diff --git a/index.js b/index.js index ea1e0fb..5ae17fd 100644 --- a/index.js +++ b/index.js @@ -20,7 +20,7 @@ function loadRules (err, filename) { }); } -// These are the +// These are the NFQUEUE result handler options. const NF_REJECT = 0; const NF_ACCEPT = 1; // Accept packet (but no longer seen / disowned by conntrack) const NF_REQUEUE = 4; // Requeue packet (Which we then use a mark to determine the action) @@ -166,19 +166,13 @@ function bindQueueHandlers () { }) } -nft.flush() - .then((resolved) => { - nft.inject('./base.rules').then((resolved) => { - setupInterfaces().then((resolved) => { - bindQueueHandlers(); - - }, (rejected) => { - console.log('Rejected setup interfaces'); - }) - }, (rejected) => { - console.log('rejected inject base rules') - }) - }, (rejected) => { - console.log('rejected flush'); - }) - \ No newline at end of file +nft.flush().then( + (resolved) => nft.inject('./base.rules'), + (reject) => console.log('failed to flush rules') +).then( + (resolved) => setupInterfaces(), + (reject) => console.log('failed to inject base rules ') +).then( + (resolved) => bindQueueHandlers(), + (reject) => console.log('Failed to setup interfaces') +); diff --git a/rules.json b/rules.json index 1d3f280..5646552 100644 --- a/rules.json +++ b/rules.json @@ -80,23 +80,47 @@ "global": { "enabled": true, "ports": { - "22": {}, - "80": {}, - "443": {}, - "993": {}, - "9092": {} + "22": { + "callback": null + }, + "80": { + "callback": null + }, + "443": { + "callback": null + }, + "993": { + "callback": null + }, + "9092": { + "callback": null + } } }, "trusted": { "enabled": true, "ports": { - "22": {}, - "80": {}, - "139": {}, - "445": {}, - "465": {}, - "1900": {}, - "9092": {} + "22": { + "callback": null + }, + "80": { + "callback": null + }, + "139": { + "callback": null + }, + "445": { + "callback": null + }, + "465": { + "callback": null + }, + "1900": { + "callback": null + }, + "9092": { + "callback": null + } } }, "untrusted": { @@ -108,20 +132,38 @@ "global": { "enabled": true, "ports": { - "53": {}, - "500": {}, - "1701": {}, - "4500": {} + "53": { + "callback": null + }, + "500": { + "callback": null + }, + "1701": { + "callback": null + }, + "4500": { + "callback": null + } } }, "trusted": { "enabled": true, "ports": { - "123": {}, - "137": {}, - "138": {}, - "1900": {}, - "5353": {} + "123": { + "callback": null + }, + "137": { + "callback": null + }, + "138": { + "callback": null + }, + "1900": { + "callback": null + }, + "5353": { + "callback": null + } } }, "untrusted": { diff --git a/src/nftables/rules.js b/src/nftables/rules.js index 2b43b7e..17acffe 100644 --- a/src/nftables/rules.js +++ b/src/nftables/rules.js @@ -14,7 +14,6 @@ function execute (exec, command) { }) } - function executeReturnHandle (exec, command) { return new Promise((resolve, reject) => { exec('nft --echo --handle ' + command, (error, stdout, stderr) => {