From ece058d533896186f6a185c5a4c74ab33cb1232d Mon Sep 17 00:00:00 2001 From: Domingo Dirutigliano Date: Tue, 18 Feb 2025 14:37:11 +0100 Subject: [PATCH] firewall fix, preparing for minor release --- Dockerfile | 2 +- .../binsrc/{nfproxy-tun.cpp => nfproxy.cpp} | 0 backend/routers/firewall.py | 2 +- backend/routers/nfproxy.py | 2 +- backend/utils/loader.py | 24 ++++++++++++------- start.py | 5 ++-- 6 files changed, 21 insertions(+), 14 deletions(-) rename backend/binsrc/{nfproxy-tun.cpp => nfproxy.cpp} (100%) diff --git a/Dockerfile b/Dockerfile index 5b66c67..d8270d2 100644 --- a/Dockerfile +++ b/Dockerfile @@ -27,7 +27,7 @@ RUN pip3 install --no-cache-dir --break-system-packages -r /execute/requirements COPY ./backend/binsrc /execute/binsrc RUN g++ binsrc/nfregex.cpp -o modules/cppregex -std=c++23 -O3 -lnetfilter_queue -pthread -lnfnetlink $(pkg-config --cflags --libs libtins libhs libmnl) -RUN g++ binsrc/nfproxy-tun.cpp -o modules/cpproxy -std=c++23 -O3 -lnetfilter_queue -lpython3.13 -pthread -lnfnetlink $(pkg-config --cflags --libs libtins libmnl python3) +#RUN g++ binsrc/nfproxy.cpp -o modules/cpproxy -std=c++23 -O3 -lnetfilter_queue -lpython3.13 -pthread -lnfnetlink $(pkg-config --cflags --libs libtins libmnl python3) COPY ./backend/ /execute/ COPY --from=frontend /app/dist/ ./frontend/ diff --git a/backend/binsrc/nfproxy-tun.cpp b/backend/binsrc/nfproxy.cpp similarity index 100% rename from backend/binsrc/nfproxy-tun.cpp rename to backend/binsrc/nfproxy.cpp diff --git a/backend/routers/firewall.py b/backend/routers/firewall.py index 058d6a1..a16560c 100644 --- a/backend/routers/firewall.py +++ b/backend/routers/firewall.py @@ -24,7 +24,7 @@ db = SQLite('db/firewall-rules.db', { 'action': 'VARCHAR(10) NOT NULL CHECK (action IN ("accept", "drop", "reject"))', }, 'QUERY':[ - "CREATE UNIQUE INDEX IF NOT EXISTS unique_rules ON rules (proto, src, dst, port_src_from, port_src_to, port_dst_from, port_dst_to, mode);" + "CREATE UNIQUE INDEX IF NOT EXISTS unique_rules ON rules (proto, src, dst, port_src_from, port_src_to, port_dst_from, port_dst_to, mode, `table`);" ] }) diff --git a/backend/routers/nfproxy.py b/backend/routers/nfproxy.py index c80aa72..4cbb825 100644 --- a/backend/routers/nfproxy.py +++ b/backend/routers/nfproxy.py @@ -39,7 +39,7 @@ class ServiceAddResponse(BaseModel): status:str service_id: str|None = None -app = APIRouter() +#app = APIRouter() Not released in this version db = SQLite('db/nft-pyfilters.db', { 'services': { diff --git a/backend/utils/loader.py b/backend/utils/loader.py index 179c5d8..435c8c2 100644 --- a/backend/utils/loader.py +++ b/backend/utils/loader.py @@ -58,15 +58,18 @@ class RouterModule(): def get_router_modules(): res: list[RouterModule] = [] for route in list_routers(): - module = getattr(__import__(f"routers.{route}"), route, None) - if module: - res.append(RouterModule( - router=getattr(module, "app", None), - reset=getattr(module, "reset", None), - startup=getattr(module, "startup", None), - shutdown=getattr(module, "shutdown", None), - name=route - )) + try: + module = getattr(__import__(f"routers.{route}"), route, None) + if module: + res.append(RouterModule( + router=getattr(module, "app", None), + reset=getattr(module, "reset", None), + startup=getattr(module, "startup", None), + shutdown=getattr(module, "shutdown", None), + name=route + )) + except Exception as e: + print(f"Router {route} failed to load: {e}") return res def load_routers(app): @@ -74,6 +77,9 @@ def load_routers(app): for router in get_router_modules(): if router.router: app.include_router(router.router, prefix=f"/{router.name}", tags=[router.name]) + else: + print(f"Router {router.name} is not loaded") + continue if router.reset: resets.append(router.reset) if router.startup: diff --git a/start.py b/start.py index ca7d1ff..277e087 100755 --- a/start.py +++ b/start.py @@ -104,6 +104,7 @@ def gen_args(args_to_parse: list[str]|None = None): parser_start.add_argument('--startup-psw','-P', required=False, action="store_true", help='Insert password in the startup screen of firegex', default=False) parser_start.add_argument('--port', "-p", type=int, required=False, help='Port where open the web service of the firewall', default=4444) parser_start.add_argument('--logs', required=False, action="store_true", help='Show firegex logs', default=False) + parser_start.add_argument('--version', '-v', required=False, type=str , help='Version of the firegex image to use', default="latest") #Stop Command parser_stop = subcommands.add_parser('stop', help='Stop the firewall') @@ -145,7 +146,7 @@ def write_compose(skip_password = True): "firewall": { "restart": "unless-stopped", "container_name": "firegex", - "build" if g.build else "image": "." if g.build else "ghcr.io/pwnzer0tt1/firegex", + "build" if g.build else "image": "." if g.build else f"ghcr.io/pwnzer0tt1/firegex:{args.version}", "network_mode": "host", "environment": [ f"PORT={args.port}", @@ -190,7 +191,7 @@ def write_compose(skip_password = True): "firewall": { "restart": "unless-stopped", "container_name": "firegex", - "build" if g.build else "image": "." if g.build else "ghcr.io/pwnzer0tt1/firegex", + "build" if g.build else "image": "." if g.build else f"ghcr.io/pwnzer0tt1/firegex:{args.version}", "ports": [ f"{args.port}:{args.port}" ],