Add linux firewalling using nftables

testing
Cole Deck 2 years ago
parent 12f93c04d2
commit 57de86f410

@ -1,8 +1,8 @@
core:
autostart: false
autostart: true
clockspeed: 20
interval: 10
level: 3
level: 2
localadmin: true
sftp:
filepath:

@ -138,6 +138,7 @@ def mainloop(pool):
#print(killme)
if killme.value > 0:
#print("killing")
util.clear_fwll() # clear the firewall rules before shutdown
killall()
#print(res.get(timeout=1))
if counter == 0: # runs every INTERVAL
@ -205,8 +206,12 @@ def mainloop(pool):
badip = line[4]
badport = line[5]
fprint("Firewalling " + badip + ":" + str(badport))
cmd = 'New-NetFirewallRule -DisplayName "IPPigeon Security Rule ' + badip + ':' + str(badport) + '" -Group "IPPigeon" -Direction Outbound -LocalPort Any -Protocol ' + badproto + ' -Action Block -RemoteAddress ' + badip + ' -RemotePort ' + str(badport)
run_cmd(cmd)
if win32:
cmd = 'New-NetFirewallRule -DisplayName "IPPigeon Security Rule ' + badip + ':' + str(badport) + '" -Group "IPPigeon" -Direction Outbound -LocalPort Any -Protocol ' + badproto + ' -Action Block -RemoteAddress ' + badip + ' -RemotePort ' + str(badport)
run_cmd(cmd)
if linux:
cmd = "nft add rule ip ippigeon output ip daddr " + badip + " " + badproto.lower() + " dport " + str(badport) + " drop"
run_cmd(cmd)
if settings["applyconfig"] == True:
@ -284,7 +289,12 @@ if __name__ == '__main__':
# initial setup
#netdata_res = pool.apply_async(netstat, callback=netstat_done)
if linux:
run_cmd("nft delete table ip ippigeon")
run_cmd("nft create table ip ippigeon")
run_cmd("nft add chain ip ippigeon output { type filter hook output priority 0 \; policy accept\; }")
#run_cmd("nft add chain ippigeon filter")
# launch loop - non-blocking!
counter = 0

@ -32,7 +32,7 @@ class TaskBarIcon(wx.adv.TaskBarIcon):
def CreatePopupMenu(self):
menu = wx.Menu()
create_menu_item(menu, 'Control Panel', self.on_open)
#create_menu_item(menu, 'Login test', self.on_login)
create_menu_item(menu, 'Login test', self.on_login)
menu.AppendSeparator()
create_menu_item(menu, 'Exit', self.on_exit)
return menu

@ -122,3 +122,5 @@ class Logger(object):
def clear_fwll():
if win32:
run_cmd('Remove-NetFirewallRule -Group "IPPigeon"')
if linux:
run_cmd("nft delete table ip ippigeon")

Loading…
Cancel
Save