def setup_firewall():
"""
Shorewall config
(based on http://www.shorewall.net/OpenVZ.html)
"""
from fabtools.require.shorewall import firewall, started
zones = [{"name": "fw", "type": "firewall"}, {"name": "net", "type": "ipv4"}, {"name": "vz", "type": "ipv4"}]
interfaces = [
{"zone": "net", "interface": "eth0", "options": "proxyarp=1"},
{"zone": "vz", "interface": "venet0", "options": "routeback,arp_filter=0"},
]
masq = [{"interface": "eth0", "source": "192.168.1.0/24"}]
policy = [
{"source": "$FW", "dest": "net", "policy": "ACCEPT"},
{"source": "$FW", "dest": "vz", "policy": "ACCEPT"},
{"source": "vz", "dest": "net", "policy": "ACCEPT"},
{"source": "net", "dest": "all", "policy": "DROP", "log_level": "info"},
{"source": "all", "dest": "all", "policy": "REJECT", "log_level": "info"},
]
firewall(zones=zones, interfaces=interfaces, policy=policy, masq=masq)
started()
def setup_firewall():
"""
Shorewall config
(based on http://www.shorewall.net/OpenVZ.html)
"""
from fabtools.require.shorewall import firewall, started
zones = [
{
'name': 'fw',
'type': 'firewall',
},
{
'name': 'net',
'type': 'ipv4',
},
{
'name': 'vz',
'type': 'ipv4',
},
]
interfaces = [
{
'zone': 'net',
'interface': 'eth0',
'options': 'proxyarp=1',
},
{
'zone': 'vz',
'interface': 'venet0',
'options': 'routeback,arp_filter=0',
},
]
masq = [
{
'interface': 'eth0',
'source': '192.168.1.0/24',
}
]
policy = [
{
'source': '$FW',
'dest': 'net',
'policy': 'ACCEPT',
},
{
'source': '$FW',
'dest': 'vz',
'policy': 'ACCEPT',
},
{
'source': 'vz',
'dest': 'net',
'policy': 'ACCEPT',
},
{
'source': 'net',
'dest': 'all',
'policy': 'DROP',
'log_level': 'info',
},
{
'source': 'all',
'dest': 'all',
'policy': 'REJECT',
'log_level': 'info',
},
]
firewall(
zones=zones,
interfaces=interfaces,
policy=policy,
masq=masq,
)
started()
def test_require_firewall_started(firewall):
from fabtools.require.shorewall import started
from fabtools.shorewall import is_started
started()
assert is_started()
def test_require_firewall_started(firewall):
from fabtools.require.shorewall import started
from fabtools.shorewall import is_started
started()
assert is_started()
def setup_firewall():
"""
Shorewall config
(based on http://www.shorewall.net/OpenVZ.html)
"""
from fabtools.require.shorewall import firewall, started
zones = [
{
'name': 'fw',
'type': 'firewall',
},
{
'name': 'net',
'type': 'ipv4',
},
{
'name': 'vz',
'type': 'ipv4',
},
]
interfaces = [
{
'zone': 'net',
'interface': 'eth0',
'options': 'proxyarp=1',
},
{
'zone': 'vz',
'interface': 'venet0',
'options': 'routeback,arp_filter=0',
},
]
masq = [{
'interface': 'eth0',
'source': '192.168.1.0/24',
}]
policy = [
{
'source': '$FW',
'dest': 'net',
'policy': 'ACCEPT',
},
{
'source': '$FW',
'dest': 'vz',
'policy': 'ACCEPT',
},
{
'source': 'vz',
'dest': 'net',
'policy': 'ACCEPT',
},
{
'source': 'net',
'dest': 'all',
'policy': 'DROP',
'log_level': 'info',
},
{
'source': 'all',
'dest': 'all',
'policy': 'REJECT',
'log_level': 'info',
},
]
firewall(
zones=zones,
interfaces=interfaces,
policy=policy,
masq=masq,
)
started()
