0xb00b5/firegex-traffic-viewer
5
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch 'main' of github.com:Pwnzer0tt1/firegex

Browse Source
This commit is contained in:
Domingo Dirutigliano
2024-02-06 12:50:55 +01:00
parent 9b00e021c6 b2f091cd3d
commit ccde0530b1
3 changed files with 10 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
.github/workflows/docker-image.yml vendored
View File

@@ -11,7 +11,7 @@ env:
jobs: jobs:
build-and-push-image: build-and-push-image:
runs-on: self-hosted runs-on: ubuntu-latest
permissions: permissions:
contents: read contents: read
packages: write packages: write
@@ -20,19 +20,6 @@ jobs:
- name: Checkout repository - name: Checkout repository
uses: actions/checkout@v3 uses: actions/checkout@v3
# - name: init node
# uses: actions/setup-node@v3
# with:
# node-version: 16
# - name: Install dependencies from package.json
# working-directory: ./frontend
# run: npm install
# - name: Build React frontend
# working-directory: ./frontend
# run: npm run build
- name: Set up QEMU - name: Set up QEMU
uses: docker/setup-qemu-action@master uses: docker/setup-qemu-action@master
with: with:
@@ -56,7 +43,7 @@ jobs:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
- name: Build and push Docker image - name: Build and push Docker image
uses: docker/build-push-action@v3 uses: docker/build-push-action@v5
with: with:
context: . context: .
builder: ${{ steps.buildx.outputs.name }} builder: ${{ steps.buildx.outputs.name }}
@@ -64,3 +51,5 @@ jobs:
push: true push: true
tags: ${{ steps.meta.outputs.tags }} tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }} labels: ${{ steps.meta.outputs.labels }}
cache-from: type=gha
cache-to: type=gha,mode=max

4
Dockerfile
View File

@@ -1,4 +1,4 @@
FROM node:18 AS frontend FROM --platform=$BUILDPLATFORM node:18 AS frontend
RUN mkdir /app RUN mkdir /app
WORKDIR /app WORKDIR /app
ADD ./frontend/package.json . ADD ./frontend/package.json .
@@ -9,7 +9,7 @@ RUN npm run build
#Building main conteiner #Building main conteiner
FROM debian:stable-slim as base FROM --platform=$TARGETARCH debian:stable-slim as base
RUN apt-get update -qq && apt-get upgrade -qq RUN apt-get update -qq && apt-get upgrade -qq
RUN apt-get install -qq python3-pip build-essential RUN apt-get install -qq python3-pip build-essential
RUN apt-get install -qq git libpcre2-dev libnetfilter-queue-dev RUN apt-get install -qq git libpcre2-dev libnetfilter-queue-dev

13
README.md
View File

@@ -30,9 +30,12 @@ All the configuration at the startup is customizable in [firegex.py](./start.py)
## Functionalities ## Functionalities
- Regex filtering using [NFQUEUE](https://netfilter.org/projects/libnetfilter_queue/doxygen/html/) with [nftables](https://netfilter.org/projects/nftables/) uses a c++ file that handle the regexes and the requests, blocking the malicius requests. PCRE2 regexes are used. The requests are intercepted kernel side, so this filter works immediatly (IPv4/6 and TCP/UDP supported) - Regex filtering using [NFQUEUE](https://netfilter.org/projects/libnetfilter_queue/doxygen/html/) with [nftables](https://netfilter.org/projects/nftables/) uses a c++ file that handle the regexes and the requests, blocking the malicius requests. PCRE2 regexes are used. The requests are intercepted kernel side, so this filter works immediatly (IPv4/6 and TCP/UDP supported)
- TCP Proxy regex filter, create a proxy tunnel from the service internal port to a public port published by the proxy. Internally the c++ proxy filter the request with PCRE2 regexes. For mantaining the same public port you will need to open only in localhost the real services. (Available only on TCP/IPv4) - Create basic firewall rules to allow and deny specific traffic, like ufw or iptables but using firegex graphic interface (by using [nftable](https://netfilter.org/projects/nftables/))
- Port Hijacking allows you to redirect the traffic on a specific port to another port. Thanks to this you can start your own proxy, connecting to the real service using the loopback interface. Firegex will be resposable about the routing of the packets using internally [nftables](https://netfilter.org/projects/nftables/) - Port Hijacking allows you to redirect the traffic on a specific port to another port. Thanks to this you can start your own proxy, connecting to the real service using the loopback interface. Firegex will be resposable about the routing of the packets using internally [nftables](https://netfilter.org/projects/nftables/)
DEPRECATED:
- TCP Proxy regex filter, create a proxy tunnel from the service internal port to a public port published by the proxy. Internally the c++ proxy filter the request with PCRE2 regexes. For mantaining the same public port you will need to open only in localhost the real services. (Available only on TCP/IPv4)
## Documentation ## Documentation
Find the documentation of the backend and of the frontend in the related README files Find the documentation of the backend and of the frontend in the related README files
@@ -55,11 +58,3 @@ Initiially the project was based only on regex filters, and also now the main fu
# Credits # Credits
- Copyright (c) 2007 Arash Partow (http://www.partow.net) for the base of our proxy implementation - Copyright (c) 2007 Arash Partow (http://www.partow.net) for the base of our proxy implementation
- Copyright (c) 2022 Pwnzer0tt1 - Copyright (c) 2022 Pwnzer0tt1
# TODO:
## Next points
- Add proxy script in different language to use for porthijacking to download
- Explanation about tools in the dedicated pages making them more user-friendly
- Adding new section with "general firewall rules" to manage "simple" TCP traffic rules graphically and through nftables