Hugo Levy-Falk
5 years ago
committed by
root
root
2 changed files with 31 additions and 2 deletions
@ -1,6 +1,35 @@ |
|||
# Re2o firewall with nftables |
|||
|
|||
dependencies : |
|||
This script creates a firewall from Re2o information using nftables. |
|||
|
|||
# What it does : |
|||
|
|||
- Fetch mac-ip table from re2o and filter traffic from the adherent NAT with it; |
|||
- Create a NAT table for FedeRez and Adherent, and NAT the admin and prerezotage VLANs properly. |
|||
|
|||
# What it does not do (yet) : |
|||
|
|||
- Fetch opened ports on Re2o and filter traffic with these infos. |
|||
|
|||
# Install : |
|||
|
|||
``` |
|||
cd /usr/local/ |
|||
git clone --recursive https://gitlab.rezometz.org/klafyvel/firewall.git |
|||
apt install python3 python3-click python3-iso8601 |
|||
cp config.ini.example config.ini |
|||
vim config.ini |
|||
chmod +x main.py |
|||
cp firewall.service /etc/systemd/system/ |
|||
systemctl start firewall.service |
|||
echo "* * * * * root /usr/bin/python3 main.py macip 2>&1 | /usr/bin/logger -t firewall" >> /etc/cron.d/firewall |
|||
``` |
|||
|
|||
# Usage : |
|||
|
|||
See `./main.py --help`. |
|||
|
|||
# Dependencies : |
|||
|
|||
- re2oapi |
|||
- python3-click |
|||
|
|||
Loading…
Reference in new issue