diff --git a/.dockerignore b/.dockerignore old mode 100755 new mode 100644 diff --git a/.gitignore b/.gitignore old mode 100755 new mode 100644 diff --git a/Dockerfile b/Dockerfile old mode 100755 new mode 100644 diff --git a/backend/app.py b/backend/app.py index bb6efbb..a4651fa 100644 --- a/backend/app.py +++ b/backend/app.py @@ -7,12 +7,18 @@ from jose import jwt from passlib.context import CryptContext from fastapi_socketio import SocketManager from utils.sqlite import SQLite -from utils import API_VERSION, FIREGEX_PORT, JWT_ALGORITHM, get_interfaces, refresh_frontend, DEBUG +from utils import API_VERSION, FIREGEX_PORT, JWT_ALGORITHM, get_interfaces, refresh_frontend, DEBUG, SysctlManager from utils.loader import frontend_deploy, load_routers from utils.models import ChangePasswordModel, IpInterface, PasswordChangeForm, PasswordForm, ResetRequest, StatusModel, StatusMessageModel # DB init db = SQLite('db/firegex.db') +sysctl = SysctlManager({ + "net.ipv4.conf.all.forwarding": True, + "net.ipv6.conf.all.forwarding": True, + "net.ipv4.conf.all.route_localnet": True, + "net.ipv4.ip_forward": True +}) oauth2_scheme = OAuth2PasswordBearer(tokenUrl="/api/login", auto_error=False) crypto = CryptContext(schemes=["bcrypt"], deprecated="auto") @@ -114,6 +120,7 @@ async def startup_event(): db.init() if os.getenv("HEX_SET_PSW"): set_psw(bytes.fromhex(os.getenv("HEX_SET_PSW")).decode()) + sysctl.set() await startup() if not JWT_SECRET(): db.put("secret", secrets.token_hex(32)) await refresh_frontend() @@ -121,6 +128,7 @@ async def startup_event(): @app.on_event("shutdown") async def shutdown_event(): await shutdown() + sysctl.reset() db.disconnect() @api.post('/reset', response_model=StatusMessageModel) @@ -130,6 +138,7 @@ async def reset_firegex(form: ResetRequest): db.delete() db.init() db.put("secret", secrets.token_hex(32)) + sysctl.set() await reset(form) await refresh_frontend() return {'status': 'ok'} diff --git a/backend/modules/regexproxy/proxy.py b/backend/modules/regexproxy/proxy.py old mode 100755 new mode 100644 diff --git a/backend/requirements.txt b/backend/requirements.txt old mode 100755 new mode 100644 diff --git a/backend/utils/__init__.py b/backend/utils/__init__.py old mode 100755 new mode 100644 index 052be3f..dfd8ca5 --- a/backend/utils/__init__.py +++ b/backend/utils/__init__.py @@ -29,6 +29,34 @@ def refactor_name(name:str): while " " in name: name = name.replace(" "," ") return name +class SysctlManager: + def __init__(self, ctl_table): + self.old_table = {} + self.new_table = {} + if os.path.isdir("/sys_host/"): + self.old_table = dict() + self.new_table = dict(ctl_table) + for name in ctl_table.keys(): + self.old_table[name] = read_sysctl(name) + + def write_table(self, table): + for name, value in table.items(): + write_sysctl(name, value) + + def set(self): + self.write_table(self.new_table) + + def reset(self): + self.write_table(self.old_table) + +def read_sysctl(name:str): + with open(f"/sys_host/{name}", "rt") as f: + return "1" in f.read() + +def write_sysctl(name:str, value:bool): + with open(f"/sys_host/{name}", "wt") as f: + f.write("1" if value else "0") + def list_files(mypath): from os import listdir from os.path import isfile, join @@ -105,4 +133,4 @@ class NFTableManager(Singleton): def raw_list(self): return self.cmd({"list": {"ruleset": None}})["nftables"] - \ No newline at end of file + diff --git a/docs/FiregexLogo.png b/docs/FiregexLogo.png old mode 100755 new mode 100644 diff --git a/frontend/README.md b/frontend/README.md old mode 100755 new mode 100644 diff --git a/frontend/globals.d.ts b/frontend/globals.d.ts old mode 100755 new mode 100644 diff --git a/frontend/package-lock.json b/frontend/package-lock.json old mode 100755 new mode 100644 diff --git a/frontend/package.json b/frontend/package.json old mode 100755 new mode 100644 diff --git a/frontend/public/android-chrome-192x192.png b/frontend/public/android-chrome-192x192.png old mode 100755 new mode 100644 diff --git a/frontend/public/android-chrome-512x512.png b/frontend/public/android-chrome-512x512.png old mode 100755 new mode 100644 diff --git a/frontend/public/apple-touch-icon.png b/frontend/public/apple-touch-icon.png old mode 100755 new mode 100644 diff --git a/frontend/public/favicon-16x16.png b/frontend/public/favicon-16x16.png old mode 100755 new mode 100644 diff --git a/frontend/public/favicon-32x32.png b/frontend/public/favicon-32x32.png old mode 100755 new mode 100644 diff --git a/frontend/public/favicon.ico b/frontend/public/favicon.ico old mode 100755 new mode 100644 diff --git a/frontend/public/header-logo.png b/frontend/public/header-logo.png old mode 100755 new mode 100644 diff --git a/frontend/public/index.html b/frontend/public/index.html old mode 100755 new mode 100644 diff --git a/frontend/public/robots.txt b/frontend/public/robots.txt old mode 100755 new mode 100644 diff --git a/frontend/public/site.webmanifest b/frontend/public/site.webmanifest old mode 100755 new mode 100644 diff --git a/frontend/src/App.tsx b/frontend/src/App.tsx old mode 100755 new mode 100644 diff --git a/frontend/src/_vars.scss b/frontend/src/_vars.scss old mode 100755 new mode 100644 diff --git a/frontend/src/components/AddNewRegex.tsx b/frontend/src/components/AddNewRegex.tsx old mode 100755 new mode 100644 diff --git a/frontend/src/components/FilterTypeSelector.tsx b/frontend/src/components/FilterTypeSelector.tsx old mode 100755 new mode 100644 diff --git a/frontend/src/components/Footer/index.module.scss b/frontend/src/components/Footer/index.module.scss old mode 100755 new mode 100644 diff --git a/frontend/src/components/Footer/index.tsx b/frontend/src/components/Footer/index.tsx old mode 100755 new mode 100644 diff --git a/frontend/src/components/Header/index.module.scss b/frontend/src/components/Header/index.module.scss old mode 100755 new mode 100644 diff --git a/frontend/src/components/Header/index.tsx b/frontend/src/components/Header/index.tsx old mode 100755 new mode 100644 diff --git a/frontend/src/components/MainLayout.tsx b/frontend/src/components/MainLayout.tsx old mode 100755 new mode 100644 diff --git a/frontend/src/components/NFRegex/AddNewService.tsx b/frontend/src/components/NFRegex/AddNewService.tsx old mode 100755 new mode 100644 diff --git a/frontend/src/components/NFRegex/ServiceRow/index.module.scss b/frontend/src/components/NFRegex/ServiceRow/index.module.scss old mode 100755 new mode 100644 diff --git a/frontend/src/components/NFRegex/ServiceRow/index.tsx b/frontend/src/components/NFRegex/ServiceRow/index.tsx old mode 100755 new mode 100644 diff --git a/frontend/src/components/NFRegex/utils.ts b/frontend/src/components/NFRegex/utils.ts old mode 100755 new mode 100644 diff --git a/frontend/src/components/PortHijack/AddNewService.tsx b/frontend/src/components/PortHijack/AddNewService.tsx old mode 100755 new mode 100644 diff --git a/frontend/src/components/PortHijack/ServiceRow/index.module.scss b/frontend/src/components/PortHijack/ServiceRow/index.module.scss old mode 100755 new mode 100644 diff --git a/frontend/src/components/PortHijack/ServiceRow/index.tsx b/frontend/src/components/PortHijack/ServiceRow/index.tsx old mode 100755 new mode 100644 diff --git a/frontend/src/components/PortHijack/utils.ts b/frontend/src/components/PortHijack/utils.ts old mode 100755 new mode 100644 diff --git a/frontend/src/components/RegexProxy/AddNewService.tsx b/frontend/src/components/RegexProxy/AddNewService.tsx old mode 100755 new mode 100644 diff --git a/frontend/src/components/RegexProxy/ServiceRow/ChangePortModal.tsx b/frontend/src/components/RegexProxy/ServiceRow/ChangePortModal.tsx old mode 100755 new mode 100644 diff --git a/frontend/src/components/RegexProxy/ServiceRow/ServiceRow.module.scss b/frontend/src/components/RegexProxy/ServiceRow/ServiceRow.module.scss old mode 100755 new mode 100644 diff --git a/frontend/src/components/RegexProxy/ServiceRow/index.tsx b/frontend/src/components/RegexProxy/ServiceRow/index.tsx old mode 100755 new mode 100644 diff --git a/frontend/src/components/RegexView/index.module.scss b/frontend/src/components/RegexView/index.module.scss old mode 100755 new mode 100644 diff --git a/frontend/src/components/RegexView/index.tsx b/frontend/src/components/RegexView/index.tsx old mode 100755 new mode 100644 diff --git a/frontend/src/components/YesNoModal.tsx b/frontend/src/components/YesNoModal.tsx old mode 100755 new mode 100644 diff --git a/frontend/src/index.scss b/frontend/src/index.scss old mode 100755 new mode 100644 diff --git a/frontend/src/index.tsx b/frontend/src/index.tsx old mode 100755 new mode 100644 diff --git a/frontend/src/js/utils.tsx b/frontend/src/js/utils.tsx old mode 100755 new mode 100644 diff --git a/frontend/src/pages/NFRegex/ServiceDetails.tsx b/frontend/src/pages/NFRegex/ServiceDetails.tsx old mode 100755 new mode 100644 diff --git a/frontend/src/pages/NFRegex/index.tsx b/frontend/src/pages/NFRegex/index.tsx old mode 100755 new mode 100644 diff --git a/frontend/src/pages/PortHijack/index.tsx b/frontend/src/pages/PortHijack/index.tsx old mode 100755 new mode 100644 diff --git a/frontend/src/pages/RegexProxy/ServiceDetails.tsx b/frontend/src/pages/RegexProxy/ServiceDetails.tsx old mode 100755 new mode 100644 diff --git a/frontend/src/pages/RegexProxy/index.tsx b/frontend/src/pages/RegexProxy/index.tsx old mode 100755 new mode 100644 diff --git a/frontend/src/react-app-env.d.ts b/frontend/src/react-app-env.d.ts old mode 100755 new mode 100644 diff --git a/frontend/tsconfig.json b/frontend/tsconfig.json old mode 100755 new mode 100644 diff --git a/start.py b/start.py old mode 100755 new mode 100644 index a4fc9e0..cff171c --- a/start.py +++ b/start.py @@ -4,6 +4,7 @@ import argparse, sys, platform, os, multiprocessing, subprocess, getpass pref = "\033[" reset = f"{pref}0m" +composefile = "firegex-compose.yml" class colors: black = "30m" @@ -72,6 +73,65 @@ args = parser.parse_args() os.chdir(os.path.dirname(os.path.realpath(__file__))) run_checks() +def write_compose(psw_set=None): + with open(composefile,"wt") as compose: + + if "linux" in sys.platform and not 'microsoft-standard' in platform.uname().release: #Check if not is a wsl also + compose.write(f""" +version: '3.9' + +services: + firewall: + restart: unless-stopped + container_name: firegex + {"build: ." if args.build else "image: ghcr.io/pwnzer0tt1/firegex"} + network_mode: "host" + environment: + - PORT={args.port} + - NTHREADS={args.threads} + {"- HEX_SET_PSW="+psw_set.encode().hex() if psw_set else ""} + volumes: + - /execute/db + - type: bind + source: /proc/sys/net/ipv4/conf/all/route_localnet + target: /sys_host/net.ipv4.conf.all.route_localnet + - type: bind + source: /proc/sys/net/ipv4/ip_forward + target: /sys_host/net.ipv4.ip_forward + - type: bind + source: /proc/sys/net/ipv4/conf/all/forwarding + target: /sys_host/net.ipv4.conf.all.forwarding + - type: bind + source: /proc/sys/net/ipv6/conf/all/forwarding + target: /sys_host/net.ipv6.conf.all.forwarding + cap_add: + - NET_ADMIN +""") + + else: + sep() + puts("--- WARNING ---", color=colors.yellow) + puts("You are not in a linux machine, due to docker limitation on other platform, the firewall will not work in this machine. You will only see the interface of firegex.", color=colors.red) + compose.write(f""" +version: '3.9' + +services: + firewall: + restart: unless-stopped + container_name: firegex + {"build: ." if args.build else "image: ghcr.io/pwnzer0tt1/firegex"} + ports: + - {args.port}:{args.port} + environment: + - PORT={args.port} + - NTHREADS={args.threads} + {"- HEX_SET_PSW="+psw_set.encode().hex() if psw_set else ""} + volumes: + - /execute/db + cap_add: + - NET_ADMIN +""") + start_operation = not (args.stop or args.restart) if args.build and not os.path.isfile("./Dockerfile"): @@ -81,9 +141,12 @@ if args.build and not os.path.isfile("./Dockerfile"): if args.threads < 1: args.threads = multiprocessing.cpu_count() -if start_operation: +if start_operation and (not args.build or args.keep): if check_if_exists("docker ps --filter 'name=^firegex$' --no-trunc | grep firegex"): - puts("Firegex is already running! use --help to see options useful to manage firegex execution", color=colors.yellow) + if args.keep: + write_compose() + else: + puts("Firegex is already running! use --help to see options useful to manage firegex execution", color=colors.yellow) exit() sep() puts(f"Firegex", color=colors.yellow, end="") @@ -105,53 +168,8 @@ if start_operation: else: break -composefile = "firegex-compose.yml" +write_compose(psw_set) -with open(composefile,"wt") as compose: - - if "linux" in sys.platform and not 'microsoft-standard' in platform.uname().release: #Check if not is a wsl also - compose.write(f""" -version: '3.9' - -services: - firewall: - restart: unless-stopped - container_name: firegex - {"build: ." if args.build else "image: ghcr.io/pwnzer0tt1/firegex"} - network_mode: "host" - environment: - - PORT={args.port} - - NTHREADS={args.threads} - {"- HEX_SET_PSW="+psw_set.encode().hex() if psw_set else ""} - volumes: - - /execute/db - cap_add: - - NET_ADMIN -""") - - else: - sep() - puts("--- WARNING ---", color=colors.yellow) - puts("You are not in a linux machine, due to docker limitation on other platform, the firewall will not work in this machine. You will only see the interface of firegex.", color=colors.red) - compose.write(f""" -version: '3.9' - -services: - firewall: - restart: unless-stopped - container_name: firegex - {"build: ." if args.build else "image: ghcr.io/pwnzer0tt1/firegex"} - ports: - - {args.port}:{args.port} - environment: - - PORT={args.port} - - NTHREADS={args.threads} - {"- HEX_SET_PSW="+psw_set.encode().hex() if psw_set else ""} - volumes: - - /execute/db - cap_add: - - NET_ADMIN -""") sep() if not args.no_autostart: try: diff --git a/tests/api_test.py b/tests/api_test.py old mode 100755 new mode 100644 diff --git a/tests/benchmark.py b/tests/benchmark.py old mode 100755 new mode 100644 diff --git a/tests/nf_test.py b/tests/nf_test.py old mode 100755 new mode 100644 diff --git a/tests/ph_test.py b/tests/ph_test.py old mode 100755 new mode 100644 diff --git a/tests/px_test.py b/tests/px_test.py old mode 100755 new mode 100644 diff --git a/tests/run_tests.sh b/tests/run_tests.sh old mode 100755 new mode 100644