From 41ff13fa666be1a6498f2880f61785b457621690 Mon Sep 17 00:00:00 2001 From: d3m0k1d Date: Sun, 11 Jan 2026 22:17:57 +0300 Subject: [PATCH] Add firewalld and iptables ban realization, add firewall config file in config types --- internal/blocker/firewalld.go | 58 ++++++++++++++++++++++++++++++++ internal/blocker/iptables.go | 63 +++++++++++++++++++++++++++++++++++ internal/blocker/nftables.go | 1 + internal/config/types.go | 1 + 4 files changed, 123 insertions(+) create mode 100644 internal/blocker/firewalld.go create mode 100644 internal/blocker/iptables.go create mode 100644 internal/blocker/nftables.go diff --git a/internal/blocker/firewalld.go b/internal/blocker/firewalld.go new file mode 100644 index 0000000..bf85aa8 --- /dev/null +++ b/internal/blocker/firewalld.go @@ -0,0 +1,58 @@ +package blocker + +import ( + "github.com/d3m0k1d/BanForge/internal/logger" + "os/exec" +) + +type Firewalld struct { + logger *logger.Logger +} + +func NewFirewalld(logger *logger.Logger) *Firewalld { + return &Firewalld{ + logger: logger, + } +} + +func (f *Firewalld) Ban(ip string) error { + err := validateIP(ip) + if err != nil { + return err + } + cmd := exec.Command("sudo", "firewall-cmd", "--zone=drop", "--add-source="+ip, "--permanent") + output, err := cmd.CombinedOutput() + if err != nil { + f.logger.Error(err.Error()) + return err + } + f.logger.Info("Add source " + ip + " " + string(output)) + output, err = exec.Command("sudo", "firewall-cmd", "--reload").CombinedOutput() + if err != nil { + f.logger.Error(err.Error()) + return err + } + f.logger.Info("Reload " + string(output)) + return nil +} + +func (f *Firewalld) Unban(ip string) error { + err := validateIP(ip) + if err != nil { + return err + } + cmd := exec.Command("sudo", "firewall-cmd", "--zone=drop", "--remove-source="+ip, "--permanent") + output, err := cmd.CombinedOutput() + if err != nil { + f.logger.Error(err.Error()) + return err + } + f.logger.Info("Remove source " + ip + " " + string(output)) + output, err = exec.Command("sudo", "firewall-cmd", "--reload").CombinedOutput() + if err != nil { + f.logger.Error(err.Error()) + return err + } + f.logger.Info("Reload " + string(output)) + return nil +} diff --git a/internal/blocker/iptables.go b/internal/blocker/iptables.go new file mode 100644 index 0000000..442171f --- /dev/null +++ b/internal/blocker/iptables.go @@ -0,0 +1,63 @@ +package blocker + +import ( + "os/exec" + + "github.com/d3m0k1d/BanForge/internal/logger" +) + +type Iptables struct { + logger *logger.Logger + config string +} + +func NewIptables(logger *logger.Logger, config string) *Iptables { + return &Iptables{ + logger: logger, + config: config, + } +} + +func (f *Iptables) Ban(ip string) error { + err := validateIP(ip) + if err != nil { + return err + } + cmd := exec.Command("sudo", "iptables", "-A", "INPUT", "-s", ip, "-j", "DROP") + output, err := cmd.CombinedOutput() + if err != nil { + f.logger.Error(err.Error()) + return err + } + f.logger.Info("Banning " + ip + " " + string(output)) + cmd = exec.Command("sudo", "iptables-save", "-f", f.config) + output, err = cmd.CombinedOutput() + if err != nil { + f.logger.Error(err.Error()) + return err + } + f.logger.Info("Config saved " + string(output)) + return nil +} + +func (f *Iptables) Unban(ip string) error { + err := validateIP(ip) + if err != nil { + return err + } + cmd := exec.Command("sudo", "iptables", "-D", "INPUT", "-s", ip, "-j", "DROP") + output, err := cmd.CombinedOutput() + if err != nil { + f.logger.Error(err.Error()) + return err + } + f.logger.Info("Unbanning " + ip + " " + string(output)) + cmd = exec.Command("sudo", "iptables-save", "-f", f.config) + output, err = cmd.CombinedOutput() + if err != nil { + f.logger.Error(err.Error()) + return err + } + f.logger.Info("Config saved " + string(output)) + return nil +} diff --git a/internal/blocker/nftables.go b/internal/blocker/nftables.go new file mode 100644 index 0000000..c41ff26 --- /dev/null +++ b/internal/blocker/nftables.go @@ -0,0 +1 @@ +package blocker diff --git a/internal/config/types.go b/internal/config/types.go index 77a5e7d..b12fa4d 100644 --- a/internal/config/types.go +++ b/internal/config/types.go @@ -2,6 +2,7 @@ package config type Firewall struct { Name string `toml:"name"` + Config string `toml:"config"` BanTime int `toml:"ban_time"` }