custom ssh port (#164)

thebigbone · web-flow · commit b3b5944b7989 · 2024-11-15T15:32:07.000+01:00
diff --git a/app/server.go b/app/server.go
@@ -35,6 +35,7 @@ func main() {
 	fmt.Printf("%s %s\n", VERSION, BUILDDATE)
 
 	pflag.StringP("interface", "i", "eth0", "Bind to this interface")
+	pflag.IntP("ssh", "s", 0, "Override SSH port")
 	pflag.StringP("logpath", "l", "/dev/null", "Log file path")
 	pflag.StringP("confpath", "c", "config/", "Configuration file path")
 	pflag.BoolP("debug", "d", false, "Enable debug mode")
@@ -44,6 +45,10 @@ func main() {
 	pflag.Parse()
 	viper.BindPFlags(pflag.CommandLine)
 
+	if viper.IsSet("ssh") {
+		viper.Set("ports.ssh", viper.GetInt("ssh"))
+	}
+
 	if viper.GetBool("version") {
 		return
 	}
diff --git a/config/config.yaml b/config/config.yaml
@@ -1,6 +1,7 @@
 ports:
   tcp: 5000
   udp: 5001
+  ssh: 2222
 
 rules_path: config/rules.yaml
 
diff --git a/glutton.go b/glutton.go
@@ -53,6 +53,7 @@ func (g *Glutton) initConfig() error {
 	// If no config is found, use the defaults
 	viper.SetDefault("ports.tcp", 5000)
 	viper.SetDefault("ports.udp", 5001)
+	viper.SetDefault("ports.ssh", 22)
 	viper.SetDefault("max_tcp_payload", 4096)
 	viper.SetDefault("conn_timeout", 45)
 	viper.SetDefault("rules_path", "rules/rules.yaml")
@@ -186,11 +187,11 @@ func (g *Glutton) Start() error {
 
 	g.startMonitor(quit)
 
-	if err := setTProxyIPTables(viper.GetString("interface"), g.publicAddrs[0].String(), "tcp", uint32(g.Server.tcpPort)); err != nil {
+	if err := setTProxyIPTables(viper.GetString("interface"), g.publicAddrs[0].String(), "tcp", uint32(g.Server.tcpPort), uint32(viper.GetInt("ports.ssh"))); err != nil {
 		return err
 	}
 
-	if err := setTProxyIPTables(viper.GetString("interface"), g.publicAddrs[0].String(), "udp", uint32(g.Server.udpPort)); err != nil {
+	if err := setTProxyIPTables(viper.GetString("interface"), g.publicAddrs[0].String(), "udp", uint32(g.Server.udpPort), uint32(viper.GetInt("ports.ssh"))); err != nil {
 		return err
 	}
 
@@ -335,11 +336,11 @@ func (g *Glutton) Shutdown() {
 	}
 
 	g.Logger.Info("FLushing TCP iptables")
-	if err := flushTProxyIPTables(viper.GetString("interface"), g.publicAddrs[0].String(), "tcp", uint32(g.Server.tcpPort)); err != nil {
+	if err := flushTProxyIPTables(viper.GetString("interface"), g.publicAddrs[0].String(), "tcp", uint32(g.Server.tcpPort), uint32(viper.GetInt("ports.ssh"))); err != nil {
 		g.Logger.Error("failed to drop tcp iptables", producer.ErrAttr(err))
 	}
 	g.Logger.Info("FLushing UDP iptables")
-	if err := flushTProxyIPTables(viper.GetString("interface"), g.publicAddrs[0].String(), "udp", uint32(g.Server.udpPort)); err != nil {
+	if err := flushTProxyIPTables(viper.GetString("interface"), g.publicAddrs[0].String(), "udp", uint32(g.Server.udpPort), uint32(viper.GetInt("ports.ssh"))); err != nil {
 		g.Logger.Error("failed to drop udp iptables", producer.ErrAttr(err))
 	}
 
diff --git a/iptables.go b/iptables.go
@@ -30,19 +30,19 @@ func genRuleSpec(chain, iface, protocol, _ string, sshPort, dport uint32) []stri
 	return strings.Split(fmt.Sprintf(spec, iface, protocol, sshPort, dport), ";")
 }
 
-func setTProxyIPTables(iface, srcIP, protocol string, port uint32) error {
+func setTProxyIPTables(iface, srcIP, protocol string, port, sshPort uint32) error {
 	ipt, err := iptables.NewWithProtocol(iptables.ProtocolIPv4)
 	if err != nil {
 		return err
 	}
-	return ipt.AppendUnique("mangle", "PREROUTING", genRuleSpec("PREROUTING", iface, protocol, srcIP, 22, port)...)
+	return ipt.AppendUnique("mangle", "PREROUTING", genRuleSpec("PREROUTING", iface, protocol, srcIP, sshPort, port)...)
 }
 
-func flushTProxyIPTables(iface, srcIP, protocol string, port uint32) error {
+func flushTProxyIPTables(iface, srcIP, protocol string, port, sshPort uint32) error {
 	ipt, err := iptables.NewWithProtocol(iptables.ProtocolIPv4)
 	if err != nil {
 		return err
 	}
 
-	return ipt.Delete("mangle", "PREROUTING", genRuleSpec("PREROUTING", iface, protocol, srcIP, 22, port)...)
+	return ipt.Delete("mangle", "PREROUTING", genRuleSpec("PREROUTING", iface, protocol, srcIP, sshPort, port)...)
 }

Original file line number	Diff line number	Diff line change
`@@ -53,6 +53,7 @@ func (g *Glutton) initConfig() error {`
`53`	`53`	`// If no config is found, use the defaults`
`54`	`54`	`viper.SetDefault("ports.tcp", 5000)`
`55`	`55`	`viper.SetDefault("ports.udp", 5001)`
	`56`	`+ viper.SetDefault("ports.ssh", 22)`
`56`	`57`	`viper.SetDefault("max_tcp_payload", 4096)`
`57`	`58`	`viper.SetDefault("conn_timeout", 45)`
`58`	`59`	`viper.SetDefault("rules_path", "rules/rules.yaml")`
`@@ -186,11 +187,11 @@ func (g *Glutton) Start() error {`
`186`	`187`
`187`	`188`	`g.startMonitor(quit)`
`188`	`189`
`189`		`- if err := setTProxyIPTables(viper.GetString("interface"), g.publicAddrs[0].String(), "tcp", uint32(g.Server.tcpPort)); err != nil {`
	`190`	`+ if err := setTProxyIPTables(viper.GetString("interface"), g.publicAddrs[0].String(), "tcp", uint32(g.Server.tcpPort), uint32(viper.GetInt("ports.ssh"))); err != nil {`
`190`	`191`	`return err`
`191`	`192`	`}`
`192`	`193`
`193`		`- if err := setTProxyIPTables(viper.GetString("interface"), g.publicAddrs[0].String(), "udp", uint32(g.Server.udpPort)); err != nil {`
	`194`	`+ if err := setTProxyIPTables(viper.GetString("interface"), g.publicAddrs[0].String(), "udp", uint32(g.Server.udpPort), uint32(viper.GetInt("ports.ssh"))); err != nil {`
`194`	`195`	`return err`
`195`	`196`	`}`
`196`	`197`
`@@ -335,11 +336,11 @@ func (g *Glutton) Shutdown() {`
`335`	`336`	`}`
`336`	`337`
`337`	`338`	`g.Logger.Info("FLushing TCP iptables")`
`338`		`- if err := flushTProxyIPTables(viper.GetString("interface"), g.publicAddrs[0].String(), "tcp", uint32(g.Server.tcpPort)); err != nil {`
	`339`	`+ if err := flushTProxyIPTables(viper.GetString("interface"), g.publicAddrs[0].String(), "tcp", uint32(g.Server.tcpPort), uint32(viper.GetInt("ports.ssh"))); err != nil {`
`339`	`340`	`g.Logger.Error("failed to drop tcp iptables", producer.ErrAttr(err))`
`340`	`341`	`}`
`341`	`342`	`g.Logger.Info("FLushing UDP iptables")`
`342`		`- if err := flushTProxyIPTables(viper.GetString("interface"), g.publicAddrs[0].String(), "udp", uint32(g.Server.udpPort)); err != nil {`
	`343`	`+ if err := flushTProxyIPTables(viper.GetString("interface"), g.publicAddrs[0].String(), "udp", uint32(g.Server.udpPort), uint32(viper.GetInt("ports.ssh"))); err != nil {`
`343`	`344`	`g.Logger.Error("failed to drop udp iptables", producer.ErrAttr(err))`
`344`	`345`	`}`
`345`	`346`
Original file line number	Diff line number	Diff line change
`@@ -30,19 +30,19 @@ func genRuleSpec(chain, iface, protocol, _ string, sshPort, dport uint32) []stri`
`30`	`30`	`return strings.Split(fmt.Sprintf(spec, iface, protocol, sshPort, dport), ";")`
`31`	`31`	`}`
`32`	`32`
`33`		`-func setTProxyIPTables(iface, srcIP, protocol string, port uint32) error {`
	`33`	`+func setTProxyIPTables(iface, srcIP, protocol string, port, sshPort uint32) error {`
`34`	`34`	`ipt, err := iptables.NewWithProtocol(iptables.ProtocolIPv4)`
`35`	`35`	`if err != nil {`
`36`	`36`	`return err`
`37`	`37`	`}`
`38`		`- return ipt.AppendUnique("mangle", "PREROUTING", genRuleSpec("PREROUTING", iface, protocol, srcIP, 22, port)...)`
	`38`	`+ return ipt.AppendUnique("mangle", "PREROUTING", genRuleSpec("PREROUTING", iface, protocol, srcIP, sshPort, port)...)`
`39`	`39`	`}`
`40`	`40`
`41`		`-func flushTProxyIPTables(iface, srcIP, protocol string, port uint32) error {`
	`41`	`+func flushTProxyIPTables(iface, srcIP, protocol string, port, sshPort uint32) error {`
`42`	`42`	`ipt, err := iptables.NewWithProtocol(iptables.ProtocolIPv4)`
`43`	`43`	`if err != nil {`
`44`	`44`	`return err`
`45`	`45`	`}`
`46`	`46`
`47`		`- return ipt.Delete("mangle", "PREROUTING", genRuleSpec("PREROUTING", iface, protocol, srcIP, 22, port)...)`
	`47`	`+ return ipt.Delete("mangle", "PREROUTING", genRuleSpec("PREROUTING", iface, protocol, srcIP, sshPort, port)...)`
`48`	`48`	`}`