From 57de86f410d908d457abd2f42987e20e30c9253d Mon Sep 17 00:00:00 2001 From: Cole Deck Date: Tue, 1 Nov 2022 20:29:09 -0500 Subject: [PATCH] Add linux firewalling using nftables --- config.yml | 4 ++-- ippigeon.py | 16 +++++++++++++--- taskbartool.py | 2 +- util.py | 2 ++ 4 files changed, 18 insertions(+), 6 deletions(-) diff --git a/config.yml b/config.yml index 62fb355..14ca7d3 100644 --- a/config.yml +++ b/config.yml @@ -1,8 +1,8 @@ core: - autostart: false + autostart: true clockspeed: 20 interval: 10 - level: 3 + level: 2 localadmin: true sftp: filepath: diff --git a/ippigeon.py b/ippigeon.py index 1314a56..20f1f67 100644 --- a/ippigeon.py +++ b/ippigeon.py @@ -138,6 +138,7 @@ def mainloop(pool): #print(killme) if killme.value > 0: #print("killing") + util.clear_fwll() # clear the firewall rules before shutdown killall() #print(res.get(timeout=1)) if counter == 0: # runs every INTERVAL @@ -205,8 +206,12 @@ def mainloop(pool): badip = line[4] badport = line[5] fprint("Firewalling " + badip + ":" + str(badport)) - cmd = 'New-NetFirewallRule -DisplayName "IPPigeon Security Rule ' + badip + ':' + str(badport) + '" -Group "IPPigeon" -Direction Outbound -LocalPort Any -Protocol ' + badproto + ' -Action Block -RemoteAddress ' + badip + ' -RemotePort ' + str(badport) - run_cmd(cmd) + if win32: + cmd = 'New-NetFirewallRule -DisplayName "IPPigeon Security Rule ' + badip + ':' + str(badport) + '" -Group "IPPigeon" -Direction Outbound -LocalPort Any -Protocol ' + badproto + ' -Action Block -RemoteAddress ' + badip + ' -RemotePort ' + str(badport) + run_cmd(cmd) + if linux: + cmd = "nft add rule ip ippigeon output ip daddr " + badip + " " + badproto.lower() + " dport " + str(badport) + " drop" + run_cmd(cmd) if settings["applyconfig"] == True: @@ -284,7 +289,12 @@ if __name__ == '__main__': # initial setup #netdata_res = pool.apply_async(netstat, callback=netstat_done) - + if linux: + run_cmd("nft delete table ip ippigeon") + run_cmd("nft create table ip ippigeon") + run_cmd("nft add chain ip ippigeon output { type filter hook output priority 0 \; policy accept\; }") + #run_cmd("nft add chain ippigeon filter") + # launch loop - non-blocking! counter = 0 diff --git a/taskbartool.py b/taskbartool.py index 54b7278..9ff5daf 100644 --- a/taskbartool.py +++ b/taskbartool.py @@ -32,7 +32,7 @@ class TaskBarIcon(wx.adv.TaskBarIcon): def CreatePopupMenu(self): menu = wx.Menu() create_menu_item(menu, 'Control Panel', self.on_open) - #create_menu_item(menu, 'Login test', self.on_login) + create_menu_item(menu, 'Login test', self.on_login) menu.AppendSeparator() create_menu_item(menu, 'Exit', self.on_exit) return menu diff --git a/util.py b/util.py index d5a992b..de4312c 100644 --- a/util.py +++ b/util.py @@ -122,3 +122,5 @@ class Logger(object): def clear_fwll(): if win32: run_cmd('Remove-NetFirewallRule -Group "IPPigeon"') + if linux: + run_cmd("nft delete table ip ippigeon")