kopia lustrzana https://github.com/alexisart/fedi-meta
Commands
rodzic
cb9b768d0f
commit
c436b18f48
|
@ -240,7 +240,7 @@ I intentionally set everything in this repo as Public Domain (or [CC0 1.0 Univer
|
|||
* Abandon Session After SSL Negotiation
|
||||
* [Fault Injection][fault-filter]
|
||||
|
||||
[github-repo]: https://github.com/alexisart/block-meta-from-fedi
|
||||
[github-repo]: https://github.com/lexi-the-cute/block-meta-from-fedi
|
||||
[codeberg-repo]: https://codeberg.org/alexis/block-meta-from-fedi
|
||||
[cambridge-analytica]: https://www.reuters.com/legal/facebook-parent-meta-pay-725-mln-settle-lawsuit-relating-cambridge-analytica-2022-12-23/
|
||||
[rohingya-genocide]: https://www.amnesty.org/en/latest/news/2022/09/myanmar-facebooks-systems-promoted-violence-against-rohingya-meta-owes-reparations-new-report/
|
||||
|
|
|
@ -1,34 +1,50 @@
|
|||
# sudo iptables -A INPUT -s 116.10.0.0/16 -j DROP
|
||||
# https://book.huihoo.com/iptables-tutorial/c3742.htm
|
||||
# Tables: raw, mangle, nat, filter
|
||||
# Chains: PREROUTING, INPUT, OUTPUT, POSTROUTING, FORWARD
|
||||
|
||||
from typing import Generator
|
||||
|
||||
import argparse
|
||||
|
||||
# Determine How To Handle Traffic
|
||||
def generate_iptable_rules(addresses: list[dict], args: argparse.Namespace) -> Generator[str, dict, None]:
|
||||
return filter_traffic(addresses=addresses, args=args)
|
||||
|
||||
# For Redirecting Traffic
|
||||
def redirect_traffic(addresses: list[dict], args: argparse.Namespace) -> Generator[str, dict, None]:
|
||||
# sudo iptables -t nat -A PREROUTING -s 10.1.1.7 -j DNAT --to-destination 127.0.0.1:8080
|
||||
|
||||
# Commands
|
||||
sudo: str = "sudo"
|
||||
iptables: str = "iptables"
|
||||
ip6tables: str = "ip6tables"
|
||||
sudo: str = args.sudo_path
|
||||
iptables: str = args.iptables_path
|
||||
ip6tables: str = args.ip6tables_path
|
||||
|
||||
# For Filtering Traffic
|
||||
def filter_traffic(addresses: list[dict], args: argparse.Namespace) -> Generator[str, dict, None]:
|
||||
# Commands
|
||||
sudo: str = args.sudo_path
|
||||
iptables: str = args.iptables_path
|
||||
ip6tables: str = args.ip6tables_path
|
||||
|
||||
# Variables
|
||||
chain_name: str = "PROTECT_FEDI"
|
||||
policy: str = args.policy # REJECT tells the server you're dropping them, DROP is more evil in that you drop the connection silently
|
||||
|
||||
# IP Tables Setup
|
||||
create_chain: str = f"{sudo} {iptables} -N {chain_name}"
|
||||
delete_chain: str = f"{sudo} {iptables} -X {chain_name}"
|
||||
empty_chain: str = f"{sudo} {iptables} -F {chain_name}"
|
||||
add_chain_to_incoming_packets: str = f"{sudo} {iptables} -I INPUT 1 -j {chain_name}"
|
||||
create_chain: str = f"{sudo} {iptables} -t filter -N {chain_name}"
|
||||
delete_chain: str = f"{sudo} {iptables} -t filter -X {chain_name}"
|
||||
empty_chain: str = f"{sudo} {iptables} -t filter -F {chain_name}"
|
||||
add_chain_to_incoming_packets: str = f"{sudo} {iptables} -t filter -I INPUT 1 -j {chain_name}"
|
||||
|
||||
# IPV6 Tables Setup
|
||||
create_chain_v6: str = f"{sudo} {ip6tables} -N {chain_name}"
|
||||
delete_chain_v6: str = f"{sudo} {ip6tables} -X {chain_name}"
|
||||
empty_chain_v6: str = f"{sudo} {ip6tables} -F {chain_name}"
|
||||
add_chain_to_incoming_packets_v6: str = f"{sudo} {ip6tables} -I INPUT 1 -j {chain_name}"
|
||||
create_chain_v6: str = f"{sudo} {ip6tables} -t filter -N {chain_name}"
|
||||
delete_chain_v6: str = f"{sudo} {ip6tables} -t filter -X {chain_name}"
|
||||
empty_chain_v6: str = f"{sudo} {ip6tables} -t filter -F {chain_name}"
|
||||
add_chain_to_incoming_packets_v6: str = f"{sudo} {ip6tables} -t filter -I INPUT 1 -j {chain_name}"
|
||||
|
||||
# Route Strings
|
||||
handle_route: str = "{sudo} {iptables} -A {chain_name} -s {address} -j {policy}"
|
||||
handle_route_v6: str = "{sudo} {ip6tables} -A {chain_name} -s {address} -j {policy}"
|
||||
handle_route: str = "{sudo} {iptables} -t filter -A {chain_name} -s {address} -j {policy}"
|
||||
handle_route_v6: str = "{sudo} {ip6tables} -t filter -A {chain_name} -s {address} -j {policy}"
|
||||
|
||||
# Setup Stage
|
||||
yield create_chain
|
||||
|
|
23
main.py
23
main.py
|
@ -18,7 +18,28 @@ if __name__ == "__main__":
|
|||
nargs="?",
|
||||
type=str,
|
||||
choices=("DROP", "REJECT", "ACCEPT"),
|
||||
help="IP tables policy for handling incoming packets (default: %(default)s)")
|
||||
help="iptables policy for handling incoming packets (default: %(default)s)")
|
||||
|
||||
argParser.add_argument("--iptables-path",
|
||||
default="iptables",
|
||||
const="iptables",
|
||||
nargs="?",
|
||||
type=str,
|
||||
help="iptables path (default: %(default)s)")
|
||||
|
||||
argParser.add_argument("--ip6tables-path",
|
||||
default="ip6tables",
|
||||
const="ip6tables",
|
||||
nargs="?",
|
||||
type=str,
|
||||
help="ip6tables path (default: %(default)s)")
|
||||
|
||||
argParser.add_argument("--sudo-path",
|
||||
default="sudo",
|
||||
const="sudo",
|
||||
nargs="?",
|
||||
type=str,
|
||||
help="sudo path (default: %(default)s)")
|
||||
|
||||
args = argParser.parse_args()
|
||||
|
||||
|
|
Ładowanie…
Reference in New Issue