Add linux firewalling using nftables

testing
Cole Deck 2 years ago
parent 12f93c04d2
commit 57de86f410

@ -1,8 +1,8 @@
core: core:
autostart: false autostart: true
clockspeed: 20 clockspeed: 20
interval: 10 interval: 10
level: 3 level: 2
localadmin: true localadmin: true
sftp: sftp:
filepath: filepath:

@ -138,6 +138,7 @@ def mainloop(pool):
#print(killme) #print(killme)
if killme.value > 0: if killme.value > 0:
#print("killing") #print("killing")
util.clear_fwll() # clear the firewall rules before shutdown
killall() killall()
#print(res.get(timeout=1)) #print(res.get(timeout=1))
if counter == 0: # runs every INTERVAL if counter == 0: # runs every INTERVAL
@ -205,8 +206,12 @@ def mainloop(pool):
badip = line[4] badip = line[4]
badport = line[5] badport = line[5]
fprint("Firewalling " + badip + ":" + str(badport)) fprint("Firewalling " + badip + ":" + str(badport))
cmd = 'New-NetFirewallRule -DisplayName "IPPigeon Security Rule ' + badip + ':' + str(badport) + '" -Group "IPPigeon" -Direction Outbound -LocalPort Any -Protocol ' + badproto + ' -Action Block -RemoteAddress ' + badip + ' -RemotePort ' + str(badport) if win32:
run_cmd(cmd) cmd = 'New-NetFirewallRule -DisplayName "IPPigeon Security Rule ' + badip + ':' + str(badport) + '" -Group "IPPigeon" -Direction Outbound -LocalPort Any -Protocol ' + badproto + ' -Action Block -RemoteAddress ' + badip + ' -RemotePort ' + str(badport)
run_cmd(cmd)
if linux:
cmd = "nft add rule ip ippigeon output ip daddr " + badip + " " + badproto.lower() + " dport " + str(badport) + " drop"
run_cmd(cmd)
if settings["applyconfig"] == True: if settings["applyconfig"] == True:
@ -284,7 +289,12 @@ if __name__ == '__main__':
# initial setup # initial setup
#netdata_res = pool.apply_async(netstat, callback=netstat_done) #netdata_res = pool.apply_async(netstat, callback=netstat_done)
if linux:
run_cmd("nft delete table ip ippigeon")
run_cmd("nft create table ip ippigeon")
run_cmd("nft add chain ip ippigeon output { type filter hook output priority 0 \; policy accept\; }")
#run_cmd("nft add chain ippigeon filter")
# launch loop - non-blocking! # launch loop - non-blocking!
counter = 0 counter = 0

@ -32,7 +32,7 @@ class TaskBarIcon(wx.adv.TaskBarIcon):
def CreatePopupMenu(self): def CreatePopupMenu(self):
menu = wx.Menu() menu = wx.Menu()
create_menu_item(menu, 'Control Panel', self.on_open) create_menu_item(menu, 'Control Panel', self.on_open)
#create_menu_item(menu, 'Login test', self.on_login) create_menu_item(menu, 'Login test', self.on_login)
menu.AppendSeparator() menu.AppendSeparator()
create_menu_item(menu, 'Exit', self.on_exit) create_menu_item(menu, 'Exit', self.on_exit)
return menu return menu

@ -122,3 +122,5 @@ class Logger(object):
def clear_fwll(): def clear_fwll():
if win32: if win32:
run_cmd('Remove-NetFirewallRule -Group "IPPigeon"') run_cmd('Remove-NetFirewallRule -Group "IPPigeon"')
if linux:
run_cmd("nft delete table ip ippigeon")

Loading…
Cancel
Save