// Configuration data
std::vector<std::string> files; // files to watch
std::vector<Match> patterns; // patterns to match
- std::vector<AddressPattern> exempted; // never ban these addresses
+ std::vector<AddressPattern> exempted; // never block these addresses
unsigned rate_max; // maximum occurences per interval
unsigned rate_interval; // interval size in seconds
BlockMethod *block; // block method
The default is the first capture, i.e. \fIN\fR = 1.
.TP
.B rate \fIATTEMPTS\fB/\fIINTERVAL\fR
-Set the failed login rate which will cause a ban.
-Any address which exceeds this rate will be banned.
+Set the failed login rate which will cause the source to be blocked.
+Any address which exceeds this rate will be blocked.
.IP
\fIINTERVAL\fR can be \fBminute\fR, \fBhour\fR, \fBday\fR or \fBweek\fR.
.IP
The default rate is \fB5/hour\fR.
.TP
.B exempt \fIADDRESS\fR[\fB/\fIMASK\fR]
-Never ban \fIADDRESS\fR, or if a mask is specified, any address
+Never block \fIADDRESS\fR, or if a mask is specified, any address
in the network \fIADDRESS\fR\fB/\fIMASK\fR.
Use this to ensure you don't accidentally lock yourself out.
.TP
// Times that this address was detected
std::deque<time_t> times;
- // True if this address has been banned
- bool banned;
+ // True if this address has been blocked
+ bool blocked;
- AddressData(): banned(false) {}
+ AddressData(): blocked(false) {}
};
-// A logfile watcher that knows how to ban things
-class BanWatcher: public Watcher {
+// A logfile watcher that knows how to block things
+class BlockingWatcher: public Watcher {
public:
- BanWatcher(const std::string &path): Watcher(path) {}
+ BlockingWatcher(const std::string &path): Watcher(path) {}
// Called when a line is read from a logfile
void processLine(const std::string &line) {
}
// Find (or create) the data for this address
AddressData &ad = addressData[a];
- // Only consider addresses that have not yet been banned
- if(!ad.banned) {
+ // Only consider addresses that have not yet been blocked
+ if(!ad.blocked) {
time_t now;
time(&now);
// Strip off too-old detection times
ad.times.pop_front();
// Add the latest detection time
ad.times.push_back(now);
- // See if the ban rate has been exceeded
+ // See if the block rate has been exceeded
if(ad.times.size() > config->rate_max) {
- if(banAddress(a))
- ad.banned = true;
+ if(blockAddress(a))
+ ad.blocked = true;
}
}
}
- // Ban an address
- bool banAddress(const Address &a) {
- info("banning %s", a.asString().c_str());
+ // Block an address
+ bool blockAddress(const Address &a) {
+ info("blocking %s", a.asString().c_str());
if(config->block->block(a))
return true;
else {
- error("failed to ban %s", a.asString().c_str());
+ error("failed to block %s", a.asString().c_str());
return false;
}
}
};
-std::map<Address,AddressData> BanWatcher::addressData;
+std::map<Address,AddressData> BlockingWatcher::addressData;
// Signal handler for SIGHUP
extern "C" {
}
}
// We didn't manage to re-use an existing watcher
- newWatchers.push_back(new BanWatcher(newConfig->files[i]));
+ newWatchers.push_back(new BlockingWatcher(newConfig->files[i]));
// Make the new watcher's FD nonblocking (if it has one)
fd = newWatchers[i]->pollfd(limit);
if(fd >= 0)
~richardk / blockad.git / commitdiff