Pyroman 0.4.6

A flexible and fast firewall tool

  Add it to your Download Basket!

 Add it to your Watch List!

0/5

Rate it!

What's new in Pyroman 0.4.6:

  • This release cleans up rule name handling for INPUT/OUTPUT/FORWARD and ACCEPT/DROP/REJECT rules (it was a bit messy before).
  • It will now default to the kernel names, which are overridden in the base examples provided to make use of connection tracking, etc.
Read full changelog
send us
an update
LICENSE TYPE:
MIT/X Consortium License 
USER RATING:
2.8/5 5
DEVELOPED BY:
Erich Schubert
HOMEPAGE:
pyroman.alioth.debian.org
CATEGORY:
ROOT \ System \ Networking
Pyroman is a flexible and fast firewall tool.

Here are some key features of "Pyroman":

The good:

· Really fast compared to sh+awk based solutions due to using iptables-restore
· Rollback to previous firewall on error to minimize risk of use
· Detailed error reporting to help configuring
· Easy syntax to add hosts, nats
· Designed for complex networks
· Written in easy to read python code
· Extensively documented (Python docstrings)
· You can add custom iptables rules when needed
· Lots of verification checks done before execution
· Designed to use the same configuration files on multiple hosts (e.g. failover firewalls or the destination host itself; it will detect if you are talking about a local or a remote host

The bad:

· Not designed for single-host workstation setups
· Doesn't completely hide iptables complexity from the admin (good or bad?)
· Only iptables, no TC/Shaping, no IPsec, proxy arp setup, VPN, ifconfig (I use other tools for that, e.g. heartbeat)

To tease you a little more into testing, here's an example host configuration: ("dmz" is an interface alias - where the web server is connected to -, as are "INT", "DMZ" and "ANY" for clients on these interfaces)

A really simple webserver configuration.
These examples are just boring...
But without NAT they would be even more boring.

# web server
add_host(
name="web",
ip="10.100.1.2",
iface="dmz"
)
# offering, well, web service.
allow(
client="ANY DMZ INT",
server="web",
service="www ssh ping"
)
# internal hosts may access FTP, too
allow(
client="INT",
server="web",
service="ftp"
)
# setup NAT
add_nat(
client="ANY INT",
server="web",
ip="12.34.56.80"
)


(Yes, this is a python script. No, you probably won't care to write your configuration in a programming language, will you?)

Last updated on March 10th, 2011

#network firewall #firewall config tool #iptables firewall #Pyroman #network #firewall #iptables-restore

Add your review!

SUBMIT