v0.1.0 #1

Merged

kor-elf merged 57 commits from develop into main 2025-11-08 17:34:06 +05:00

Conversation 0 Commits 57 Files Changed 61 +5229 -55

kor-elf commented 2025-11-08 17:33:55 +05:00

Owner

Copy Link

---

Русский

• Реализована возможность настраивать nftables:
  • По умолчанию разрешить или блокировать входящий трафик.
  • По умолчанию разрешить или блокировать исходящий трафик.
  • Настройка icmp.
  • Настройка портов.
  • Настройка белых и чёрных списков IP адресов.
• Настройка логирование.

---

English

• Implemented the ability to configure nftables:
  • Allow or block incoming traffic by default.
  • Allow or block outgoing traffic by default.
  • ICMP configuration.
  • Port configuration.
  • IP address whitelisting and blacklisting.
• Logging configuration.

---

*** #### Русский * Реализована возможность настраивать nftables: * По умолчанию разрешить или блокировать входящий трафик. * По умолчанию разрешить или блокировать исходящий трафик. * Настройка icmp. * Настройка портов. * Настройка белых и чёрных списков IP адресов. * Настройка логирование. *** #### English * Implemented the ability to configure nftables: * Allow or block incoming traffic by default. * Allow or block outgoing traffic by default. * ICMP configuration. * Port configuration. * IP address whitelisting and blacklisting. * Logging configuration. ***

kor-elf added 57 commits 2025-11-08 17:33:55 +05:00

Improve error localization by adding translations for "Command error" in supported languages and updating error message formatting in main.go. ceced8683a

Add logging configuration to kor-elf-shield.toml file with detailed settings and documentation 187fc9dc4b

Add EnsureDir utility to create directories with appropriate permissions and error localization. 2847478ffb

Add FileHasWritePermissions utility to check file write permissions with localized error handling. ce670cefaf

Introduce LoggerOptions to configure logging with enhanced error handling. 89d5ac5300

Add log configuration structure and utilities to manage logging settings. ... cd9497a66e

- Includes support for log levels, encodings, paths, and error paths.
- Implements validation for paths and integration with `LoggerOptions`.

Refactor setting.Config accessors to direct field access for clarity and consistency in main.go. cdfe8b483f

Add Logger interface and implementation using zap for structured logging 1ef42ce3ba

Add falseLogger as a no-op logger implementation. 2ffad8584a

Add Fatal method to Logger interface and implement os.Exit(1) behavior ... e5ae14d855

- Introduced `Fatal` method for structured logging with immediate program exit.
- Updated `falseLogger` to implement `Fatal` method.
- Added `zap.AddCallerSkip(1)` for accurate caller information in logs.
- Adjusted `LoggerOptions` argument in `NewLogger` for consistency.

Refactor EnsureDir to use mkdirAllWithChmod for improved permission handling and directory creation 932670e36d

Add pid_file configuration and validation in setting package ... a7b88ff4fe

- Introduced `pid_file` field in configuration with default path.
- Implemented validation for `pid_file` in `ToDaemonOptions` with localized error handling.
- Updated `kor-elf-shield.toml` to include `pid_file` documentation.

Remove unused debug log statement from Config.Log.Level in main.go. 23aaeb0dbc

Add pidfile package to manage daemon PID files ... a07357cdd1

- Introduced `PidFile` interface with methods for PID file validation, creation, and removal.
- Implemented `EnsureNoOtherProcess` to handle PID file conflicts and outdated entries.
- Added structured logger support for better observability in PID file operations.

Add daemon package with support for start command ... 927bd8162d

- Introduced `Daemon` interface and default implementation for process management.
- Added `start` CLI command to initialize and run the daemon.
- Integrated PID file handling using `pidfile` package for ensuring single process execution.
- Updated main application to register `start` command.

Validate logger in pidfile and improve PID-related log messages ... 6a89550737

- Ensure `logger` is not nil during PID file initialization.
- Standardize usage of "PID" in log messages for consistency and clarity.

Refactor runDaemon to pass context and improve logger cleanup ... 2a884b24b9

- Updated `runDaemon` to accept and propagate context for better lifecycle management.
- Wrapped logger `Sync` call in a function to handle errors gracefully.

Add testing mode and firewall configuration to daemon ... 3d1d4f5200

- Introduced `testing` and `testing_interval` options in configuration for test mode management.
- Added support for firewall configuration and integration via `firewall` package.
- Updated daemon lifecycle to handle testing mode and test interval expiration.
- Extended `kor-elf-shield.toml` with new configuration options and documentation.

Add firewall package with nftables support and configuration handling ... 729953cc17

- Introduced `firewall` package with `API` interface for managing nftables rules.
- Added `Reload`, `ClearRules`, and `SavesRules` methods for rule management.
- Implemented configuration parsing for firewall settings using `firewall.toml`.
- Updated `internal/setting` with default firewall configurations.
- Integrated `go-nftables-client` for low-level manipulation of nftables.

Update import paths to use fully qualified module name ... 7f882fa3ae

- Replaced local import paths with fully qualified paths prefixed by `git.kor-elf.net`.
- Updated `go.mod` module declaration to match the new module name.

Add default policies and enhanced nftables chain handling in firewall ... 72e76c660e

- Introduced default input, output, and forward policies for firewall management.
- Enhanced chain configuration with specific naming for input, output, and forward chains.
- Updated `firewall.toml` with policy settings and chain name configurations.
- Refactored `firewall` package to include reload and configuration synchronization for policies.

Wrap file.Close() in a deferred function to handle error suppression during PID file operations. 3fa3c2bc88

Correct import order in main.go for improved readability and adherence to Go conventions. c30b8043c3

Fix import formatting in start.go to improve code readability and maintain consistency. 5b55ae506a

Add fallback to clear firewall rules on reload failure ... a9892bdb7f

- Updated `daemon.go` to invoke `d.firewall.ClearRules()` if `d.firewall.Reload()` fails, ensuring a clean state.

Refactor firewall options into a dedicated struct ... 2ada717857

- Extracted `SavesRules` and `SavesRulesPath` into `options` struct for improved organization.
- Updated `firewall` settings to utilize the new `options` struct.
- Modified `firewall.toml` configuration to reflect the structural changes.
- Adjusted related methods and functions to handle the new structure.

Add DNS traffic handling with strict nftables rules ... 6b9af27090

- Introduced `dns_strict` and `dns_strict_ns` options for enhanced DNS traffic control.
- Added parsing of `/etc/resolv.conf` to retrieve and process nameserver addresses.
- Updated firewall configuration to apply specific rules for DNS traffic.
- Enhanced `firewall.toml` with new options for DNS strict mode and documentation.

Add packet filtering for invalid and out-of-order packets ... 52d5df5ca8

- Introduced `packet_filter` option to enable dropping invalid and out-of-order packets.
- Added new nftables chains and rules to handle invalid state and TCP flag anomalies.
- Updated `firewall.toml` with `packet_filter` configuration and documentation.
- Enhanced firewall initialization to include packet filtering logic.

Add ICMP traffic handling in firewall configuration ... dde619f6be

- Introduced `icmp_in`, `icmp_in_rate`, `icmp_out`, `icmp_out_rate`, and `icmp_timestamp_drop` options for ICMP traffic control.
- Added rules for managing incoming and outgoing ICMP traffic based on configuration settings.
- Updated `firewall.toml` with ICMP-related options and documentation.
- Enhanced input and output reload methods to include ICMP traffic handling.

Add centralized firewall chain management and default policy configuration ... 10e13be291

- Consolidated chain creation and management into a `chain` package for improved structure.
- Introduced default policies (`default_allow_input`, `default_allow_output`, `default_allow_forward`) for input, output, and forward traffic control.
- Added support for policy-specific drop behaviors (`input_drop`, `output_drop`, `forward_drop`) to firewall configuration.
- Updated reload methods to utilize the centralized `chain` management interface.
- Enhanced `firewall.toml` with new policy options and improved documentation.
- Refactored related code to streamline chain handling and configuration logic.

Add centralized validation for firewall and daemon configurations ... 165b6f8d79

- Introduced `validate` package for centralized configuration validation.
- Added validation for paths, filenames, and specific extensions (e.g., `.toml`, `.pid`, `.log`).
- Enhanced `firewall` settings with validation logic (e.g., `table_name`, `chain_input_name`, `saves_rules_path`, `icmp_in_rate`, `input_drop`).
- Updated `daemon` PID file handling for additional checks on file type and content.
- Improved error handling and validation coverage for settings initialization.

Add IPv6 support to firewall configuration ... 7abdd78ad5

- Introduced `IP6` struct with `enable` and `icmp_strict` options.
- Extended `firewall.toml` with new IPv6-related settings and documentation.
- Updated input reload methods to include IPv6 rules and ICMPv6 handling.
- Added strict ICMPv6 mode with granular rule definitions.
- Incorporated IPv6 support in settings validation and configuration logic.

Add port-based traffic control support to firewall configuration ... e42ddded71

- Introduced `Ports` struct with customizable fields for numbers, directions, protocols, actions, and rate limiting.
- Added methods to convert port configurations into `InPorts` and `OutPorts`.
- Updated `firewall` settings to include port-related configurations and extended validation.
- Enhanced input and output reload methods to process port-based rules for better granularity.
- Updated `firewall.toml` with port settings, including examples and documentation.

Update IcmpInRate field for improved readability ... 4bfa7ffc1b

- Changed rate format from "1/s" to "1/second" in `defaultIp4` function.

Add IP-based traffic control to firewall configuration ... b9bd3edb9c

- Introduced `IP` struct for managing IP-based rules, including fields for IPs, actions, directions, protocols, ports, and rate limits.
- Added methods to process IP configurations into `InIPs` and `OutIPs`.
- Extended reload methods for input and output to include IP-based rule handling.
- Updated `firewall.toml` with IP configuration examples and detailed documentation.
- Enhanced validation logic for IP-based settings to ensure proper configuration.

Improve port validation error message ... 453aa2d20c

- Replaced generic error message with a formatted message specifying the parameter name for better clarity.

Refine comment in pidfile.go for clarity. a978518afa

Reorganize imports in main.go for better readability f81085dec2

Add Unix socket support to daemon ... e6f2d9108f

- Introduced `Socket` interface and implementation in `internal/daemon/socket/socket.go`.
- Added socket file management (`EnsureNoOtherProcess`, `Create`, `Close`) and command handling via `Run`.
- Updated `DaemonOptions` and configuration to include `socket_file` path.
- Integrated socket lifecycle into daemon's `Run` method for process communication.
- Added validation and default configuration for `socket_file` in `setting` package.

Remove unused variable err in runDaemon function 6b11626376

Log service stop action in daemon for better traceability 51ffb17bed

Handle closed network connection error in socket handling ... 0e3e8cf169

- Added `isUseOfClosedNetworkError` function to identify specific "use of closed network connection" errors.
- Updated socket handling logic in `Run` method to gracefully handle closed connection errors with improved debug logging.

Refactor socket handling logic to use Connect interface abstraction ... 1183dde0f4

- Introduced `Connect` interface with methods for `Read`, `Write`, and `Close`.
- Added `connect` struct as an implementation of `Connect` for `net.Conn`.
- Updated command handling to use `Connect` abstraction, improving modularity and testability.
- Renamed `handleConn` to `handleAction` for better clarity.

Add "stop" command to daemon with Unix socket communication ... c8a0df90c2

- Introduced a `CmdStop` command for stopping the daemon, clearing nftables firewall rules.
- Implemented `NewSocketClient` in `internal/socket/socket.go` for Unix socket interaction.
- Updated daemon logic to handle the "stop" command via socket communication.
- Extended localization files with translations for stop command messages.

Add "status" command to daemon for runtime health checking ... d9cfecfb1e

- Introduced `CmdStatus` command to verify if the daemon is running via Unix socket communication.
- Updated daemon logic to handle the "status" command and respond accordingly.
- Extended localization files with translations for status command messages.
- Registered `CmdStatus` in the main CLI application.

Improve error message when daemon is not running in stop command 85d55bc262

Add "reopen_logger" command to daemon for log file management ... 859e7ad4da

- Introduced `CmdReopenLogger` for reopening daemon log files.
- Added `ReOpen` method to `Logger` interface and its implementations.
- Updated daemon logic to handle the "reopen_logger" command via Unix socket communication.
- Extended localization files with translations for new command messages.
- Registered `CmdReopenLogger` in the main CLI application.

Add third-party licenses file ... e409d458f8

- Added `LICENSE-3RD-PARTY.txt` containing licenses for dependencies used in the project.

There was a typo in ConfigPath .conf, it should be .toml c305feac4a

Move configuration files to assets/configs directory a5394a2aa1

Corrected typos 1398735070

Fix typo in comment within kor-elf-shield.toml configuration 6a310bca22

Add logrotate configuration for kor-elf-shield logs 30e48f46a2

Add systemd service file for kor-elf-shield e7035cffb8

Add initial README.md with project overview and setup instructions 8cb5563361

Add English version of README with detailed project overview and setup instructions 3c01301fbf

Add initial CHANGELOG.md with version 0.1.0 release notes ba4d026642

kor-elf merged commit e76d2ae398 into main 2025-11-08 17:34:06 +05:00

kor-elf referenced this issue from a commit 2025-11-08 17:34:08 +05:00

Merge pull request 'v0.1.0' (#1) from develop into main

Sign in to join this conversation.

Reviewers

No Reviewers

Labels

No items

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

kor-elf

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: kor-elf-shield/kor-elf-shield#1