A client library to generate ipset and iptables rules from LDAP records.
A Python module to generate IPTables and IPSet rules from LDAP records. See example.py for a demo.
$ sudo pip install libnfldap
Or build a RPM using:
$ python setup.py bdist_rpm
The later will require python-ldap to be installed separately, either using yum install python-ldap or pip install ldap. It’s up to you, the RPM will not attempt to install the ldap dependency.
The script at example_allusers.py will build iptables and ipset rules for all users in LDAP. You can provide the script an ldap filter as argv to limit the scope.
$ time python example_allusers.py '(uid=jvehent)' IPTables rules written in /tmp/tmpT7JgOW IPSet rules written in /tmp/tmpJYtWM5 real 0m0.605s user 0m0.061s sys 0m0.014s
example.py does something similar but for a single user identified by its uidNumber (unix user ID).
$ python example.py 2297 #Generating rules for user ID 1664 #====== ACL details ====== jvehent has access to .....