1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20 package org.apache.mina.filter.firewall;
21
22 import java.net.InetAddress;
23 import java.net.InetSocketAddress;
24 import java.net.SocketAddress;
25 import java.util.List;
26 import java.util.concurrent.CopyOnWriteArrayList;
27
28 import org.apache.mina.core.filterchain.IoFilter;
29 import org.apache.mina.core.filterchain.IoFilterAdapter;
30 import org.apache.mina.core.session.IdleStatus;
31 import org.apache.mina.core.session.IoSession;
32 import org.apache.mina.core.write.WriteRequest;
33 import org.apache.mina.filter.FilterEvent;
34 import org.slf4j.Logger;
35 import org.slf4j.LoggerFactory;
36
37
38
39
40
41
42
43
44 public class BlacklistFilter extends IoFilterAdapter {
45
46 private final List<Subnet> blacklist = new CopyOnWriteArrayList<Subnet>();
47
48
49 private final static Logger LOGGER = LoggerFactory.getLogger(BlacklistFilter.class);
50
51
52
53
54
55
56
57
58 public void setBlacklist(InetAddress[] addresses) {
59 if (addresses == null) {
60 throw new IllegalArgumentException("addresses");
61 }
62
63 blacklist.clear();
64
65 for (InetAddress address:addresses) {
66 block(address);
67 }
68 }
69
70
71
72
73
74
75
76
77 public void setSubnetBlacklist(Subnet[] subnets) {
78 if (subnets == null) {
79 throw new IllegalArgumentException("Subnets must not be null");
80 }
81
82 blacklist.clear();
83
84 for (Subnet subnet : subnets) {
85 block(subnet);
86 }
87 }
88
89
90
91
92
93
94
95
96
97
98
99 public void setBlacklist(Iterable<InetAddress> addresses) {
100 if (addresses == null) {
101 throw new IllegalArgumentException("addresses");
102 }
103
104 blacklist.clear();
105
106 for (InetAddress address : addresses) {
107 block(address);
108 }
109 }
110
111
112
113
114
115
116
117
118 public void setSubnetBlacklist(Iterable<Subnet> subnets) {
119 if (subnets == null) {
120 throw new IllegalArgumentException("Subnets must not be null");
121 }
122
123 blacklist.clear();
124
125 for (Subnet subnet : subnets) {
126 block(subnet);
127 }
128 }
129
130
131
132
133
134
135 public void block(InetAddress address) {
136 if (address == null) {
137 throw new IllegalArgumentException("Adress to block can not be null");
138 }
139
140 block(new Subnet(address, 32));
141 }
142
143
144
145
146
147
148 public void block(Subnet subnet) {
149 if (subnet == null) {
150 throw new IllegalArgumentException("Subnet can not be null");
151 }
152
153 blacklist.add(subnet);
154 }
155
156
157
158
159
160
161 public void unblock(InetAddress address) {
162 if (address == null) {
163 throw new IllegalArgumentException("Adress to unblock can not be null");
164 }
165
166 unblock(new Subnet(address, 32));
167 }
168
169
170
171
172
173
174 public void unblock(Subnet subnet) {
175 if (subnet == null) {
176 throw new IllegalArgumentException("Subnet can not be null");
177 }
178
179 blacklist.remove(subnet);
180 }
181
182
183
184
185 @Override
186 public void event(NextFilter nextFilter, IoSession session, FilterEvent event) throws Exception {
187 if (!isBlocked(session)) {
188
189 nextFilter.event(session, event);
190 } else {
191 blockSession(session);
192 }
193 }
194
195
196
197
198 @Override
199 public void sessionCreated(NextFilter nextFilter, IoSession session) {
200 if (!isBlocked(session)) {
201
202 nextFilter.sessionCreated(session);
203 } else {
204 blockSession(session);
205 }
206 }
207
208
209
210
211 @Override
212 public void sessionOpened(NextFilter nextFilter, IoSession session) throws Exception {
213 if (!isBlocked(session)) {
214
215 nextFilter.sessionOpened(session);
216 } else {
217 blockSession(session);
218 }
219 }
220
221
222
223
224 @Override
225 public void sessionIdle(NextFilter nextFilter, IoSession session, IdleStatus status) throws Exception {
226 if (!isBlocked(session)) {
227
228 nextFilter.sessionIdle(session, status);
229 } else {
230 blockSession(session);
231 }
232 }
233
234
235
236
237 @Override
238 public void messageReceived(NextFilter nextFilter, IoSession session, Object message) {
239 if (!isBlocked(session)) {
240
241 nextFilter.messageReceived(session, message);
242 } else {
243 blockSession(session);
244 }
245 }
246
247
248
249
250 @Override
251 public void messageSent(NextFilter nextFilter, IoSession session, WriteRequest writeRequest) throws Exception {
252 if (!isBlocked(session)) {
253
254 nextFilter.messageSent(session, writeRequest);
255 } else {
256 blockSession(session);
257 }
258 }
259
260 private void blockSession(IoSession session) {
261 LOGGER.warn("Remote address in the blacklist; closing.");
262 session.closeNow();
263 }
264
265 private boolean isBlocked(IoSession session) {
266 SocketAddress remoteAddress = session.getRemoteAddress();
267
268 if (remoteAddress instanceof InetSocketAddress) {
269 InetAddress address = ((InetSocketAddress) remoteAddress).getAddress();
270
271
272 for (Subnet subnet : blacklist) {
273 if (subnet.inSubnet(address)) {
274 return true;
275 }
276 }
277 }
278
279 return false;
280 }
281 }