rezometz
/
firewall
9
0
Fork 0
Code Issues Pull Requests 1 Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
29 Commits
3 Branches
0 Tags
107 KiB
 
Tree: f80922e415
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'f80922e415'
${ noResults }
root f80922e415
Merge branch 'master' of https://gitlab.rezometz.org/klafyvel/firewall 		7 years ago
re2oapi@b12df74fe7 MAC-IP table 7 years ago
zones Correct LDAP server 7 years ago
.gitignore MAC-IP table 7 years ago
.gitmodules MAC-IP table 7 years ago
README.md A small Readme. 7 years ago
archi.nft Fix nat and filtering 7 years ago
checkmac.nft MAC-IP table 7 years ago
config.ini.example MAC-IP table 7 years ago
firewall.nft Fix nat and filtering 7 years ago
firewall.py Nat ICMP 7 years ago
firewall.service A small Readme. 7 years ago
global_policy.nft MAC-IP table 7 years ago
mac_ip.py absolute path for configuration 7 years ago
main.py Nicer cli. 7 years ago
nat.nft Fix nat and filtering 7 years ago
nat.py better NAT logging 7 years ago

README.md

Re2o firewall with nftables

This script creates a firewall from Re2o information using nftables.

What it does :

- Fetch mac-ip table from re2o and filter traffic from the adherent NAT with it;
- Create a NAT table for FedeRez and Adherent, and NAT the admin and prerezotage VLANs properly.

What it does not do (yet) :

- Fetch opened ports on Re2o and filter traffic with these infos.

Install :

cd /usr/local/
git clone --recursive https://gitlab.rezometz.org/klafyvel/firewall.git
apt install python3 python3-click python3-iso8601
cp config.ini.example config.ini
vim config.ini
chmod +x main.py
cp firewall.service /etc/systemd/system/
systemctl start firewall.service
echo "* * * * * root /usr/bin/python3 main.py macip 2>&1 | /usr/bin/logger -t firewall" >> /etc/cron.d/firewall

Usage :

See ./main.py --help.

Dependencies :

- re2oapi
- python3-click