maride/goknockr
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Add blacklist functionality

Browse Source
This commit is contained in:
maride 2017-09-28 14:41:07 +02:00
parent e681e0dba5
commit 764203ea99
1 changed files with 45 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
knockr.go
View File

@ -12,12 +12,16 @@ type knockArguments struct {
cli.Helper cli.Helper
WhitelistPort int `cli:'wp' usage:'The port to launch the whitelist server on'` WhitelistPort int `cli:'wp' usage:'The port to launch the whitelist server on'`
GatewayPort int `cli:'gp' usage:'The port to protect'` GatewayPort int `cli:'gp' usage:'The port to protect'`
BlacklistPort int `cli:'wp' usage:'If set: The port to blacklist the connected host'`
Destination string `cli:'d' usage:'The destination to relay traffic to'` Destination string `cli:'d' usage:'The destination to relay traffic to'`
Timeout int64 `cli:'t' usage:'Time in seconds after which a whitelist entry will be removed'` Timeout int64 `cli:'t' usage:'Time in seconds after which a whitelist entry will be removed'`
} }
var whitelist = make(map[string]int64) var (
var arguments *knockArguments whitelist = make(map[string]int64)
blacklist []string
arguments *knockArguments
)
func main() { func main() {
// Parse command line arguments // Parse command line arguments
@ -28,6 +32,7 @@ func main() {
// Launch listeners // Launch listeners
go listener(arguments.WhitelistPort, whitelist_handler) go listener(arguments.WhitelistPort, whitelist_handler)
go listener(arguments.BlacklistPort, blacklist_handler)
listener(arguments.GatewayPort, gateway_handler) listener(arguments.GatewayPort, gateway_handler)
} }
@ -55,8 +60,26 @@ func whitelist_handler(c net.Conn) {
// Handler function for whitelist socket connections, whitelisting the connecting host // Handler function for whitelist socket connections, whitelisting the connecting host
host, _, _ := net.SplitHostPort(c.RemoteAddr().String()) host, _, _ := net.SplitHostPort(c.RemoteAddr().String())
io.WriteString(c, fmt.Sprintf("Knock Knock, %s.", host)) if is_blacklisted(host) {
add_to_whitelist(host) fmt.Println("[BLK] Denying blacklisted host ", host)
} else {
io.WriteString(c, fmt.Sprintf("Knock Knock, %s.", host))
add_to_whitelist(host)
}
c.Close()
}
func blacklist_handler(c net.Conn) {
// Handler which blocks every host connecting to it.
// Useful to place it on port (whitelistPort-1) to crash port scanners.
host, _, _ := net.SplitHostPort(c.RemoteAddr().String())
if ! is_whitelisted(host) {
fmt.Println("[BLK] Blacklisting ", host)
add_to_blacklist(host)
} else {
fmt.Println("[ERR] Whitelisted host ", host, " connected to blacklist port. Ignoring.")
}
c.Close() c.Close()
} }
@ -64,7 +87,9 @@ func gateway_handler(c net.Conn) {
// Filter connections whether or not the connecting host is whitelisted // Filter connections whether or not the connecting host is whitelisted
host, _, _ := net.SplitHostPort(c.RemoteAddr().String()) host, _, _ := net.SplitHostPort(c.RemoteAddr().String())
if is_whitelisted(host) { if is_blacklisted(host) {
fmt.Println("[BLK] Blacklisted host ", host, ", ignoring")
} else if is_whitelisted(host) {
fmt.Println("[OK ] Whitelisted host ", host, " connected") fmt.Println("[OK ] Whitelisted host ", host, " connected")
update_whitelist_time(host) update_whitelist_time(host)
proxy(c) proxy(c)
@ -111,6 +136,21 @@ func is_whitelisted(addr string) bool {
return false return false
} }
func add_to_blacklist(addr string) {
// Add specified address to blacklist
blacklist = append(blacklist, addr)
}
func is_blacklisted(addr string) bool {
// Check whether or not the specified address is blacklisted
for i:=0; i<len(blacklist); i++ {
if blacklist[i] == addr {
return true
}
}
return false
}
func update_whitelist_time(addr string) { func update_whitelist_time(addr string) {
// Update whitelist - prevent timeout of connection // Update whitelist - prevent timeout of connection
whitelist[addr] = time.Now().Unix() whitelist[addr] = time.Now().Unix()