Metadata-Version: 2.1
Name: netkiller-firewall
Version: 0.0.1
Summary: Netkiller Python firewall
Home-page: https://github.com/netkiller/firewall
Author: Neo Chen
Author-email: netkiller@msn.com
License: MIT
Platform: UNKNOWN
Classifier: Programming Language :: Python :: 3
Classifier: License :: OSI Approved :: MIT License
Classifier: Operating System :: OS Independent
Description-Content-Type: text/markdown

firewall
========

Install
-------
	# cd /usr/local/src/
	# yum install -y git python39
	# git clone https://github.com/netkiller/firewall.git
	# cd firewall
	# bash install.sh

Demo
----
	$ sudo /etc/init.d/firewall 
	Usage: /etc/init.d/firewall {start|stop|status|restart}

	$ sudo /etc/init.d/firewall start

	$ sudo /etc/init.d/firewall status
	Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
	 pkts bytes target     prot opt in     out     source               destination         
	   44  6163 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED
		0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           
		0     0 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           
		0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:22 state NEW
		0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            multiport dports 443,80 state NEW
		2  2884 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibited

	Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
	 pkts bytes target     prot opt in     out     source               destination         
		0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibited

	Chain OUTPUT (policy ACCEPT 45 packets, 6893 bytes)
	 pkts bytes target     prot opt in     out     source               destination         
		0     0 REJECT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            multiport dports 20,21 reject-with icmp-port-unreachable

	$ sudo /etc/init.d/firewall stop

Rule file
---------

	$ sudo cat /srv/firewall/libexec/www.py 
	#!/usr/bin/env python3
	# -*- coding: utf-8 -*-
	from firewall import * 

	######################################## 
	# Web Application
	######################################## 

	www = Firewall()
	www.flush()
	www.policy(www.INPUT,www.ACCEPT)
	www.policy(www.OUTPUT,www.ACCEPT)
	www.policy(www.FORWARD,www.ACCEPT)
	www.input().state(('RELATED','ESTABLISHED')).accept()
	www.input().protocol('icmp').accept()
	www.input().interface('-i','lo').accept()
	www.input().protocol('tcp').dport('22').state('NEW').accept()
	www.input().protocol('tcp').dport(('443','80')).state('NEW').accept()
	www.output().protocol('tcp').dport(('20','21')).reject()

	#www.input().protocol('tcp').inbound('eth0').dport('80').recent('HTTP',2,20).drop()
	#www.input().protocol('tcp').inbound('eth0').dport('80').connlimit(30).drop()
	#www.input().protocol('tcp').inbound('eth0').dport('80').recent('HTTP').accept()
	# DDOS
	#www.input().proto('tcp').dport("80").string('XXDD0S').drop()
	www.input().reject('--reject-with icmp-host-prohibited')
	www.forward().reject('--reject-with icmp-host-prohibited')

	def start():
		www.start()
	def stop():
		www.stop()
	def restart():
		www.stop()
		www.start()
	def show():
		www.show()
	def status():
		www.status()
	def main():
		show()
		return( 0 )

	if __name__ == '__main__':
		main()

Testing API
-----------
    #!/usr/bin/python3
    from firewall import Firewall    
    single = Firewall()
    single.policy(single.INPUT,single.DROP)
    single.policy(single.OUTPUT,single.ACCEPT)
    single.policy(single.FORWARD,single.DROP)
    single.input().protocol('icmp').drop()
    single.input().protocol('tcp').dport(('3389','5900')).accept()
    single.input().protocol('tcp').dport(('137','138','139','145')).accept()
    single.show()
    #single.run()
    #single.list()

Donations
---------
We accept PayPal through:

https://www.paypal.me/netkiller

Wechat (微信) / Alipay (支付宝) 打赏:

http://www.netkiller.cn/home/donations.html

