3 # This yate module will monitor failed authentications and send the source
4 # IP addresses of users who fail to authenticate to the iptables extension
5 # "recent" for filtering.
7 # You have to have the iptables extension "recent" installed and you need to
8 # create and reference a "recent" list in your firewall configuration.
9 # For most people it's probably enough to add this custom firewall rule
10 # to /etc/firewall.user:
12 # iptables -A input_rule -m recent --name yate_auth_failures --rcheck --seconds 3600 --hitcount 5 -j DROP
14 # This line will drop all incoming traffic from users who have failed to
15 # authenticate 5 consecutive times within the last hour.
17 # To enable this script in yate, add this script to the [scripts] section
18 # in /etc/yate/extmodule.conf.
23 use lib
'/usr/share/yate/scripts';
26 my $RECENT_LIST_NAME = '/proc/net/xt_recent/yate_auth_failures';
28 sub OnAuthenticationRequest
($) {
30 my $remote_ip = $yate->param('ip_host');
32 if ($yate->header('processed') eq 'true') {
33 # Successful authentication, forget previous failures
34 `echo -$remote_ip > $RECENT_LIST_NAME`;
38 `echo +$remote_ip > $RECENT_LIST_NAME`;
42 my $yate = new Yate
();
44 if (! -f
$RECENT_LIST_NAME) {
45 $yate->output("iptables recent list $RECENT_LIST_NAME does not exist");
49 $yate->install_watcher('user.auth', \
&OnAuthenticationRequest
);