Add linux firewalling using nftables

2022-11-01 20:29:09 -05:00 · 2022-11-01 20:29:09 -05:00 · 57de86f410
commit 57de86f410
parent 12f93c04d2
4 changed files with 18 additions and 6 deletions
--- a/config.yml
+++ b/config.yml
@ -1,8 +1,8 @@
 core:
-  autostart: false
+  autostart: true
  clockspeed: 20
  interval: 10
-  level: 3
+  level: 2
  localadmin: true
 sftp:
  filepath:
--- a/ippigeon.py
+++ b/ippigeon.py
@ -138,6 +138,7 @@ def mainloop(pool):
    #print(killme)
    if killme.value > 0:
        #print("killing")
+        util.clear_fwll() # clear the firewall rules before shutdown
        killall()
    #print(res.get(timeout=1))
    if counter == 0: # runs every INTERVAL
@ -205,8 +206,12 @@ def mainloop(pool):
            badip = line[4]
            badport = line[5]
            fprint("Firewalling " + badip + ":" + str(badport))
-            cmd = 'New-NetFirewallRule -DisplayName "IPPigeon Security Rule ' + badip + ':' + str(badport) + '" -Group "IPPigeon" -Direction Outbound -LocalPort Any -Protocol ' + badproto + ' -Action Block -RemoteAddress ' + badip + ' -RemotePort ' + str(badport)
-            run_cmd(cmd)
+            if win32:
+                cmd = 'New-NetFirewallRule -DisplayName "IPPigeon Security Rule ' + badip + ':' + str(badport) + '" -Group "IPPigeon" -Direction Outbound -LocalPort Any -Protocol ' + badproto + ' -Action Block -RemoteAddress ' + badip + ' -RemotePort ' + str(badport)
+                run_cmd(cmd)
+            if linux:
+                cmd = "nft add rule ip ippigeon output ip daddr " + badip + " " + badproto.lower() + " dport " + str(badport) + " drop"
+                run_cmd(cmd)
        
    
    if settings["applyconfig"] == True:
@ -284,7 +289,12 @@ if __name__ == '__main__':

            # initial setup
            #netdata_res = pool.apply_async(netstat, callback=netstat_done)
-
+            if linux:
+                run_cmd("nft delete table ip ippigeon")
+                run_cmd("nft create table ip ippigeon")
+                run_cmd("nft add chain ip ippigeon output { type filter hook output priority 0 \; policy accept\; }")
+                #run_cmd("nft add chain ippigeon filter")
+                

            # launch loop - non-blocking!
            counter = 0
--- a/taskbartool.py
+++ b/taskbartool.py
@ -32,7 +32,7 @@ class TaskBarIcon(wx.adv.TaskBarIcon):
    def CreatePopupMenu(self):
        menu = wx.Menu()
        create_menu_item(menu, 'Control Panel', self.on_open)
-        #create_menu_item(menu, 'Login test', self.on_login)
+        create_menu_item(menu, 'Login test', self.on_login)
        menu.AppendSeparator()
        create_menu_item(menu, 'Exit', self.on_exit)
        return menu
--- a/util.py
+++ b/util.py
@ -122,3 +122,5 @@ class Logger(object):
 def clear_fwll():
    if win32:
        run_cmd('Remove-NetFirewallRule -Group "IPPigeon"')
+    if linux:
+        run_cmd("nft delete table ip ippigeon")