fireWall_E

This is a simple project which allows me (the sysadmin) to selectively allow external users access to services on particular ports on remote servers.

The idea is that the user logs into the application, it stores their remote IP address and within the next minute that IP address will have been granted access to the respective services.

Examples of Use

  • Want to give customers FTP access to server, but not leave the FTP port wide open. End users are often on dynamic IP addresses.
  • Want to give customers access to MySQL on a server, but not expose MySQL to the whole internet.
  • You want to give customers access to multiple servers/ports through one login.
  • You wish to allow relaying through your mail server, but some of your users roam... and you can't (for whatever reason) setup SMTP authentication.

Requirements

  • Apache, mod_python (or other Django hosting environment).
  • PostgreSQL or MySQL (it was developed for PostgreSQL)

Licensing

The application is available for free, licensed under terms of the GPLv3. You are encouraged to take the source code, tweak it to your requirements and we'd love to receive patches back.

If you have a patch, feedback or need help installing it - please feel free to contact us - support at-sign palepurple.co dot uk.

Installation

svn co  http://firewalle.palepurple.co.uk/svn/trunk/ /path/to/firewalle

Create an Apache vhost looking like : 

<VirtualHost *>
	ServerAdmin support@palepurple.co.uk
	ServerName firewall
    ServerAlias www.firewall

    Alias  "/media" "/usr/share/python-support/python-django/django/contrib/admin/media" 
    <Location "/">
        SetHandler      python-program
        PythonHandler   django.core.handlers.modpython
        SetEnv          DJANGO_SETTINGS_MODULE firewalle.settings
       # PythonOption    django.root /
        
        PythonDebug     On
        PythonPath      "['/path/to/firewalle'] + sys.path"
    </Location>

    <Location />
       Allow From ALL
    </Location>
    <Location "/media">
        SetHandler None
    </Location>

Create a database, and store the settings in settings.py (username, password, host etc).

Then run 

python manage.py dbsetup

It'll prompt you for a admin user password etc. Remember it.

Once done, access  http://firewall/, login and then go to  http://firewall/admin to create users/servers/ports.

Finally, you'll want to create a cron job which reads the firewall state and rebuilds a firewall an individual server.

See source:trunk/repopulate-firewalle.pl (which you'll need to edit slightly to get working)