securitykiss-com / rfw Goto Github PK
View Code? Open in Web Editor NEWRemote Firewall as a web service. REST API for iptables.
License: Other
Remote Firewall as a web service. REST API for iptables.
License: Other
This solves a very particular problem that I have where I need fail2ban to control a Asus Merlin firewall. I have forked your code and made some rather significant changes to the API as well as function. It is still based on Python 2.7 as my router has python2 out of the box.
I have been running this code for a couple of days on my router and while it does need some polishing, it pretty much satisfies all my needs. Would you be interested in merging these two repos? My code is at alephnull/rfw.
A summary of changes:
I am planning on packaging this for entware after I improve the tooling.
From reading the information Python 2.7 is required, will there be an update to work with Python 3.x?
2017-09-12 00:02:38,492 INFO rfw.py:283.main() - Logging to file: /var/log/rfw.log
2017-09-12 00:02:38,492 INFO rfw.py:284.main() - File log level: DEBUG
2017-09-12 00:02:38,493 ERROR rfwconfig.py:66.init() - Configuration error in /etc/rfw/rfw.conf: 'NoneType' object has no attribute 'group'
2017-09-12 00:02:39,598 INFO rfw.py:283.main() - Logging to file: /var/log/rfw.log
2017-09-12 00:02:39,598 INFO rfw.py:284.main() - File log level: DEBUG
2017-09-12 00:02:39,599 ERROR rfwconfig.py:66.init() - Configuration error in /etc/rfw/rfw.conf: 'NoneType' object has no attribute 'group'
2017-09-12 00:02:41,704 INFO rfw.py:283.main() - Logging to file: /var/log/rfw.log
2017-09-12 00:02:41,704 INFO rfw.py:284.main() - File log level: DEBUG
2017-09-12 00:02:41,706 ERROR rfwconfig.py:66.init() - Configuration error in /etc/rfw/rfw.conf: 'NoneType' object has no attribute 'group'
2017-09-12 00:02:44,813 INFO rfw.py:283.main() - Logging to file: /var/log/rfw.log
2017-09-12 00:02:44,813 INFO rfw.py:284.main() - File log level: DEBUG
2017-09-12 00:02:44,814 ERROR rfwconfig.py:66.init() - Configuration error in /etc/rfw/rfw.conf: 'NoneType' object has no attribute 'group'
I noticed that you are able to apply a reject connection response via the RFW client to server. But when you try to receive a list of the current rules it does not show up. Then when you try to re-add the same rule it says the rule already exists. Getting the current rules on the RFW server, it shows the rule is there. Are you going to add support of Reject?
hello
do you plan to update/improve rfw?
a very good improvement would be usage of ipset (maybe instead of iptables)
ipset is degined to be much more scalable than iptables (storing much more rules, IP etc...)
And i guess an automated firewall in real life can have lots lots lots of rules that could really slow down the traffic if not using some tools like ipset
thanks a lot for what has already been done
Jean
I want to have got a configuration with last rule as "-A INPUT -j DROP" but, after this, i want to add a rule before this drop all statement.
How to accomplish that?
Add option for -A
Anither important thing needed. I'm setting up some kind of authenticator before allowing access to main machine and so what I do is when authenticator allows it, it adds iP to iptables of main machine. Now as soon as user leaves I want to remove the ip from iptables.
So I need something like
iptables -D INPUT -s x.x.x.x -j ACCEPT
Is this possible?
Hello rfwers,
I work on Centos 6.9. I have installed 1 rfw rest server and 1 rfw rest client. Eveything is ok, the client send to the server perfectly.
After that i wanted to add another new clients , i copied the CA certificates to the new clients and added its ip adresses to the whitelist file in rfw server.
When i run this command curl -v --cacert config/deploy/client/ca.crt --user myuser:mypasswd -XPUT https://<server_ip>:7393/drop/input/eth0/1.2.3.4
in the new clients i've got this error :
How can i fix this problem !
Other question, how can i let rfw service work forever !
Thank you in advance !
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.