Compare commits
4 Commits
0b4030905b
...
2c03ac4cf5
Author | SHA1 | Date | |
---|---|---|---|
2c03ac4cf5 | |||
|
8e1c67cead | ||
|
3ee48fa08e | ||
|
86bd75b926 |
7
Makefile
7
Makefile
@ -3,10 +3,10 @@ PREFIX ?= /usr/local
|
|||||||
BINDIR = $(PREFIX)/bin
|
BINDIR = $(PREFIX)/bin
|
||||||
SYSTEMDDIR ?= /etc/systemd
|
SYSTEMDDIR ?= /etc/systemd
|
||||||
|
|
||||||
all: reaction ip46tables nft46
|
all: reaction reaction.freebsd ip46tables nft46
|
||||||
|
|
||||||
clean:
|
clean:
|
||||||
rm -f reaction ip46tables nft46 reaction.deb deb reaction.minisig ip46tables.minisig reaction.deb.minisig nft46.minisig
|
rm -f reaction reaction.freebsd ip46tables nft46 reaction.deb deb reaction.minisig ip46tables.minisig reaction.deb.minisig nft46.minisig
|
||||||
|
|
||||||
ip46tables: helpers_c/ip46tables.c
|
ip46tables: helpers_c/ip46tables.c
|
||||||
$(CC) -s -static helpers_c/ip46tables.c -o ip46tables
|
$(CC) -s -static helpers_c/ip46tables.c -o ip46tables
|
||||||
@ -17,6 +17,9 @@ nft46: helpers_c/nft46.c
|
|||||||
reaction: app/* reaction.go go.mod go.sum
|
reaction: app/* reaction.go go.mod go.sum
|
||||||
CGO_ENABLED=0 go build -buildvcs=false -ldflags "-s -X main.version=`git tag --sort=v:refname | tail -n1` -X main.commit=`git rev-parse --short HEAD`"
|
CGO_ENABLED=0 go build -buildvcs=false -ldflags "-s -X main.version=`git tag --sort=v:refname | tail -n1` -X main.commit=`git rev-parse --short HEAD`"
|
||||||
|
|
||||||
|
reaction.freebsd: app/* reaction.go go.mod go.sum
|
||||||
|
GOOS=freebsd CGO_ENABLED=0 go build -buildvcs=false -ldflags "-s -X main.version=`git tag --sort=v:refname | tail -n1` -X main.commit=`git rev-parse --short HEAD`" -o reaction.freebsd
|
||||||
|
|
||||||
reaction.deb: reaction ip46tables nft46
|
reaction.deb: reaction ip46tables nft46
|
||||||
chmod +x reaction ip46tables nft46
|
chmod +x reaction ip46tables nft46
|
||||||
mkdir -p deb/reaction/usr/bin/ deb/reaction/usr/sbin/ deb/reaction/lib/systemd/system/
|
mkdir -p deb/reaction/usr/bin/ deb/reaction/usr/sbin/ deb/reaction/lib/systemd/system/
|
||||||
|
@ -208,3 +208,10 @@ To install the systemd file as well
|
|||||||
```shell
|
```shell
|
||||||
make install_systemd
|
make install_systemd
|
||||||
```
|
```
|
||||||
|
|
||||||
|
## Development
|
||||||
|
|
||||||
|
Contributions are welcome. For any substantial feature, please file an issue first, to be assured that we agree on the feature, and to avoid unnecessary work.
|
||||||
|
|
||||||
|
This is a free time project, so I'm not working on schedule.
|
||||||
|
However, if you're willing to fund the project, I can priorise and plan paid work. This includes features, documentation and specific JSONnet configurations.
|
||||||
|
@ -1,4 +1,11 @@
|
|||||||
---
|
---
|
||||||
|
# This example configuration file is a good starting point, but you're
|
||||||
|
# strongly encouraged to take a look at the full documentation: https://reaction.ppom.me
|
||||||
|
#
|
||||||
|
# This file is using the well-established YAML configuration language.
|
||||||
|
# Note that the more powerful JSONnet configuration language is also supported
|
||||||
|
# and that the documentation uses JSONnet
|
||||||
|
|
||||||
# definitions are just a place to put chunks of conf you want to reuse in another place
|
# definitions are just a place to put chunks of conf you want to reuse in another place
|
||||||
# using YAML anchors `&name` and pointers `*name`
|
# using YAML anchors `&name` and pointers `*name`
|
||||||
# definitions are not readed by reaction
|
# definitions are not readed by reaction
|
||||||
@ -31,10 +38,12 @@ patterns:
|
|||||||
start:
|
start:
|
||||||
- [ 'ip46tables', '-w', '-N', 'reaction' ]
|
- [ 'ip46tables', '-w', '-N', 'reaction' ]
|
||||||
- [ 'ip46tables', '-w', '-I', 'INPUT', '-p', 'all', '-j', 'reaction' ]
|
- [ 'ip46tables', '-w', '-I', 'INPUT', '-p', 'all', '-j', 'reaction' ]
|
||||||
|
- [ 'ip46tables', '-w', '-I', 'FORWARD', '-p', 'all', '-j', 'reaction' ]
|
||||||
|
|
||||||
# Those commands will be executed in order at stop, after everything else
|
# Those commands will be executed in order at stop, after everything else
|
||||||
stop:
|
stop:
|
||||||
- [ 'ip46tables', '-w,', '-D', 'INPUT', '-p', 'all', '-j', 'reaction' ]
|
- [ 'ip46tables', '-w,', '-D', 'INPUT', '-p', 'all', '-j', 'reaction' ]
|
||||||
|
- [ 'ip46tables', '-w,', '-D', 'FORWARD', '-p', 'all', '-j', 'reaction' ]
|
||||||
- [ 'ip46tables', '-w', '-F', 'reaction' ]
|
- [ 'ip46tables', '-w', '-F', 'reaction' ]
|
||||||
- [ 'ip46tables', '-w', '-X', 'reaction' ]
|
- [ 'ip46tables', '-w', '-X', 'reaction' ]
|
||||||
|
|
||||||
|
@ -1,11 +1,15 @@
|
|||||||
// This file is using JSONNET, a complete configuration language based on JSON
|
// This file is using JSONnet, a complete configuration language based on JSON
|
||||||
// See https://jsonnet.org
|
// See https://jsonnet.org
|
||||||
// JSONNET is a superset of JSON, so one can write plain JSON files if wanted.
|
// JSONnet is a superset of JSON, so one can write plain JSON files if wanted.
|
||||||
// Note that YAML is also supported, see ./example.yml
|
// Note that YAML is also supported, see ./example.yml
|
||||||
|
|
||||||
// JSONNET functions
|
// This example configuration file is a good starting point, but you're
|
||||||
|
// strongly encouraged to take a look at the full documentation: https://reaction.ppom.me
|
||||||
|
|
||||||
|
// JSONnet functions
|
||||||
local iptables(args) = ['ip46tables', '-w'] + args;
|
local iptables(args) = ['ip46tables', '-w'] + args;
|
||||||
// ip46tables is a minimal C program (only POSIX dependencies) present in a subdirectory of this repo.
|
// ip46tables is a minimal C program (only POSIX dependencies) present in a
|
||||||
|
// subdirectory of this repo.
|
||||||
// it permits to handle both ipv4/iptables and ipv6/ip6tables commands
|
// it permits to handle both ipv4/iptables and ipv6/ip6tables commands
|
||||||
|
|
||||||
// See meaning and usage of this function around L106
|
// See meaning and usage of this function around L106
|
||||||
@ -43,14 +47,16 @@ local banFor(time) = {
|
|||||||
start: [
|
start: [
|
||||||
// Create an iptables chain for reaction
|
// Create an iptables chain for reaction
|
||||||
iptables(['-N', 'reaction']),
|
iptables(['-N', 'reaction']),
|
||||||
// Insert this chain as the first item of the INPUT chain (for incoming connections)
|
// Insert this chain as the first item of the INPUT & FORWARD chains (for incoming connections)
|
||||||
iptables(['-I', 'INPUT', '-p', 'all', '-j', 'reaction']),
|
iptables(['-I', 'INPUT', '-p', 'all', '-j', 'reaction']),
|
||||||
|
iptables(['-I', 'FORWARD', '-p', 'all', '-j', 'reaction']),
|
||||||
],
|
],
|
||||||
|
|
||||||
// Those commands will be executed in order at stop, after everything else
|
// Those commands will be executed in order at stop, after everything else
|
||||||
stop: [
|
stop: [
|
||||||
// Remove the chain from the INPUT chain
|
// Remove the chain from the INPUT & FORWARD chains
|
||||||
iptables(['-D', 'INPUT', '-p', 'all', '-j', 'reaction']),
|
iptables(['-D', 'INPUT', '-p', 'all', '-j', 'reaction']),
|
||||||
|
iptables(['-D', 'FORWARD', '-p', 'all', '-j', 'reaction']),
|
||||||
// Empty the chain
|
// Empty the chain
|
||||||
iptables(['-F', 'reaction']),
|
iptables(['-F', 'reaction']),
|
||||||
// Delete the chain
|
// Delete the chain
|
||||||
|
@ -1,6 +1,8 @@
|
|||||||
[Unit]
|
[Unit]
|
||||||
Description=A daemon that scans program outputs for repeated patterns, and takes action.
|
Description=A daemon that scans program outputs for repeated patterns, and takes action.
|
||||||
Documentation=https://framagit.org/ppom/reaction-wiki
|
Documentation=https://framagit.org/ppom/reaction-wiki
|
||||||
|
# Ensure reaction will insert its chain after docker has inserted theirs. Only useful when iptables & docker are used
|
||||||
|
# After=docker.service
|
||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
ExecStart=/usr/bin/reaction start -c /etc/reaction.jsonnet
|
ExecStart=/usr/bin/reaction start -c /etc/reaction.jsonnet
|
||||||
|
@ -1,6 +1,8 @@
|
|||||||
# vim: ft=systemd
|
# vim: ft=systemd
|
||||||
[Install]
|
[Install]
|
||||||
WantedBy=multi-user.target
|
WantedBy=multi-user.target
|
||||||
|
# Ensure reaction will insert its chain after docker has inserted theirs. Only useful when iptables & docker are used
|
||||||
|
# After=docker.service
|
||||||
|
|
||||||
# See `man systemd.exec` and `man systemd.service` for most options below
|
# See `man systemd.exec` and `man systemd.service` for most options below
|
||||||
[Service]
|
[Service]
|
||||||
|
@ -38,7 +38,7 @@ int isIPv6(char *tab, int len) {
|
|||||||
}
|
}
|
||||||
// Each char must be a digit, :, a-f, or A-F
|
// Each char must be a digit, :, a-f, or A-F
|
||||||
for (i=0; i<len; i++) {
|
for (i=0; i<len; i++) {
|
||||||
if (!isdigit(tab[i]) && tab[i] != ':' && !(tab[i] >= 'a' && tab[i] <= 'f') && !(tab[i] >= 'A' && tab[i] <= 'F')) {
|
if (!isdigit(tab[i]) && tab[i] != ':' && tab[i] != '.' && !(tab[i] >= 'a' && tab[i] <= 'f') && !(tab[i] >= 'A' && tab[i] <= 'F')) {
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user