add ipv6 capability

palner · Sep 2, 2021 · 266ddba · 266ddba
1 parent 1547d86
commit 266ddba
Show file tree

Hide file tree

Showing 3 changed files with 62 additions and 18 deletions.
diff --git a/go/iptables-api.go b/go/iptables-api.go
@@ -69,7 +69,9 @@ func main() {
 
 	router := mux.NewRouter()
 	router.HandleFunc("/addip/{ipaddress}", addIPAddress).Methods("GET")
+	router.HandleFunc("/blockip/{ipaddress}", addIPAddress).Methods("GET")
 	router.HandleFunc("/removeip/{ipaddress}", removeIPAddress).Methods("GET")
+	router.HandleFunc("/unblockip/{ipaddress}", removeIPAddress).Methods("GET")
 	router.HandleFunc("/flushchain", flushChain).Methods("GET")
 	http.ListenAndServe("0.0.0.0:"+APIport, router)
 }
@@ -92,20 +94,20 @@ func checkIPAddress(ip string) bool {
 	}
 }
 
-func checkIPAddressv4(ip string) bool {
+func checkIPAddressv4(ip string) (string, error) {
 	if net.ParseIP(ip) == nil {
-		return false
+		return "", errors.New("Not an IP address")
 	}
 	for i := 0; i < len(ip); i++ {
 		switch ip[i] {
 		case '.':
-			return true
+			return "ipv4", nil
 		case ':':
-			return false
+			return "ipv6", nil
 		}
 	}
 
-	return false
+	return "", errors.New("unknown error")
 }
 
 func initializeIPTables(ipt *iptables.IPTables) (string, error) {
@@ -162,16 +164,23 @@ func addIPAddress(w http.ResponseWriter, r *http.Request) {
 	params := mux.Vars(r)
 	log.Println("processing addIPAddress", params["ipaddress"])
 
-	if checkIPAddressv4(params["ipaddress"]) {
-		log.Println(params["ipaddress"], "is a valid ip address")
-	} else {
-		log.Println(params["ipaddress"], "is not a valid ipv4 address")
-		http.Error(w, "{\"error\":\"only valid ipv4 address supported\"}", http.StatusBadRequest)
+	ipType, err := checkIPAddressv4(params["ipaddress"])
+	if err != nil {
+		log.Println(params["ipaddress"], "is not a valid ip address")
+		http.Error(w, "{\"error\":\"only valid ip addresses supported\"}", http.StatusBadRequest)
 		return
 	}
 
+	var ipProto iptables.Protocol
+	switch ipType {
+	case "ipv6":
+		ipProto = iptables.ProtocolIPv6
+	default:
+		ipProto = iptables.ProtocolIPv4
+	}
+
 	// Go connect for IPTABLES
-	ipt, err := iptables.New()
+	ipt, err := iptables.NewWithProtocol(ipProto)
 	if err != nil {
 		log.Println(err)
 		http.Error(w, "{\"error\":\"error with iptables\"}", http.StatusInternalServerError)
@@ -198,16 +207,23 @@ func removeIPAddress(w http.ResponseWriter, r *http.Request) {
 	params := mux.Vars(r)
 	log.Println("processing removeIPAddress", params["ipaddress"])
 
-	if checkIPAddressv4(params["ipaddress"]) {
-		log.Println(params["ipaddress"], "is a valid ip address")
-	} else {
-		log.Println(params["ipaddress"], "is not a valid ipv4 address")
-		http.Error(w, "{\"error\":\"only valid ipv4 address supported\"}", http.StatusBadRequest)
+	ipType, err := checkIPAddressv4(params["ipaddress"])
+	if err != nil {
+		log.Println(params["ipaddress"], "is not a valid ip address")
+		http.Error(w, "{\"error\":\"only valid ip addresses supported\"}", http.StatusBadRequest)
 		return
 	}
 
+	var ipProto iptables.Protocol
+	switch ipType {
+	case "ipv6":
+		ipProto = iptables.ProtocolIPv6
+	default:
+		ipProto = iptables.ProtocolIPv4
+	}
+
 	// Go connect for IPTABLES
-	ipt, err := iptables.New()
+	ipt, err := iptables.NewWithProtocol(ipProto)
 	if err != nil {
 		log.Println(err)
 		http.Error(w, "{\"error\":\"error with iptables\"}", http.StatusInternalServerError)
@@ -232,26 +248,54 @@ func removeIPAddress(w http.ResponseWriter, r *http.Request) {
 func flushChain(w http.ResponseWriter, r *http.Request) {
 	w.Header().Set("Content-Type", "application/json")
 	log.Println("processing flushChain")
+	var ipErr string
 
 	// Go connect for IPTABLES
 	ipt, err := iptables.New()
 	if err != nil {
 		log.Println(err)
+		ipErr = err.Error()
 		http.Error(w, "{\"error\":\"error with iptables\"}", http.StatusInternalServerError)
+		return
 	}
 
 	_, err = initializeIPTables(ipt)
 	if err != nil {
 		log.Fatalln("failed to initialize IPTables:", err)
 		http.Error(w, "{\"error\":\"error initializing iptables\"}", http.StatusInternalServerError)
+		return
 	}
 
 	err = ipt.ClearChain("filter", "APIBANLOCAL")
 	if err != nil {
 		log.Print("Flushing APIBANLOCAL chain failed. ", err.Error())
-		http.Error(w, "{\"error\":\"error flushing chain\"}", http.StatusBadRequest)
+		ipErr = err.Error() + " "
 	} else {
 		log.Print("APIBANLOCAL chain flushed.")
+	}
+
+	// Go connect for IPTABLES
+	ipt, err = iptables.NewWithProtocol(iptables.ProtocolIPv6)
+	if err != nil {
+		log.Println(err)
+		http.Error(w, "{\"error\":\"error with ip6tables\"}", http.StatusInternalServerError)
+		return
+	}
+
+	_, err = initializeIPTables(ipt)
+	if err != nil {
+		log.Fatalln("failed to initialize IPTables:", err)
+		http.Error(w, "{\"error\":\"error initializing ip6tables\"}", http.StatusInternalServerError)
+		return
+	}
+
+	err = ipt.ClearChain("filter", "APIBANLOCAL")
+	if err != nil {
+		log.Print("Flushing ip6 APIBANLOCAL chain failed. ", err.Error())
+		ipErr = ipErr + err.Error()
+		http.Error(w, "{\"error\":\""+ipErr+"\"}", http.StatusBadRequest)
+	} else {
+		log.Print("ip6 APIBANLOCAL chain flushed.")
 		io.WriteString(w, "{\"success\":\"flushed\"}\n")
 	}
 }
diff --git a/iptables-api b/iptables-api
diff --git a/iptables-api-arm b/iptables-api-arm