1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20 package org.apache.mina.filter.firewall;
21
22 import java.net.InetAddress;
23 import java.net.InetSocketAddress;
24 import java.net.SocketAddress;
25 import java.util.List;
26 import java.util.concurrent.CopyOnWriteArrayList;
27
28 import org.apache.mina.core.filterchain.IoFilter;
29 import org.apache.mina.core.filterchain.IoFilterAdapter;
30 import org.apache.mina.core.session.IdleStatus;
31 import org.apache.mina.core.session.IoSession;
32 import org.apache.mina.core.write.WriteRequest;
33 import org.slf4j.Logger;
34 import org.slf4j.LoggerFactory;
35
36
37
38
39
40
41
42
43 public class BlacklistFilter extends IoFilterAdapter {
44
45 private final List<Subnet> blacklist = new CopyOnWriteArrayList<Subnet>();
46
47 private final static Logger LOGGER = LoggerFactory.getLogger(BlacklistFilter.class);
48
49
50
51
52
53
54
55
56 public void setBlacklist(InetAddress[] addresses) {
57 if (addresses == null) {
58 throw new IllegalArgumentException("addresses");
59 }
60
61 blacklist.clear();
62
63 for (int i = 0; i < addresses.length; i++) {
64 InetAddress addr = addresses[i];
65 block(addr);
66 }
67 }
68
69
70
71
72
73
74
75
76 public void setSubnetBlacklist(Subnet[] subnets) {
77 if (subnets == null) {
78 throw new IllegalArgumentException("Subnets must not be null");
79 }
80
81 blacklist.clear();
82
83 for (Subnet subnet : subnets) {
84 block(subnet);
85 }
86 }
87
88
89
90
91
92
93
94
95
96
97
98 public void setBlacklist(Iterable<InetAddress> addresses) {
99 if (addresses == null) {
100 throw new IllegalArgumentException("addresses");
101 }
102
103 blacklist.clear();
104
105 for (InetAddress address : addresses) {
106 block(address);
107 }
108 }
109
110
111
112
113
114
115
116
117 public void setSubnetBlacklist(Iterable<Subnet> subnets) {
118 if (subnets == null) {
119 throw new IllegalArgumentException("Subnets must not be null");
120 }
121
122 blacklist.clear();
123
124 for (Subnet subnet : subnets) {
125 block(subnet);
126 }
127 }
128
129
130
131
132
133
134 public void block(InetAddress address) {
135 if (address == null) {
136 throw new IllegalArgumentException("Adress to block can not be null");
137 }
138
139 block(new Subnet(address, 32));
140 }
141
142
143
144
145
146
147 public void block(Subnet subnet) {
148 if (subnet == null) {
149 throw new IllegalArgumentException("Subnet can not be null");
150 }
151
152 blacklist.add(subnet);
153 }
154
155
156
157
158
159
160 public void unblock(InetAddress address) {
161 if (address == null) {
162 throw new IllegalArgumentException("Adress to unblock can not be null");
163 }
164
165 unblock(new Subnet(address, 32));
166 }
167
168
169
170
171
172
173 public void unblock(Subnet subnet) {
174 if (subnet == null) {
175 throw new IllegalArgumentException("Subnet can not be null");
176 }
177
178 blacklist.remove(subnet);
179 }
180
181 @Override
182 public void sessionCreated(NextFilter nextFilter, IoSession session) {
183 if (!isBlocked(session)) {
184
185 nextFilter.sessionCreated(session);
186 } else {
187 blockSession(session);
188 }
189 }
190
191 @Override
192 public void sessionOpened(NextFilter nextFilter, IoSession session) throws Exception {
193 if (!isBlocked(session)) {
194
195 nextFilter.sessionOpened(session);
196 } else {
197 blockSession(session);
198 }
199 }
200
201 @Override
202 public void sessionClosed(NextFilter nextFilter, IoSession session) throws Exception {
203 if (!isBlocked(session)) {
204
205 nextFilter.sessionClosed(session);
206 } else {
207 blockSession(session);
208 }
209 }
210
211 @Override
212 public void sessionIdle(NextFilter nextFilter, IoSession session, IdleStatus status) throws Exception {
213 if (!isBlocked(session)) {
214
215 nextFilter.sessionIdle(session, status);
216 } else {
217 blockSession(session);
218 }
219 }
220
221 @Override
222 public void messageReceived(NextFilter nextFilter, IoSession session, Object message) {
223 if (!isBlocked(session)) {
224
225 nextFilter.messageReceived(session, message);
226 } else {
227 blockSession(session);
228 }
229 }
230
231 @Override
232 public void messageSent(NextFilter nextFilter, IoSession session, WriteRequest writeRequest) throws Exception {
233 if (!isBlocked(session)) {
234
235 nextFilter.messageSent(session, writeRequest);
236 } else {
237 blockSession(session);
238 }
239 }
240
241 private void blockSession(IoSession session) {
242 LOGGER.warn("Remote address in the blacklist; closing.");
243 session.closeNow();
244 }
245
246 private boolean isBlocked(IoSession session) {
247 SocketAddress remoteAddress = session.getRemoteAddress();
248
249 if (remoteAddress instanceof InetSocketAddress) {
250 InetAddress address = ((InetSocketAddress) remoteAddress).getAddress();
251
252
253 for (Subnet subnet : blacklist) {
254 if (subnet.inSubnet(address)) {
255 return true;
256 }
257 }
258 }
259
260 return false;
261 }
262 }