add blockip_whitelist_add and blockip_whitelist_delete
authorgregor herrmann <gregoa@debian.org>
Fri, 1 Jul 2016 11:13:14 +0000 (13:13 +0200)
committergregor herrmann <gregoa@debian.org>
Fri, 1 Jul 2016 11:13:14 +0000 (13:13 +0200)
adds/removes the given ipv4 address to the blockip/ACCEPT chain in iptables

bin/tdyndns_update

index 4452fe0..b43286e 100755 (executable)
@@ -11,6 +11,11 @@ class NsupdateError(Exception):
                self.returncode = returncode
 
 
+class BlockipError(Exception):
+       def __init__(self, returncode):
+               self.returncode = returncode
+
+
 def ipfamily_by_ip(ip):
        if isinstance(ip, ipaddr.IPv4Address):
                return 'A'
@@ -30,7 +35,6 @@ def nsupdate_add(fqdn, ttl, ip):
        if p.returncode != 0:
                raise NsupdateError(p.returncode)
 
-
 def nsupdate_delete(fqdn, ip_family):
        """
        :param fqdn: Fully qualified domain name
@@ -43,6 +47,28 @@ def nsupdate_delete(fqdn, ip_family):
                raise NsupdateError(p.returncode)
 
 
+def blockip_whitelist_add(ip):
+       """
+       :param ip: ipv4 address
+       :raises a BlockipError in case of errors."""
+       command = "-I blockip -s {ip} -j ACCEPT\n\n".format(ip=ip)
+       p = Popen(['iptables'], stdin=PIPE)
+       p.communicate(command)
+       if p.returncode != 0:
+               raise NsupdateError(p.returncode)
+
+
+def blockip_whitelist_delete(ip):
+       """
+       :param ip: ipv4 address
+       :raises a BlockipError in case of errors."""
+       command = "-D blockip -s {ip} -j ACCEPT\n\n".format(ip=ip)
+       p = Popen(['iptables'], stdin=PIPE)
+       p.communicate(command)
+       if p.returncode != 0:
+               raise NsupdateError(p.returncode)
+
+
 def main(args):
        try:
                if args.delete:
@@ -51,9 +77,13 @@ def main(args):
                                nsupdate_delete(args.fqdn, 'AAAA')
                        else:
                                nsupdate_delete(args.fqdn, ipfamily_by_ip(args.ip))
+                               if ipfamily_by_ip(args.ip) == 'A':
+                                       blockip_whitelist_delete(args.ip)
                else:
                        nsupdate_delete(args.fqdn, ipfamily_by_ip(args.ip))
                        nsupdate_add(args.fqdn, args.ttl, args.ip)
+                       if ipfamily_by_ip(args.ip) == 'A':
+                               blockip_whitelist_add(args.ip)
        except NsupdateError as e:
                sys.exit(e.returncode)