new upstream release (3.3.0); modify package compatibility for Stretch

[ossec-hids.git] / active-response / firewall-drop.sh

diff --git a/active-response/firewall-drop.sh b/active-response/firewall-drop.sh
index 820d759..5b5cd53 100755 (executable)
--- a/active-response/firewall-drop.sh
+++ b/active-response/firewall-drop.sh
@@ -32,7 +32,8 @@ IP=$3
 PWD=`pwd`
 LOCK="${PWD}/fw-drop"
 LOCK_PID="${PWD}/fw-drop/pid"
-
+IPV4F="/proc/sys/net/ipv4/ip_forward"
+IPV6F="/proc/sys/net/ipv6/conf/all/forwarding"
 
 LOCAL=`dirname $0`;
 cd $LOCAL
@@ -70,7 +71,7 @@ lock()
         mkdir ${LOCK} > /dev/null 2>&1
         MSL=$?
         if [ "${MSL}" = "0" ]; then
-            # Lock aquired (setting the pid)
+            # Lock acquired (setting the pid)
             echo "$$" > ${LOCK_PID}
             return;
         fi
@@ -86,10 +87,7 @@ lock()
             i=`expr $i + 1`;
         fi
 
-        # Sleep 1 after 10/25 interactions
-        if [ "$i" = "10" -o "$i" = "25" ]; then
-            sleep 1;
-        fi
+        sleep $i;
 
         i=`expr $i + 1`;
 
@@ -178,6 +176,27 @@ if [ "X${UNAME}" = "XLinux" ]; then
    
    COUNT=0;
    while [ 1 ]; do
+        #
+        # Looking for IPV4 and IPV6 FORWARD
+        #
+        if [ -e "$IPV4F" ]
+        then
+                IPV4KEY="$(cat "$IPV4F")"
+        else
+                IPV4KEY="0"
+        fi
+        if [ -e "$IPV6F" ]
+        then
+                IPV6KEY="$(cat "$IPV6F")"
+        else
+                IPV6KEY="0"
+        fi
+                
+        if [ "$IPV4KEY" = "0" ] && [ "$IPV6KEY" = "0" ]
+        then
+                break
+        fi
+
         ${IPTABLES} ${ARG2}
         RES=$?
         if [ $RES = 0 ]; then