优化WAF黑名单处理

2025-11-23 23:30:25 +08:00 · 2023-03-31 21:37:15 +08:00
parent 20c802c51d
commit e016029c8e
11 changed files with 157 additions and 84 deletions
--- a/internal/firewalls/utils.go
+++ b/internal/firewalls/utils.go
@@ -0,0 +1,29 @@
+// Copyright 2023 Liuxiangchao iwind.liu@gmail.com. All rights reserved. Official site: https://goedge.cn .
+
+package firewalls
+
+import (
+	"time"
+)
+
+// DropTemporaryTo 使用本地防火墙临时拦截IP数据包
+func DropTemporaryTo(ip string, expiresAt int64) {
+	if expiresAt <= 1 {
+		return
+	}
+
+	var timeout = expiresAt - time.Now().Unix()
+	if timeout < 1 {
+		return
+	}
+	if timeout > 3600 {
+		timeout = 3600
+	}
+
+	// 使用本地防火墙延长封禁
+	var fw = Firewall()
+	if fw != nil && !fw.IsMock() {
+		// 这里 int(int64) 转换的前提是限制了 timeout <= 3600，否则将有整型溢出的风险
+		_ = fw.DropSourceIP(ip, int(timeout), true)
+	}
+}