d3m0k1d/BanForge
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 14 Wiki Activity

Clean code after fucking AI
All checks were successful
CI.yml / build (push) Successful in 44s
Details

Browse Source
This commit is contained in:
d3m0k1d
2026-01-13 13:31:44 +03:00
parent 3732ef21d9
commit 11eac77f5b
3 changed files with 0 additions and 168 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
internal/blocker/interface.go
View File

@@ -1,19 +1,6 @@
package blocker package blocker
// BlockerEngine defines the interface for all firewall implementations
type BlockerEngine interface { type BlockerEngine interface {
// Core operations
Ban(ip string) error Ban(ip string) error
Unban(ip string) error Unban(ip string) error
// Lifecycle management
Setup() error
Close() error
// Query operations
List() ([]string, error)
// Metadata
Name() string
IsAvailable() bool
} }

76
internal/blocker/nftables.go
View File

@@ -20,23 +20,6 @@ func NewNftables(logger *logger.Logger, config string) *Nftables {
} }
} }
// Name returns the blocker engine name
func (n *Nftables) Name() string {
return "nftables"
}
// IsAvailable checks if nftables is available in the system
func (n *Nftables) IsAvailable() bool {
cmd := exec.Command("which", "nft")
return cmd.Run() == nil
}
// Setup initializes nftables with required tables and chains
func (n *Nftables) Setup() error {
return SetupNftables(n.config)
}
// Ban adds an IP to the banned list
func (n *Nftables) Ban(ip string) error { func (n *Nftables) Ban(ip string) error {
err := validateIP(ip) err := validateIP(ip)
if err != nil { if err != nil {
@@ -68,7 +51,6 @@ func (n *Nftables) Ban(ip string) error {
return nil return nil
} }
// Unban removes an IP from the banned list
func (n *Nftables) Unban(ip string) error { func (n *Nftables) Unban(ip string) error {
err := validateIP(ip) err := validateIP(ip)
if err != nil { if err != nil {
@@ -114,45 +96,6 @@ func (n *Nftables) Unban(ip string) error {
return nil return nil
} }
// List returns all currently banned IPs
func (n *Nftables) List() ([]string, error) {
cmd := exec.Command("sudo", "nft", "-a", "list", "chain", "inet", "banforge", "banned")
output, err := cmd.CombinedOutput()
if err != nil {
n.logger.Error("failed to list banned IPs",
"error", err.Error(),
"output", string(output))
return nil, err
}
var bannedIPs []string
lines := strings.Split(string(output), "\n")
for _, line := range lines {
if strings.Contains(line, "drop") && strings.Contains(line, "saddr") {
// Extract IP from line like: ip saddr 10.0.0.1 drop # handle 2
parts := strings.Fields(line)
for i, part := range parts {
if part == "saddr" && i+1 < len(parts) {
ip := parts[i+1]
if validateIP(ip) == nil {
bannedIPs = append(bannedIPs, ip)
}
break
}
}
}
}
return bannedIPs, nil
}
// Close performs cleanup operations (placeholder for future use)
func (n *Nftables) Close() error {
// No cleanup needed for nftables
n.logger.Info("nftables blocker closed")
return nil
}
func SetupNftables(config string) error { func SetupNftables(config string) error {
err := validateConfigPath(config) err := validateConfigPath(config)
if err != nil { if err != nil {
@@ -178,25 +121,6 @@ func SetupNftables(config string) error {
} }
} }
cmd = exec.Command("sudo", "nft", "list", "chain", "inet", "banforge", "banned")
if err := cmd.Run(); err != nil {
cmd = exec.Command("sudo", "nft", "add", "chain", "inet", "banforge", "banned")
output, err := cmd.CombinedOutput()
if err != nil {
return fmt.Errorf("failed to create banned chain: %s", string(output))
}
}
cmd = exec.Command("sudo", "nft", "-a", "list", "chain", "inet", "banforge", "input")
output, err := cmd.CombinedOutput()
if err == nil && !strings.Contains(string(output), "jump banned") {
cmd = exec.Command("sudo", "nft", "add", "rule", "inet", "banforge", "input", "jump", "banned")
output, err = cmd.CombinedOutput()
if err != nil {
return fmt.Errorf("failed to add jump rule: %s", string(output))
}
}
err = saveNftablesConfig(config) err = saveNftablesConfig(config)
if err != nil { if err != nil {
return fmt.Errorf("failed to save nftables config: %w", err) return fmt.Errorf("failed to save nftables config: %w", err)

79
internal/blocker/ufw.go
View File

@@ -3,7 +3,6 @@ package blocker
import ( import (
"fmt" "fmt"
"os/exec" "os/exec"
"strings"
"github.com/d3m0k1d/BanForge/internal/logger" "github.com/d3m0k1d/BanForge/internal/logger"
) )
@@ -18,41 +17,6 @@ func NewUfw(logger *logger.Logger) *Ufw {
} }
} }
// Name returns the blocker engine name
func (u *Ufw) Name() string {
return "ufw"
}
// IsAvailable checks if ufw is available in the system
func (u *Ufw) IsAvailable() bool {
cmd := exec.Command("which", "ufw")
return cmd.Run() == nil
}
// Setup initializes UFW (if not already enabled)
func (u *Ufw) Setup() error {
// Check if UFW is enabled
cmd := exec.Command("sudo", "ufw", "status")
output, err := cmd.CombinedOutput()
if err != nil || !strings.Contains(string(output), "active") {
u.logger.Warn("UFW is not active, attempting to enable...")
cmd := exec.Command("sudo", "ufw", "--force", "enable")
output, err := cmd.CombinedOutput()
if err != nil {
u.logger.Error("failed to enable UFW",
"error", err.Error(),
"output", string(output))
return fmt.Errorf("failed to enable UFW: %w", err)
}
u.logger.Info("UFW enabled successfully")
}
u.logger.Info("UFW setup completed")
return nil
}
// Ban adds an IP to the deny list
func (u *Ufw) Ban(ip string) error { func (u *Ufw) Ban(ip string) error {
err := validateIP(ip) err := validateIP(ip)
if err != nil { if err != nil {
@@ -72,8 +36,6 @@ func (u *Ufw) Ban(ip string) error {
u.logger.Info("IP banned", "ip", ip, "output", string(output)) u.logger.Info("IP banned", "ip", ip, "output", string(output))
return nil return nil
} }
// Unban removes an IP from the deny list
func (u *Ufw) Unban(ip string) error { func (u *Ufw) Unban(ip string) error {
err := validateIP(ip) err := validateIP(ip)
if err != nil { if err != nil {
@@ -93,44 +55,3 @@ func (u *Ufw) Unban(ip string) error {
u.logger.Info("IP unbanned", "ip", ip, "output", string(output)) u.logger.Info("IP unbanned", "ip", ip, "output", string(output))
return nil return nil
} }
// List returns all currently denied IPs
func (u *Ufw) List() ([]string, error) {
cmd := exec.Command("sudo", "ufw", "status", "numbered")
output, err := cmd.CombinedOutput()
if err != nil {
u.logger.Error("failed to list UFW rules",
"error", err.Error(),
"output", string(output))
return nil, fmt.Errorf("failed to list UFW rules: %w", err)
}
var deniedIPs []string
lines := strings.Split(string(output), "\n")
for _, line := range lines {
// Looking for lines with "Deny" and "From"
if strings.Contains(line, "Deny") && strings.Contains(line, "Anywhere on") {
// Parse UFW status output format
parts := strings.Fields(line)
for i, part := range parts {
// Extract IP that comes after "from"
if part == "from" && i+1 < len(parts) {
ip := parts[i+1]
if validateIP(ip) == nil {
deniedIPs = append(deniedIPs, ip)
}
break
}
}
}
}
return deniedIPs, nil
}
// Close performs cleanup operations (placeholder for future use)
func (u *Ufw) Close() error {
// No cleanup needed for UFW
u.logger.Info("UFW blocker closed")
return nil
}