Alex-Devera/3x-ui
1
0
Fork 0
mirror of https://github.com/MHSanaei/3x-ui.git synced 2025-08-30 23:06:18 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Logging for fail2ban service

Browse source 
Removed limitDevice and other unnecessary functions
This commit is contained in:
somebodywashere 2023-06-08 17:46:50 +00:00
parent 547e38079f
commit 61a2e6dc11
1 changed files with 4 additions and 108 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

110
web/job/check_client_ip_job.go
View file

@ -14,8 +14,6 @@ import (
"sort" "sort"
"strings" "strings"
"time" "time"
"github.com/go-cmd/cmd"
) )
type CheckClientIpJob struct { type CheckClientIpJob struct {
@ -107,12 +105,7 @@ func processLogFile() {
} }
// check if inbound connection is more than limited ip and drop connection
LimitDevice := func() { LimitDevice() }
stop := schedule(LimitDevice, 1000*time.Millisecond)
time.Sleep(10 * time.Second) time.Sleep(10 * time.Second)
stop <- true
} }
func GetAccessLogPath() string { func GetAccessLogPath() string {
@ -212,6 +205,9 @@ func updateInboundClientIps(inboundClientIps *model.InboundClientIps, clientEmai
if limitIp < len(ips) && limitIp != 0 && inbound.Enable { if limitIp < len(ips) && limitIp != 0 && inbound.Enable {
disAllowedIps = append(disAllowedIps, ips[limitIp:]...) disAllowedIps = append(disAllowedIps, ips[limitIp:]...)
for i:=limitIp; i < len(ips); i++ {
logger.Info("[LIMIT_IP] Email=", clientEmail, " SRC=", ips[i])
}
return true return true
} }
} }
@ -251,103 +247,3 @@ func GetInboundByEmail(clientEmail string) (*model.Inbound, error) {
} }
return inbounds, nil return inbounds, nil
} }
func LimitDevice() {
localIp, err := LocalIP()
checkError(err)
c := cmd.NewCmd("bash", "-c", "ss --tcp | grep -E '"+IPsToRegex(localIp)+"'| awk '{if($1==\"ESTAB\") print $4,$5;}'", "| sort | uniq -c | sort -nr | head")
<-c.Start()
if len(c.Status().Stdout) > 0 {
ipRegx, _ := regexp.Compile(`[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+`)
portRegx, _ := regexp.Compile(`(?:(:))([0-9]..[^.][0-9]+)`)
for _, row := range c.Status().Stdout {
data := strings.Split(row, " ")
destIp, destPort, srcIp, srcPort := "", "", "", ""
destIp = string(ipRegx.FindString(data[0]))
destPort = portRegx.FindString(data[0])
destPort = strings.Replace(destPort, ":", "", -1)
srcIp = string(ipRegx.FindString(data[1]))
srcPort = portRegx.FindString(data[1])
srcPort = strings.Replace(srcPort, ":", "", -1)
if contains(disAllowedIps, srcIp) {
dropCmd := cmd.NewCmd("bash", "-c", "ss -K dport = "+srcPort)
dropCmd.Start()
logger.Debug("request droped : ", srcIp, srcPort, "to", destIp, destPort)
}
}
}
}
func LocalIP() ([]string, error) {
// get machine ips
ifaces, err := net.Interfaces()
ips := []string{}
if err != nil {
return ips, err
}
for _, i := range ifaces {
addrs, err := i.Addrs()
if err != nil {
return ips, err
}
for _, addr := range addrs {
var ip net.IP
switch v := addr.(type) {
case *net.IPNet:
ip = v.IP
case *net.IPAddr:
ip = v.IP
}
ips = append(ips, ip.String())
}
}
logger.Debug("System IPs : ", ips)
return ips, nil
}
func IPsToRegex(ips []string) string {
regx := ""
for _, ip := range ips {
regx += "(" + strings.Replace(ip, ".", "\\.", -1) + ")"
}
regx = "(" + strings.Replace(regx, ")(", ")|(.", -1) + ")"
return regx
}
func schedule(LimitDevice func(), delay time.Duration) chan bool {
stop := make(chan bool)
go func() {
for {
LimitDevice()
select {
case <-time.After(delay):
case <-stop:
return
}
}
}()
return stop
}