fix: removing useless port code (#45)

tomMoulard · Nov 5, 2021 · 982dd77 · 982dd77
1 parent 4cb28cd
commit 982dd77
Show file tree

Hide file tree

Showing 7 changed files with 8 additions and 121 deletions.
diff --git a/README.md b/README.md
@@ -67,15 +67,13 @@ INFO: Fail2Ban: restricted.go:51: Whitelisted: '127.0.0.2/32'
 INFO: Fail2Ban: restricted.go:51: Blacklisted: '127.0.0.3/32'
 INFO: Fail2Ban: restricted.go:51: Bantime: 3h0m0s
 INFO: Fail2Ban: restricted.go:51: Findtime: 3h0m0s
-INFO: Fail2Ban: restricted.go:51: Ports range from 0 to 8000
-INFO: Fail2Ban: restricted.go:51: FailToBan Rules : '{Xbantime:3h0m0s Xfindtime:3h0m0s Xurlregexp:[localhost:5000/whoami] Xmaxretry:4 Xenabled:true Xports:[0 8000]}'
+INFO: Fail2Ban: restricted.go:51: FailToBan Rules : '{Xbantime:3h0m0s Xfindtime:3h0m0s Xurlregexp:[localhost:5000/whoami] Xmaxretry:4 Xenabled:true}'
 INFO: Fail2Ban: restricted.go:52: Plugin: FailToBan is up and running
 INFO: Fail2Ban: restricted.go:51: Whitelisted: '127.0.0.2/32'
 INFO: Fail2Ban: restricted.go:51: Blacklisted: '127.0.0.3/32'
 INFO: Fail2Ban: restricted.go:51: Bantime: 3h0m0s
 INFO: Fail2Ban: restricted.go:51: Findtime: 3h0m0s
-INFO: Fail2Ban: restricted.go:51: Ports range from 0 to 8000
-INFO: Fail2Ban: restricted.go:51: FailToBan Rules : '{Xbantime:3h0m0s Xfindtime:3h0m0s Xurlregexp:[localhost:5000/whoami] Xmaxretry:4 Xenabled:true Xports:[0 8000]}'
+INFO: Fail2Ban: restricted.go:51: FailToBan Rules : '{Xbantime:3h0m0s Xfindtime:3h0m0s Xurlregexp:[localhost:5000/whoami] Xmaxretry:4 Xenabled:true}'
 INFO: Fail2Ban: restricted.go:52: Plugin: FailToBan is up and running
 ```
 
@@ -90,8 +88,7 @@ INFO: Fail2Ban: restricted.go:51: Whitelisted: '127.0.0.2/32'
 INFO: Fail2Ban: restricted.go:51: Blacklisted: '127.0.0.3/32'
 INFO: Fail2Ban: restricted.go:51: Bantime: 3s
 INFO: Fail2Ban: restricted.go:51: Findtime: 3h0m0s
-INFO: Fail2Ban: restricted.go:51: Ports range from 0 to 8000
-INFO: Fail2Ban: restricted.go:51: FailToBan Rules : '{Xbantime:3s Xfindtime:3h0m0s Xurlregexp:[localhost:5000/whoami] Xmaxretry:4 Xenabled:true Xports:[0 8000]}'
+INFO: Fail2Ban: restricted.go:51: FailToBan Rules : '{Xbantime:3s Xfindtime:3h0m0s Xurlregexp:[localhost:5000/whoami] Xmaxretry:4 Xenabled:true}'
 INFO: Fail2Ban: restricted.go:52: Plugin: FailToBan is up and running
 DEBUG: Fail2Ban: restricted.go:51: New request: &{GET /whoami HTTP/1.1 1 1
 DEBUG: Fail2Ban: restricted.go:51: welcome ::1
@@ -125,7 +122,6 @@ testData:
     findtime: "10m"
     maxretry: 4
     enabled: true
-    ports: "80:443"
 ```
 
 Where:
@@ -137,7 +133,6 @@ use 'smart' strings: "4h", "2m", "1s", ...
  - `enabled`: allow to enable or disable the plugin (must be set to `true` to
 enable the plugin).
  - `urlregexp`: a regexp list to block / allow requests with regexps on the url
- - `ports`: filter requests by port range
  - `logLevel`: is used to show the correct level of logs (`DEBUG`, `INFO`,
 `NONE`)
 
@@ -157,7 +152,6 @@ testData:
     findtime: "10m"
     maxretry: 4
     enabled: true
-    ports: "80:443"
 ```
 
 By default, fail2ban will be applied.
@@ -176,7 +170,6 @@ testData:
     findtime: "10m"
     maxretry: 4
     enabled: true
-    ports: "80:443"
 ```
 
 In the case where you define multiple regexp on the same url, the order of

diff --git a/ci/yamls/local-banned.yaml b/ci/yamls/local-banned.yaml
@@ -28,24 +28,7 @@ http:
             urlregexps:
               - regexp: "/blocked"
                 mode: block
-            ignorecommand: ""
             bantime: "3h"
+            enabled: true
             findtime: "3h"
             maxretry: 4
-            backend: ""
-            usedns: ""
-            logencoding: "UTF-8"
-            enabled: true
-            mode: ""
-            filter: ""
-            destemail: ""
-            sender: ""
-            mta: ""
-            protocol: ""
-            chain: ""
-            ports: "0:8000"
-            fail2banAgent: ""
-            banaction: ""
-            banactionAllports: ""
-            actionAbuseipdb: ""
-            action: ""
diff --git a/ci/yamls/local-whited.yaml b/ci/yamls/local-whited.yaml
@@ -28,24 +28,7 @@ http:
             urlregexps:
               - regexp: "/blocked"
                 mode: block
-            ignorecommand: ""
             bantime: "3h"
+            enabled: true
             findtime: "3h"
             maxretry: 4
-            backend: ""
-            usedns: ""
-            logencoding: "UTF-8"
-            enabled: true
-            mode: ""
-            filter: ""
-            destemail: ""
-            sender: ""
-            mta: ""
-            protocol: ""
-            chain: ""
-            ports: "0:8000"
-            fail2banAgent: ""
-            banaction: ""
-            banactionAllports: ""
-            actionAbuseipdb: ""
-            action: ""
diff --git a/ci/yamls/no-rules.yaml b/ci/yamls/no-rules.yaml
@@ -25,24 +25,7 @@ http:
             urlregexps:
               - regexp: "/blocked"
                 mode: block
-            ignorecommand: ""
             bantime: "3h"
+            enabled: true
             findtime: "3h"
             maxretry: 4
-            backend: ""
-            usedns: ""
-            logencoding: "UTF-8"
-            enabled: true
-            mode: ""
-            filter: ""
-            destemail: ""
-            sender: ""
-            mta: ""
-            protocol: ""
-            chain: ""
-            ports: "0:8000"
-            fail2banAgent: ""
-            banaction: ""
-            banactionAllports: ""
-            actionAbuseipdb: ""
-            action: ""
diff --git a/fail2ban.go b/fail2ban.go
@@ -10,7 +10,6 @@ import (
 	"os"
 	"reflect"
 	"regexp"
-	"strconv"
 	"strings"
 	"time"
 
@@ -41,28 +40,11 @@ var (
 
 // Rules struct fail2ban config
 type Rules struct {
-	// Ignorecommand     string        `yaml:"igonecommand"`
 	Bantime    string      `yaml:"bantime"`  // exprimate in a smart way: 3m
+	Enabled    bool        `yaml:"enabled"`  // enable or disable the jail
 	Findtime   string      `yaml:"findtime"` // exprimate in a smart way: 3m
 	Maxretry   int         `yaml:"maxretry"`
 	Urlregexps []Urlregexp `yaml:"urlregexps"`
-	// Backend           string        `yaml:"backend"`     //maybe we have to change this to another things or just delete it if its useless
-	// Usedns            string        `yaml:"usedns"`      //maybe change string by a int for limit the size (yes:0, warn:1, no:2, raw:3)
-	// Logencoding       string        `yaml:"logencoding"` //maybe useless for our project (utf-8, ascii)
-	Enabled bool `yaml:"enabled"` // enable or disable the jail
-	// Mode              string        `yaml:"mode"`        //same than usedns
-	// Filter            string        `yaml:"filter"`      //= %(name)s[mode=%(mode)s] maybe change for a []string
-	// Destemail         string        `yaml:"destemail"`
-	// Sender            string        `yaml:"sender"`
-	// Mta               string        `yaml:"mta"`      //same than usedns
-	// Protocol          string        `yaml:"protocol"` //maybe int (tcp:0, udp:1)
-	// Chain             string        `yaml:"chain"`    //maybe useless because handle by traefik chain
-	Ports string `yaml:"ports"`
-	// Fail2banAgent     string        `yaml:"fail2ban_agent"`
-	// Banaction         string        `yaml:"banaction"`          //maybe useless because we are the firewall ?
-	// BanactionAllports string        `yaml:"banaction_allports"` //same as above
-	// ActionAbuseipdb   string        `yaml:"action_abuseipdb"`
-	// Action            string        `yaml:"action"` //maybe change for []string
 }
 
 // List struct
@@ -98,7 +80,6 @@ type RulesTransformed struct {
 	urlregexpBan   []string
 	maxretry       int
 	enabled        bool
-	ports          [2]int
 }
 
 // TransformRule morph a Rules object into a RulesTransformed
@@ -115,23 +96,6 @@ func TransformRule(r Rules) (RulesTransformed, error) {
 	}
 	LoggerINFO.Printf("Findtime: %s", findtime)
 
-	ports := strings.Split(r.Ports, ":")
-	if len(ports) != 2 {
-		return RulesTransformed{},
-			fmt.Errorf(`could not parse Ports, bad format (hint: use something like "80:443" to filter all ports from 80 to 443)`)
-	}
-
-	portStart, err := strconv.Atoi(ports[0])
-	if err != nil {
-		return RulesTransformed{}, err
-	}
-
-	portEnd, err := strconv.Atoi(ports[1])
-	if err != nil {
-		return RulesTransformed{}, err
-	}
-	LoggerINFO.Printf("Ports range from %d to %d", portStart, portEnd)
-
 	var regexpAllow []string
 	var regexpBan []string
 
@@ -154,7 +118,6 @@ func TransformRule(r Rules) (RulesTransformed, error) {
 		urlregexpBan:   regexpBan,
 		maxretry:       r.Maxretry,
 		enabled:        r.Enabled,
-		ports:          [2]int{portStart, portEnd},
 	}
 	LoggerINFO.Printf("FailToBan Rules : '%+v'", rules)
 	return rules, nil

diff --git a/fail2ban_test.go b/fail2ban_test.go
@@ -22,7 +22,6 @@ func TestTransformRules(t *testing.T) {
 			send: Rules{
 				Bantime:  "300s",
 				Findtime: "120s",
-				Ports:    "0:80",
 				Enabled:  true,
 			},
 			expect: RulesTransformed{},

diff --git a/rules-fail2ban.yaml b/rules-fail2ban.yaml
@@ -33,24 +33,7 @@ http:
                 mode: block
               - regexp: "/yes"
                 mode: allow
-            ignorecommand: ""
             bantime: "3h"
+            enabled: true
             findtime: "3h"
             maxretry: 4
-            backend: ""
-            usedns: ""
-            logencoding: "UTF-8"
-            enabled: true
-            mode: ""
-            filter: ""
-            destemail: ""
-            sender: ""
-            mta: ""
-            protocol: ""
-            chain: ""
-            ports: "0:8000"
-            fail2banAgent: ""
-            banaction: ""
-            banactionAllports: ""
-            actionAbuseipdb: ""
-            action: ""