Skip to content

Commit

Permalink
Further work on project.
Browse files Browse the repository at this point in the history 
Separated rule isolation with main callback.
  • Loading branch information
@dmblack
dmblack committed Oct 24, 2018
1 parent 45a54a7 commit 02bac38
Show file tree
Hide file tree
Showing 8 changed files with 816 additions and 414 deletions.
598 changes: 313 additions & 285 deletions package-lock.json
View file

Large diffs are not rendered by default.

6 changes: 3 additions & 3 deletions src/config/interfaces.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,13 +4,13 @@
"lo": {
"zone": "trusted"
},
"enp2s0f0": {
"enp0s25": {
"zone": "untrusted"
},
"ppp0": {
"tun0": {
"zone": "trusted"
},
"wlp3s0b1": {
"wlo1": {
"zone": "untrusted"
}
}
Expand Down
3 changes: 2 additions & 1 deletion src/config/rules-base.nft
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,13 +4,14 @@ table ip filter {
chain input {
type filter hook input priority 0; policy drop;
counter;
ct state { established, related } counter accept;
meta mark 666 counter drop comment "NodeJS Rejected";
meta mark 9999 counter comment "NodeJS Accepted - LOGGING";
meta mark 999 counter accept comment "NodeJS Accepted";
ct state { invalid, untracked } counter drop;
counter;
}

chain output {
type filter hook output priority 0; policy drop;
counter;
Expand Down
192 changes: 72 additions & 120 deletions src/config/rules.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,247 +5,199 @@
"_1": "ICMP",
"1": {
"global": {
"allowed": false,
"acceptAction": null,
"rejectAction": null
"policy": "reject"
},
"trusted": {
"allowed": true,
"acceptAction": null,
"rejectAction": null
"policy": "accept"
},
"untrusted": {
"allowed": false,
"acceptAction": null,
"rejectAction": null
"policy": "reject"
}
},
"_2": "IGMP",
"2": {
"global": {
"allowed": false,
"acceptAction": null,
"rejectAction": null
"policy": "reject"
},
"trusted": {
"allowed": true,
"acceptAction": null,
"rejectAction": null
"policy": "accept"
},
"untrusted": {
"allowed": false,
"acceptAction": null,
"rejectAction": null
"policy": "reject"
}
},
"_6": "TCP",
"6": {
"global": {
"allowed": false,
"acceptAction": null,
"rejectAction": null
"policy": "reject"
},
"trusted": {
"allowed": false,
"acceptAction": null,
"rejectAction": null
"policy": "accept",
"ports": {
"8953": {
"policy": "accept"
},
"8955": {
"policy": "accept"
}
}
},
"untrusted": {
"allowed": false,
"acceptAction": null,
"rejectAction": null
"policy": "reject"
}
},
"_17": "UDP",
"17": {
"global": {
"allowed": false,
"acceptAction": null,
"rejectAction": null
"policy": "reject"
},
"trusted": {
"allowed": false,
"acceptAction": null,
"rejectAction": null
"policy": "accept",
"ports": {
"53": {
"policy": "accept"
},
"8953": {
"policy": "accept"
}
}
},
"untrusted": {
"allowed": false,
"acceptAction": null,
"rejectAction": null
"policy": "reject"
}
}
},
"outgoing": {
"_1": "ICMP",
"1": {
"global": {
"allowed": false,
"acceptAction": null,
"rejectAction": null
"policy": "reject"
},
"trusted": {
"allowed": true,
"acceptAction": null,
"rejectAction": null
"policy": "accept"
},
"untrusted": {
"allowed": false,
"acceptAction": null,
"rejectAction": null
"policy": "reject"
}
},
"_2": "IGMP",
"2": {
"global": {
"allowed": false,
"acceptAction": null,
"rejectAction": null
"policy": "reject"
},
"trusted": {
"allowed": true,
"acceptAction": null,
"rejectAction": null
"policy": "accept"
},
"untrusted": {
"allowed": false,
"acceptAction": null,
"rejectAction": null
"policy": "reject"
}
},
"_6": "TCP",
"6": {
"global": {
"allowed": true,
"acceptAction": null,
"rejectAction": null,
"policy": "accept",
"ports": {
"443": {
"acceptAction": null,
"rejectAction": null
"policy": "accept"
},
"993": {
"acceptAction": null,
"rejectAction": null
"policy": "accept"
}
}
},
"trusted": {
"allowed": true,
"acceptAction": null,
"rejectAction": null,
"policy": "accept",
"ports": {
"22": {
"acceptAction": null,
"rejectAction": null
"policy": "accept"
},
"80": {
"acceptAction": null,
"rejectAction": null
"policy": "accept"
},
"139": {
"acceptAction": null,
"rejectAction": null
"policy": "accept"
},
"445": {
"acceptAction": null,
"rejectAction": null
"policy": "accept"
},
"465": {
"acceptAction": null,
"rejectAction": null
"policy": "accept"
},
"1880": {
"acceptAction": null,
"rejectAction": null
"policy": "accept"
},
"1900": {
"acceptAction": null,
"rejectAction": null
"policy": "accept"
},
"2083": {
"acceptAction": null,
"rejectAction": null
"policy": "accept"
},
"2087": {
"acceptAction": null,
"rejectAction": null
"policy": "accept"
},
"2096": {
"acceptAction": null,
"rejectAction": null
"policy": "accept"
},
"3142": {
"acceptAction": null,
"rejectAction": null
"policy": "accept"
},
"9092": {
"acceptAction": null,
"rejectAction": null
"policy": "accept"
}
}
},
"untrusted": {
"allowed": false,
"acceptAction": null,
"rejectAction": null
"policy": "reject"
}
},
"_17": "UDP",
"17": {
"global": {
"allowed": true,
"acceptAction": null,
"rejectAction": null,
"policy": "reject",
"ports": {
"53": {
"acceptAction": null,
"rejectAction": null
},
"500": {
"acceptAction": null,
"rejectAction": null
"policy": "accept"
},
"1194": {
"policy": "accept"
},
"1701": {
"acceptAction": null,
"rejectAction": null
"policy": "accept"
},
"4500": {
"acceptAction": null,
"rejectAction": null
"policy": "accept"
}
}
},
"trusted": {
"allowed": true,
"acceptAction": null,
"rejectAction": null,
"policy": "accept",
"ports": {
"53": {
"policy": "accept"
},
"123": {
"acceptAction": null,
"rejectAction": null
"policy": "accept"
},
"137": {
"acceptAction": null,
"rejectAction": null
"policy": "accept"
},
"138": {
"acceptAction": null,
"rejectAction": null
"policy": "accept"
},
"1900": {
"acceptAction": null,
"rejectAction": null
"policy": "accept"
},
"5353": {
"acceptAction": null,
"rejectAction": null
"policy": "accept"
},
"9981": {
"policy": "accept",
"action": "log"
}
}
},
"untrusted": {
"allowed": false,
"acceptAction": null,
"rejectAction": null
"policy": "reject"
}
}
}
Expand Down
Loading

0 comments on commit 02bac38

Please sign in to comment.