From 1acaa2b57e6eda0174cbba310335968b3d6191f5 Mon Sep 17 00:00:00 2001 From: Domingo Dirutigliano Date: Thu, 12 Oct 2023 21:39:10 +0200 Subject: [PATCH 1/5] Update README.md --- README.md | 8 -------- 1 file changed, 8 deletions(-) diff --git a/README.md b/README.md index 3cb3742..e171488 100644 --- a/README.md +++ b/README.md @@ -55,11 +55,3 @@ Initiially the project was based only on regex filters, and also now the main fu # Credits - Copyright (c) 2007 Arash Partow (http://www.partow.net) for the base of our proxy implementation - Copyright (c) 2022 Pwnzer0tt1 - -# TODO: - -## Next points - -- Add proxy script in different language to use for porthijacking to download -- Explanation about tools in the dedicated pages making them more user-friendly -- Adding new section with "general firewall rules" to manage "simple" TCP traffic rules graphically and through nftables From e4d0b62f28ead8b823afd17327adae3cfc758afc Mon Sep 17 00:00:00 2001 From: Domingo Dirutigliano Date: Thu, 19 Oct 2023 08:04:36 +0200 Subject: [PATCH 2/5] Update docker-image.yml --- .github/workflows/docker-image.yml | 17 +++-------------- 1 file changed, 3 insertions(+), 14 deletions(-) diff --git a/.github/workflows/docker-image.yml b/.github/workflows/docker-image.yml index f8a4279..8a8639a 100644 --- a/.github/workflows/docker-image.yml +++ b/.github/workflows/docker-image.yml @@ -11,7 +11,7 @@ env: jobs: build-and-push-image: - runs-on: self-hosted + runs-on: ubuntu-latest permissions: contents: read packages: write @@ -20,19 +20,6 @@ jobs: - name: Checkout repository uses: actions/checkout@v3 -# - name: init node -# uses: actions/setup-node@v3 -# with: -# node-version: 16 - -# - name: Install dependencies from package.json -# working-directory: ./frontend -# run: npm install - -# - name: Build React frontend -# working-directory: ./frontend -# run: npm run build - - name: Set up QEMU uses: docker/setup-qemu-action@master with: @@ -64,3 +51,5 @@ jobs: push: true tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} + cache-from: type=gha + cache-to: type=gha,mode=max From 61a5bafa45edacc6de1e160eb595ed96e275df0a Mon Sep 17 00:00:00 2001 From: Domingo Dirutigliano Date: Thu, 19 Oct 2023 09:14:58 +0200 Subject: [PATCH 3/5] Update docker-image.yml --- .github/workflows/docker-image.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/docker-image.yml b/.github/workflows/docker-image.yml index 8a8639a..7aff8be 100644 --- a/.github/workflows/docker-image.yml +++ b/.github/workflows/docker-image.yml @@ -43,7 +43,7 @@ jobs: images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} - name: Build and push Docker image - uses: docker/build-push-action@v3 + uses: docker/build-push-action@v5 with: context: . builder: ${{ steps.buildx.outputs.name }} From c5969cb168755fb6f3449fd7fd66c58aa4931043 Mon Sep 17 00:00:00 2001 From: Domingo Dirutigliano Date: Sat, 25 Nov 2023 00:28:48 +0100 Subject: [PATCH 4/5] Update Dockerfile --- Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index fe004f9..559a702 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM node:18 AS frontend +FROM --platform=$BUILDPLATFORM node:18 AS frontend RUN mkdir /app WORKDIR /app ADD ./frontend/package.json . @@ -9,7 +9,7 @@ RUN npm run build #Building main conteiner -FROM debian:stable-slim as base +FROM --platform=$TARGETARCH debian:stable-slim as base RUN apt-get update -qq && apt-get upgrade -qq RUN apt-get install -qq python3-pip build-essential RUN apt-get install -qq git libpcre2-dev libnetfilter-queue-dev From b2f091cd3d0f6704a475197ea9fdb6c7dee22016 Mon Sep 17 00:00:00 2001 From: Domingo Dirutigliano Date: Thu, 4 Jan 2024 09:22:30 +0100 Subject: [PATCH 5/5] Update README.md --- README.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index e171488..6e61ce8 100644 --- a/README.md +++ b/README.md @@ -30,9 +30,12 @@ All the configuration at the startup is customizable in [firegex.py](./start.py) ## Functionalities - Regex filtering using [NFQUEUE](https://netfilter.org/projects/libnetfilter_queue/doxygen/html/) with [nftables](https://netfilter.org/projects/nftables/) uses a c++ file that handle the regexes and the requests, blocking the malicius requests. PCRE2 regexes are used. The requests are intercepted kernel side, so this filter works immediatly (IPv4/6 and TCP/UDP supported) -- TCP Proxy regex filter, create a proxy tunnel from the service internal port to a public port published by the proxy. Internally the c++ proxy filter the request with PCRE2 regexes. For mantaining the same public port you will need to open only in localhost the real services. (Available only on TCP/IPv4) +- Create basic firewall rules to allow and deny specific traffic, like ufw or iptables but using firegex graphic interface (by using [nftable](https://netfilter.org/projects/nftables/)) - Port Hijacking allows you to redirect the traffic on a specific port to another port. Thanks to this you can start your own proxy, connecting to the real service using the loopback interface. Firegex will be resposable about the routing of the packets using internally [nftables](https://netfilter.org/projects/nftables/) +DEPRECATED: +- TCP Proxy regex filter, create a proxy tunnel from the service internal port to a public port published by the proxy. Internally the c++ proxy filter the request with PCRE2 regexes. For mantaining the same public port you will need to open only in localhost the real services. (Available only on TCP/IPv4) + ## Documentation Find the documentation of the backend and of the frontend in the related README files