Merge branch 'main' of github.com:Pwnzer0tt1/firegex

.github/workflows/docker-image.yml

@@ -11,7 +11,7 @@ env:
 
 jobs:
   build-and-push-image:
-    runs-on: self-hosted
+    runs-on: ubuntu-latest
     permissions:
       contents: read
       packages: write
@@ -20,19 +20,6 @@ jobs:
       - name: Checkout repository
         uses: actions/checkout@v3
 
-#      - name: init node
-#        uses: actions/setup-node@v3
-#        with:
-#          node-version: 16
-
-#      - name: Install dependencies from package.json
-#        working-directory: ./frontend
-#        run: npm install
-
-#      - name: Build React frontend
-#        working-directory: ./frontend
-#        run: npm run build
-
       - name: Set up QEMU
         uses: docker/setup-qemu-action@master
         with:
@@ -56,7 +43,7 @@ jobs:
           images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
 
       - name: Build and push Docker image
-        uses: docker/build-push-action@v3
+        uses: docker/build-push-action@v5
         with:
           context: .
           builder: ${{ steps.buildx.outputs.name }}
@@ -64,3 +51,5 @@ jobs:
           push: true
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max

Dockerfile

@@ -1,4 +1,4 @@
-FROM node:18 AS frontend
+FROM --platform=$BUILDPLATFORM node:18 AS frontend
 RUN mkdir /app
 WORKDIR /app
 ADD ./frontend/package.json .
@@ -9,7 +9,7 @@ RUN npm run build
 
 
 #Building main conteiner
-FROM debian:stable-slim as base
+FROM --platform=$TARGETARCH debian:stable-slim as base
 RUN apt-get update -qq && apt-get upgrade -qq
 RUN apt-get install -qq python3-pip build-essential
 RUN apt-get install -qq git libpcre2-dev libnetfilter-queue-dev

README.md

@@ -30,9 +30,12 @@ All the configuration at the startup is customizable in [firegex.py](./start.py)
 ## Functionalities
 
 - Regex filtering using [NFQUEUE](https://netfilter.org/projects/libnetfilter_queue/doxygen/html/) with [nftables](https://netfilter.org/projects/nftables/) uses a c++ file that handle the regexes and the requests, blocking the malicius requests. PCRE2 regexes are used. The requests are intercepted kernel side, so this filter works immediatly (IPv4/6 and TCP/UDP supported)
-- TCP Proxy regex filter, create a proxy tunnel from the service internal port to a public port published by the proxy. Internally the c++ proxy filter the request with PCRE2 regexes. For mantaining the same public port you will need to open only in localhost the real services. (Available only on TCP/IPv4)
+- Create basic firewall rules to allow and deny specific traffic, like ufw or iptables but using firegex graphic interface (by using [nftable](https://netfilter.org/projects/nftables/))
 - Port Hijacking allows you to redirect the traffic on a specific port to another port. Thanks to this you can start your own proxy, connecting to the real service using the loopback interface. Firegex will be resposable about the routing of the packets using internally [nftables](https://netfilter.org/projects/nftables/)
 
+DEPRECATED:
+- TCP Proxy regex filter, create a proxy tunnel from the service internal port to a public port published by the proxy. Internally the c++ proxy filter the request with PCRE2 regexes. For mantaining the same public port you will need to open only in localhost the real services. (Available only on TCP/IPv4)
+
 ## Documentation
 
 Find the documentation of the backend and of the frontend in the related README files
@@ -55,11 +58,3 @@ Initiially the project was based only on regex filters, and also now the main fu
 # Credits 
 - Copyright (c) 2007 Arash Partow (http://www.partow.net) for the base of our proxy implementation
 - Copyright (c) 2022 Pwnzer0tt1
-
-# TODO:
-
-## Next points
-
-- Add proxy script in different language to use for porthijacking to download
-- Explanation about tools in the dedicated pages making them more user-friendly
-- Adding new section with "general firewall rules" to manage "simple" TCP traffic rules graphically and through nftables