go
/
dentata
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
A replacement for fail2ban that doesn't fuck around.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
5 Commits
1 Branch
0 Tags
208 KiB
 
 
Tag: Branch: Tree: 9181ce19c9
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '9181ce19c9'
${ noResults }
dentata/cmd/dblocker/main.go

77 lines
1.1 KiB
Raw Blame History

package main
import (
"fmt"
"net"
"log"
"bufio"
"flag"
"os/exec"
)
type Options struct {
Addr string
}
func ParseOptions() Options {
var opts Options
flag.StringVar(&opts.Addr, "addr", "127.0.0.1:9001", "address to bind to recv blocks")
flag.Parse()
return opts
}
func handleConnection(conn net.Conn) {
defer conn.Close()
scan := bufio.NewScanner(conn)
for scan.Scan() {
addr, _, err := net.SplitHostPort(scan.Text())
if err != nil {
fmt.Println("Invalid host:port")
continue
}
if addr == "127.0.0.1" {
fmt.Println("IGNORE", addr)
continue
}
fmt.Println("BLOCK: ", addr)
cmd := exec.Command("nft",
"add", "rule", "inet",
"dentata", "input",
"ip", "saddr",
addr, "drop")
err = cmd.Run()
if err != nil {
panic(err)
}
}
}
func listener(addr string) {
server, err := net.Listen("tcp", addr)
if err != nil { panic(err) }
for {
conn, err := server.Accept()
if err != nil {
log.Println("ACCEPT ERROR", err)
} else {
go handleConnection(conn)
}
}
}
func main() {
opts := ParseOptions()
listener(opts.Addr)
}