Merge pull request #2 from apache/humbedooh/blocky4-switch
Switch to Blocky4
diff --git a/blocky.yaml b/blocky.yaml
index 612f11e..d6a0c2c 100644
--- a/blocky.yaml
+++ b/blocky.yaml
@@ -18,7 +18,7 @@
# Blocky/4 configuration #
-api_host: https://blocky.apache.org/api/
+api_host: https://blocky-he-de.apache.org/
pubsub_host: https://pubsub.apache.org:2070/
update_interval: 300
chains:
diff --git a/blocky4-client.py b/blocky4-client.py
index 35f0b45..6737f5f 100644
--- a/blocky4-client.py
+++ b/blocky4-client.py
@@ -25,6 +25,10 @@
import aiohttp
import json
+MAX_BLOCK_SIZE_IPV4 = (2 ** 16) # Max a /16 block in IPv4 space (32 - 16 == /16)
+MAX_BLOCK_SIZE_IPV6 = (2 ** 72) # Max a /56 block in IPv6 space (128 - 72 == /56)
+
+
# Redirect print to asfpy's syslog printer, duplicate to stdout
print = asfpy.syslog.Printer(stdout=True, identity="blocky")
@@ -36,7 +40,7 @@
await chain.refresh()
for rule in chain.items:
rules_as_dict.append(rule.to_dict())
- print("Uploading iptables list (%u entries) to Blocky server" % len(rules_as_dict))
+ # print("Uploading iptables list (%u entries) to Blocky server" % len(rules_as_dict))
try:
js = {"hostname": config["whoami"], "iptables": rules_as_dict}
timeout = aiohttp.ClientTimeout(total=15)
@@ -44,7 +48,7 @@
async with aiohttp.request("PUT", api_url, json=js, timeout=timeout) as resp:
response = await resp.json()
assert resp.status == 200, f"{resp.status}: {resp.reason}"
- print(response)
+ # print(response)
except AssertionError as status:
print(f"Server responded with code {status}")
except aiohttp.ClientConnectorError as e:
@@ -103,8 +107,8 @@
if "/" in ip:
as_block = netaddr.IPNetwork(ip)
# We never ban larger than a /8 on ipv4 and /56 on ipv6
- if (as_block.version == 4 and as_block.size > (2 ** 24)) or (
- as_block.version == 6 and as_block.size > (2 ^ 72)
+ if (as_block.version == 4 and as_block.size > MAX_BLOCK_SIZE_IPV4) or (
+ as_block.version == 6 and as_block.size > MAX_BLOCK_SIZE_IPV6
):
print("%s was requested banned but the net block is too large (%u IPs)" % (as_block, as_block.size))
continue
diff --git a/iptables.py b/iptables.py
index eda2efd..a25b9d4 100644
--- a/iptables.py
+++ b/iptables.py
@@ -122,7 +122,8 @@
source = m.group(5)
destination = m.group(6)
extensions = m.group(7)
-
+ if action and action != "DROP": # We only want drops
+ continue
entry = Entry(
self.chain, line_number, action, protocol, option, source, destination, extensions
)
@@ -155,7 +156,7 @@
sys.exit(-1)
if "No chain/target/match" in str(err):
continue
- asyncio.sleep(1) # write lock, probably
+ await asyncio.sleep(1) # write lock, probably
if out:
for line in out.decode("ascii").split("\n"):
# Unlike ipv4 iptables, the 'option' thing is blank here, so omit it
@@ -167,7 +168,8 @@
source = m.group(4)
destination = m.group(5)
extensions = m.group(6)
-
+ if action and action != "DROP": # We only want drops
+ continue
entry = Entry(
self.chain, line_number, action, protocol, None, source, destination, extensions
)