From 80bb78f73d7ac61f0e68062fb0dc61c9e3b7ff2b Mon Sep 17 00:00:00 2001
From: Matt Drollette <matt@drollette.com>
Date: Mon, 16 Mar 2015 21:28:44 -0500
Subject: [PATCH] stashing blacklist changes

---
 cmd/reseed.go    | 17 +++++++++++++++++
 reseed/server.go | 34 ++++++++++++++++++++++++++++++++++
 2 files changed, 51 insertions(+)

diff --git a/cmd/reseed.go b/cmd/reseed.go
index 151a8eb..0be280d 100644
--- a/cmd/reseed.go
+++ b/cmd/reseed.go
@@ -2,8 +2,10 @@ package cmd
 
 import (
 	"fmt"
+	"io/ioutil"
 	"log"
 	"net"
+	"strings"
 	"time"
 
 	"github.com/MDrollette/i2p-tools/reseed"
@@ -74,6 +76,11 @@ func NewReseedCommand() cli.Command {
 				Name:  "trustProxy",
 				Usage: "If provided, we will trust the 'X-Forwarded-For' header in requests (ex. behind cloudflare)",
 			},
+			cli.StringFlag{
+				Name:  "blacklist",
+				Value: "",
+				Usage: "Path to a txt file containing a list of IPs to deny connections from.",
+			},
 		},
 	}
 }
@@ -149,6 +156,16 @@ func reseedAction(c *cli.Context) {
 	server.Reseeder = reseeder
 	server.Addr = net.JoinHostPort(c.String("ip"), c.String("port"))
 
+	// load a blacklist
+	blacklistFile := c.String("blacklist")
+	if blacklistFile != "" {
+		if content, err := ioutil.ReadFile(blacklistFile); err == nil {
+			server.Blacklist = strings.Split(string(content), "\n")
+		} else {
+			log.Fatalln("Failed to load blacklist: ", err)
+		}
+	}
+
 	if tlsHost != "" && tlsCert != "" && tlsKey != "" {
 		log.Printf("HTTPS server started on %s\n", server.Addr)
 		log.Fatalln(server.ListenAndServeTLS(tlsCert, tlsKey))
diff --git a/reseed/server.go b/reseed/server.go
index 883d921..1542236 100644
--- a/reseed/server.go
+++ b/reseed/server.go
@@ -20,6 +20,40 @@ const (
 	I2P_USER_AGENT = "Wget/1.11.4"
 )
 
+type Listener struct {
+	net.Listener
+	Blacklist []string
+}
+
+func (nl Listener) Accept() (net.Conn, error) {
+	for {
+		c, err := nl.Listener.Accept()
+		if err != nil {
+			return nil, err
+		}
+
+		host, port, err := net.SplitHostPort(c.RemoteAddr().String())
+		if err != nil {
+			l.Printf("accept fail: %s\n", err.Error())
+			go c.Close()
+			continue
+		}
+
+		ip := net.ParseIP(host)
+
+		for _, cidr := range nl.Blacklist {
+			if _, ipnet, err := net.ParseCIDR(cidr); err == nil {
+				if ipnet.Contains(ip) {
+					l.Printf("allow conn from: %s:%s\n", host, port)
+					return c, err
+				}
+			}
+		}
+
+		go c.Close()
+	}
+}
+
 type Server struct {
 	*http.Server
 	Reseeder Reseeder