Hugo Levy-Falk
7 years ago
committed by
root
root
2 changed files with 31 additions and 2 deletions
@ -1,6 +1,35 @@ |
|||||
# Re2o firewall with nftables |
# Re2o firewall with nftables |
||||
|
|
||||
dependencies : |
This script creates a firewall from Re2o information using nftables. |
||||
|
|
||||
|
# What it does : |
||||
|
|
||||
|
- Fetch mac-ip table from re2o and filter traffic from the adherent NAT with it; |
||||
|
- Create a NAT table for FedeRez and Adherent, and NAT the admin and prerezotage VLANs properly. |
||||
|
|
||||
|
# What it does not do (yet) : |
||||
|
|
||||
|
- Fetch opened ports on Re2o and filter traffic with these infos. |
||||
|
|
||||
|
# Install : |
||||
|
|
||||
|
``` |
||||
|
cd /usr/local/ |
||||
|
git clone --recursive https://gitlab.rezometz.org/klafyvel/firewall.git |
||||
|
apt install python3 python3-click python3-iso8601 |
||||
|
cp config.ini.example config.ini |
||||
|
vim config.ini |
||||
|
chmod +x main.py |
||||
|
cp firewall.service /etc/systemd/system/ |
||||
|
systemctl start firewall.service |
||||
|
echo "* * * * * root /usr/bin/python3 main.py macip 2>&1 | /usr/bin/logger -t firewall" >> /etc/cron.d/firewall |
||||
|
``` |
||||
|
|
||||
|
# Usage : |
||||
|
|
||||
|
See `./main.py --help`. |
||||
|
|
||||
|
# Dependencies : |
||||
|
|
||||
- re2oapi |
- re2oapi |
||||
- python3-click |
- python3-click |
||||
|
|||||
Loading…
Reference in new issue