use the new shiny BlockipError

[toast/tdyndns.git] / bin / tdyndns_update

diff --git a/bin/tdyndns_update b/bin/tdyndns_update
index 4452fe088d4881fae85e826ee35caf2a773531e3..8f943f8fbeee8f8761db745ca965adbac1a0403b 100755 (executable)
--- a/bin/tdyndns_update
+++ b/bin/tdyndns_update
@@ -2,7 +2,7 @@
 import sys
 import re
 import argparse
-from subprocess import Popen, PIPE
+from subprocess import Popen, PIPE, call
 import ipaddr
 
 
@@ -11,6 +11,11 @@ class NsupdateError(Exception):
                self.returncode = returncode
 
 
+class BlockipError(Exception):
+       def __init__(self, returncode):
+               self.returncode = returncode
+
+
 def ipfamily_by_ip(ip):
        if isinstance(ip, ipaddr.IPv4Address):
                return 'A'
@@ -30,7 +35,6 @@ def nsupdate_add(fqdn, ttl, ip):
        if p.returncode != 0:
                raise NsupdateError(p.returncode)
 
-
 def nsupdate_delete(fqdn, ip_family):
        """
        :param fqdn: Fully qualified domain name
@@ -43,6 +47,26 @@ def nsupdate_delete(fqdn, ip_family):
                raise NsupdateError(p.returncode)
 
 
+def blockip_whitelist_add(ip):
+       """
+       :param ip: ipv4 address
+       :raises a BlockipError in case of errors."""
+       command = "iptables -I blockip -s {ip} -j ACCEPT".format(ip=ip)
+       p = call(command, shell=True)
+       if p != 0:
+               raise BlockipError(p)
+
+
+def blockip_whitelist_delete(ip):
+       """
+       :param ip: ipv4 address
+       :raises a BlockipError in case of errors."""
+       command = "iptables -D blockip -s {ip} -j ACCEPT".format(ip=ip)
+       p = call(command, shell=True)
+       if p != 0:
+               raise BlockipError(p)
+
+
 def main(args):
        try:
                if args.delete:
@@ -51,9 +75,13 @@ def main(args):
                                nsupdate_delete(args.fqdn, 'AAAA')
                        else:
                                nsupdate_delete(args.fqdn, ipfamily_by_ip(args.ip))
+                               if ipfamily_by_ip(args.ip) == 'A':
+                                       blockip_whitelist_delete(args.ip)
                else:
                        nsupdate_delete(args.fqdn, ipfamily_by_ip(args.ip))
                        nsupdate_add(args.fqdn, args.ttl, args.ip)
+                       if ipfamily_by_ip(args.ip) == 'A':
+                               blockip_whitelist_add(args.ip)
        except NsupdateError as e:
                sys.exit(e.returncode)