kopia lustrzana https://github.com/alexisart/fedi-meta
Commands
rodzic
cb9b768d0f
commit
c436b18f48
|
@ -240,7 +240,7 @@ I intentionally set everything in this repo as Public Domain (or [CC0 1.0 Univer
|
||||||
* Abandon Session After SSL Negotiation
|
* Abandon Session After SSL Negotiation
|
||||||
* [Fault Injection][fault-filter]
|
* [Fault Injection][fault-filter]
|
||||||
|
|
||||||
[github-repo]: https://github.com/alexisart/block-meta-from-fedi
|
[github-repo]: https://github.com/lexi-the-cute/block-meta-from-fedi
|
||||||
[codeberg-repo]: https://codeberg.org/alexis/block-meta-from-fedi
|
[codeberg-repo]: https://codeberg.org/alexis/block-meta-from-fedi
|
||||||
[cambridge-analytica]: https://www.reuters.com/legal/facebook-parent-meta-pay-725-mln-settle-lawsuit-relating-cambridge-analytica-2022-12-23/
|
[cambridge-analytica]: https://www.reuters.com/legal/facebook-parent-meta-pay-725-mln-settle-lawsuit-relating-cambridge-analytica-2022-12-23/
|
||||||
[rohingya-genocide]: https://www.amnesty.org/en/latest/news/2022/09/myanmar-facebooks-systems-promoted-violence-against-rohingya-meta-owes-reparations-new-report/
|
[rohingya-genocide]: https://www.amnesty.org/en/latest/news/2022/09/myanmar-facebooks-systems-promoted-violence-against-rohingya-meta-owes-reparations-new-report/
|
||||||
|
|
|
@ -1,34 +1,50 @@
|
||||||
# sudo iptables -A INPUT -s 116.10.0.0/16 -j DROP
|
# https://book.huihoo.com/iptables-tutorial/c3742.htm
|
||||||
|
# Tables: raw, mangle, nat, filter
|
||||||
|
# Chains: PREROUTING, INPUT, OUTPUT, POSTROUTING, FORWARD
|
||||||
|
|
||||||
from typing import Generator
|
from typing import Generator
|
||||||
|
|
||||||
import argparse
|
import argparse
|
||||||
|
|
||||||
|
# Determine How To Handle Traffic
|
||||||
def generate_iptable_rules(addresses: list[dict], args: argparse.Namespace) -> Generator[str, dict, None]:
|
def generate_iptable_rules(addresses: list[dict], args: argparse.Namespace) -> Generator[str, dict, None]:
|
||||||
|
return filter_traffic(addresses=addresses, args=args)
|
||||||
|
|
||||||
|
# For Redirecting Traffic
|
||||||
|
def redirect_traffic(addresses: list[dict], args: argparse.Namespace) -> Generator[str, dict, None]:
|
||||||
|
# sudo iptables -t nat -A PREROUTING -s 10.1.1.7 -j DNAT --to-destination 127.0.0.1:8080
|
||||||
|
|
||||||
# Commands
|
# Commands
|
||||||
sudo: str = "sudo"
|
sudo: str = args.sudo_path
|
||||||
iptables: str = "iptables"
|
iptables: str = args.iptables_path
|
||||||
ip6tables: str = "ip6tables"
|
ip6tables: str = args.ip6tables_path
|
||||||
|
|
||||||
|
# For Filtering Traffic
|
||||||
|
def filter_traffic(addresses: list[dict], args: argparse.Namespace) -> Generator[str, dict, None]:
|
||||||
|
# Commands
|
||||||
|
sudo: str = args.sudo_path
|
||||||
|
iptables: str = args.iptables_path
|
||||||
|
ip6tables: str = args.ip6tables_path
|
||||||
|
|
||||||
# Variables
|
# Variables
|
||||||
chain_name: str = "PROTECT_FEDI"
|
chain_name: str = "PROTECT_FEDI"
|
||||||
policy: str = args.policy # REJECT tells the server you're dropping them, DROP is more evil in that you drop the connection silently
|
policy: str = args.policy # REJECT tells the server you're dropping them, DROP is more evil in that you drop the connection silently
|
||||||
|
|
||||||
# IP Tables Setup
|
# IP Tables Setup
|
||||||
create_chain: str = f"{sudo} {iptables} -N {chain_name}"
|
create_chain: str = f"{sudo} {iptables} -t filter -N {chain_name}"
|
||||||
delete_chain: str = f"{sudo} {iptables} -X {chain_name}"
|
delete_chain: str = f"{sudo} {iptables} -t filter -X {chain_name}"
|
||||||
empty_chain: str = f"{sudo} {iptables} -F {chain_name}"
|
empty_chain: str = f"{sudo} {iptables} -t filter -F {chain_name}"
|
||||||
add_chain_to_incoming_packets: str = f"{sudo} {iptables} -I INPUT 1 -j {chain_name}"
|
add_chain_to_incoming_packets: str = f"{sudo} {iptables} -t filter -I INPUT 1 -j {chain_name}"
|
||||||
|
|
||||||
# IPV6 Tables Setup
|
# IPV6 Tables Setup
|
||||||
create_chain_v6: str = f"{sudo} {ip6tables} -N {chain_name}"
|
create_chain_v6: str = f"{sudo} {ip6tables} -t filter -N {chain_name}"
|
||||||
delete_chain_v6: str = f"{sudo} {ip6tables} -X {chain_name}"
|
delete_chain_v6: str = f"{sudo} {ip6tables} -t filter -X {chain_name}"
|
||||||
empty_chain_v6: str = f"{sudo} {ip6tables} -F {chain_name}"
|
empty_chain_v6: str = f"{sudo} {ip6tables} -t filter -F {chain_name}"
|
||||||
add_chain_to_incoming_packets_v6: str = f"{sudo} {ip6tables} -I INPUT 1 -j {chain_name}"
|
add_chain_to_incoming_packets_v6: str = f"{sudo} {ip6tables} -t filter -I INPUT 1 -j {chain_name}"
|
||||||
|
|
||||||
# Route Strings
|
# Route Strings
|
||||||
handle_route: str = "{sudo} {iptables} -A {chain_name} -s {address} -j {policy}"
|
handle_route: str = "{sudo} {iptables} -t filter -A {chain_name} -s {address} -j {policy}"
|
||||||
handle_route_v6: str = "{sudo} {ip6tables} -A {chain_name} -s {address} -j {policy}"
|
handle_route_v6: str = "{sudo} {ip6tables} -t filter -A {chain_name} -s {address} -j {policy}"
|
||||||
|
|
||||||
# Setup Stage
|
# Setup Stage
|
||||||
yield create_chain
|
yield create_chain
|
||||||
|
|
23
main.py
23
main.py
|
@ -18,7 +18,28 @@ if __name__ == "__main__":
|
||||||
nargs="?",
|
nargs="?",
|
||||||
type=str,
|
type=str,
|
||||||
choices=("DROP", "REJECT", "ACCEPT"),
|
choices=("DROP", "REJECT", "ACCEPT"),
|
||||||
help="IP tables policy for handling incoming packets (default: %(default)s)")
|
help="iptables policy for handling incoming packets (default: %(default)s)")
|
||||||
|
|
||||||
|
argParser.add_argument("--iptables-path",
|
||||||
|
default="iptables",
|
||||||
|
const="iptables",
|
||||||
|
nargs="?",
|
||||||
|
type=str,
|
||||||
|
help="iptables path (default: %(default)s)")
|
||||||
|
|
||||||
|
argParser.add_argument("--ip6tables-path",
|
||||||
|
default="ip6tables",
|
||||||
|
const="ip6tables",
|
||||||
|
nargs="?",
|
||||||
|
type=str,
|
||||||
|
help="ip6tables path (default: %(default)s)")
|
||||||
|
|
||||||
|
argParser.add_argument("--sudo-path",
|
||||||
|
default="sudo",
|
||||||
|
const="sudo",
|
||||||
|
nargs="?",
|
||||||
|
type=str,
|
||||||
|
help="sudo path (default: %(default)s)")
|
||||||
|
|
||||||
args = argParser.parse_args()
|
args = argParser.parse_args()
|
||||||
|
|
||||||
|
|
Ładowanie…
Reference in New Issue