alihan/cs-firewall-bouncer
1
0
Fork 0
mirror of https://github.com/crowdsecurity/cs-firewall-bouncer.git synced 2024-08-19 01:18:49 +03:00
Code Issues Packages Projects Releases Wiki Activity

emit banned IPs metrics when in ipset mode (#350)

Browse Source 
* emit banned IPs metrics when in ipset mode

* fix nil checks  metrics.go

* oops

---------

Co-authored-by: mmetc <92726601+mmetc@users.noreply.github.com>
This commit is contained in:
Nathan A. Ferch
2024-03-11 10:20:39 -04:00
committed by GitHub
parent f50c248f68
commit 32122046da
2 changed files with 14 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
cmd/root.go
View File

@@ -218,9 +218,13 @@ func Execute() error {
})
if config.PrometheusConfig.Enabled {
if config.Mode == cfg.IptablesMode || config.Mode == cfg.NftablesMode || config.Mode == cfg.PfMode {
if config.Mode == cfg.IptablesMode || config.Mode == cfg.NftablesMode || config.Mode == cfg.IpsetMode || config.Mode == cfg.PfMode {
go backend.CollectMetrics()
prometheus.MustRegister(metrics.TotalDroppedBytes, metrics.TotalDroppedPackets, metrics.TotalActiveBannedIPs)
if config.Mode == cfg.IpsetMode {
prometheus.MustRegister(metrics.TotalActiveBannedIPs)
} else {
prometheus.MustRegister(metrics.TotalDroppedBytes, metrics.TotalDroppedPackets, metrics.TotalActiveBannedIPs)
}
}
prometheus.MustRegister(csbouncer.TotalLAPICalls, csbouncer.TotalLAPIError)

12
pkg/iptables/metrics.go
View File

@@ -65,14 +65,18 @@ func (ipt *iptables) CollectMetrics() {
t := time.NewTicker(metrics.MetricCollectionInterval)
for range t.C {
ip4DroppedPackets, ip4DroppedBytes = collectDroppedPackets(ipt.v4.iptablesBin, ipt.v4.Chains, ipt.v4.SetName)
if ipt.v4 != nil && !ipt.v4.ipsetContentOnly {
ip4DroppedPackets, ip4DroppedBytes = collectDroppedPackets(ipt.v4.iptablesBin, ipt.v4.Chains, ipt.v4.SetName)
}
if ipt.v6 != nil {
if ipt.v6 != nil && !ipt.v6.ipsetContentOnly {
ip6DroppedPackets, ip6DroppedBytes = collectDroppedPackets(ipt.v6.iptablesBin, ipt.v6.Chains, ipt.v6.SetName)
}
metrics.TotalDroppedPackets.Set(ip4DroppedPackets + ip6DroppedPackets)
metrics.TotalDroppedBytes.Set(ip6DroppedBytes + ip4DroppedBytes)
if (ipt.v4 != nil && !ipt.v4.ipsetContentOnly) || (ipt.v6 != nil && !ipt.v6.ipsetContentOnly) {
metrics.TotalDroppedPackets.Set(ip4DroppedPackets + ip6DroppedPackets)
metrics.TotalDroppedBytes.Set(ip6DroppedBytes + ip4DroppedBytes)
}
out, err := exec.Command(ipt.v4.ipsetBin, "list", "-o", "xml").CombinedOutput()
if err != nil {