-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathfirewall_policy.py
61 lines (49 loc) · 2.05 KB
/
firewall_policy.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
#!/usr/bin/python
# CS 6250 Summer 2020 - Project 4 - SDN Firewall
# build atlas-v13
from pyretic.lib.corelib import *
from pyretic.lib.std import *
from pyretic.lib.query import packets
from pyretic.core import packet
def make_firewall_policy(config):
# The rules list contains all of the individual rule entries.
rules = []
for entry in config:
# corner case: empty rule
if entry['macaddr_src'] =='-' and entry['macaddr_dst'] =='-' and entry['ipaddr_src'] =='-' and entry['ipaddr_dst'] =='-' and entry['port_src'] =='-' and entry['port_dst'] =='-' and entry['protocol'] =='-' and entry['ipproto'] =='-':
print "emtrpy entered"
continue
rule = match(ethtype=packet.IPV4)
# check mac
if entry['macaddr_src'] != '-':
rule &= match(srcmac=EthAddr(entry['macaddr_src']))
if entry['macaddr_dst'] != '-':
rule &= match(dstmac=EthAddr(entry['macaddr_dst']))
# check ip
if entry['ipaddr_src'] != '-':
rule &= match(srcip=IPAddr(entry['ipaddr_src']))
if entry['ipaddr_dst'] != '-':
rule &= match(dstip=IPAddr(entry['ipaddr_dst']))
# check port
if entry['port_src'] != '-':
rule &= match(srcport=int(entry['port_src']))
if entry['port_dst'] != '-':
rule &= match(dstport=int(entry['port_dst']))
# check protocol
if entry['protocol'] != '-':
if entry['protocol'] == 'T':
rule &= match(protocol=packet.TCP_PROTO)
elif entry['protocol'] == 'U':
rule &= match(protocol=packet.UDP_PROTO)
elif entry['protocol'] == 'I':
rule &= match(protocol=packet.ICMP_PROTO)
elif entry['protocol'] == 'O':
rule &= match(protocol=int(entry['ipproto']))
elif entry['protocol'] == 'B':
ruleT = rule & match(protocol=packet.UDP_PROTO)
rules.append(ruleT)
rule &= match(protocol=packet.TCP_PROTO)
rules.append(rule)
pass
allowed = ~(union(rules))
return allowed