From fdc2c1e0c143e5bb6742d0f2facd8f9c7f7d2b8d Mon Sep 17 00:00:00 2001 From: jfirles Date: Wed, 29 Sep 2021 14:25:24 +0200 Subject: [PATCH 1/3] Added "push" method to insert IP at top of the chain --- go/iptables-api.go | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/go/iptables-api.go b/go/iptables-api.go index 9e575c3..37f137b 100644 --- a/go/iptables-api.go +++ b/go/iptables-api.go @@ -71,6 +71,7 @@ func main() { router := mux.NewRouter() router.HandleFunc("/addip/{ipaddress}", addIPAddress).Methods("GET") + router.HandleFunc("/puship/{ipaddress}", pushIPAddress).Methods("GET") router.HandleFunc("/blockip/{ipaddress}", addIPAddress).Methods("GET") router.HandleFunc("/flushchain", flushChain).Methods("GET") router.HandleFunc("/removeip/{ipaddress}", removeIPAddress).Methods("GET") @@ -196,6 +197,14 @@ func iptableHandle(proto string, task string, ipvar string) (string, error) { } else { return "added", nil } + case "push": + err = ipt.Insert("filter", "APIBANLOCAL", 1, "-s", ipvar, "-d", "0/0", "-j", targetChain) + if err != nil { + log.Println("iptableHandler: error pushing address", err) + return "", err + } else { + return "pushed", nil + } case "delete": err = ipt.DeleteIfExists("filter", "APIBANLOCAL", "-s", ipvar, "-d", "0/0", "-j", targetChain) if err != nil { @@ -218,6 +227,26 @@ func iptableHandle(proto string, task string, ipvar string) (string, error) { } } +func pushIPAddress(w http.ResponseWriter, r *http.Request) { + w.Header().Set("Content-Type", "application/json") + params := mux.Vars(r) + log.Println("processing pushIPAddress", params["ipaddress"]) + + ipType, err := checkIPAddressv4(params["ipaddress"]) + if err != nil { + log.Println(params["ipaddress"], "is not a valid ip address") + http.Error(w, "{\"error\":\"only valid ip addresses supported\"}", http.StatusBadRequest) + return + } + + status, err := iptableHandle(ipType, "push", params["ipaddress"]) + if err != nil { + http.Error(w, "{\"error\":\""+err.Error()+"\"}", http.StatusBadRequest) + } else { + io.WriteString(w, "{\"success\":\""+status+"\"}\n") + } +} + func addIPAddress(w http.ResponseWriter, r *http.Request) { w.Header().Set("Content-Type", "application/json") params := mux.Vars(r) From 83f8a6f97c69e32418f36816bf514dfba78c2237 Mon Sep 17 00:00:00 2001 From: jfirles Date: Thu, 30 Sep 2021 09:38:55 +0200 Subject: [PATCH 2/3] Changes to respect the alphabetical order or the methods and check if the IP is already inserted --- go/iptables-api.go | 31 ++++++++++++++++++++++--------- 1 file changed, 22 insertions(+), 9 deletions(-) diff --git a/go/iptables-api.go b/go/iptables-api.go index 37f137b..a04d8b4 100644 --- a/go/iptables-api.go +++ b/go/iptables-api.go @@ -71,9 +71,9 @@ func main() { router := mux.NewRouter() router.HandleFunc("/addip/{ipaddress}", addIPAddress).Methods("GET") - router.HandleFunc("/puship/{ipaddress}", pushIPAddress).Methods("GET") router.HandleFunc("/blockip/{ipaddress}", addIPAddress).Methods("GET") router.HandleFunc("/flushchain", flushChain).Methods("GET") + router.HandleFunc("/puship/{ipaddress}", pushIPAddress).Methods("GET") router.HandleFunc("/removeip/{ipaddress}", removeIPAddress).Methods("GET") router.HandleFunc("/unblockip/{ipaddress}", removeIPAddress).Methods("GET") router.HandleFunc("/", rAddIPAddress).Methods("POST") @@ -197,14 +197,6 @@ func iptableHandle(proto string, task string, ipvar string) (string, error) { } else { return "added", nil } - case "push": - err = ipt.Insert("filter", "APIBANLOCAL", 1, "-s", ipvar, "-d", "0/0", "-j", targetChain) - if err != nil { - log.Println("iptableHandler: error pushing address", err) - return "", err - } else { - return "pushed", nil - } case "delete": err = ipt.DeleteIfExists("filter", "APIBANLOCAL", "-s", ipvar, "-d", "0/0", "-j", targetChain) if err != nil { @@ -221,6 +213,27 @@ func iptableHandle(proto string, task string, ipvar string) (string, error) { } else { return "flushed", nil } + case "push": + var exists = false + exists, err = ipt.Exists("filter", "APIBANLOCAL", "-s", ipvar, "-d", "0/0", "-j", targetChain) + if err != nil { + log.Println("iptableHandler: error checking if ip already exists", err) + return "error checking if ip already exists in the chain", err + } else { + if exists { + err = errors.New("ip already exists") + log.Println("iptableHandler: ip already exists", err) + return "ip already exists", err + } else { + err = ipt.Insert("filter", "APIBANLOCAL", 1, "-s", ipvar, "-d", "0/0", "-j", targetChain) + } + } + if err != nil { + log.Println("iptableHandler: error pushing address", err) + return "", err + } else { + return "pushed", nil + } default: log.Println("iptableHandler: unknown task") return "", errors.New("unknown task") From 55a9439c1eec1393d842a2bf2ae8fca8c17bd6e9 Mon Sep 17 00:00:00 2001 From: Fred Posner Date: Sat, 2 Oct 2021 12:54:29 -0400 Subject: [PATCH 3/3] modify submitted changes move else check to inside else statement --- go/iptables-api.go | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/go/iptables-api.go b/go/iptables-api.go index a04d8b4..7958fdb 100644 --- a/go/iptables-api.go +++ b/go/iptables-api.go @@ -226,14 +226,14 @@ func iptableHandle(proto string, task string, ipvar string) (string, error) { return "ip already exists", err } else { err = ipt.Insert("filter", "APIBANLOCAL", 1, "-s", ipvar, "-d", "0/0", "-j", targetChain) + if err != nil { + log.Println("iptableHandler: error pushing address", err) + return "", err + } else { + return "pushed", nil + } } } - if err != nil { - log.Println("iptableHandler: error pushing address", err) - return "", err - } else { - return "pushed", nil - } default: log.Println("iptableHandler: unknown task") return "", errors.New("unknown task")