This commit is contained in:
d3m0k1d
@@ -1,19 +1,6 @@
|
||||
package blocker
|
||||
|
||||
// BlockerEngine defines the interface for all firewall implementations
|
||||
type BlockerEngine interface {
|
||||
// Core operations
|
||||
Ban(ip string) error
|
||||
Unban(ip string) error
|
||||
|
||||
// Lifecycle management
|
||||
Setup() error
|
||||
Close() error
|
||||
|
||||
// Query operations
|
||||
List() ([]string, error)
|
||||
|
||||
// Metadata
|
||||
Name() string
|
||||
IsAvailable() bool
|
||||
}
|
||||
|
||||
@@ -20,23 +20,6 @@ func NewNftables(logger *logger.Logger, config string) *Nftables {
|
||||
}
|
||||
}
|
||||
|
||||
// Name returns the blocker engine name
|
||||
func (n *Nftables) Name() string {
|
||||
return "nftables"
|
||||
}
|
||||
|
||||
// IsAvailable checks if nftables is available in the system
|
||||
func (n *Nftables) IsAvailable() bool {
|
||||
cmd := exec.Command("which", "nft")
|
||||
return cmd.Run() == nil
|
||||
}
|
||||
|
||||
// Setup initializes nftables with required tables and chains
|
||||
func (n *Nftables) Setup() error {
|
||||
return SetupNftables(n.config)
|
||||
}
|
||||
|
||||
// Ban adds an IP to the banned list
|
||||
func (n *Nftables) Ban(ip string) error {
|
||||
err := validateIP(ip)
|
||||
if err != nil {
|
||||
@@ -68,7 +51,6 @@ func (n *Nftables) Ban(ip string) error {
|
||||
return nil
|
||||
}
|
||||
|
||||
// Unban removes an IP from the banned list
|
||||
func (n *Nftables) Unban(ip string) error {
|
||||
err := validateIP(ip)
|
||||
if err != nil {
|
||||
@@ -114,45 +96,6 @@ func (n *Nftables) Unban(ip string) error {
|
||||
return nil
|
||||
}
|
||||
|
||||
// List returns all currently banned IPs
|
||||
func (n *Nftables) List() ([]string, error) {
|
||||
cmd := exec.Command("sudo", "nft", "-a", "list", "chain", "inet", "banforge", "banned")
|
||||
output, err := cmd.CombinedOutput()
|
||||
if err != nil {
|
||||
n.logger.Error("failed to list banned IPs",
|
||||
"error", err.Error(),
|
||||
"output", string(output))
|
||||
return nil, err
|
||||
}
|
||||
|
||||
var bannedIPs []string
|
||||
lines := strings.Split(string(output), "\n")
|
||||
for _, line := range lines {
|
||||
if strings.Contains(line, "drop") && strings.Contains(line, "saddr") {
|
||||
// Extract IP from line like: ip saddr 10.0.0.1 drop # handle 2
|
||||
parts := strings.Fields(line)
|
||||
for i, part := range parts {
|
||||
if part == "saddr" && i+1 < len(parts) {
|
||||
ip := parts[i+1]
|
||||
if validateIP(ip) == nil {
|
||||
bannedIPs = append(bannedIPs, ip)
|
||||
}
|
||||
break
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return bannedIPs, nil
|
||||
}
|
||||
|
||||
// Close performs cleanup operations (placeholder for future use)
|
||||
func (n *Nftables) Close() error {
|
||||
// No cleanup needed for nftables
|
||||
n.logger.Info("nftables blocker closed")
|
||||
return nil
|
||||
}
|
||||
|
||||
func SetupNftables(config string) error {
|
||||
err := validateConfigPath(config)
|
||||
if err != nil {
|
||||
@@ -178,25 +121,6 @@ func SetupNftables(config string) error {
|
||||
}
|
||||
}
|
||||
|
||||
cmd = exec.Command("sudo", "nft", "list", "chain", "inet", "banforge", "banned")
|
||||
if err := cmd.Run(); err != nil {
|
||||
cmd = exec.Command("sudo", "nft", "add", "chain", "inet", "banforge", "banned")
|
||||
output, err := cmd.CombinedOutput()
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to create banned chain: %s", string(output))
|
||||
}
|
||||
}
|
||||
|
||||
cmd = exec.Command("sudo", "nft", "-a", "list", "chain", "inet", "banforge", "input")
|
||||
output, err := cmd.CombinedOutput()
|
||||
if err == nil && !strings.Contains(string(output), "jump banned") {
|
||||
cmd = exec.Command("sudo", "nft", "add", "rule", "inet", "banforge", "input", "jump", "banned")
|
||||
output, err = cmd.CombinedOutput()
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to add jump rule: %s", string(output))
|
||||
}
|
||||
}
|
||||
|
||||
err = saveNftablesConfig(config)
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to save nftables config: %w", err)
|
||||
|
||||
@@ -3,7 +3,6 @@ package blocker
|
||||
import (
|
||||
"fmt"
|
||||
"os/exec"
|
||||
"strings"
|
||||
|
||||
"github.com/d3m0k1d/BanForge/internal/logger"
|
||||
)
|
||||
@@ -18,41 +17,6 @@ func NewUfw(logger *logger.Logger) *Ufw {
|
||||
}
|
||||
}
|
||||
|
||||
// Name returns the blocker engine name
|
||||
func (u *Ufw) Name() string {
|
||||
return "ufw"
|
||||
}
|
||||
|
||||
// IsAvailable checks if ufw is available in the system
|
||||
func (u *Ufw) IsAvailable() bool {
|
||||
cmd := exec.Command("which", "ufw")
|
||||
return cmd.Run() == nil
|
||||
}
|
||||
|
||||
// Setup initializes UFW (if not already enabled)
|
||||
func (u *Ufw) Setup() error {
|
||||
// Check if UFW is enabled
|
||||
cmd := exec.Command("sudo", "ufw", "status")
|
||||
output, err := cmd.CombinedOutput()
|
||||
|
||||
if err != nil || !strings.Contains(string(output), "active") {
|
||||
u.logger.Warn("UFW is not active, attempting to enable...")
|
||||
cmd := exec.Command("sudo", "ufw", "--force", "enable")
|
||||
output, err := cmd.CombinedOutput()
|
||||
if err != nil {
|
||||
u.logger.Error("failed to enable UFW",
|
||||
"error", err.Error(),
|
||||
"output", string(output))
|
||||
return fmt.Errorf("failed to enable UFW: %w", err)
|
||||
}
|
||||
u.logger.Info("UFW enabled successfully")
|
||||
}
|
||||
|
||||
u.logger.Info("UFW setup completed")
|
||||
return nil
|
||||
}
|
||||
|
||||
// Ban adds an IP to the deny list
|
||||
func (u *Ufw) Ban(ip string) error {
|
||||
err := validateIP(ip)
|
||||
if err != nil {
|
||||
@@ -72,8 +36,6 @@ func (u *Ufw) Ban(ip string) error {
|
||||
u.logger.Info("IP banned", "ip", ip, "output", string(output))
|
||||
return nil
|
||||
}
|
||||
|
||||
// Unban removes an IP from the deny list
|
||||
func (u *Ufw) Unban(ip string) error {
|
||||
err := validateIP(ip)
|
||||
if err != nil {
|
||||
@@ -93,44 +55,3 @@ func (u *Ufw) Unban(ip string) error {
|
||||
u.logger.Info("IP unbanned", "ip", ip, "output", string(output))
|
||||
return nil
|
||||
}
|
||||
|
||||
// List returns all currently denied IPs
|
||||
func (u *Ufw) List() ([]string, error) {
|
||||
cmd := exec.Command("sudo", "ufw", "status", "numbered")
|
||||
output, err := cmd.CombinedOutput()
|
||||
if err != nil {
|
||||
u.logger.Error("failed to list UFW rules",
|
||||
"error", err.Error(),
|
||||
"output", string(output))
|
||||
return nil, fmt.Errorf("failed to list UFW rules: %w", err)
|
||||
}
|
||||
|
||||
var deniedIPs []string
|
||||
lines := strings.Split(string(output), "\n")
|
||||
for _, line := range lines {
|
||||
// Looking for lines with "Deny" and "From"
|
||||
if strings.Contains(line, "Deny") && strings.Contains(line, "Anywhere on") {
|
||||
// Parse UFW status output format
|
||||
parts := strings.Fields(line)
|
||||
for i, part := range parts {
|
||||
// Extract IP that comes after "from"
|
||||
if part == "from" && i+1 < len(parts) {
|
||||
ip := parts[i+1]
|
||||
if validateIP(ip) == nil {
|
||||
deniedIPs = append(deniedIPs, ip)
|
||||
}
|
||||
break
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return deniedIPs, nil
|
||||
}
|
||||
|
||||
// Close performs cleanup operations (placeholder for future use)
|
||||
func (u *Ufw) Close() error {
|
||||
// No cleanup needed for UFW
|
||||
u.logger.Info("UFW blocker closed")
|
||||
return nil
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user