Initial commit — SETEC LABS Manager (Setec_CDM)

Flask-based VPS management panel with SSH remote command execution. Includes E2E encrypted SSH tunnel (AES-256-GCM + Go agent), setup wizard, security hardening tools, DNS management, firewall configs, monitoring, backup, and .sec patch update system. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-13 12:39:02 -07:00
commit 9e839ee826
62 changed files with 14605 additions and 0 deletions
--- a/setec-web/nftables.py
+++ b/setec-web/nftables.py
@@ -0,0 +1,110 @@
+"""
+Command-builder module for managing nftables on a Linux VPS.
+Each function returns a bash command string ready for execution.
+"""
+
+
+def status_cmd() -> str:
+    """Check if nft is installed, its version, and the systemctl status of nftables."""
+    return (
+        "which nft && nft --version; "
+        "systemctl status nftables --no-pager"
+    )
+
+
+def install_cmd() -> str:
+    """Install nftables and enable the service."""
+    return (
+        "apt-get update && apt-get install -y nftables && "
+        "systemctl enable nftables && systemctl start nftables"
+    )
+
+
+def list_cmd() -> str:
+    """List the full nftables ruleset."""
+    return "nft list ruleset"
+
+
+def list_tables_cmd() -> str:
+    """List all nftables tables."""
+    return "nft list tables"
+
+
+def list_chains_cmd(table: str = "inet filter") -> str:
+    """List all chains in the given table."""
+    return f"nft list chains {table}"
+
+
+def add_rule_cmd(table: str, chain: str, rule: str) -> str:
+    """Add a rule to a chain in a table.
+
+    Example:
+        add_rule_cmd("inet filter", "input", "tcp dport 80 accept")
+    """
+    return f"nft add rule {table} {chain} {rule}"
+
+
+def delete_rule_cmd(table: str, chain: str, handle: int) -> str:
+    """Delete a rule by handle number."""
+    return f"nft delete rule {table} {chain} handle {handle}"
+
+
+def flush_cmd(table: str | None = None, chain: str | None = None) -> str:
+    """Flush rules. Optionally scope to a table or table+chain."""
+    if table and chain:
+        return f"nft flush chain {table} {chain}"
+    if table:
+        return f"nft flush table {table}"
+    return "nft flush ruleset"
+
+
+def create_table_cmd(family: str, name: str) -> str:
+    """Create a new table (e.g. family='inet', name='filter')."""
+    return f"nft add table {family} {name}"
+
+
+def delete_table_cmd(family: str, name: str) -> str:
+    """Delete a table."""
+    return f"nft delete table {family} {name}"
+
+
+def create_chain_cmd(
+    table: str,
+    chain: str,
+    chain_type: str = "filter",
+    hook: str = "input",
+    priority: int = 0,
+) -> str:
+    """Create a base chain with type, hook, and priority."""
+    return (
+        f"nft add chain {table} {chain} "
+        f"'{{ type {chain_type} hook {hook} priority {priority}; }}'"
+    )
+
+
+def save_cmd() -> str:
+    """Save the current ruleset to /etc/nftables.conf."""
+    return "nft list ruleset > /etc/nftables.conf"
+
+
+def restore_cmd() -> str:
+    """Restore rules from /etc/nftables.conf."""
+    return "nft -f /etc/nftables.conf"
+
+
+def counters_cmd() -> str:
+    """List all nftables counters."""
+    return "nft list counters"
+
+
+def config_cmd() -> str:
+    """Display the saved nftables configuration file."""
+    return "cat /etc/nftables.conf"
+
+
+def uninstall_cmd() -> str:
+    """Stop, disable, and remove nftables."""
+    return (
+        "systemctl stop nftables; systemctl disable nftables; "
+        "apt-get purge -y nftables && apt-get autoremove -y"
+    )