-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathpywall.py
More file actions
executable file
·132 lines (94 loc) · 3.34 KB
/
Copy pathpywall.py
File metadata and controls
executable file
·132 lines (94 loc) · 3.34 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
#!/usr/bin/env python3
import os
import sys
import argparse
import ipaddress
from core.rules import RuleEngine
from core.executor import FirewallExecutor
def check_permission_root():
if os.getuid() != 0:
print("Permission denied: PyWall must be run as root.")
sys.exit(1)
def validate_rule(args):
try:
ipaddress.ip_address(args.ip)
except ValueError:
print("[-] Invalid IP address")
sys.exit(1)
if not (1 <= args.port <= 65535):
print("[-] Invalid port number (1-65535)")
sys.exit(1)
def build_cli():
parser = argparse.ArgumentParser(
description="PyWall - A simple terminal-based firewall"
)
sub = parser.add_subparsers(dest="command", help="Available commands")
sub.add_parser("start", help="Start the firewall")
sub.add_parser("stop", help="Stop the firewall")
sub.add_parser("status", help="Check firewall status")
add = sub.add_parser("add-rule", help="Add firewall rule")
action = add.add_mutually_exclusive_group(required=True)
action.add_argument("--block", action="store_true", help="Block traffic")
action.add_argument("--allow", action="store_true", help="Allow traffic")
add.add_argument("--ip", required=True, help="Target IP address")
add.add_argument("--port", type=int, required=True, help="Target port")
add.add_argument(
"--protocol",
choices=["tcp", "udp"],
required=True,
help="Network protocol"
)
delete = sub.add_parser("delete", help="Delete firewall rule")
delete.add_argument("--id", type=int, required=True)
return parser
def main():
parser = build_cli()
args = parser.parse_args()
# If no command, show help
if not args.command:
parser.print_help()
sys.exit(0)
# Allow help without root
if args.command not in ("status",):
check_permission_root()
engine = RuleEngine()
if args.command == "add-rule":
validate_rule(args)
rule = {
"action": "BLOCK" if args.block else "ALLOW",
"ip": args.ip,
"port": args.port,
"protocol": args.protocol
}
rule_id, created = engine.add_rule(rule)
if created:
print(f"[+] Rule added successfully (ID: {rule_id})")
else:
print(f"[!] Rule already exists (ID: {rule_id}), not adding duplicate")
elif args.command == "delete":
if engine.delete_rule(args.id):
print(f"[+] Rule {args.id} deleted")
else:
print(f"[-] Rule {args.id} not found")
elif args.command == "status":
rules = engine.list_rules()
print(f"[+] PyWall READY — {len(rules)} rule(s) loaded")
elif args.command == "start":
check_permission_root()
executor = FirewallExecutor(dry_run=False)
rules = engine.list_rules()
if not rules:
print("[*] No rules to apply")
return
# BACKUP FIRST
backup_file = executor.backup_iptables()
if not backup_file:
print("[-] Aborting firewall start (backup failed)")
return
print("[+] Applying firewall rules...")
elif args.command == "stop":
print("[+] Firewall stop requested (executor not wired yet)")
else:
parser.print_help()
if __name__ == "__main__":
main()