iptablesdrop consider ipv6HEADmaster

1 files changed, 11 insertions, 4 deletions

diff --git a/rsham.go b/rsham.go
index fefdcca..8a50b91 100644
--- a/rsham.go
+++ b/rsham.go
@@ -90,10 +90,17 @@ func sshHandleConnection(mode string, nConn net.Conn, config *ssh.ServerConfig)
 		ip := nConn.RemoteAddr().String()[:strings.LastIndex(nConn.RemoteAddr().String(), ":")]
 
 		sshLog.Info("adding drop rule to iptables for ip", "ip", ip)
-		cmd := exec.Command("iptables", "-I", "INPUT", "-s", ip, "-j", "DROP")
-		out, err := cmd.CombinedOutput()
-		if err != nil {
-			sshLog.Error("error blocking IP", "ip", ip, "error", err, "command output", out)
+
+		// var cmd *exec.Cmd
+		if ip[0] == '[' {
+			sshLog.Error("ipv6 blocking not implemented", "ip", ip)
+
+		} else {
+			cmd := exec.Command("iptables", "-I", "INPUT", "-s", ip, "-j", "DROP")
+			out, err := cmd.CombinedOutput()
+			if err != nil {
+				sshLog.Error("error blocking IP", "ip", ip, "error", err, "command output", string(out))
+			}
 		}
 
 		nConn.Close()