From 1c35d604e38a1b51592ced93d0152cef4c82bae7 Mon Sep 17 00:00:00 2001 From: DAProgs Date: Thu, 12 Mar 2026 03:32:14 -0400 Subject: [PATCH] 2603.6 - removed port 22 from exlusion --- portspoof.service | 1 + portspoof_py/__init__.py | 2 +- portspoof_py/cli.py | 8 ++++++-- portspoof_py/iptables.py | 4 ++-- pyproject.toml | 2 +- 5 files changed, 11 insertions(+), 6 deletions(-) diff --git a/portspoof.service b/portspoof.service index ed36a79..7dfd8c8 100644 --- a/portspoof.service +++ b/portspoof.service @@ -8,6 +8,7 @@ ExecStart=/usr/bin/python3 -m portspoof_py \ -s /etc/portspoof/portspoof_signatures \ -c /etc/portspoof/portspoof.conf \ -l /var/log/portspoof/portspoof.jsonl \ + --exclude 22 \ --admin-port 8080 User=root TimeoutStopSec=30 diff --git a/portspoof_py/__init__.py b/portspoof_py/__init__.py index bd85f4c..db3ebc1 100644 --- a/portspoof_py/__init__.py +++ b/portspoof_py/__init__.py @@ -1,2 +1,2 @@ """portspoof_py — asyncio Python rewrite of the portspoof TCP honeypot.""" -__version__ = '2603.5' +__version__ = '2603.6' diff --git a/portspoof_py/cli.py b/portspoof_py/cli.py index aeb71a0..f782cb8 100644 --- a/portspoof_py/cli.py +++ b/portspoof_py/cli.py @@ -36,6 +36,9 @@ def _parse_args(argv=None): help='JSON log output file') p.add_argument('--iface', metavar='IFACE', help='Network interface for iptables rules (e.g. eth0)') + p.add_argument('--exclude', metavar='PORTS', default='', + help='Comma-separated ports to exclude from iptables REDIRECT ' + '(e.g. --exclude 22,2222). Port 22 is no longer exempt by default.') p.add_argument('--no-iptables', action='store_true', help='Skip iptables rule setup/teardown') p.add_argument('-v', '--verbose', action='store_true', @@ -110,9 +113,10 @@ def main(argv=None) -> int: print(f"[portspoof] port map ready ({len(cfg.port_map)} entries)", flush=True) # iptables setup - exempt = [args.admin_port] if args.admin_port else [] + exclude_ports = [int(p.strip()) for p in args.exclude.split(',') if p.strip().isdigit()] + exempt = exclude_ports + ([args.admin_port] if args.admin_port else []) if not args.no_iptables: - exempt_desc = ', '.join(str(p) for p in [22] + exempt + [args.port]) + exempt_desc = ', '.join(str(p) for p in exempt + [args.port]) iface_desc = args.iface or 'all' print(f"[portspoof] adding iptables rules (listener={args.port}, exempt={exempt_desc}, iface={iface_desc})") try: diff --git a/portspoof_py/iptables.py b/portspoof_py/iptables.py index 95cea26..0b44f85 100644 --- a/portspoof_py/iptables.py +++ b/portspoof_py/iptables.py @@ -29,10 +29,10 @@ def check_root() -> bool: def _exempt_list(listen_port: int, exempt_ports: Optional[list]) -> list: - """Return deduped ordered list: [22, *extras, listen_port].""" + """Return deduped ordered list: [*extras, listen_port].""" seen: set = set() result = [] - for p in [22] + (exempt_ports or []) + [listen_port]: + for p in (exempt_ports or []) + [listen_port]: if p not in seen: seen.add(p) result.append(p) diff --git a/pyproject.toml b/pyproject.toml index aead026..13c4d76 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -4,7 +4,7 @@ build-backend = "flit_core.buildapi" [project] name = "portspoof-py" -version = "2603.5" +version = "2603.6" description = "Python asyncio rewrite of the portspoof TCP honeypot" readme = "README.md" requires-python = ">=3.11"