yo/reaction
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add banFor snippet to jsonnet example

Browse Source
This commit is contained in:
ppom 2024-01-08 12:00:00 +01:00
parent e1ff702cd1
commit bc13342e06
1 changed files with 13 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
config/example.jsonnet
View File

@ -8,6 +8,17 @@ local iptables(args) = ['ip46tables', '-w'] + args;
// ip46tables is a minimal C program (only POSIX dependencies) present in a subdirectory of this repo. // ip46tables is a minimal C program (only POSIX dependencies) present in a subdirectory of this repo.
// it permits to handle both ipv4/iptables and ipv6/ip6tables commands // it permits to handle both ipv4/iptables and ipv6/ip6tables commands
// See meaning and usage of this function around L106
local banFor(time) = {
ban: {
cmd: iptables(['-A', 'reaction', '-s', '<ip>', '-j', 'DROP']),
},
unban: {
after: time,
cmd: iptables(['-D', 'reaction', '-s', '<ip>', '-j', 'DROP']),
},
};
{ {
// patterns are substitued in regexes. // patterns are substitued in regexes.
// when a filter performs an action, it replaces the found pattern // when a filter performs an action, it replaces the found pattern
@ -91,6 +102,8 @@ local iptables(args) = ['ip46tables', '-w'] + args;
// (with the stop commands) // (with the stop commands)
}, },
}, },
// or use the banFor function defined at the beginning!
// actions: banFor('48h'),
}, },
}, },
}, },