This is a pre-production deployment of Warehouse. Changes made here affect the production instance of PyPI (pypi.python.org).
Help us improve Python packaging - Donate today!

A tool to provide the current docker config in ferm format

Project Description

Objective

Create a ferm config for the current docker container setup. This seems useful for automated provisioning of systems (e.g. with ansible) which want to use ferm for their firewall setup.

Usage

Install Ferment via pip:

pip install ferment

You just include a callback to ferment within your ferm.conf:

# -*- shell-script -*-
#
#  Configuration file for ferm(1).
#

table filter {
    chain INPUT {
        policy DROP;

        # connection tracking
        mod state state INVALID DROP;
        mod state state (ESTABLISHED RELATED) ACCEPT;

        # allow local packet
        interface lo ACCEPT;

        # respond to ping
        proto icmp ACCEPT;

        # allow IPsec
        proto udp dport 500 ACCEPT;
        proto (esp ah) ACCEPT;

        # allow SSH connections
        proto tcp dport ssh ACCEPT;
    }
    chain OUTPUT {
        policy ACCEPT;

        # connection tracking
        #mod state state INVALID DROP;
        mod state state (ESTABLISHED RELATED) ACCEPT;
    }
    chain FORWARD {
        policy DROP;

        # connection tracking
        mod state state INVALID DROP;
        mod state state (ESTABLISHED RELATED) ACCEPT;
    }
}

@include '/usr/local/bin/ferment docker config|'

Todo

Since I am not the great firewall guy, I suppose there are some issues with more complex docker setups - I am open for suggestions.

Release History

Release History

This version
History Node

0.0.1

Download Files

Download Files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

File Name & Checksum SHA256 Checksum Help Version File Type Upload Date
Ferment-0.0.1-py2.py3-none-any.whl (4.9 kB) Copy SHA256 Checksum SHA256 2.7 Wheel Apr 29, 2015
Ferment-0.0.1.tar.gz (3.6 kB) Copy SHA256 Checksum SHA256 Source Apr 29, 2015

Supported By

WebFaction WebFaction Technical Writing Elastic Elastic Search Pingdom Pingdom Monitoring Dyn Dyn DNS Sentry Sentry Error Logging CloudAMQP CloudAMQP RabbitMQ Heroku Heroku PaaS Kabu Creative Kabu Creative UX & Design Fastly Fastly CDN DigiCert DigiCert EV Certificate Rackspace Rackspace Cloud Servers DreamHost DreamHost Log Hosting