From 4dbb136c8a5605cbdcb420e50622fcbd709efff1 Mon Sep 17 00:00:00 2001 From: Hugo Levy-Falk Date: Tue, 7 May 2019 00:01:43 +0200 Subject: [PATCH] A small Readme. --- README.md | 31 ++++++++++++++++++++++++++++++- firewall.service | 2 +- 2 files changed, 31 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index aea672f..e45280a 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,35 @@ # Re2o firewall with nftables -dependencies : +This script creates a firewall from Re2o information using nftables. + +# What it does : + + - Fetch mac-ip table from re2o and filter traffic from the adherent NAT with it; + - Create a NAT table for FedeRez and Adherent, and NAT the admin and prerezotage VLANs properly. + +# What it does not do (yet) : + + - Fetch opened ports on Re2o and filter traffic with these infos. + +# Install : + +``` +cd /usr/local/ +git clone --recursive https://gitlab.rezometz.org/klafyvel/firewall.git +apt install python3 python3-click python3-iso8601 +cp config.ini.example config.ini +vim config.ini +chmod +x main.py +cp firewall.service /etc/systemd/system/ +systemctl start firewall.service +echo "* * * * * root /usr/bin/python3 main.py macip 2>&1 | /usr/bin/logger -t firewall" >> /etc/cron.d/firewall +``` + +# Usage : + +See `./main.py --help`. + +# Dependencies : - re2oapi - python3-click diff --git a/firewall.service b/firewall.service index b8b82ef..8f5005b 100644 --- a/firewall.service +++ b/firewall.service @@ -1,5 +1,5 @@ [Unit] -Description=RezoMetz Firewall Service +Description=Re2o Firewall Service After=network.target [Service]