mirror of
https://github.com/zeek/zeek.git
synced 2025-10-12 03:28:19 +00:00
9f8ba408ba
- Moved the Notice::notice event and Notice::policy table to both be hooks. - Renamed the old Notice::policy to Notice::policy_table and documented it as deprecated.
29 lines
689 B
Text
29 lines
689 B
Text
##! This script extends the built in notice code to implement the IP address
|
|
##! dropping functionality.
|
|
|
|
@load ../main
|
|
|
|
module Notice;
|
|
|
|
export {
|
|
redef enum Action += {
|
|
## Drops the address via Drop::drop_address, and generates an alarm.
|
|
ACTION_DROP
|
|
};
|
|
|
|
redef record Info += {
|
|
## Indicate if the $src IP address was dropped and denied network access.
|
|
dropped: bool &log &default=F;
|
|
};
|
|
}
|
|
|
|
hook notice(n: Notice::Info)
|
|
{
|
|
if ( ACTION_DROP in n$actions )
|
|
{
|
|
#local drop = React::drop_address(n$src, "");
|
|
#local addl = drop?$sub ? fmt(" %s", drop$sub) : "";
|
|
#n$dropped = drop$note != Drop::AddressDropIgnored;
|
|
#n$msg += fmt(" [%s%s]", drop$note, addl);
|
|
}
|
|
}
|