firewall fix, preparing for minor release

2025-02-18 14:37:11 +01:00
parent 5fd518ed9c
commit ece058d533
6 changed files with 21 additions and 14 deletions
--- a/2
+++ b/2
@@ -27,7 +27,7 @@ RUN pip3 install --no-cache-dir --break-system-packages -r /execute/requirements

 COPY ./backend/binsrc /execute/binsrc
 RUN g++ binsrc/nfregex.cpp -o modules/cppregex -std=c++23 -O3 -lnetfilter_queue -pthread -lnfnetlink $(pkg-config --cflags --libs libtins libhs libmnl)
-RUN g++ binsrc/nfproxy-tun.cpp -o modules/cpproxy -std=c++23 -O3 -lnetfilter_queue -lpython3.13 -pthread -lnfnetlink $(pkg-config --cflags --libs libtins libmnl python3)
+#RUN g++ binsrc/nfproxy.cpp -o modules/cpproxy -std=c++23 -O3 -lnetfilter_queue -lpython3.13 -pthread -lnfnetlink $(pkg-config --cflags --libs libtins libmnl python3)

 COPY ./backend/ /execute/
 COPY --from=frontend /app/dist/ ./frontend/
--- a/backend/binsrc/nfproxy-tun.cpp
+++ b/backend/binsrc/nfproxy-tun.cpp
--- a/backend/routers/firewall.py
+++ b/backend/routers/firewall.py
@@ -24,7 +24,7 @@ db = SQLite('db/firewall-rules.db', {
        'action': 'VARCHAR(10) NOT NULL CHECK (action IN ("accept", "drop", "reject"))',
    },
    'QUERY':[
-        "CREATE UNIQUE INDEX IF NOT EXISTS unique_rules ON rules (proto, src, dst, port_src_from, port_src_to, port_dst_from, port_dst_to, mode);"
+        "CREATE UNIQUE INDEX IF NOT EXISTS unique_rules ON rules (proto, src, dst, port_src_from, port_src_to, port_dst_from, port_dst_to, mode, `table`);"
    ]
 })

--- a/backend/routers/nfproxy.py
+++ b/backend/routers/nfproxy.py
@@ -39,7 +39,7 @@ class ServiceAddResponse(BaseModel):
    status:str
    service_id: str|None = None

-app = APIRouter()
+#app = APIRouter() Not released in this version

 db = SQLite('db/nft-pyfilters.db', {
    'services': {
--- a/backend/utils/loader.py
+++ b/backend/utils/loader.py
@@ -58,6 +58,7 @@ class RouterModule():
 def get_router_modules():
    res: list[RouterModule] = []
    for route in list_routers():
+        try:
            module = getattr(__import__(f"routers.{route}"), route, None)
            if module:
                res.append(RouterModule(
@@ -67,6 +68,8 @@ def get_router_modules():
                    shutdown=getattr(module, "shutdown", None),
                    name=route
                ))
+        except Exception as e:
+            print(f"Router {route} failed to load: {e}")
    return res

 def load_routers(app):
@@ -74,6 +77,9 @@ def load_routers(app):
    for router in get_router_modules():
        if router.router:
            app.include_router(router.router, prefix=f"/{router.name}", tags=[router.name])
+        else:
+            print(f"Router {router.name} is not loaded")
+            continue
        if router.reset:
            resets.append(router.reset)
        if router.startup:
--- a/start.py
+++ b/start.py
@@ -104,6 +104,7 @@ def gen_args(args_to_parse: list[str]|None = None):
    parser_start.add_argument('--startup-psw','-P', required=False, action="store_true", help='Insert password in the startup screen of firegex', default=False)
    parser_start.add_argument('--port', "-p", type=int, required=False, help='Port where open the web service of the firewall', default=4444)
    parser_start.add_argument('--logs', required=False, action="store_true", help='Show firegex logs', default=False)
+    parser_start.add_argument('--version', '-v', required=False, type=str , help='Version of the firegex image to use', default="latest")

    #Stop Command
    parser_stop = subcommands.add_parser('stop', help='Stop the firewall')
@@ -145,7 +146,7 @@ def write_compose(skip_password = True):
                    "firewall": {
                        "restart": "unless-stopped",
                        "container_name": "firegex",
-                        "build" if g.build else "image": "." if g.build else "ghcr.io/pwnzer0tt1/firegex",
+                        "build" if g.build else "image": "." if g.build else f"ghcr.io/pwnzer0tt1/firegex:{args.version}",
                        "network_mode": "host",
                        "environment": [
                            f"PORT={args.port}",
@@ -190,7 +191,7 @@ def write_compose(skip_password = True):
                    "firewall": {
                        "restart": "unless-stopped",
                        "container_name": "firegex",
-                        "build" if g.build else "image": "." if g.build else "ghcr.io/pwnzer0tt1/firegex",
+                        "build" if g.build else "image": "." if g.build else f"ghcr.io/pwnzer0tt1/firegex:{args.version}",
                        "ports": [
                            f"{args.port}:{args.port}"
                        ],