Enable source spoofing for the client

beac0n / ruroco

Ruroco is a tool that lets you execute commands on a server by sending UDP packets. The commands are configured on the server side, so the client does not define what is going to be executed, it only picks from existing commands.

MIT License

506 stars 15 forks source link

Enable source spoofing for the client #10

Closed alexxroche closed 13 hours ago

alexxroche commented 3 weeks ago

In the config.toml $RUROCO_IP is invaluable for being able to add a dynamic IP to a firewall config. It could be nice if the client had the option to spoof the source address so that I can add nftables rules on behalf of other servers.

because /etc/rurocu/config.toml doesn't permit

 open_192.168.7.123 = "nft insert rule ip filter INPUT ip saddr ${COMMAND#*_} tcp dport 22 counter accept"

and is messy anyway because it has to anticipate the address, which could be a problem with dhcp.

beac0n commented 3 weeks ago

Would that be solved with https://github.com/beac0n/ruroco/issues/9 ?

You could define the IP and set --strict to false

The only difference would then be that the server has to pick the IP from the data payload and not from the UDP packet IP src

beac0n commented 13 hours ago

implemented and will be available with next release