diff --git a/cmd/banforge/command/version.go b/cmd/banforge/command/version.go new file mode 100644 index 0000000..0f9bf98 --- /dev/null +++ b/cmd/banforge/command/version.go @@ -0,0 +1,17 @@ +package command + +import ( + "fmt" + + "github.com/spf13/cobra" +) + +var version = "0.4.3" + +var VersionCmd = &cobra.Command{ + Use: "version", + Short: "BanForge version", + Run: func(cmd *cobra.Command, args []string) { + fmt.Println("BanForge version:", version) + }, +} diff --git a/cmd/banforge/main.go b/cmd/banforge/main.go index 30364f4..2df9e49 100644 --- a/cmd/banforge/main.go +++ b/cmd/banforge/main.go @@ -13,7 +13,6 @@ var rootCmd = &cobra.Command{ Use: "banforge", Short: "IPS log-based written on Golang", Run: func(cmd *cobra.Command, args []string) { - }, } @@ -28,6 +27,7 @@ func Execute() { rootCmd.AddCommand(command.BanCmd) rootCmd.AddCommand(command.UnbanCmd) rootCmd.AddCommand(command.BanListCmd) + rootCmd.AddCommand(command.VersionCmd) command.RuleRegister() command.FwRegister() if err := rootCmd.Execute(); err != nil { diff --git a/internal/blocker/firewalld.go b/internal/blocker/firewalld.go index d5b80b8..66b3374 100644 --- a/internal/blocker/firewalld.go +++ b/internal/blocker/firewalld.go @@ -2,6 +2,7 @@ package blocker import ( "os/exec" + "strconv" "github.com/d3m0k1d/BanForge/internal/logger" ) @@ -58,6 +59,31 @@ func (f *Firewalld) Unban(ip string) error { return nil } +func (f *Firewalld) PortOpen(port int) error { + // #nosec G204 - handle is extracted from nftables output and validated + if port >= 0 && port <= 65535 { + s := strconv.Itoa(port) + cmd := exec.Command("firewall-cmd", "--zone=public", "--add-port="+s+"/tcp", "--permanent") + output, err := cmd.CombinedOutput() + if err != nil { + f.logger.Error(err.Error()) + return err + } + f.logger.Info("Add port " + s + " " + string(output)) + output, err = exec.Command("firewall-cmd", "--reload").CombinedOutput() + if err != nil { + f.logger.Error(err.Error()) + return err + } + f.logger.Info("Reload " + string(output)) + } + return nil +} + +func (f *Firewalld) PortClose(port int) error { + return nil +} + func (f *Firewalld) Setup(config string) error { return nil } diff --git a/internal/blocker/interface.go b/internal/blocker/interface.go index 96c819b..4f5a5fe 100644 --- a/internal/blocker/interface.go +++ b/internal/blocker/interface.go @@ -10,6 +10,8 @@ type BlockerEngine interface { Ban(ip string) error Unban(ip string) error Setup(config string) error + PortOpen(port int) error + PortClose(port int) error } func GetBlocker(fw string, config string) BlockerEngine { diff --git a/internal/blocker/iptables.go b/internal/blocker/iptables.go index 3b93d14..fadd96c 100644 --- a/internal/blocker/iptables.go +++ b/internal/blocker/iptables.go @@ -102,6 +102,14 @@ func (f *Iptables) Unban(ip string) error { return nil } +func (f *Iptables) PortOpen(port int) error { + return nil +} + +func (f *Iptables) PortClose(port int) error { + return nil +} + func (f *Iptables) Setup(config string) error { return nil } diff --git a/internal/blocker/nftables.go b/internal/blocker/nftables.go index 2905b5a..44f14e4 100644 --- a/internal/blocker/nftables.go +++ b/internal/blocker/nftables.go @@ -166,6 +166,14 @@ func (n *Nftables) findRuleHandle(ip string) (string, error) { return "", nil } +func (n *Nftables) PortOpen(port int) error { + return nil +} + +func (n *Nftables) PortClose(port int) error { + return nil +} + func saveNftablesConfig(configPath string) error { err := validateConfigPath(configPath) if err != nil { diff --git a/internal/blocker/ufw.go b/internal/blocker/ufw.go index 3e90fcb..b7fbf33 100644 --- a/internal/blocker/ufw.go +++ b/internal/blocker/ufw.go @@ -56,6 +56,14 @@ func (u *Ufw) Unban(ip string) error { return nil } +func (u *Ufw) PortOpen(port int) error { + return nil +} + +func (u *Ufw) PortClose(port int) error { + return nil +} + func (u *Ufw) Setup(config string) error { if config != "" { fmt.Printf("Ufw dont support config file\n")