def setup_firewall(): """ Shorewall config (based on http://www.shorewall.net/OpenVZ.html) """ from fabtools.require.shorewall import firewall, started zones = [{"name": "fw", "type": "firewall"}, {"name": "net", "type": "ipv4"}, {"name": "vz", "type": "ipv4"}] interfaces = [ {"zone": "net", "interface": "eth0", "options": "proxyarp=1"}, {"zone": "vz", "interface": "venet0", "options": "routeback,arp_filter=0"}, ] masq = [{"interface": "eth0", "source": "192.168.1.0/24"}] policy = [ {"source": "$FW", "dest": "net", "policy": "ACCEPT"}, {"source": "$FW", "dest": "vz", "policy": "ACCEPT"}, {"source": "vz", "dest": "net", "policy": "ACCEPT"}, {"source": "net", "dest": "all", "policy": "DROP", "log_level": "info"}, {"source": "all", "dest": "all", "policy": "REJECT", "log_level": "info"}, ] firewall(zones=zones, interfaces=interfaces, policy=policy, masq=masq) started()
def setup_firewall(): """ Shorewall config (based on http://www.shorewall.net/OpenVZ.html) """ from fabtools.require.shorewall import firewall, started zones = [ { 'name': 'fw', 'type': 'firewall', }, { 'name': 'net', 'type': 'ipv4', }, { 'name': 'vz', 'type': 'ipv4', }, ] interfaces = [ { 'zone': 'net', 'interface': 'eth0', 'options': 'proxyarp=1', }, { 'zone': 'vz', 'interface': 'venet0', 'options': 'routeback,arp_filter=0', }, ] masq = [ { 'interface': 'eth0', 'source': '192.168.1.0/24', } ] policy = [ { 'source': '$FW', 'dest': 'net', 'policy': 'ACCEPT', }, { 'source': '$FW', 'dest': 'vz', 'policy': 'ACCEPT', }, { 'source': 'vz', 'dest': 'net', 'policy': 'ACCEPT', }, { 'source': 'net', 'dest': 'all', 'policy': 'DROP', 'log_level': 'info', }, { 'source': 'all', 'dest': 'all', 'policy': 'REJECT', 'log_level': 'info', }, ] firewall( zones=zones, interfaces=interfaces, policy=policy, masq=masq, ) started()
def test_require_firewall_started(firewall): from fabtools.require.shorewall import started from fabtools.shorewall import is_started started() assert is_started()
def setup_firewall(): """ Shorewall config (based on http://www.shorewall.net/OpenVZ.html) """ from fabtools.require.shorewall import firewall, started zones = [ { 'name': 'fw', 'type': 'firewall', }, { 'name': 'net', 'type': 'ipv4', }, { 'name': 'vz', 'type': 'ipv4', }, ] interfaces = [ { 'zone': 'net', 'interface': 'eth0', 'options': 'proxyarp=1', }, { 'zone': 'vz', 'interface': 'venet0', 'options': 'routeback,arp_filter=0', }, ] masq = [{ 'interface': 'eth0', 'source': '192.168.1.0/24', }] policy = [ { 'source': '$FW', 'dest': 'net', 'policy': 'ACCEPT', }, { 'source': '$FW', 'dest': 'vz', 'policy': 'ACCEPT', }, { 'source': 'vz', 'dest': 'net', 'policy': 'ACCEPT', }, { 'source': 'net', 'dest': 'all', 'policy': 'DROP', 'log_level': 'info', }, { 'source': 'all', 'dest': 'all', 'policy': 'REJECT', 'log_level': 'info', }, ] firewall( zones=zones, interfaces=interfaces, policy=policy, masq=masq, ) started()