diff --git a/internal/blocker/interface.go b/internal/blocker/interface.go index d55026d..285b2b1 100644 --- a/internal/blocker/interface.go +++ b/internal/blocker/interface.go @@ -1,19 +1,6 @@ package blocker -// BlockerEngine defines the interface for all firewall implementations type BlockerEngine interface { - // Core operations Ban(ip string) error Unban(ip string) error - - // Lifecycle management - Setup() error - Close() error - - // Query operations - List() ([]string, error) - - // Metadata - Name() string - IsAvailable() bool } diff --git a/internal/blocker/nftables.go b/internal/blocker/nftables.go index d6ef661..69a40a2 100644 --- a/internal/blocker/nftables.go +++ b/internal/blocker/nftables.go @@ -20,23 +20,6 @@ func NewNftables(logger *logger.Logger, config string) *Nftables { } } -// Name returns the blocker engine name -func (n *Nftables) Name() string { - return "nftables" -} - -// IsAvailable checks if nftables is available in the system -func (n *Nftables) IsAvailable() bool { - cmd := exec.Command("which", "nft") - return cmd.Run() == nil -} - -// Setup initializes nftables with required tables and chains -func (n *Nftables) Setup() error { - return SetupNftables(n.config) -} - -// Ban adds an IP to the banned list func (n *Nftables) Ban(ip string) error { err := validateIP(ip) if err != nil { @@ -68,7 +51,6 @@ func (n *Nftables) Ban(ip string) error { return nil } -// Unban removes an IP from the banned list func (n *Nftables) Unban(ip string) error { err := validateIP(ip) if err != nil { @@ -114,45 +96,6 @@ func (n *Nftables) Unban(ip string) error { return nil } -// List returns all currently banned IPs -func (n *Nftables) List() ([]string, error) { - cmd := exec.Command("sudo", "nft", "-a", "list", "chain", "inet", "banforge", "banned") - output, err := cmd.CombinedOutput() - if err != nil { - n.logger.Error("failed to list banned IPs", - "error", err.Error(), - "output", string(output)) - return nil, err - } - - var bannedIPs []string - lines := strings.Split(string(output), "\n") - for _, line := range lines { - if strings.Contains(line, "drop") && strings.Contains(line, "saddr") { - // Extract IP from line like: ip saddr 10.0.0.1 drop # handle 2 - parts := strings.Fields(line) - for i, part := range parts { - if part == "saddr" && i+1 < len(parts) { - ip := parts[i+1] - if validateIP(ip) == nil { - bannedIPs = append(bannedIPs, ip) - } - break - } - } - } - } - - return bannedIPs, nil -} - -// Close performs cleanup operations (placeholder for future use) -func (n *Nftables) Close() error { - // No cleanup needed for nftables - n.logger.Info("nftables blocker closed") - return nil -} - func SetupNftables(config string) error { err := validateConfigPath(config) if err != nil { @@ -178,25 +121,6 @@ func SetupNftables(config string) error { } } - cmd = exec.Command("sudo", "nft", "list", "chain", "inet", "banforge", "banned") - if err := cmd.Run(); err != nil { - cmd = exec.Command("sudo", "nft", "add", "chain", "inet", "banforge", "banned") - output, err := cmd.CombinedOutput() - if err != nil { - return fmt.Errorf("failed to create banned chain: %s", string(output)) - } - } - - cmd = exec.Command("sudo", "nft", "-a", "list", "chain", "inet", "banforge", "input") - output, err := cmd.CombinedOutput() - if err == nil && !strings.Contains(string(output), "jump banned") { - cmd = exec.Command("sudo", "nft", "add", "rule", "inet", "banforge", "input", "jump", "banned") - output, err = cmd.CombinedOutput() - if err != nil { - return fmt.Errorf("failed to add jump rule: %s", string(output)) - } - } - err = saveNftablesConfig(config) if err != nil { return fmt.Errorf("failed to save nftables config: %w", err) diff --git a/internal/blocker/ufw.go b/internal/blocker/ufw.go index 91afabb..fd8fc92 100644 --- a/internal/blocker/ufw.go +++ b/internal/blocker/ufw.go @@ -3,7 +3,6 @@ package blocker import ( "fmt" "os/exec" - "strings" "github.com/d3m0k1d/BanForge/internal/logger" ) @@ -18,41 +17,6 @@ func NewUfw(logger *logger.Logger) *Ufw { } } -// Name returns the blocker engine name -func (u *Ufw) Name() string { - return "ufw" -} - -// IsAvailable checks if ufw is available in the system -func (u *Ufw) IsAvailable() bool { - cmd := exec.Command("which", "ufw") - return cmd.Run() == nil -} - -// Setup initializes UFW (if not already enabled) -func (u *Ufw) Setup() error { - // Check if UFW is enabled - cmd := exec.Command("sudo", "ufw", "status") - output, err := cmd.CombinedOutput() - - if err != nil || !strings.Contains(string(output), "active") { - u.logger.Warn("UFW is not active, attempting to enable...") - cmd := exec.Command("sudo", "ufw", "--force", "enable") - output, err := cmd.CombinedOutput() - if err != nil { - u.logger.Error("failed to enable UFW", - "error", err.Error(), - "output", string(output)) - return fmt.Errorf("failed to enable UFW: %w", err) - } - u.logger.Info("UFW enabled successfully") - } - - u.logger.Info("UFW setup completed") - return nil -} - -// Ban adds an IP to the deny list func (u *Ufw) Ban(ip string) error { err := validateIP(ip) if err != nil { @@ -72,8 +36,6 @@ func (u *Ufw) Ban(ip string) error { u.logger.Info("IP banned", "ip", ip, "output", string(output)) return nil } - -// Unban removes an IP from the deny list func (u *Ufw) Unban(ip string) error { err := validateIP(ip) if err != nil { @@ -93,44 +55,3 @@ func (u *Ufw) Unban(ip string) error { u.logger.Info("IP unbanned", "ip", ip, "output", string(output)) return nil } - -// List returns all currently denied IPs -func (u *Ufw) List() ([]string, error) { - cmd := exec.Command("sudo", "ufw", "status", "numbered") - output, err := cmd.CombinedOutput() - if err != nil { - u.logger.Error("failed to list UFW rules", - "error", err.Error(), - "output", string(output)) - return nil, fmt.Errorf("failed to list UFW rules: %w", err) - } - - var deniedIPs []string - lines := strings.Split(string(output), "\n") - for _, line := range lines { - // Looking for lines with "Deny" and "From" - if strings.Contains(line, "Deny") && strings.Contains(line, "Anywhere on") { - // Parse UFW status output format - parts := strings.Fields(line) - for i, part := range parts { - // Extract IP that comes after "from" - if part == "from" && i+1 < len(parts) { - ip := parts[i+1] - if validateIP(ip) == nil { - deniedIPs = append(deniedIPs, ip) - } - break - } - } - } - } - - return deniedIPs, nil -} - -// Close performs cleanup operations (placeholder for future use) -func (u *Ufw) Close() error { - // No cleanup needed for UFW - u.logger.Info("UFW blocker closed") - return nil -}