Netkiller Python firewall
Project description
firewall
Install
# cd /usr/local/src/
# yum install -y git python39
# git clone https://github.com/netkiller/firewall.git
# cd firewall
# bash install.sh
Demo
$ sudo /etc/init.d/firewall
Usage: /etc/init.d/firewall {start|stop|status|restart}
$ sudo /etc/init.d/firewall start
$ sudo /etc/init.d/firewall status
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
44 6163 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 state NEW
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 443,80 state NEW
2 2884 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT 45 packets, 6893 bytes)
pkts bytes target prot opt in out source destination
0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 20,21 reject-with icmp-port-unreachable
$ sudo /etc/init.d/firewall stop
Rule file
$ sudo cat /srv/firewall/libexec/www.py
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
from firewall import *
########################################
# Web Application
########################################
www = Firewall()
www.flush()
www.policy(www.INPUT,www.ACCEPT)
www.policy(www.OUTPUT,www.ACCEPT)
www.policy(www.FORWARD,www.ACCEPT)
www.input().state(('RELATED','ESTABLISHED')).accept()
www.input().protocol('icmp').accept()
www.input().interface('-i','lo').accept()
www.input().protocol('tcp').dport('22').state('NEW').accept()
www.input().protocol('tcp').dport(('443','80')).state('NEW').accept()
www.output().protocol('tcp').dport(('20','21')).reject()
#www.input().protocol('tcp').inbound('eth0').dport('80').recent('HTTP',2,20).drop()
#www.input().protocol('tcp').inbound('eth0').dport('80').connlimit(30).drop()
#www.input().protocol('tcp').inbound('eth0').dport('80').recent('HTTP').accept()
# DDOS
#www.input().proto('tcp').dport("80").string('XXDD0S').drop()
www.input().reject('--reject-with icmp-host-prohibited')
www.forward().reject('--reject-with icmp-host-prohibited')
def start():
www.start()
def stop():
www.stop()
def restart():
www.stop()
www.start()
def show():
www.show()
def status():
www.status()
def main():
show()
return( 0 )
if __name__ == '__main__':
main()
Testing API
#!/usr/bin/python3
from firewall import Firewall
single = Firewall()
single.policy(single.INPUT,single.DROP)
single.policy(single.OUTPUT,single.ACCEPT)
single.policy(single.FORWARD,single.DROP)
single.input().protocol('icmp').drop()
single.input().protocol('tcp').dport(('3389','5900')).accept()
single.input().protocol('tcp').dport(('137','138','139','145')).accept()
single.show()
#single.run()
#single.list()
Donations
We accept PayPal through:
https://www.paypal.me/netkiller
Wechat (微信) / Alipay (支付宝) 打赏:
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distributions
File details
Details for the file netkiller-firewall-0.0.1.tar.gz.
File metadata
- Download URL: netkiller-firewall-0.0.1.tar.gz
- Upload date:
- Size: 4.6 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.4.1 importlib_metadata/3.10.0 pkginfo/1.7.0 requests/2.25.1 requests-toolbelt/0.9.1 tqdm/4.59.0 CPython/3.9.4
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 2e956d527def5e31178cc6645bc65850ee157e0f0891e7cb24c0e2c4aa7874f9 |
|
| MD5 | 9c79dd98b2040dcf2a7ab108a2de65e3 |
|
| BLAKE2b-256 | 07c262536574fc38e873c5c75f10f56860e365a1b142bc2d344a66eb34301e60 |
File details
Details for the file netkiller_firewall-0.0.1-py3.9.egg.
File metadata
- Download URL: netkiller_firewall-0.0.1-py3.9.egg
- Upload date:
- Size: 8.5 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.4.1 importlib_metadata/3.10.0 pkginfo/1.7.0 requests/2.25.1 requests-toolbelt/0.9.1 tqdm/4.59.0 CPython/3.9.4
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | c2cad2df43f8c38627e93c15eb952f4aa672a960ca8fd7605bebb90c791306a2 |
|
| MD5 | bdd0624af1630f5099e34476f2f47c49 |
|
| BLAKE2b-256 | 11cb56c3fbb7b37b8ee710e19de8c651b26a8a906d22617740f3904a6604f61b |
File details
Details for the file netkiller_firewall-0.0.1-py3-none-any.whl.
File metadata
- Download URL: netkiller_firewall-0.0.1-py3-none-any.whl
- Upload date:
- Size: 5.4 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.4.1 importlib_metadata/3.10.0 pkginfo/1.7.0 requests/2.25.1 requests-toolbelt/0.9.1 tqdm/4.59.0 CPython/3.9.4
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 2aabf489818455242d63e811f7072618d769e33b7cfd0b3f99429049509256ba |
|
| MD5 | 0aeeac83b5376209d2536dbb8566bfe3 |
|
| BLAKE2b-256 | d282f0d7cc6646447e2560702415606b9aa668b0dc7536e24944a2d0823db7ff |
