https://github.com/catalyst/firewallctl
Safely deploy script based firewalls in Linux
https://github.com/catalyst/firewallctl
Last synced: 11 months ago
JSON representation
Safely deploy script based firewalls in Linux
- Host: GitHub
- URL: https://github.com/catalyst/firewallctl
- Owner: catalyst
- License: gpl-3.0
- Created: 2016-07-01T02:06:34.000Z (almost 10 years ago)
- Default Branch: master
- Last Pushed: 2016-10-05T04:20:31.000Z (over 9 years ago)
- Last Synced: 2025-04-05T00:51:14.463Z (about 1 year ago)
- Language: Shell
- Size: 16.6 KB
- Stars: 4
- Watchers: 12
- Forks: 2
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# firewallctl
Safely deploy script based firewalls in Linux.
## Usage
$ firewallctl
usage: firewallctl [start|configure|confirm|rollback|status]
- start
- For compatibility with init scripts. If there a last-known-good firewall, it will be applied immediately. If there isn't a known-good firewall firewallctl attempts to run the firewall script and then mark it as known-good. This bypasses the rollback timeout, so should not be used normally.
- configure [timeout]
- The main way to use firewallctl. Runs status then asks for confirmation. If confirmed, applies the changed firewall and starts the rollback timeout (defaults to 120 seconds if not specified).
- confirm
- Once a configuration has been applied, it must be confirmed within timeout seconds using the confirm command, or the last known good firewall will be re-applied (and a log message will be printed to syslog to indicate this).
- rollback
- Immediately re-apply the last known good firewall and cancel the timeout.
- status
- Just output the current state of the firewall (e.g. whether a new firewall is waiting to be applied).
## Example usage
test-firewall:/etc/network# firewallctl configure 10
A new firewall is waiting to be deployed.--- /etc/network/last-known-good-firewall 2016-07-21 11:09:41.953415248 +1200
+++ /etc/network/firewall 2016-07-21 11:09:58.861235524 +1200
@@ -1869,6 +1869,7 @@
echo "-A Demo -s 198.51.100.0 -j ACCEPT"
echo "-A Demo -s 198.51.100.1 -j ACCEPT"
echo "-A Demo -s 198.51.100.2 -j ACCEPT"
+ echo "-A Demo -d 192.0.2.1 -j DROP"
#
# Next up we frobnicate some packets
# As per change control #1234Apply this change? [y/N]y
Applied firewall. Use `firewallctl confirm' within 10 seconds to confirm.
test-firewall:/etc/network#
[... time passes ...]
test-firewall:/etc/network# grep firewallctl /var/log/syslog
Jul 21 11:10:26 test-firewall root: firewallctl: rolled back firewall!
test-firewall:/etc/network# firewallctl configure 30
A new firewall is waiting to be deployed.--- /etc/network/last-known-good-firewall 2016-07-21 11:09:41.953415248 +1200
+++ /etc/network/firewall 2016-07-21 11:09:58.861235524 +1200
@@ -1869,6 +1869,7 @@
echo "-A Demo -s 198.51.100.0 -j ACCEPT"
echo "-A Demo -s 198.51.100.1 -j ACCEPT"
echo "-A Demo -s 198.51.100.2 -j ACCEPT"
+ echo "-A Demo -d 192.0.2.1 -j DROP"
#
# Next up we frobnicate some packets
# As per change control #1234Apply this change? [y/N]y
Applied firewall. Use `firewallctl confirm' within 30 seconds to confirm.
test-firewall:/etc/network# firewallctl confirm
Confirmed.
test-firewall:/etc/network# firewallctl status
Running firewall is up to date.