Normalise IP addresses across backend

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-05-03 18:19:41 +02:00
parent 85d05ee582
commit 96525573fa
6 changed files with 24 additions and 49 deletions
--- a/backend/app/services/jail_service.py
+++ b/backend/app/services/jail_service.py
@@ -48,6 +48,7 @@ from app.utils.fail2ban_response import (
    ok,
    to_dict,
 )
+from app.utils.ip_utils import normalise_ip
 from app.utils.jail_socket import reload_all
 from app.utils.runtime_state import JailServiceState  # noqa: TC001

@@ -639,6 +640,7 @@ def _parse_ban_entry(entry: str, jail: str) -> DomainActiveBan | None:

        # Validate IP
        ipaddress.ip_address(ip)
+        ip = normalise_ip(ip)

        if len(parts) < 2:
            # Entry has no time info — return with unknown times.
@@ -1009,6 +1011,7 @@ async def lookup_ip(
    except ValueError as exc:
        raise ValueError(f"Invalid IP address: {ip!r}") from exc

+    ip = normalise_ip(ip)
    client = Fail2BanClient(socket_path=socket_path, timeout=FAIL2BAN_SOCKET_TIMEOUT)

    with contextlib.suppress(ValueError, Fail2BanConnectionError):