Skip to main content

Firewall rule and config integrity checks across exports and change systems

Project description

fwintegrity

Compare policy audit exports (tabular) with change tickets (CSV or dict rows). Normalize addresses, services, and change kinds, then match rows bidirectionally or build atomic triple indexes for coverage checks.

Install

pip install fwintegrity

Quick use

from fwintegrity import (
    AUDIT_EXPORT_DEFAULT_MAPPING,
    TICKET_CSV_DEFAULT_MAPPING,
    build_ticket_triple_index,
    from_csv_text,
    link_audit_to_ticket_requests,
    load_change_rows,
)

audit_rows = load_change_rows(from_csv_text(audit_csv), AUDIT_EXPORT_DEFAULT_MAPPING)
ticket_rows = load_change_rows(from_csv_text(ticket_csv), TICKET_CSV_DEFAULT_MAPPING)
links = link_audit_to_ticket_requests(audit_rows, ticket_rows)
idx = build_ticket_triple_index(ticket_rows)

Legacy string audit CSV (wide _CANON headers) still works: link_audit_to_ticket_requests(audit_csv_text, ticket_csv_text).

See scripts/sample_demo.py for a minimal example.

Documentation

  • Customization guide — how to adapt parsers, column maps, ignore lists, and matching rules to your organization’s formats (vendor-neutral extension points).

Features (summary)

  • Endpoints: IPv4 literals/CIDR, prefixed audit-export tokens (IP_, Host_, net_, Range_, …), optional object/group names; mixed cells become AddrCompound.
  • Services: TCP_443-style audit tokens, loose ticket strings (TCP 80 UDP 53), optional service object names → ServiceCompound.
  • Matching: bidirectional containment on source, destination, and service (change_match, compare_changes).
  • Triples: TicketTripleIndex / audit_triples_all_in_index for (src_atom, dst_atom, svc_atom) style checks.
  • Loading: declare columns with ChangeRowMapping, then from_csv_text / from_csv_path / from_excel_path / from_dict_rows / from_package_resource + load_change_rows (see table_load.py).

Requirements

Python 3.10+

Development

pip install -e ".[dev]"
pytest
ruff check src tests

Build and publish to PyPI

  1. Create a PyPI account and API token.
  2. Bump version in pyproject.toml and src/fwintegrity/__init__.py (__version__).
  3. Build and upload:
pip install build twine
python -m build
twine check dist/*
twine upload dist/*

Use TestPyPI first if you prefer: twine upload --repository testpypi dist/*

Customization (PyPI / offline)

The wheel ships the Python package only. Vendor-specific behavior is adjusted by editing or wrapping:

Area Location
Column mapping + unified load table_load.ChangeRowMapping, load_change_rows, from_* sources; optional mapping= on load_audit_table / load_ticket_table
Audit CSV header → keys (legacy wide export) audit_report._CANON
Ticket id columns ticket._TICKET_NUMBER_KEYS
Address & service parsing normalize.parse_*, expand_audit_network_token, _iter_loose_tcp_udp_segments
Change-kind compatibility (audit vs ticket) compare.DEFAULT_AUDIT_TO_TICKET_KINDS or pass matrix=
Ignored services (ICMP, etc.) ignore_lists.DEFAULT_IGNORED_SERVICE_NAMES, merged_ignored_service_names
Triple key strings triple_index.endpoint_atom_keys, service_atom_keys

Clone the repository for the full walkthrough: docs/CUSTOMIZATION.md (Chinese, file paths and hooks).

License

MIT — see LICENSE.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

fwintegrity-0.3.0.tar.gz (23.1 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

fwintegrity-0.3.0-py3-none-any.whl (20.7 kB view details)

Uploaded Python 3

File details

Details for the file fwintegrity-0.3.0.tar.gz.

File metadata

  • Download URL: fwintegrity-0.3.0.tar.gz
  • Upload date:
  • Size: 23.1 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for fwintegrity-0.3.0.tar.gz
Algorithm Hash digest
SHA256 8d021c3cb564dc574e62b168c5b9e08c7c5ced402f5e2b19445903c4782a73a5
MD5 ce4cd82eed56e1f4a5ba159c5b817400
BLAKE2b-256 941618d9235ef2cf74e4573b5b6f9098731ff9630982141a26b2b20cbb7562e2

See more details on using hashes here.

Provenance

The following attestation bundles were made for fwintegrity-0.3.0.tar.gz:

Publisher: python-publish.yml on Duckweeds7/fwintegrity

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file fwintegrity-0.3.0-py3-none-any.whl.

File metadata

  • Download URL: fwintegrity-0.3.0-py3-none-any.whl
  • Upload date:
  • Size: 20.7 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for fwintegrity-0.3.0-py3-none-any.whl
Algorithm Hash digest
SHA256 62e7a2f9fa76b1354cbbbf765edffd6539adc0bdd60dd58d23509e5940c331fb
MD5 ad3e261310b4c5e1b09ca279ce5d8ddc
BLAKE2b-256 75697d4a77e25db25ffed9f3ffe2453059a3907a63517b033bb08021cf308c47

See more details on using hashes here.

Provenance

The following attestation bundles were made for fwintegrity-0.3.0-py3-none-any.whl:

Publisher: python-publish.yml on Duckweeds7/fwintegrity

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page