From e4b9993748811a031c06f4d20af02bdf7154cc69 Mon Sep 17 00:00:00 2001 From: Ilya Chernishev Date: Mon, 12 Jan 2026 17:51:28 +0300 Subject: [PATCH] refactor: implement full BlockerEngine interface for UFW --- internal/blocker/ufw.go | 117 +++++++++++++++++++++++++++++++++++----- 1 file changed, 103 insertions(+), 14 deletions(-) diff --git a/internal/blocker/ufw.go b/internal/blocker/ufw.go index 67b1b47..91afabb 100644 --- a/internal/blocker/ufw.go +++ b/internal/blocker/ufw.go @@ -1,7 +1,9 @@ package blocker import ( + "fmt" "os/exec" + "strings" "github.com/d3m0k1d/BanForge/internal/logger" ) @@ -16,32 +18,119 @@ func NewUfw(logger *logger.Logger) *Ufw { } } -func (ufw *Ufw) Ban(ip string) error { - err := validateIP(ip) - if err != nil { - return err - } - cmd := exec.Command("sudo", "ufw", "--force", "deny", "from", ip) +// Name returns the blocker engine name +func (u *Ufw) Name() string { + return "ufw" +} + +// IsAvailable checks if ufw is available in the system +func (u *Ufw) IsAvailable() bool { + cmd := exec.Command("which", "ufw") + return cmd.Run() == nil +} + +// Setup initializes UFW (if not already enabled) +func (u *Ufw) Setup() error { + // Check if UFW is enabled + cmd := exec.Command("sudo", "ufw", "status") output, err := cmd.CombinedOutput() - if err != nil { - ufw.logger.Error(err.Error()) - return err + + if err != nil || !strings.Contains(string(output), "active") { + u.logger.Warn("UFW is not active, attempting to enable...") + cmd := exec.Command("sudo", "ufw", "--force", "enable") + output, err := cmd.CombinedOutput() + if err != nil { + u.logger.Error("failed to enable UFW", + "error", err.Error(), + "output", string(output)) + return fmt.Errorf("failed to enable UFW: %w", err) + } + u.logger.Info("UFW enabled successfully") } - ufw.logger.Info("Banning " + ip + " " + string(output)) + + u.logger.Info("UFW setup completed") return nil } -func (ufw *Ufw) Unban(ip string) error { +// Ban adds an IP to the deny list +func (u *Ufw) Ban(ip string) error { err := validateIP(ip) if err != nil { return err } + + cmd := exec.Command("sudo", "ufw", "--force", "deny", "from", ip) + output, err := cmd.CombinedOutput() + if err != nil { + u.logger.Error("failed to ban IP", + "ip", ip, + "error", err.Error(), + "output", string(output)) + return fmt.Errorf("failed to ban IP %s: %w", ip, err) + } + + u.logger.Info("IP banned", "ip", ip, "output", string(output)) + return nil +} + +// Unban removes an IP from the deny list +func (u *Ufw) Unban(ip string) error { + err := validateIP(ip) + if err != nil { + return err + } + cmd := exec.Command("sudo", "ufw", "--force", "delete", "deny", "from", ip) output, err := cmd.CombinedOutput() if err != nil { - ufw.logger.Error(err.Error()) - return err + u.logger.Error("failed to unban IP", + "ip", ip, + "error", err.Error(), + "output", string(output)) + return fmt.Errorf("failed to unban IP %s: %w", ip, err) } - ufw.logger.Info("Unbanning " + ip + " " + string(output)) + + u.logger.Info("IP unbanned", "ip", ip, "output", string(output)) + return nil +} + +// List returns all currently denied IPs +func (u *Ufw) List() ([]string, error) { + cmd := exec.Command("sudo", "ufw", "status", "numbered") + output, err := cmd.CombinedOutput() + if err != nil { + u.logger.Error("failed to list UFW rules", + "error", err.Error(), + "output", string(output)) + return nil, fmt.Errorf("failed to list UFW rules: %w", err) + } + + var deniedIPs []string + lines := strings.Split(string(output), "\n") + for _, line := range lines { + // Looking for lines with "Deny" and "From" + if strings.Contains(line, "Deny") && strings.Contains(line, "Anywhere on") { + // Parse UFW status output format + parts := strings.Fields(line) + for i, part := range parts { + // Extract IP that comes after "from" + if part == "from" && i+1 < len(parts) { + ip := parts[i+1] + if validateIP(ip) == nil { + deniedIPs = append(deniedIPs, ip) + } + break + } + } + } + } + + return deniedIPs, nil +} + +// Close performs cleanup operations (placeholder for future use) +func (u *Ufw) Close() error { + // No cleanup needed for UFW + u.logger.Info("UFW blocker closed") return nil }