Commands

2023-07-19 00:24:51 -04:00 · 2023-07-19 00:24:51 -04:00 · c436b18f48
commit c436b18f48
--- a/ReadMe.md
+++ b/ReadMe.md
@ -240,7 +240,7 @@ I intentionally set everything in this repo as Public Domain (or [CC0 1.0 Univer
 * Abandon Session After SSL Negotiation
 * [Fault Injection][fault-filter]

-[github-repo]: https://github.com/alexisart/block-meta-from-fedi
+[github-repo]: https://github.com/lexi-the-cute/block-meta-from-fedi
 [codeberg-repo]: https://codeberg.org/alexis/block-meta-from-fedi
 [cambridge-analytica]: https://www.reuters.com/legal/facebook-parent-meta-pay-725-mln-settle-lawsuit-relating-cambridge-analytica-2022-12-23/
 [rohingya-genocide]: https://www.amnesty.org/en/latest/news/2022/09/myanmar-facebooks-systems-promoted-violence-against-rohingya-meta-owes-reparations-new-report/
--- a/functions/iptables_generator.py
+++ b/functions/iptables_generator.py
@ -1,34 +1,50 @@
-# sudo iptables -A INPUT -s 116.10.0.0/16 -j DROP
+# https://book.huihoo.com/iptables-tutorial/c3742.htm
+# Tables: raw, mangle, nat, filter
+# Chains: PREROUTING, INPUT, OUTPUT, POSTROUTING, FORWARD

 from typing import Generator

 import argparse

+# Determine How To Handle Traffic
 def generate_iptable_rules(addresses: list[dict], args: argparse.Namespace) -> Generator[str, dict, None]:
+    return filter_traffic(addresses=addresses, args=args)
+
+# For Redirecting Traffic
+def redirect_traffic(addresses: list[dict], args: argparse.Namespace) -> Generator[str, dict, None]:
+    # sudo iptables -t nat -A PREROUTING -s 10.1.1.7 -j DNAT --to-destination 127.0.0.1:8080
+
    # Commands
-    sudo: str = "sudo"
-    iptables: str = "iptables"
-    ip6tables: str = "ip6tables"
+    sudo: str = args.sudo_path
+    iptables: str = args.iptables_path
+    ip6tables: str = args.ip6tables_path
+
+# For Filtering Traffic
+def filter_traffic(addresses: list[dict], args: argparse.Namespace) -> Generator[str, dict, None]:
+    # Commands
+    sudo: str = args.sudo_path
+    iptables: str = args.iptables_path
+    ip6tables: str = args.ip6tables_path

    # Variables
    chain_name: str = "PROTECT_FEDI"
    policy: str = args.policy  # REJECT tells the server you're dropping them, DROP is more evil in that you drop the connection silently

    # IP Tables Setup
-    create_chain: str = f"{sudo} {iptables} -N {chain_name}"
-    delete_chain: str = f"{sudo} {iptables} -X {chain_name}"
-    empty_chain: str = f"{sudo} {iptables} -F {chain_name}"
-    add_chain_to_incoming_packets: str = f"{sudo} {iptables} -I INPUT 1 -j {chain_name}"
+    create_chain: str = f"{sudo} {iptables} -t filter -N {chain_name}"
+    delete_chain: str = f"{sudo} {iptables} -t filter -X {chain_name}"
+    empty_chain: str = f"{sudo} {iptables} -t filter -F {chain_name}"
+    add_chain_to_incoming_packets: str = f"{sudo} {iptables} -t filter -I INPUT 1 -j {chain_name}"

    # IPV6 Tables Setup
-    create_chain_v6: str = f"{sudo} {ip6tables} -N {chain_name}"
-    delete_chain_v6: str = f"{sudo} {ip6tables} -X {chain_name}"
-    empty_chain_v6: str = f"{sudo} {ip6tables} -F {chain_name}"
-    add_chain_to_incoming_packets_v6: str = f"{sudo} {ip6tables} -I INPUT 1 -j {chain_name}"
+    create_chain_v6: str = f"{sudo} {ip6tables} -t filter -N {chain_name}"
+    delete_chain_v6: str = f"{sudo} {ip6tables} -t filter -X {chain_name}"
+    empty_chain_v6: str = f"{sudo} {ip6tables} -t filter -F {chain_name}"
+    add_chain_to_incoming_packets_v6: str = f"{sudo} {ip6tables} -t filter -I INPUT 1 -j {chain_name}"

    # Route Strings
-    handle_route: str = "{sudo} {iptables} -A {chain_name} -s {address} -j {policy}"
-    handle_route_v6: str = "{sudo} {ip6tables} -A {chain_name} -s {address} -j {policy}"
+    handle_route: str = "{sudo} {iptables} -t filter -A {chain_name} -s {address} -j {policy}"
+    handle_route_v6: str = "{sudo} {ip6tables} -t filter -A {chain_name} -s {address} -j {policy}"

    # Setup Stage
    yield create_chain
--- a/main.py
+++ b/main.py
@ -18,7 +18,28 @@ if __name__ == "__main__":
                           nargs="?",
                           type=str,
                           choices=("DROP", "REJECT", "ACCEPT"),
-                           help="IP tables policy for handling incoming packets (default: %(default)s)")
+                           help="iptables policy for handling incoming packets (default: %(default)s)")
+
+    argParser.add_argument("--iptables-path",
+                           default="iptables",
+                           const="iptables",
+                           nargs="?",
+                           type=str,
+                           help="iptables path (default: %(default)s)")
+    
+    argParser.add_argument("--ip6tables-path",
+                           default="ip6tables",
+                           const="ip6tables",
+                           nargs="?",
+                           type=str,
+                           help="ip6tables path (default: %(default)s)")
+    
+    argParser.add_argument("--sudo-path",
+                           default="sudo",
+                           const="sudo",
+                           nargs="?",
+                           type=str,
+                           help="sudo path (default: %(default)s)")

    args = argParser.parse_args()