From 0d218038b46d3f4e2d90b2e96a84138323305c7a Mon Sep 17 00:00:00 2001
From: Stefan Schantl <stefan.schantl@ipfire.org>
Date: Thu, 4 Feb 2016 09:18:44 +0100
Subject: [PATCH] Always whitelist localhost related addresses.

This will prevent guardian from blocking the local
traffic.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
---
 modules/Events.pm | 40 +++++++++++++++++++++++++++++++++++++++-
 1 file changed, 39 insertions(+), 1 deletion(-)

diff --git a/modules/Events.pm b/modules/Events.pm
index b70bbb5..a5da8e4 100644
--- a/modules/Events.pm
+++ b/modules/Events.pm
@@ -23,9 +23,14 @@ my %counthash = ();
 my %blockhash = ();
 
 # Hash to store user-defined IP addresses and/or subnets which should be
-# ignored in case any events should be repored for them.
+# ignored in case any events should be repored for them. 
 my %ignorehash = ();
 
+# Array to store localhost related IP addresses.
+# They are always white-listed to prevent guardian from blocking
+# any local traffic.
+my @localhost_addresses = ("127.0.0.1", "::1");
+
 # This object will contain the reference to the logger object after calling Init.
 my $logger;
 
@@ -64,6 +69,9 @@ sub Init (%) {
 	if (exists($self->{IgnoreFile})) {
 		# Call function to handle the ignore mechanism.
 	 	&GenerateIgnoreList($self->{IgnoreFile});
+	} else {
+		# Whitelist local addresses.
+		%ignorehash = &_whitelist_localhost();
 	}
 
 	# Return the class object.
@@ -302,6 +310,10 @@ sub GenerateIgnoreList($) {
 		return;
 	}
 
+	# Reset current ignore hash and add
+	# localhost related IP addresses.
+	%ignorehash = &_whitelist_localhost();
+
 	# Open the given IgnoreFile. 
 	open (IGNORE, $file);
 
@@ -405,4 +417,30 @@ sub _IsOnIgnoreList ($) {
 	return;
 }
 
+#
+## The _whitelist_localhost function.
+#
+## This tiny private function simple generates and returns a hash which contains
+## the clear and binary converted addresses for all array-stored
+## (@localhost_addresses) in an ignorelist compatible format.
+#
+sub _whitelist_localhost () {
+	my %temphash;
+
+	# Loop through the array of localhost related addresses.
+	foreach my $address (@localhost_addresses) {
+		# Validate and convert the addresss into binary format.
+		my @values = &Guardian::Base::IPOrNet2Int($address);
+
+		# Check if any values are returned.
+		if (@values) {
+			# Store the converted binary values in the temporary hash.
+			$temphash{$address} = [@values];
+		}
+	}
+
+	# Return the temporary hash.
+	return %temphash;
+}
+
 1;
-- 
2.39.2