sefcom / natmgr Goto Github PK

Not all commands are necessarily sensitive, e.g. list. As such, it may be beneficial to be more selective about when to require root privileges before executing them.

Some color would really help users grok which rules are expired in a list of rules. Probably just some red background would work well.

If a rule expires before the requester is actually done using the port, it would be helpful to allow an easy way to update just the expiration date for the rule. Intended use is something like this:

# nat renew 4444
 Port #       IP Address    : Port  Expires On  Requested By
 ------  -------------------------  ----------  ------------
   4444    10.  90. 138.  50:   80  2017-01-01  John Doe

Enter new expiration date (YYYY-MM-DD or 0 for never):

At this point, the user can give the new expiration date for the rule and proceed as normal.

If a user deletes the directory where they cloned the repo, the NAT rules they created should still persist. So, instead of saving them to the same directory where the source lives, save them in /etc/natmgr/.

When the daily cron job runs, it will remove any expired port forwarding rules. When this happens, it would be good to notify the person that originally requested the rule that it is no longer active and that they should submit a new request if they still need it.

In the case where a user is rebuilding the set of rules, it would be helpful to allow them to copy/paste the output of this same tool when entering a new rule. This means two things:

1. Removing any whitespace from the input for the destination IP address
2. Parsing for a destination port number, then skipping the input prompt for that field

If an expired rule uses port X and you try to add a new rule that also uses port X, it will give an error that the port is already is use and not allow the new rule. The program then outputs a list of "used" ports, but shows only current rules, which is confusing for the user since they don't see port X as being used.

Where the program checks for an existing rule for port X, expired rules should be excluded.

If the user specifies the source port number as a parameter, e.g.

nat add 1234567

then the program will enter an infinite loop, not giving the user a chance to enter a new port. This infinite loop will also occur when they input a port that has already been taken.

An expired rule in the rule list never propagates to the /etc/init.d/nat.sh script. As such, it's not really necessary to always remove expired rules from the rules.json file whenever we write a new version of it. Instead, the program should wait until explicitly told to remove them.