A tool to provide the current docker config in ferm format

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for diefans from gravatar.com diefans

Unverified details

These details have not been verified by PyPI
Meta
  • License: Apache Software License (Apache Version 2)
  • Author: Oliver Berger
  • Tags ferm, docker, iptables
Classifiers

Project description

Objective

Create a ferm config for the current docker container setup. This seems useful for automated provisioning of systems (e.g. with ansible) which want to use ferm for their firewall setup.

Usage

Install Ferment via pip:

pip install ferment

You just include a callback to ferment within your ferm.conf:

# -*- shell-script -*-
#
#  Configuration file for ferm(1).
#

table filter {
    chain INPUT {
        policy DROP;

        # connection tracking
        mod state state INVALID DROP;
        mod state state (ESTABLISHED RELATED) ACCEPT;

        # allow local packet
        interface lo ACCEPT;

        # respond to ping
        proto icmp ACCEPT;

        # allow IPsec
        proto udp dport 500 ACCEPT;
        proto (esp ah) ACCEPT;

        # allow SSH connections
        proto tcp dport ssh ACCEPT;
    }
    chain OUTPUT {
        policy ACCEPT;

        # connection tracking
        #mod state state INVALID DROP;
        mod state state (ESTABLISHED RELATED) ACCEPT;
    }
    chain FORWARD {
        policy DROP;

        # connection tracking
        mod state state INVALID DROP;
        mod state state (ESTABLISHED RELATED) ACCEPT;
    }
}

@include '/usr/local/bin/ferment docker config|'

Todo

Since I am not the great firewall guy, I suppose there are some issues with more complex docker setups - I am open for suggestions.

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for diefans from gravatar.com diefans

Unverified details

These details have not been verified by PyPI
Meta
  • License: Apache Software License (Apache Version 2)
  • Author: Oliver Berger
  • Tags ferm, docker, iptables
Classifiers

Release history Release notifications | RSS feed

This version

0.0.1

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

Ferment-0.0.1.tar.gz (3.6 kB view details)

Uploaded Source

Built Distribution

Ferment-0.0.1-py2.py3-none-any.whl (4.9 kB view details)

Uploaded Python 2 Python 3

File details

Details for the file Ferment-0.0.1.tar.gz.

File metadata

  • Download URL: Ferment-0.0.1.tar.gz
  • Upload date:
  • Size: 3.6 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No

File hashes

Hashes for Ferment-0.0.1.tar.gz
Algorithm Hash digest
SHA256 89494f7fe5dfa882fc7feb5bf8a2cb51eb2beabaf483118025b901079edb8f77
MD5 be9ec9e3812713f9fb1bcffe7ebebc8b
BLAKE2b-256 c028a8f5163f080224eaa679e7629b3b74ee271fdebdda1c67065358d31baf90

See more details on using hashes here.

File details

Details for the file Ferment-0.0.1-py2.py3-none-any.whl.

File metadata

File hashes

Hashes for Ferment-0.0.1-py2.py3-none-any.whl
Algorithm Hash digest
SHA256 c96f3f963d57b5a42c604093f266a51bd048ec2449930018e7775e88a83b63bb
MD5 483b49f79a4fb726faae38bd848482cf
BLAKE2b-256 6d008d27298cf5c3086096a3043e04837271704ea063a0e1cf5128e266fdc1f6

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page