aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGravatar alecdwm 2016-04-10 11:59:16 +0200
committerGravatar alecdwm 2016-04-10 11:59:16 +0200
commit6b4fe2a2b3ffb4e4832cf347088051781d83d7a3 (patch)
tree0942248a0c411735bd4d6eed1fd57b8001f9b1d9
parent48b968d27e761aca07038f9ddefb51db0a271d00 (diff)
iptablesdrop consider ipv6HEADmaster
-rw-r--r--rsham.go15
1 files changed, 11 insertions, 4 deletions
diff --git a/rsham.go b/rsham.go
index fefdcca..8a50b91 100644
--- a/rsham.go
+++ b/rsham.go
@@ -90,10 +90,17 @@ func sshHandleConnection(mode string, nConn net.Conn, config *ssh.ServerConfig)
ip := nConn.RemoteAddr().String()[:strings.LastIndex(nConn.RemoteAddr().String(), ":")]
sshLog.Info("adding drop rule to iptables for ip", "ip", ip)
- cmd := exec.Command("iptables", "-I", "INPUT", "-s", ip, "-j", "DROP")
- out, err := cmd.CombinedOutput()
- if err != nil {
- sshLog.Error("error blocking IP", "ip", ip, "error", err, "command output", out)
+
+ // var cmd *exec.Cmd
+ if ip[0] == '[' {
+ sshLog.Error("ipv6 blocking not implemented", "ip", ip)
+
+ } else {
+ cmd := exec.Command("iptables", "-I", "INPUT", "-s", ip, "-j", "DROP")
+ out, err := cmd.CombinedOutput()
+ if err != nil {
+ sshLog.Error("error blocking IP", "ip", ip, "error", err, "command output", string(out))
+ }
}
nConn.Close()