revert: restore original ufw.go

examples/blocker_factory_usage.go

@@ -1,86 +0,0 @@
-package main
-
-import (
-	"fmt"
-	"log"
-
-	"github.com/d3m0k1d/BanForge/internal/blocker"
-	"github.com/d3m0k1d/BanForge/internal/logger"
-)
-
-func main() {
-	// Initialize logger
-	appLogger := logger.New(true)
-
-	// Create factory
-	factory := blocker.NewBlockerFactory(appLogger)
-
-	// Example 1: List all available blockers
-	fmt.Println("Available blockers:")
-	for _, name := range blocker.ListAvailable(appLogger) {
-		fmt.Printf("  - %s\n", name)
-	}
-
-	// Example 2: Use nftables
-	fmt.Println("\n=== NFTables Example ===")
-	nftBlocker, err := factory.Create(blocker.BlockerTypeNftables, "/etc/nftables.conf")
-	if err != nil {
-		log.Fatalf("failed to create nftables blocker: %v", err)
-	}
-
-	// Check if available
-	if !nftBlocker.IsAvailable() {
-		fmt.Println("NFTables is not available on this system")
-	} else {
-		fmt.Printf("Blocker: %s\n", nftBlocker.Name())
-
-		// Setup
-		if err := nftBlocker.Setup(); err != nil {
-			fmt.Printf("Failed to setup: %v\n", err)
-		}
-
-		// Ban an IP
-		if err := nftBlocker.Ban("192.168.1.100"); err != nil {
-			fmt.Printf("Failed to ban IP: %v\n", err)
-		}
-
-		// List banned IPs
-		bannedIPs, err := nftBlocker.List()
-		if err != nil {
-			fmt.Printf("Failed to list IPs: %v\n", err)
-		} else {
-			fmt.Println("Banned IPs:")
-			for _, ip := range bannedIPs {
-				fmt.Printf("  - %s\n", ip)
-			}
-		}
-
-		// Cleanup
-		if err := nftBlocker.Close(); err != nil {
-			fmt.Printf("Failed to close: %v\n", err)
-		}
-	}
-
-	// Example 3: Use UFW
-	fmt.Println("\n=== UFW Example ===")
-	ufwBlocker, err := factory.Create(blocker.BlockerTypeUfw, "")
-	if err != nil {
-		log.Fatalf("failed to create ufw blocker: %v", err)
-	}
-
-	if !ufwBlocker.IsAvailable() {
-		fmt.Println("UFW is not available on this system")
-	} else {
-		fmt.Printf("Blocker: %s\n", ufwBlocker.Name())
-		// UFW operations...
-	}
-
-	// Example 4: Create from string type
-	fmt.Println("\n=== String Type Example ===")
-
-blocker, err := factory.CreateFromString("ufw", "")
-	if err != nil {
-		log.Fatalf("failed to create blocker: %v", err)
-	}
-	fmt.Printf("Created blocker: %s\n", blocker.Name())
-}

internal/blocker/factory.go

@@ -1,65 +0,0 @@
-package blocker
-
-import (
-	"fmt"
-
-	"github.com/d3m0k1d/BanForge/internal/logger"
-)
-
-// BlockerType defines the type of firewall blocker
-type BlockerType string
-
-const (
-	BlockerTypeNftables  BlockerType = "nftables"
-	BlockerTypeIptables  BlockerType = "iptables"
-	BlockerTypeFirewalld BlockerType = "firewalld"
-	BlockerTypeUfw       BlockerType = "ufw"
-)
-
-// BlockerFactory creates new blocker instances
-type BlockerFactory struct {
-	logger *logger.Logger
-}
-
-// NewBlockerFactory creates a new blocker factory
-func NewBlockerFactory(logger *logger.Logger) *BlockerFactory {
-	return &BlockerFactory{
-		logger: logger,
-	}
-}
-
-// Create creates a new blocker instance of the specified type
-func (bf *BlockerFactory) Create(btype BlockerType, config string) (BlockerEngine, error) {
-	switch btype {
-	case BlockerTypeNftables:
-		return NewNftables(bf.logger, config), nil
-	case BlockerTypeIptables:
-		return NewIptables(bf.logger, config), nil
-	case BlockerTypeFirewalld:
-		return NewFirewalld(bf.logger), nil
-	case BlockerTypeUfw:
-		return NewUfw(bf.logger), nil
-	default:
-		return nil, fmt.Errorf("unknown blocker type: %s", btype)
-	}
-}
-
-// CreateFromString creates a blocker from string type name
-func (bf *BlockerFactory) CreateFromString(typename, config string) (BlockerEngine, error) {
-	return bf.Create(BlockerType(typename), config)
-}
-
-// ListAvailable returns all available blocker types
-func ListAvailable(logger *logger.Logger) []string {
-	factory := NewBlockerFactory(logger)
-	var available []string
-
-	for _, btype := range []BlockerType{BlockerTypeNftables, BlockerTypeIptables, BlockerTypeFirewalld, BlockerTypeUfw} {
-		blocker, err := factory.Create(btype, "")
-		if err == nil && blocker.IsAvailable() {
-			available = append(available, blocker.Name())
-		}
-	}
-
-	return available
-}

internal/blocker/interface.go

@@ -1,19 +1,6 @@
 package blocker
 
-// BlockerEngine defines the interface for all firewall implementations
 type BlockerEngine interface {
-	// Core operations
 	Ban(ip string) error
 	Unban(ip string) error
-
-	// Lifecycle management
-	Setup() error
-	Close() error
-
-	// Query operations
-	List() ([]string, error)
-
-	// Metadata
-	Name() string
-	IsAvailable() bool
 }

internal/blocker/nftables.go

@@ -20,139 +20,6 @@ func NewNftables(logger *logger.Logger, config string) *Nftables {
 	}
 }
 
-// Name returns the blocker engine name
-func (n *Nftables) Name() string {
-	return "nftables"
-}
-
-// IsAvailable checks if nftables is available in the system
-func (n *Nftables) IsAvailable() bool {
-	cmd := exec.Command("which", "nft")
-	return cmd.Run() == nil
-}
-
-// Setup initializes nftables with required tables and chains
-func (n *Nftables) Setup() error {
-	return SetupNftables(n.config)
-}
-
-// Ban adds an IP to the banned list
-func (n *Nftables) Ban(ip string) error {
-	err := validateIP(ip)
-	if err != nil {
-		return err
-	}
-
-	cmd := exec.Command("sudo", "nft", "add", "rule", "inet", "banforge", "banned",
-		"ip", "saddr", ip, "drop")
-	output, err := cmd.CombinedOutput()
-	if err != nil {
-		n.logger.Error("failed to ban IP",
-			"ip", ip,
-			"error", err.Error(),
-			"output", string(output))
-		return err
-	}
-
-	n.logger.Info("IP banned", "ip", ip)
-
-	err = saveNftablesConfig(n.config)
-	if err != nil {
-		n.logger.Error("failed to save config",
-			"config_path", n.config,
-			"error", err.Error())
-		return err
-	}
-
-	n.logger.Info("config saved", "config_path", n.config)
-	return nil
-}
-
-// Unban removes an IP from the banned list
-func (n *Nftables) Unban(ip string) error {
-	err := validateIP(ip)
-	if err != nil {
-		return err
-	}
-
-	handle, err := n.findRuleHandle(ip)
-	if err != nil {
-		n.logger.Error("failed to find rule handle",
-			"ip", ip,
-			"error", err.Error())
-		return err
-	}
-
-	if handle == "" {
-		n.logger.Warn("no rule found for IP", "ip", ip)
-		return fmt.Errorf("no rule found for IP %s", ip)
-	}
-	// #nosec G204 - handle is extracted from nftables output and validated
-	cmd := exec.Command("sudo", "nft", "delete", "rule", "inet", "banforge", "banned",
-		"handle", handle)
-	output, err := cmd.CombinedOutput()
-	if err != nil {
-		n.logger.Error("failed to unban IP",
-			"ip", ip,
-			"handle", handle,
-			"error", err.Error(),
-			"output", string(output))
-		return err
-	}
-
-	n.logger.Info("IP unbanned", "ip", ip, "handle", handle)
-
-	err = saveNftablesConfig(n.config)
-	if err != nil {
-		n.logger.Error("failed to save config",
-			"config_path", n.config,
-			"error", err.Error())
-		return err
-	}
-
-	n.logger.Info("config saved", "config_path", n.config)
-	return nil
-}
-
-// List returns all currently banned IPs
-func (n *Nftables) List() ([]string, error) {
-	cmd := exec.Command("sudo", "nft", "-a", "list", "chain", "inet", "banforge", "banned")
-	output, err := cmd.CombinedOutput()
-	if err != nil {
-		n.logger.Error("failed to list banned IPs",
-			"error", err.Error(),
-			"output", string(output))
-		return nil, err
-	}
-
-	var bannedIPs []string
-	lines := strings.Split(string(output), "\n")
-	for _, line := range lines {
-		if strings.Contains(line, "drop") && strings.Contains(line, "saddr") {
-			// Extract IP from line like: ip saddr 10.0.0.1 drop # handle 2
-			parts := strings.Fields(line)
-			for i, part := range parts {
-				if part == "saddr" && i+1 < len(parts) {
-					ip := parts[i+1]
-					if validateIP(ip) == nil {
-						bannedIPs = append(bannedIPs, ip)
-					}
-					break
-				}
-			}
-		}
-	}
-
-	return bannedIPs, nil
-}
-
-// Close performs cleanup operations (placeholder for future use)
-func (n *Nftables) Close() error {
-	// No cleanup needed for nftables
-	n.logger.Info("nftables blocker closed")
-	return nil
-}
-
 func SetupNftables(config string) error {
 	err := validateConfigPath(config)
 	if err != nil {
@@ -205,6 +72,82 @@ func SetupNftables(config string) error {
 	return nil
 }
 
+func (n *Nftables) Ban(ip string) error {
+	err := validateIP(ip)
+	if err != nil {
+		return err
+	}
+
+	cmd := exec.Command("sudo", "nft", "add", "rule", "inet", "banforge", "banned",
+		"ip", "saddr", ip, "drop")
+	output, err := cmd.CombinedOutput()
+	if err != nil {
+		n.logger.Error("failed to ban IP",
+			"ip", ip,
+			"error", err.Error(),
+			"output", string(output))
+		return err
+	}
+
+	n.logger.Info("IP banned", "ip", ip)
+
+	err = saveNftablesConfig(n.config)
+	if err != nil {
+		n.logger.Error("failed to save config",
+			"config_path", n.config,
+			"error", err.Error())
+		return err
+	}
+
+	n.logger.Info("config saved", "config_path", n.config)
+	return nil
+}
+
+func (n *Nftables) Unban(ip string) error {
+	err := validateIP(ip)
+	if err != nil {
+		return err
+	}
+
+	handle, err := n.findRuleHandle(ip)
+	if err != nil {
+		n.logger.Error("failed to find rule handle",
+			"ip", ip,
+			"error", err.Error())
+		return err
+	}
+
+	if handle == "" {
+		n.logger.Warn("no rule found for IP", "ip", ip)
+		return fmt.Errorf("no rule found for IP %s", ip)
+	}
+	// #nosec G204 - handle is extracted from nftables output and validated
+	cmd := exec.Command("sudo", "nft", "delete", "rule", "inet", "banforge", "banned",
+		"handle", handle)
+	output, err := cmd.CombinedOutput()
+	if err != nil {
+		n.logger.Error("failed to unban IP",
+			"ip", ip,
+			"handle", handle,
+			"error", err.Error(),
+			"output", string(output))
+		return err
+	}
+
+	n.logger.Info("IP unbanned", "ip", ip, "handle", handle)
+
+	err = saveNftablesConfig(n.config)
+	if err != nil {
+		n.logger.Error("failed to save config",
+			"config_path", n.config,
+			"error", err.Error())
+		return err
+	}
+
+	n.logger.Info("config saved", "config_path", n.config)
+	return nil
+}
+
 func (n *Nftables) findRuleHandle(ip string) (string, error) {
 	cmd := exec.Command("sudo", "nft", "-a", "list", "chain", "inet", "banforge", "banned")
 	output, err := cmd.CombinedOutput()

internal/blocker/ufw.go

@@ -1,9 +1,7 @@
 package blocker
 
 import (
-	"fmt"
 	"os/exec"
-	"strings"
 
 	"github.com/d3m0k1d/BanForge/internal/logger"
 )
@@ -18,119 +16,32 @@ func NewUfw(logger *logger.Logger) *Ufw {
 	}
 }
 
-// Name returns the blocker engine name
+func (ufw *Ufw) Ban(ip string) error {
-func (u *Ufw) Name() string {
-	return "ufw"
-}
-
-// IsAvailable checks if ufw is available in the system
-func (u *Ufw) IsAvailable() bool {
-	cmd := exec.Command("which", "ufw")
-	return cmd.Run() == nil
-}
-
-// Setup initializes UFW (if not already enabled)
-func (u *Ufw) Setup() error {
-	// Check if UFW is enabled
-	cmd := exec.Command("sudo", "ufw", "status")
-	output, err := cmd.CombinedOutput()
-
-	if err != nil || !strings.Contains(string(output), "active") {
-		u.logger.Warn("UFW is not active, attempting to enable...")
-		cmd := exec.Command("sudo", "ufw", "--force", "enable")
-		output, err := cmd.CombinedOutput()
-		if err != nil {
-			u.logger.Error("failed to enable UFW",
-				"error", err.Error(),
-				"output", string(output))
-			return fmt.Errorf("failed to enable UFW: %w", err)
-		}
-		u.logger.Info("UFW enabled successfully")
-	}
-
-	u.logger.Info("UFW setup completed")
-	return nil
-}
-
-// Ban adds an IP to the deny list
-func (u *Ufw) Ban(ip string) error {
 	err := validateIP(ip)
 	if err != nil {
 		return err
 	}
-
 	cmd := exec.Command("sudo", "ufw", "--force", "deny", "from", ip)
 	output, err := cmd.CombinedOutput()
 	if err != nil {
-		u.logger.Error("failed to ban IP",
+		ufw.logger.Error(err.Error())
-			"ip", ip,
+		return err
-			"error", err.Error(),
-			"output", string(output))
-		return fmt.Errorf("failed to ban IP %s: %w", ip, err)
 	}
-
+	ufw.logger.Info("Banning " + ip + " " + string(output))
-	u.logger.Info("IP banned", "ip", ip, "output", string(output))
 	return nil
 }
 
-// Unban removes an IP from the deny list
+func (ufw *Ufw) Unban(ip string) error {
-func (u *Ufw) Unban(ip string) error {
 	err := validateIP(ip)
 	if err != nil {
 		return err
 	}
-
 	cmd := exec.Command("sudo", "ufw", "--force", "delete", "deny", "from", ip)
 	output, err := cmd.CombinedOutput()
 	if err != nil {
-		u.logger.Error("failed to unban IP",
+		ufw.logger.Error(err.Error())
-			"ip", ip,
+		return err
-			"error", err.Error(),
-			"output", string(output))
-		return fmt.Errorf("failed to unban IP %s: %w", ip, err)
 	}
-
+	ufw.logger.Info("Unbanning " + ip + " " + string(output))
-	u.logger.Info("IP unbanned", "ip", ip, "output", string(output))
-	return nil
-}
-
-// List returns all currently denied IPs
-func (u *Ufw) List() ([]string, error) {
-	cmd := exec.Command("sudo", "ufw", "status", "numbered")
-	output, err := cmd.CombinedOutput()
-	if err != nil {
-		u.logger.Error("failed to list UFW rules",
-			"error", err.Error(),
-			"output", string(output))
-		return nil, fmt.Errorf("failed to list UFW rules: %w", err)
-	}
-
-	var deniedIPs []string
-	lines := strings.Split(string(output), "\n")
-	for _, line := range lines {
-		// Looking for lines with "Deny" and "From"
-		if strings.Contains(line, "Deny") && strings.Contains(line, "Anywhere on") {
-			// Parse UFW status output format
-			parts := strings.Fields(line)
-			for i, part := range parts {
-				// Extract IP that comes after "from"
-				if part == "from" && i+1 < len(parts) {
-					ip := parts[i+1]
-					if validateIP(ip) == nil {
-						deniedIPs = append(deniedIPs, ip)
-					}
-					break
-				}
-			}
-		}
-	}
-
-	return deniedIPs, nil
-}
-
-// Close performs cleanup operations (placeholder for future use)
-func (u *Ufw) Close() error {
-	// No cleanup needed for UFW
-	u.logger.Info("UFW blocker closed")
 	return nil
 }