Netkiller Python firewall
Project description
firewall
Install
# cd /usr/local/src/
# yum install -y git python39
# git clone https://github.com/netkiller/firewall.git
# cd firewall
# bash install.sh
Demo
$ sudo /etc/init.d/firewall
Usage: /etc/init.d/firewall {start|stop|status|restart}
$ sudo /etc/init.d/firewall start
$ sudo /etc/init.d/firewall status
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
44 6163 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 state NEW
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 443,80 state NEW
2 2884 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT 45 packets, 6893 bytes)
pkts bytes target prot opt in out source destination
0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 20,21 reject-with icmp-port-unreachable
$ sudo /etc/init.d/firewall stop
Rule file
$ sudo cat /srv/firewall/libexec/www.py
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
from firewall import *
########################################
# Web Application
########################################
www = Firewall()
www.flush()
www.policy(www.INPUT,www.ACCEPT)
www.policy(www.OUTPUT,www.ACCEPT)
www.policy(www.FORWARD,www.ACCEPT)
www.input().state(('RELATED','ESTABLISHED')).accept()
www.input().protocol('icmp').accept()
www.input().interface('-i','lo').accept()
www.input().protocol('tcp').dport('22').state('NEW').accept()
www.input().protocol('tcp').dport(('443','80')).state('NEW').accept()
www.output().protocol('tcp').dport(('20','21')).reject()
#www.input().protocol('tcp').inbound('eth0').dport('80').recent('HTTP',2,20).drop()
#www.input().protocol('tcp').inbound('eth0').dport('80').connlimit(30).drop()
#www.input().protocol('tcp').inbound('eth0').dport('80').recent('HTTP').accept()
# DDOS
#www.input().proto('tcp').dport("80").string('XXDD0S').drop()
www.input().reject('--reject-with icmp-host-prohibited')
www.forward().reject('--reject-with icmp-host-prohibited')
def start():
www.start()
def stop():
www.stop()
def restart():
www.stop()
www.start()
def show():
www.show()
def status():
www.status()
def main():
show()
return( 0 )
if __name__ == '__main__':
main()
Testing API
#!/usr/bin/python3
from firewall import Firewall
single = Firewall()
single.policy(single.INPUT,single.DROP)
single.policy(single.OUTPUT,single.ACCEPT)
single.policy(single.FORWARD,single.DROP)
single.input().protocol('icmp').drop()
single.input().protocol('tcp').dport(('3389','5900')).accept()
single.input().protocol('tcp').dport(('137','138','139','145')).accept()
single.show()
#single.run()
#single.list()
Donations
We accept PayPal through:
https://www.paypal.me/netkiller
Wechat (微信) / Alipay (支付宝) 打赏:
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distributions
Close
Hashes for netkiller_firewall-0.0.1-py3.9.egg
Algorithm | Hash digest | |
---|---|---|
SHA256 | c2cad2df43f8c38627e93c15eb952f4aa672a960ca8fd7605bebb90c791306a2 |
|
MD5 | bdd0624af1630f5099e34476f2f47c49 |
|
BLAKE2b-256 | 11cb56c3fbb7b37b8ee710e19de8c651b26a8a906d22617740f3904a6604f61b |
Close
Hashes for netkiller_firewall-0.0.1-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 2aabf489818455242d63e811f7072618d769e33b7cfd0b3f99429049509256ba |
|
MD5 | 0aeeac83b5376209d2536dbb8566bfe3 |
|
BLAKE2b-256 | d282f0d7cc6646447e2560702415606b9aa668b0dc7536e24944a2d0823db7ff |