diff --git a/go/go.mod b/go/go.mod new file mode 100644 index 0000000..dacea14 --- /dev/null +++ b/go/go.mod @@ -0,0 +1,11 @@ +module iptables-api + +go 1.20 + +require ( + github.com/coreos/go-iptables v0.6.0 + github.com/gorilla/mux v1.8.0 + github.com/palner/pgrtools/pgparse v0.0.0-20230406203454-d294939a547a +) + +require github.com/google/uuid v1.3.0 // indirect diff --git a/go/go.sum b/go/go.sum new file mode 100644 index 0000000..8818dbc --- /dev/null +++ b/go/go.sum @@ -0,0 +1,8 @@ +github.com/coreos/go-iptables v0.6.0 h1:is9qnZMPYjLd8LYqmm/qlE+wwEgJIkTYdhV3rfZo4jk= +github.com/coreos/go-iptables v0.6.0/go.mod h1:Qe8Bv2Xik5FyTXwgIbLAnv2sWSBmvWdFETJConOQ//Q= +github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I= +github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/gorilla/mux v1.8.0 h1:i40aqfkR1h2SlN9hojwV5ZA91wcXFOvkdNIeFDP5koI= +github.com/gorilla/mux v1.8.0/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So= +github.com/palner/pgrtools/pgparse v0.0.0-20230406203454-d294939a547a h1:38zFTgn6v/aPLrznjPh/XzM8rHO3l3wsG1Q5GqRR9Zs= +github.com/palner/pgrtools/pgparse v0.0.0-20230406203454-d294939a547a/go.mod h1:ZQpiF4IXKiMknR31FX1tFYu4DGjtN+VZEHYuWgzs7Ok= diff --git a/go/iptables-api.go b/go/iptables-api.go index 14d688a..8c501b8 100644 --- a/go/iptables-api.go +++ b/go/iptables-api.go @@ -37,12 +37,14 @@ import ( "github.com/palner/pgrtools/pgparse" ) +var APIport string var logFile string +var chainName string var targetChain string -var APIport string func init() { flag.StringVar(&targetChain, "target", "REJECT", "target chain for matching entries") + flag.StringVar(&chainName, "chain", "APIBANLOCAL", "chain name for entries") flag.StringVar(&logFile, "log", "/var/log/iptables-api.log", "location of log file or - for stdout") flag.StringVar(&APIport, "port", "8082", "port to listen on") } @@ -133,34 +135,33 @@ func initializeIPTables(ipt *iptables.IPTables) (string, error) { return "error", errors.New("iptables does not contain expected FORWARD chain") } - // Search for APIBAN in IPTABLES - chain = "APIBANLOCAL" - if contains(originaListChain, chain) { - // APIBAN chain already exists + // Search for chainName in IPTABLES + if contains(originaListChain, chainName) { + // chainName already exists return "chain exists", nil } - log.Print("IPTABLES doesn't contain APIBANLOCAL. Creating now...") + log.Print("IPTABLES doesn't contain " + chainName + ". Creating now...") - // Add APIBAN chain - err = ipt.ClearChain("filter", chain) + // Add chain + err = ipt.ClearChain("filter", chainName) if err != nil { - return "error", fmt.Errorf("failed to clear APIBANLOCAL chain: %w", err) + return "error", fmt.Errorf("failed to clear chain: %w", err) } - // Add APIBAN chain to INPUT - err = ipt.Insert("filter", "INPUT", 1, "-j", chain) + // Add chainName to INPUT + err = ipt.Insert("filter", "INPUT", 1, "-j", chainName) if err != nil { - return "error", fmt.Errorf("failed to add APIBANLOCAL chain to INPUT chain: %w", err) + return "error", fmt.Errorf("failed to add chain to INPUT chain: %w", err) } - // Add APIBAN chain to FORWARD - err = ipt.Insert("filter", "FORWARD", 1, "-j", chain) + // Add chain to FORWARD + err = ipt.Insert("filter", "FORWARD", 1, "-j", chainName) if err != nil { - return "error", fmt.Errorf("failed to add APIBANLOCAL chain to FORWARD chain: %w", err) + return "error", fmt.Errorf("failed to add chain to FORWARD chain: %w", err) } - return "chain created", nil + return chainName + " created", nil } func iptableHandle(proto string, task string, ipvar string) (string, error) { @@ -189,7 +190,7 @@ func iptableHandle(proto string, task string, ipvar string) (string, error) { switch task { case "add": - err = ipt.AppendUnique("filter", "APIBANLOCAL", "-s", ipvar, "-d", "0/0", "-j", targetChain) + err = ipt.AppendUnique("filter", chainName, "-s", ipvar, "-d", "0/0", "-j", targetChain) if err != nil { log.Println("iptableHandler: error adding address", err) return "", err @@ -197,7 +198,7 @@ func iptableHandle(proto string, task string, ipvar string) (string, error) { return "added", nil } case "delete": - err = ipt.DeleteIfExists("filter", "APIBANLOCAL", "-s", ipvar, "-d", "0/0", "-j", targetChain) + err = ipt.DeleteIfExists("filter", chainName, "-s", ipvar, "-d", "0/0", "-j", targetChain) if err != nil { log.Println("iptableHandler: error removing address", err) return "", err @@ -205,7 +206,7 @@ func iptableHandle(proto string, task string, ipvar string) (string, error) { return "deleted", nil } case "flush": - err = ipt.ClearChain("filter", "APIBANLOCAL") + err = ipt.ClearChain("filter", chainName) if err != nil { log.Println("iptableHandler:", proto, err) return "", err @@ -214,7 +215,7 @@ func iptableHandle(proto string, task string, ipvar string) (string, error) { } case "push": var exists = false - exists, err = ipt.Exists("filter", "APIBANLOCAL", "-s", ipvar, "-d", "0/0", "-j", targetChain) + exists, err = ipt.Exists("filter", chainName, "-s", ipvar, "-d", "0/0", "-j", targetChain) if err != nil { log.Println("iptableHandler: error checking if ip already exists", err) return "error checking if ip already exists in the chain", err @@ -224,7 +225,7 @@ func iptableHandle(proto string, task string, ipvar string) (string, error) { log.Println("iptableHandler: ip already exists", err) return "ip already exists", err } else { - err = ipt.Insert("filter", "APIBANLOCAL", 1, "-s", ipvar, "-d", "0/0", "-j", targetChain) + err = ipt.Insert("filter", chainName, 1, "-s", ipvar, "-d", "0/0", "-j", targetChain) if err != nil { log.Println("iptableHandler: error pushing address", err) return "", err diff --git a/iptables-api b/iptables-api index 88da0e7..b56e6ce 100755 Binary files a/iptables-api and b/iptables-api differ diff --git a/iptables-api-arm b/iptables-api-arm index 8e9af59..98d15ed 100755 Binary files a/iptables-api-arm and b/iptables-api-arm differ