fix + update README

.gitignore

@@ -1,4 +1,5 @@
 *.log
+*.swp
 
 venv
 

Makefile

@@ -16,3 +16,5 @@ check-type:
 
 check: format lint check-type
 
+live:
+	tail -f /var/log/nginx/access.log | python3 ufwban.py --live

README.md

@@ -38,6 +38,7 @@ options:
   -h, --help  show this help message and exit
   --dry-run
   --refresh   Drop all the deny ip in the UFW table and return
+  --to-nginx  Generate an Nginx deny configuration
   --reload    Reload the UFW firewall
   --live      Read inputs from stdin
 ```
@@ -52,12 +53,15 @@ python ufwban.py --dry-run
 
 # drop all "DENY IN" ufw rules (be careful)
 python ufwban.py --refresh
+
+# generate an Nginx deny configuration (use --dry-run to see updates before applying)
+python ufwban.py --to-nginx
 ```
 
 * Live mode:
 ```bash
 # Read and parse Nginx access logs on each new entry and ban ip
-tail -f /var/log/nginx/access.log | python ufwban.py
+tail -f /var/log/nginx/access.log | python ufwban.py --live
 ```
 
 For each modes, a log is available to show which ip has been banned: `ufwban.log`.

ufwban.py

@@ -264,6 +264,7 @@ def get_logs_to_deny(logs: list[NginxLog], rules: Rules) -> dict[str, NginxLog]:
 
 
 def get_nginx_denied_ips() -> list[str]:
+    """Retrieve existing Nginx denied ips"""
     denied_ips = []
 
     try:
@@ -278,7 +279,7 @@ def get_nginx_denied_ips() -> list[str]:
                     logging.warning(f"not a deny rule: {line} in {NGINX_DENY_CONF}")
                     continue
 
-                denied_ips.append(parts[2][:-1])
+                denied_ips.append(parts[1].removesuffix("\n")[:-1])
     except FileNotFoundError:
         logging.warning(f"{NGINX_DENY_CONF} does not exist")