fw.python

No description

Find a file

git-svn-migrate b812415a2e Convert svn:ignore properties to .gitignore.		2020-05-08 01:05:22 +02:00
iaf	Update live firewall.	2013-10-16 15:40:39 +00:00
.gitignore	Convert svn:ignore properties to .gitignore.	2020-05-08 01:05:22 +02:00
.switches.pickle	initial commit	2013-09-09 19:47:08 +00:00
.vimrc	initial commit	2013-09-09 19:47:08 +00:00
fwtool	initial commit	2013-09-09 19:47:08 +00:00
iplist	initial commit	2013-09-09 19:47:08 +00:00
Makefile	Update live firewall.	2013-10-16 15:40:39 +00:00
patches.conf	initial commit	2013-09-09 19:47:08 +00:00
patchpanels.conf	initial commit	2013-09-09 19:47:08 +00:00
README	Update live firewall.	2013-10-16 15:40:39 +00:00
routers	initial commit	2013-09-09 19:47:08 +00:00
switches	initial commit	2013-09-09 19:47:08 +00:00
switches.conf	Fri Nov 15 15:57:13 CET 2013	2013-11-15 14:57:44 +00:00
udev-addintf.sh	initial commit	2013-09-09 19:47:08 +00:00
vlans.conf	Fri Nov 15 15:57:13 CET 2013	2013-11-15 14:57:44 +00:00
weights.py	initial commit	2013-09-09 19:47:08 +00:00

README

De nieuwe python versie van fw.

* Seperate switch config
  * Switch uplinks/vias are now better named.
* Extensive vlan config
  * More consistency checks
* Has knowledge of patchpanels and their connections.
* Pushes routes manually to each router, including junipers.
  ! No more OSPF.
  * Uses common RHEL6/C6 config files, no more mucking around with quagga.
    (ifcfg.bond0.xxx, route-bond0.xxx, /etc/sysctl.d/bond0.xxx.conf, /etc/radvd.conf)
* Managed juniper routers, including setup of TDC interfaces, VRRP firewall
  rules and router-advertisements.
* Managed /etc/radvd.conf, restart daemon when changes are found.
* Firewall setup creates stateful ipv4/ipv6 rules.
  (not a good idea on C5)

TODO
* Juniper routes can have a double next-hop if something is added
  with 2 next-hops. Make parser aware of this situation.
     80.89.224.0/24 next-hop [ 80.89.224.21, 80.89.224.19 ];