This is a simple project which allows me (the sysadmin) to selectively allow external users access to services on particular ports on remote servers.
The idea is that the user logs into the application, it stores their remote IP address and within the next minute that IP address will have been granted access to the respective services.
Examples of Use
- Want to give customers FTP access to server, but not leave the FTP port wide open. End users are often on dynamic IP addresses.
- Want to give customers access to MySQL on a server, but not expose MySQL to the whole internet.
- You want to give customers access to multiple servers/ports through one login.
- You wish to allow relaying through your mail server, but some of your users roam... and you can't (for whatever reason) setup SMTP authentication.
- Apache, mod_python (or other Django hosting environment).
- PostgreSQL or MySQL (it was developed for PostgreSQL)
The application is available for free, licensed under terms of the GPLv3. You are encouraged to take the source code, tweak it to your requirements and we'd love to receive patches back.
If you have a patch, feedback or need help installing it - please feel free to contact us - support at-sign palepurple.co dot uk.
svn co http://firewalle.palepurple.co.uk/svn/trunk/ /path/to/firewalle
Create an Apache vhost looking like :
<VirtualHost *> ServerAdmin firstname.lastname@example.org ServerName firewall ServerAlias www.firewall Alias "/media" "/usr/share/python-support/python-django/django/contrib/admin/media" <Location "/"> SetHandler python-program PythonHandler django.core.handlers.modpython SetEnv DJANGO_SETTINGS_MODULE firewalle.settings # PythonOption django.root / PythonDebug On PythonPath "['/path/to/firewalle'] + sys.path" </Location> <Location /> Allow From ALL </Location> <Location "/media"> SetHandler None </Location>
Create a database, and store the settings in settings.py (username, password, host etc).
python manage.py dbsetup
It'll prompt you for a admin user password etc. Remember it.
Finally, you'll want to create a cron job which reads the firewall state and rebuilds a firewall an individual server.
See source:trunk/repopulate-firewalle.pl (which you'll need to edit slightly to get working)