From 10738aa72142fd946cece1ddfbaabf0f2658ba39 Mon Sep 17 00:00:00 2001 From: Bastian Maeuser Date: Sat, 27 Apr 2019 15:09:14 +0200 Subject: [PATCH] Added IP to logging for helping mitigate Shortcuts --- roles/fastd/files/blacklist.sh | 3 ++- roles/fastd/templates/fastd.conf.j2 | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/roles/fastd/files/blacklist.sh b/roles/fastd/files/blacklist.sh index eed994b..f0081d7 100644 --- a/roles/fastd/files/blacklist.sh +++ b/roles/fastd/files/blacklist.sh @@ -1,7 +1,8 @@ #!/bin/bash PEER_KEY=$1 PEER_ADDRESS=$2 -if /bin/grep -Fq $PEER_KEY /opt/ffrgb_cty/vpn-blacklist/blacklist.json; then +BLACKLIST=$3 +if /bin/grep -Fq $PEER_KEY $BLACKLIST; then echo "BANNED KEY: $PEER_KEY $PEER_ADDRESS" exit 1 else diff --git a/roles/fastd/templates/fastd.conf.j2 b/roles/fastd/templates/fastd.conf.j2 index 58afd72..4c3cdb7 100644 --- a/roles/fastd/templates/fastd.conf.j2 +++ b/roles/fastd/templates/fastd.conf.j2 @@ -38,7 +38,7 @@ on down " "; {% if fastd_anonymous %} -on verify "/etc/fastd/{{ site_code }}/blacklist.sh $PEER_KEY $PEER_ADDRESS /opt/{{ site_code }}/vpn-blacklist/blacklist.json"; +on verify "/etc/fastd/{{ site_code }}/blacklist.sh $PEER_KEY $PEER_ADDRESS /etc/fastd/{{ site_code }}/vpn-blacklist/blacklist.json"; {% endif %} include peers from "peers";