{"id":19064955,"url":"https://github.com/netkiller/firewall","last_synced_at":"2025-04-16T14:25:10.196Z","repository":{"id":8561900,"uuid":"10188068","full_name":"netkiller/firewall","owner":"netkiller","description":"Python Firewall Library","archived":false,"fork":false,"pushed_at":"2025-04-02T10:16:59.000Z","size":42,"stargazers_count":59,"open_issues_count":1,"forks_count":29,"subscribers_count":6,"default_branch":"master","last_synced_at":"2025-04-09T19:53:11.609Z","etag":null,"topics":["firewall","python","shell","systemd-service"],"latest_commit_sha":null,"homepage":"http://netkiller.github.io/","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/netkiller.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2013-05-21T04:48:40.000Z","updated_at":"2025-04-08T14:29:38.000Z","dependencies_parsed_at":"2022-08-07T04:16:37.981Z","dependency_job_id":null,"html_url":"https://github.com/netkiller/firewall","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/netkiller%2Ffirewall","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/netkiller%2Ffirewall/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/netkiller%2Ffirewall/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/netkiller%2Ffirewall/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/netkiller","download_url":"https://codeload.github.com/netkiller/firewall/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":249250177,"owners_count":21237857,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["firewall","python","shell","systemd-service"],"created_at":"2024-11-09T00:48:01.628Z","updated_at":"2025-04-16T14:25:10.155Z","avatar_url":"https://github.com/netkiller.png","language":"Python","funding_links":["https://www.paypal.me/netkiller"],"categories":[],"sub_categories":[],"readme":"firewall\n========\n\nInstall\n-------\n\t# cd /usr/local/src/\n\t# yum install -y git python39\n\t# git clone https://github.com/netkiller/firewall.git\n\t# cd firewall\n\t# bash install.sh\n\nDemo\n----\n\t$ sudo /etc/init.d/firewall \n\tUsage: /etc/init.d/firewall {start|stop|status|restart}\n\n\t$ sudo /etc/init.d/firewall start\n\t\n\t$ sudo /etc/init.d/firewall status\n\tChain INPUT (policy ACCEPT 0 packets, 0 bytes)\n\t pkts bytes target     prot opt in     out     source               destination         \n\t   44  6163 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED\n\t\t0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           \n\t\t0     0 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           \n\t\t0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:22 state NEW\n\t\t0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            multiport dports 443,80 state NEW\n\t\t2  2884 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibited\n\n\tChain FORWARD (policy ACCEPT 0 packets, 0 bytes)\n\t pkts bytes target     prot opt in     out     source               destination         \n\t\t0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibited\n\n\tChain OUTPUT (policy ACCEPT 45 packets, 6893 bytes)\n\t pkts bytes target     prot opt in     out     source               destination         \n\t\t0     0 REJECT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            multiport dports 20,21 reject-with icmp-port-unreachable\n\t\n\t$ sudo /etc/init.d/firewall stop\n\t\nRule file\n---------\n\t\n\t$ sudo cat /srv/firewall/libexec/www.py \n\t#!/usr/bin/env python3\n\t# -*- coding: utf-8 -*-\n\tfrom firewall import * \n\n\t######################################## \n\t# Web Application\n\t######################################## \n\n\twww = Firewall()\n\twww.flush()\n\twww.policy(www.INPUT,www.ACCEPT)\n\twww.policy(www.OUTPUT,www.ACCEPT)\n\twww.policy(www.FORWARD,www.ACCEPT)\n\twww.input().state(('RELATED','ESTABLISHED')).accept()\n\twww.input().protocol('icmp').accept()\n\twww.input().interface('-i','lo').accept()\n\twww.input().protocol('tcp').dport('22').state('NEW').accept()\n\twww.input().protocol('tcp').dport(('443','80')).state('NEW').accept()\n\twww.output().protocol('tcp').dport(('20','21')).reject()\n\n\t#www.input().protocol('tcp').inbound('eth0').dport('80').recent('HTTP',2,20).drop()\n\t#www.input().protocol('tcp').inbound('eth0').dport('80').connlimit(30).drop()\n\t#www.input().protocol('tcp').inbound('eth0').dport('80').recent('HTTP').accept()\n\t# DDOS\n\t#www.input().proto('tcp').dport(\"80\").string('XXDD0S').drop()\n\twww.input().reject('--reject-with icmp-host-prohibited')\n\twww.forward().reject('--reject-with icmp-host-prohibited')\n\n\tdef start():\n\t\twww.start()\n\tdef stop():\n\t\twww.stop()\n\tdef restart():\n\t\twww.stop()\n\t\twww.start()\n\tdef show():\n\t\twww.show()\n\tdef status():\n\t\twww.status()\n\tdef main():\n\t\tshow()\n\t\treturn( 0 )\n\n\tif __name__ == '__main__':\n\t\tmain()\n\nTesting API\n-----------\n    #!/usr/bin/python3\n    from firewall import Firewall    \n    single = Firewall()\n    single.policy(single.INPUT,single.DROP)\n    single.policy(single.OUTPUT,single.ACCEPT)\n    single.policy(single.FORWARD,single.DROP)\n    single.input().protocol('icmp').drop()\n    single.input().protocol('tcp').dport(('3389','5900')).accept()\n    single.input().protocol('tcp').dport(('137','138','139','145')).accept()\n    single.show()\n    #single.run()\n    #single.list()\n\t\nDonations\n---------\nWe accept PayPal through:\n\nhttps://www.paypal.me/netkiller\n\nWechat (微信) / Alipay (支付宝) 打赏:\n\nhttp://www.netkiller.cn/home/donations.html","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnetkiller%2Ffirewall","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fnetkiller%2Ffirewall","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnetkiller%2Ffirewall/lists"}