Skip to main content

Firewall rule and config integrity checks across exports and change systems

Project description

fwintegrity

Compare policy audit exports (tabular) with change tickets (CSV or dict rows). Normalize addresses, services, and change kinds, then match rows bidirectionally or build atomic triple indexes for coverage checks.

Install

pip install fwintegrity

Quick use

from fwintegrity import (
    AUDIT_EXPORT_DEFAULT_MAPPING,
    TICKET_CSV_DEFAULT_MAPPING,
    build_ticket_triple_index,
    from_csv_text,
    link_audit_to_ticket_requests,
    load_change_rows,
)

audit_rows = load_change_rows(from_csv_text(audit_csv), AUDIT_EXPORT_DEFAULT_MAPPING)
ticket_rows = load_change_rows(from_csv_text(ticket_csv), TICKET_CSV_DEFAULT_MAPPING)
links = link_audit_to_ticket_requests(audit_rows, ticket_rows)
idx = build_ticket_triple_index(ticket_rows)

Legacy string audit CSV (wide _CANON headers) still works: link_audit_to_ticket_requests(audit_csv_text, ticket_csv_text).

See scripts/sample_demo.py for a minimal example.

Documentation

  • Customization guide — how to adapt parsers, column maps, ignore lists, and matching rules to your organization’s formats (vendor-neutral extension points).

Features (summary)

  • Endpoints: IPv4 literals/CIDR, prefixed audit-export tokens (IP_, Host_, net_, Range_, …), optional object/group names; mixed cells become AddrCompound.
  • Services: TCP_443-style audit tokens, loose ticket strings (TCP 80 UDP 53), optional service object names → ServiceCompound.
  • Matching: bidirectional containment on source, destination, and service (change_match, compare_changes).
  • Triples: TicketTripleIndex / audit_triples_all_in_index for (src_atom, dst_atom, svc_atom) style checks.
  • Loading: declare columns with ChangeRowMapping, then from_csv_text / from_csv_path / from_excel_path / from_dict_rows / from_package_resource + load_change_rows (see table_load.py).

Requirements

Python 3.10+

Development

pip install -e ".[dev]"
pytest
ruff check src tests

Build and publish to PyPI

  1. Create a PyPI account and API token.
  2. Bump version in pyproject.toml and src/fwintegrity/__init__.py (__version__).
  3. Build and upload:
pip install build twine
python -m build
twine check dist/*
twine upload dist/*

Use TestPyPI first if you prefer: twine upload --repository testpypi dist/*

Customization (PyPI / offline)

The wheel ships the Python package only. Vendor-specific behavior is adjusted by editing or wrapping:

Area Location
Column mapping + unified load table_load.ChangeRowMapping, load_change_rows, from_* sources; optional mapping= on load_audit_table / load_ticket_table
Audit CSV header → keys (legacy wide export) audit_report._CANON
Ticket id columns ticket._TICKET_NUMBER_KEYS
Address & service parsing normalize.parse_*, expand_audit_network_token, _iter_loose_tcp_udp_segments
Change-kind compatibility (audit vs ticket) compare.DEFAULT_AUDIT_TO_TICKET_KINDS or pass matrix=
Ignored services (ICMP, etc.) ignore_lists.DEFAULT_IGNORED_SERVICE_NAMES, merged_ignored_service_names
Triple key strings triple_index.endpoint_atom_keys, service_atom_keys

Clone the repository for the full walkthrough: docs/CUSTOMIZATION.md (Chinese, file paths and hooks).

License

MIT — see LICENSE.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

fwintegrity-0.4.0.tar.gz (23.6 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

fwintegrity-0.4.0-py3-none-any.whl (21.1 kB view details)

Uploaded Python 3

File details

Details for the file fwintegrity-0.4.0.tar.gz.

File metadata

  • Download URL: fwintegrity-0.4.0.tar.gz
  • Upload date:
  • Size: 23.6 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for fwintegrity-0.4.0.tar.gz
Algorithm Hash digest
SHA256 e227f02327d1fe74df3cdee6b18c78999bf6ce631e60b96b22a1e2c44b1bf92a
MD5 67675d7799ba30ffe956858e30fbaee9
BLAKE2b-256 ac9dba752f026a40e7c38c4990b6ee28d6acceca3724ad04c121ac9660780564

See more details on using hashes here.

Provenance

The following attestation bundles were made for fwintegrity-0.4.0.tar.gz:

Publisher: python-publish.yml on Duckweeds7/fwintegrity

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file fwintegrity-0.4.0-py3-none-any.whl.

File metadata

  • Download URL: fwintegrity-0.4.0-py3-none-any.whl
  • Upload date:
  • Size: 21.1 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for fwintegrity-0.4.0-py3-none-any.whl
Algorithm Hash digest
SHA256 11fa499cbac0d323631e2ca70b2a26e2eeb9bcb35d5b8eb919329fcd340679f7
MD5 6e7fe5ab94528f9a511442fa9e437424
BLAKE2b-256 03c949b04ffb4d2f48b8c93f9e2e9411168b492be6da2a768202a94643be916f

See more details on using hashes here.

Provenance

The following attestation bundles were made for fwintegrity-0.4.0-py3-none-any.whl:

Publisher: python-publish.yml on Duckweeds7/fwintegrity

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page