Skip to main content

Firewall rule and config integrity checks across exports and change systems

Project description

fwintegrity

Compare policy audit exports (tabular) with change tickets (CSV or dict rows). Normalize addresses, services, and change kinds, then match rows bidirectionally or build atomic triple indexes for coverage checks.

Install

pip install fwintegrity

Quick use

from fwintegrity import link_audit_to_ticket_requests, build_ticket_triple_index

links = link_audit_to_ticket_requests(audit_csv_text, ticket_csv_text)
idx = build_ticket_triple_index(ticket_rows)

See scripts/sample_demo.py for a minimal example.

Documentation

  • Customization guide — how to adapt parsers, column maps, ignore lists, and matching rules to your organization’s formats (vendor-neutral extension points).

Features (summary)

  • Endpoints: IPv4 literals/CIDR, prefixed audit-export tokens (IP_, Host_, net_, Range_, …), optional object/group names; mixed cells become AddrCompound.
  • Services: TCP_443-style audit tokens, loose ticket strings (TCP 80 UDP 53), optional service object names → ServiceCompound.
  • Matching: bidirectional containment on source, destination, and service (change_match, compare_changes).
  • Triples: TicketTripleIndex / audit_triples_all_in_index for (src_atom, dst_atom, svc_atom) style checks.

Requirements

Python 3.10+

Development

pip install -e ".[dev]"
pytest
ruff check src tests

Build and publish to PyPI

  1. Create a PyPI account and API token.
  2. Bump version in pyproject.toml and src/fwintegrity/__init__.py (__version__).
  3. Build and upload:
pip install build twine
python -m build
twine check dist/*
twine upload dist/*

Use TestPyPI first if you prefer: twine upload --repository testpypi dist/*

Customization (PyPI / offline)

The wheel ships the Python package only. Vendor-specific behavior is adjusted by editing or wrapping:

Area Location
Audit CSV header → keys audit_report._CANON
Ticket CSV keys / ticket id columns ticket.row_to_normalized_change, ticket._TICKET_NUMBER_KEYS
Address & service parsing normalize.parse_*, expand_audit_network_token, _iter_loose_tcp_udp_segments
Change-kind compatibility (audit vs ticket) compare.DEFAULT_AUDIT_TO_TICKET_KINDS or pass matrix=
Ignored services (ICMP, etc.) ignore_lists.DEFAULT_IGNORED_SERVICE_NAMES, merged_ignored_service_names
Triple key strings triple_index.endpoint_atom_keys, service_atom_keys

Clone the repository for the full walkthrough: docs/CUSTOMIZATION.md (Chinese, file paths and hooks).

License

MIT — see LICENSE.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

fwintegrity-0.2.0.tar.gz (19.8 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

fwintegrity-0.2.0-py3-none-any.whl (17.7 kB view details)

Uploaded Python 3

File details

Details for the file fwintegrity-0.2.0.tar.gz.

File metadata

  • Download URL: fwintegrity-0.2.0.tar.gz
  • Upload date:
  • Size: 19.8 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for fwintegrity-0.2.0.tar.gz
Algorithm Hash digest
SHA256 dbb6fc53ab6f074da305b0f50f40e69dedb4dd3051dfc812af71ab05d90d2f6e
MD5 e3a3b90e67923dc448916e7e8a0a635a
BLAKE2b-256 7c0346c12520544202d089dfe700576a5c784fcabbf650feeb1a47026747cb93

See more details on using hashes here.

Provenance

The following attestation bundles were made for fwintegrity-0.2.0.tar.gz:

Publisher: python-publish.yml on Duckweeds7/fwintegrity

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file fwintegrity-0.2.0-py3-none-any.whl.

File metadata

  • Download URL: fwintegrity-0.2.0-py3-none-any.whl
  • Upload date:
  • Size: 17.7 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for fwintegrity-0.2.0-py3-none-any.whl
Algorithm Hash digest
SHA256 b8ccd339d94835156ec40c0c3933f5df906179b4d026615999c62d2f9a2fab3d
MD5 478c99d2153e086b9a0c3da940af549e
BLAKE2b-256 0db18b5a33e8970f951e11e8d600754aca4c53c0354881a85a1c54d35d933e2d

See more details on using hashes here.

Provenance

The following attestation bundles were made for fwintegrity-0.2.0-py3-none-any.whl:

Publisher: python-publish.yml on Duckweeds7/fwintegrity

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page