Merge branch 'main' into feature/config-tests-drone

jaapmarcus · jaapmarcus · commit aa2fd585328a · 2021-08-03T09:20:35.000+02:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -3,6 +3,10 @@ All notable changes to this project will be documented in this file.
 
 ## [Development]
 
+### Features
+
+- Added v-delete-firewall-ban ip all #2031
+
 ### Bugfixes
 
 - Fix UI issues after upgrade jQuery + jQuery UI to last version (#2021 and #2032)
diff --git a/bin/v-delete-firewall-ban b/bin/v-delete-firewall-ban
@@ -50,19 +50,35 @@ check_hestia_demo_mode
 # Self heal iptables links
 heal_iptables_links
 
-# Checking ip in banlist
 conf="$HESTIA/data/firewall/banlist.conf"
-check_ip=$(grep "IP='$ip' CHAIN='$chain'" $conf 2>/dev/null)
-if [ -z "$check_ip" ]; then
-    exit
+if [ "$chain" == "ALL" ]; then  
+    check_ip=$(grep  "IP='$ip' CHAIN='*'" $conf)
+    if [ -z  "$check_ip" ]; then 
+        exit;
+    fi
+    grep  "IP='$ip' CHAIN='*'" $conf | while read -r line ; do
+        parse_object_kv_list  $line
+        
+        # Deleting ip from banlist
+        sip=$(echo "$IP"| sed "s|/|\\\/|g")
+        sed -i "/IP='$sip' CHAIN='$CHAIN'/d" $conf
+        b=$($iptables -L fail2ban-$CHAIN --line-number -n|grep -w $ip|awk '{print $1}')
+        $iptables -D fail2ban-$CHAIN $b 2>/dev/null   
+    done  
+else
+    # Checking ip in banlist
+    check_ip=$(grep "IP='$ip' CHAIN='$chain'" $conf 2>/dev/null)
+    if [ -z "$check_ip" ]; then
+        exit
+    fi
+    
+    # Deleting ip from banlist
+    sip=$(echo "$ip"| sed "s|/|\\\/|g")
+    sed -i "/IP='$sip' CHAIN='$chain'/d" $conf
+    b=$($iptables -L fail2ban-$chain --line-number -n|grep -w $ip|awk '{print $1}')
+    $iptables -D fail2ban-$chain $b 2>/dev/null
 fi
 
-# Deleting ip from banlist
-sip=$(echo "$ip"| sed "s|/|\\\/|g")
-sed -i "/IP='$sip' CHAIN='$chain'/d" $conf
-b=$($iptables -L fail2ban-$chain --line-number -n|grep -w $ip|awk '{print $1}')
-$iptables -D fail2ban-$chain $b 2>/dev/null
-
 # Changing permissions
 chmod 660 $conf
 
diff --git a/test/test.bats b/test/test.bats
@@ -237,6 +237,24 @@ function validate_database(){
     fi
 }
 
+function check_ip_banned(){
+  local ip=$1
+  local chain=$2
+  
+  run grep "IP='$ip' CHAIN='$chain'" $HESTIA/data/firewall/banlist.conf
+  assert_success
+  assert_output --partial "$ip"
+}
+
+function check_ip_not_banned(){
+  local ip=$1
+  local chain=$2
+  run grep "IP='$ip' CHAIN='$chain'" $HESTIA/data/firewall/banlist.conf
+  assert_failure E_ARGS
+  refute_output
+}
+
+
 #----------------------------------------------------------#
 #                           IP                             #
 #----------------------------------------------------------#
@@ -1397,6 +1415,50 @@ function validate_database(){
   refute_output
 }
 
+#----------------------------------------------------------#
+#                        Firewall                          #
+#----------------------------------------------------------#
+
+@test "Firewall: Add ip to banlist" {
+  run v-add-firewall-ban '1.2.3.4' 'HESTIA'
+  assert_success
+  refute_output
+  
+  check_ip_banned '1.2.3.4' 'HESTIA'
+}
+
+@test "Firewall: Delete ip to banlist" {
+  run v-delete-firewall-ban '1.2.3.4' 'HESTIA'
+  assert_success
+  refute_output
+  check_ip_not_banned '1.2.3.4' 'HESTIA'
+}
+
+@test "Firewall: Add ip to banlist for ALL" {
+  run v-add-firewall-ban '1.2.3.4' 'HESTIA'
+  assert_success
+  refute_output
+  run v-add-firewall-ban '1.2.3.4' 'MAIL'
+  assert_success
+  refute_output
+  check_ip_banned '1.2.3.4' 'HESTIA'
+}
+
+@test "Firewall: Delete ip to banlist CHAIN = ALL" {
+  run v-delete-firewall-ban '1.2.3.4' 'ALL'
+  assert_success
+  refute_output
+  check_ip_not_banned '1.2.3.4' 'HESTIA'
+}
+
+@test "Test Whitelist Fail2ban" {
+
+echo   "1.2.3.4" >> $HESTIA/data/firewall/excludes.conf
+run v-add-firewall-ban '1.2.3.4' 'HESTIA'
+rm $HESTIA/data/firewall/excludes.conf
+check_ip_not_banned '1.2.3.4' 'HESTIA'
+}
+
 #----------------------------------------------------------#
 #                         CLEANUP                          #
 #----------------------------------------------------------#
