A client library to generate ipset and iptables rules from LDAP records.
A Python module to generate IPTables and IPSet rules from LDAP records. See example.py for a demo.
$ sudo pip install libnfldap
Or build a RPM using:
$ python setup.py bdist_rpm
The later will require
python-ldap to be installed separately, either using
yum install python-ldap or
pip install ldap. It’s up to you, the RPM will
not attempt to install the ldap dependency.
The script at
example_allusers.py will build iptables and ipset rules for all
users in LDAP. You can provide the script an ldap filter as argv to limit the
$ time python example_allusers.py '(uid=jvehent)' IPTables rules written in /tmp/tmpT7JgOW IPSet rules written in /tmp/tmpJYtWM5 real 0m0.605s user 0m0.061s sys 0m0.014s
example.py does something similar but for a single user identified by its
uidNumber (unix user ID).
$ python example.py 2297 #Generating rules for user ID 1664 #====== ACL details ====== jvehent has access to .....