linux-firewall-tool is managing iptables, ip6tables using ipsets. It is created to simplify the Linux firewall configuration at CERN IT Databases Group. It is intended to help SysAdmins that manage firewalls and make changes regularly. It works by parsing simple .ini files which include the configuration in order to build the iptables rules and kernel ipesets.
– Python 2.7.x
– To fully use this tool rub=n either host_manager.py or iptables_manager.py
– The real power of the tool is the use of custom commands/scripts you can use to populate the option and finaly have a fully working firewall setup for both IPv4 and IPv6.
– There a set of predefined rules called default.
– On both scripts host_manager.py or iptables_manager.py you have to specify the –deploy argument in order for the configuration to be applied on the machine. There is also an option of generating the actual files so you can use them along with iptables-restore, ip6tables-restore, ipset-restore commands.
This is the heart of the tool. You have to provide one or more config files to this script in order to create the rules.
This script is calling the iptables_manager.py script. With the host_manager.py you can tell which configuration will be applied to this machine by providing a list of hostnames. If the machine is in that list the given configuration will be served to the iptables.
The meaning of the the above is that your configuration can be in one place an all the machines. By using a tool such as Puppet or Ansible you just have a list of machines that will get certain configuration regarding the firewall.
Usage and install from source:
git clone https://github.com/cerndb/linux-firewall-tool && cd linux-firewall-tool
pip install -r requirements.txt
python2 ipset_manager.py -h
python2 host_manager.py -h