unRedirect

SYN-Scan-Firewall.go

@@ -291,6 +291,27 @@ func isIPBlocked(ip string) bool {
 	return strings.Contains(string(output), ip)
 }
 
+func ruleExists(ip string, drop bool) (bool, error) {
+    var cmd *exec.Cmd
+    if drop {
+        cmd = exec.Command("sudo", "iptables", "-C", "INPUT", "-s", ip, "-j", "DROP")
+    } else {    
+        cmd = exec.Command("sudo", "iptables", "-t", "nat", "-C", "PREROUTING", "-s", ip, 
+                          "-p", "tcp", "--dport", "1:65535", "-j", "REDIRECT", "--to-port", "9999")
+    }    
+    err := cmd.Run()
+    if err == nil {
+        return true, nil
+    }
+    // Check if error is because rule doesn't exist
+    if exitErr, ok := err.(*exec.ExitError); ok {
+        if exitErr.ExitCode() == 1 {
+            return false, nil
+        }
+    }
+    return false, err
+}
+
 func blockIP(ip string, logger *log.Logger) {
 	if isIPBlocked(ip) {
 		logger.Printf("IP %s is already blocked", ip)
@@ -311,11 +332,22 @@ func blockIP(ip string, logger *log.Logger) {
 }
 
 func unblockIP(ip string, logger *log.Logger) {
-	logger.Printf("Unblocking IP: %s", ip)
-	cmd := exec.Command("sudo", "iptables", "-D", "INPUT", "-s", ip, "-j", "DROP")
-	if err := cmd.Run(); err != nil {
-		logger.Printf("Error unblocking IP %s: %v", ip, err)
-	}
+    route_exists, _ := ruleExists(ip, false)
+    if route_exists {
+        logger.Printf("Unblocking IP: %s", ip)
+
+        deleteCmd := exec.Command("sudo", "iptables", "-t", "nat", "-D", "PREROUTING", "-s", ip, "-p", "tcp", "--dport", "1:65535", "-j", "REDIRECT", "--to-port", "9999")
+        if err := deleteCmd.Run(); err != nil {
+            logger.Printf("Error unRedirecting IP %s: %v", ip, err)
+        }	
+    }
+    drop_exists, _ := ruleExists(ip, true)
+    if drop_exists {    
+        cmd := exec.Command("sudo", "iptables", "-D", "INPUT", "-s", ip, "-j", "DROP")
+        if err := cmd.Run(); err != nil {
+            logger.Printf("Error unBlocking IP %s: %v", ip, err)
+        }
+    }
 }
 
 // Sniffer methods