From 74f9066cdebfc8f2dd60985e7e0a3ac84a2f65f3 Mon Sep 17 00:00:00 2001 From: Ahurac Date: Thu, 14 Dec 2023 10:05:41 +0100 Subject: [PATCH] =?UTF-8?q?=C3=89bauche=20de=20scrpit=20Python=20pour=20co?= =?UTF-8?q?ntr=C3=B4ler=20nftables?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- bin/fiwi | 59 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 59 insertions(+) create mode 100755 bin/fiwi diff --git a/bin/fiwi b/bin/fiwi new file mode 100755 index 0000000..51cd178 --- /dev/null +++ b/bin/fiwi @@ -0,0 +1,59 @@ +#!/usr/bin/env python3 +from sys import argv +from sys import stderr +from sys import exit +from os import path +import nftables + +NFT = nftables.Nftables() +FILTER_TABLE = "inet filter" +try: + NAME = path.basename(argv.pop(0)) +except IndexError: + pass + +def error(message, exit_code): + print("%s: %s" % (NAME, message), file = stderr) + exit(exit_code) + +def alter_set(operation, protocol, port): + NFT.cmd("%s element %s allowed_%s { %s }" % (operation, FILTER_TABLE, protocol, port)) + +def public_allow(argv): + try: + protocol = argv.pop(0) + except IndexError: + error("no protocol supplied", 1) + + try: + port = argv.pop(0) + except IndexError: + error("no port supplied", 1) + + alter_set('add', protocol, port) + +def public_deny(argv): + try: + protocol = argv.pop(0) + except IndexError: + error("no protocol supplied", 1) + + try: + port = argv.pop(0) + except IndexError: + error("no port supplied", 1) + + alter_set('delete', protocol, port) + +if __name__ == '__main__': + try: + arg = argv.pop(0) + except IndexError: + error("No command supplied", 1) + + try: + command = globals()["public_%s" % (arg)] + except KeyError: + error('invalid command "%s"' % (arg), 2) + + command(argv)