Add blacklist functionality
This commit is contained in:
parent
e681e0dba5
commit
764203ea99
50
knockr.go
50
knockr.go
@ -12,12 +12,16 @@ type knockArguments struct {
|
|||||||
cli.Helper
|
cli.Helper
|
||||||
WhitelistPort int `cli:'wp' usage:'The port to launch the whitelist server on'`
|
WhitelistPort int `cli:'wp' usage:'The port to launch the whitelist server on'`
|
||||||
GatewayPort int `cli:'gp' usage:'The port to protect'`
|
GatewayPort int `cli:'gp' usage:'The port to protect'`
|
||||||
|
BlacklistPort int `cli:'wp' usage:'If set: The port to blacklist the connected host'`
|
||||||
Destination string `cli:'d' usage:'The destination to relay traffic to'`
|
Destination string `cli:'d' usage:'The destination to relay traffic to'`
|
||||||
Timeout int64 `cli:'t' usage:'Time in seconds after which a whitelist entry will be removed'`
|
Timeout int64 `cli:'t' usage:'Time in seconds after which a whitelist entry will be removed'`
|
||||||
}
|
}
|
||||||
|
|
||||||
var whitelist = make(map[string]int64)
|
var (
|
||||||
var arguments *knockArguments
|
whitelist = make(map[string]int64)
|
||||||
|
blacklist []string
|
||||||
|
arguments *knockArguments
|
||||||
|
)
|
||||||
|
|
||||||
func main() {
|
func main() {
|
||||||
// Parse command line arguments
|
// Parse command line arguments
|
||||||
@ -28,6 +32,7 @@ func main() {
|
|||||||
|
|
||||||
// Launch listeners
|
// Launch listeners
|
||||||
go listener(arguments.WhitelistPort, whitelist_handler)
|
go listener(arguments.WhitelistPort, whitelist_handler)
|
||||||
|
go listener(arguments.BlacklistPort, blacklist_handler)
|
||||||
listener(arguments.GatewayPort, gateway_handler)
|
listener(arguments.GatewayPort, gateway_handler)
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -55,8 +60,26 @@ func whitelist_handler(c net.Conn) {
|
|||||||
// Handler function for whitelist socket connections, whitelisting the connecting host
|
// Handler function for whitelist socket connections, whitelisting the connecting host
|
||||||
host, _, _ := net.SplitHostPort(c.RemoteAddr().String())
|
host, _, _ := net.SplitHostPort(c.RemoteAddr().String())
|
||||||
|
|
||||||
io.WriteString(c, fmt.Sprintf("Knock Knock, %s.", host))
|
if is_blacklisted(host) {
|
||||||
add_to_whitelist(host)
|
fmt.Println("[BLK] Denying blacklisted host ", host)
|
||||||
|
} else {
|
||||||
|
io.WriteString(c, fmt.Sprintf("Knock Knock, %s.", host))
|
||||||
|
add_to_whitelist(host)
|
||||||
|
}
|
||||||
|
c.Close()
|
||||||
|
}
|
||||||
|
|
||||||
|
func blacklist_handler(c net.Conn) {
|
||||||
|
// Handler which blocks every host connecting to it.
|
||||||
|
// Useful to place it on port (whitelistPort-1) to crash port scanners.
|
||||||
|
host, _, _ := net.SplitHostPort(c.RemoteAddr().String())
|
||||||
|
|
||||||
|
if ! is_whitelisted(host) {
|
||||||
|
fmt.Println("[BLK] Blacklisting ", host)
|
||||||
|
add_to_blacklist(host)
|
||||||
|
} else {
|
||||||
|
fmt.Println("[ERR] Whitelisted host ", host, " connected to blacklist port. Ignoring.")
|
||||||
|
}
|
||||||
c.Close()
|
c.Close()
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -64,7 +87,9 @@ func gateway_handler(c net.Conn) {
|
|||||||
// Filter connections whether or not the connecting host is whitelisted
|
// Filter connections whether or not the connecting host is whitelisted
|
||||||
host, _, _ := net.SplitHostPort(c.RemoteAddr().String())
|
host, _, _ := net.SplitHostPort(c.RemoteAddr().String())
|
||||||
|
|
||||||
if is_whitelisted(host) {
|
if is_blacklisted(host) {
|
||||||
|
fmt.Println("[BLK] Blacklisted host ", host, ", ignoring")
|
||||||
|
} else if is_whitelisted(host) {
|
||||||
fmt.Println("[OK ] Whitelisted host ", host, " connected")
|
fmt.Println("[OK ] Whitelisted host ", host, " connected")
|
||||||
update_whitelist_time(host)
|
update_whitelist_time(host)
|
||||||
proxy(c)
|
proxy(c)
|
||||||
@ -111,6 +136,21 @@ func is_whitelisted(addr string) bool {
|
|||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func add_to_blacklist(addr string) {
|
||||||
|
// Add specified address to blacklist
|
||||||
|
blacklist = append(blacklist, addr)
|
||||||
|
}
|
||||||
|
|
||||||
|
func is_blacklisted(addr string) bool {
|
||||||
|
// Check whether or not the specified address is blacklisted
|
||||||
|
for i:=0; i<len(blacklist); i++ {
|
||||||
|
if blacklist[i] == addr {
|
||||||
|
return true
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
|
||||||
func update_whitelist_time(addr string) {
|
func update_whitelist_time(addr string) {
|
||||||
// Update whitelist - prevent timeout of connection
|
// Update whitelist - prevent timeout of connection
|
||||||
whitelist[addr] = time.Now().Unix()
|
whitelist[addr] = time.Now().Unix()
|
||||||
|
Loading…
Reference in New Issue
Block a user