|
|
|
@ -3,13 +3,13 @@ |
|
|
|
This script creates a firewall from Re2o information using nftables. |
|
|
|
|
|
|
|
# What it does : |
|
|
|
|
|
|
|
- Fetch mac-ip table from re2o and filter traffic from the adherent NAT with it; |
|
|
|
- Create a NAT table for FedeRez and Adherent, and NAT the admin and prerezotage VLANs properly. |
|
|
|
|
|
|
|
- Fetch mac-ip table from re2o and filter traffic from the adherent NAT with it; |
|
|
|
- Create a NAT table for FedeRez and Adherent, and NAT the admin and prerezotage VLANs properly. |
|
|
|
|
|
|
|
# What it does not do (yet) : |
|
|
|
|
|
|
|
- Fetch opened ports on Re2o and filter traffic with these infos. |
|
|
|
- Fetch opened ports on Re2o and filter traffic with these infos. |
|
|
|
|
|
|
|
# Install : |
|
|
|
|
|
|
|
@ -27,7 +27,26 @@ echo "* * * * * root /usr/bin/python3 main.py macip 2>&1 | /usr/bin/logger -t fi |
|
|
|
|
|
|
|
# Usage : |
|
|
|
|
|
|
|
See `./main.py --help`. |
|
|
|
``` |
|
|
|
Usage: main.py [OPTIONS] COMMAND [ARGS]... |
|
|
|
|
|
|
|
Re2o firewall manager. |
|
|
|
|
|
|
|
Used without command, the firewall manager will load the whole firewall |
|
|
|
(i.e. the struture, the macip set and the MAC table). By default it erases |
|
|
|
the current NAT table and macp set. You can choose to keep the current |
|
|
|
values for these with the flags. |
|
|
|
|
|
|
|
Options: |
|
|
|
--keep-nat / --dont-keep-nat Should I keep the current NAT table ? |
|
|
|
--keep-macip / --dont-keep-macip |
|
|
|
Should I keep the current macip set ? |
|
|
|
--help Show this message and exit. |
|
|
|
|
|
|
|
Commands: |
|
|
|
macip Load the macip set. |
|
|
|
nat Load the NAT table. |
|
|
|
``` |
|
|
|
|
|
|
|
# Dependencies : |
|
|
|
|
|
|
|
|
Hugo Levy-Falk
5 years ago
root