- a/fail2ban/server/ipdns.py +++ b/fail2ban/server/ipdns.py @@ -202,6 +202,11 @@ class DNSUtils: DNSUtils.CACHE_nameToIp.set(key, ips) return ips + @staticmethod + def IPv6IsAllowed(): + # return os.path.exists("/proc/net/if_inet6") || any((':' in ip) for ip in DNSUtils.getSelfIPs()) + return any((':' in ip.ntoa) for ip in DNSUtils.getSelfIPs()) + ## # Class for IP address handling.