rezometz/firewall
9
0
Fork 0
Code Issues Pull requests 1 Releases Wiki Activity
27 commits 3 branches 0 tags 107 KiB
Python 100%
Go to file
Hugo Levy-Falk 2cb53747b9 A small Readme.
2019-05-07 00:03:42 +02:00
re2oapi@b12df74fe7 MAC-IP table 2019-03-12 22:06:28 +01:00
zones Correct LDAP server 2019-05-06 23:01:29 +02:00
.gitignore MAC-IP table 2019-03-12 22:06:28 +01:00
.gitmodules MAC-IP table 2019-03-12 22:06:28 +01:00
archi.nft Fix nat and filtering 2019-04-30 00:12:38 +02:00
checkmac.nft MAC-IP table 2019-03-12 22:06:28 +01:00
config.ini.example MAC-IP table 2019-03-12 22:06:28 +01:00
firewall.nft Fix nat and filtering 2019-04-30 00:12:38 +02:00
firewall.py Nat ICMP 2019-05-06 21:46:34 +02:00
firewall.service A small Readme. 2019-05-07 00:03:42 +02:00
global_policy.nft MAC-IP table 2019-03-12 22:06:28 +01:00
mac_ip.py absolute path for configuration 2019-05-06 23:30:53 +02:00
main.py Nicer cli. 2019-05-06 23:01:59 +02:00
nat.nft Fix nat and filtering 2019-04-30 00:12:38 +02:00
nat.py better NAT logging 2019-05-06 23:45:44 +02:00
README.md A small Readme. 2019-05-07 00:03:42 +02:00

README.md

Re2o firewall with nftables

This script creates a firewall from Re2o information using nftables.

What it does :

- Fetch mac-ip table from re2o and filter traffic from the adherent NAT with it;
- Create a NAT table for FedeRez and Adherent, and NAT the admin and prerezotage VLANs properly.

What it does not do (yet) :

- Fetch opened ports on Re2o and filter traffic with these infos.

Install :

cd /usr/local/
git clone --recursive https://gitlab.rezometz.org/klafyvel/firewall.git
apt install python3 python3-click python3-iso8601
cp config.ini.example config.ini
vim config.ini
chmod +x main.py
cp firewall.service /etc/systemd/system/
systemctl start firewall.service
echo "* * * * * root /usr/bin/python3 main.py macip 2>&1 | /usr/bin/logger -t firewall" >> /etc/cron.d/firewall

Usage :

See ./main.py --help.

Dependencies :

- re2oapi
- python3-click