7c0bdc2dfa
All checks were successful
CI.yml / build (push) Successful in 55s
- Use separate arguments instead of string concat in firewall-cmd - Add validateConfigPath() for iptables config path validation - Blocks path traversal and restricts to trusted directories Fixes G204 warnings.
60 lines
1.3 KiB
Go
60 lines
1.3 KiB
Go
package blocker
|
|
|
|
import (
|
|
"os/exec"
|
|
|
|
"github.com/d3m0k1d/BanForge/internal/logger"
|
|
)
|
|
|
|
type Firewalld struct {
|
|
logger *logger.Logger
|
|
}
|
|
|
|
func NewFirewalld(logger *logger.Logger) *Firewalld {
|
|
return &Firewalld{
|
|
logger: logger,
|
|
}
|
|
}
|
|
|
|
func (f *Firewalld) Ban(ip string) error {
|
|
err := validateIP(ip)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
cmd := exec.Command("sudo", "firewall-cmd", "--zone=drop", "--add-source", ip, "--permanent")
|
|
output, err := cmd.CombinedOutput()
|
|
if err != nil {
|
|
f.logger.Error(err.Error())
|
|
return err
|
|
}
|
|
f.logger.Info("Add source " + ip + " " + string(output))
|
|
output, err = exec.Command("sudo", "firewall-cmd", "--reload").CombinedOutput()
|
|
if err != nil {
|
|
f.logger.Error(err.Error())
|
|
return err
|
|
}
|
|
f.logger.Info("Reload " + string(output))
|
|
return nil
|
|
}
|
|
|
|
func (f *Firewalld) Unban(ip string) error {
|
|
err := validateIP(ip)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
cmd := exec.Command("sudo", "firewall-cmd", "--zone=drop", "--remove-source", ip, "--permanent")
|
|
output, err := cmd.CombinedOutput()
|
|
if err != nil {
|
|
f.logger.Error(err.Error())
|
|
return err
|
|
}
|
|
f.logger.Info("Remove source " + ip + " " + string(output))
|
|
output, err = exec.Command("sudo", "firewall-cmd", "--reload").CombinedOutput()
|
|
if err != nil {
|
|
f.logger.Error(err.Error())
|
|
return err
|
|
}
|
|
f.logger.Info("Reload " + string(output))
|
|
return nil
|
|
}
|