locafw

command module

v0.0.0-...-d90b5f5 Latest Latest Go to latest Published: May 22, 2016 License: MIT Imports: 13 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/42wim/locafw

Links

Open Source Insights

README ¶

locafw

Build a location-aware firewall for your wireless users using linux, netfilter, ipset and (cisco) wireless lan controllers.
Very much a WIP and not much documentation yet.

Use-case: only allowing specific classrooms (containing AP's) to specific servers (e.g. because of licensing issues).

Locafw connects to your wireless lan controllers, asks information about accesspoints and client.
In the locafw config file you specify which destination addresses can be accessed by the clients on the specified accesspoints.
Using this information locafw creates an ipset set, which you can use on your firewall.

binaries

not yet

building

Go 1.6+ is required. Make sure you have Go properly installed, including setting up your [GOPATH] (https://golang.org/doc/code.html#GOPATH)

cd $GOPATH
go get github.com/42wim/locafw

You should now have locafw binary in the bin directory:

$ ls bin/
locafw

running

Copy the locafw.yaml.sample to locafw.yaml in the same directory as the locafw binary.
Edit locafw.yaml with the settings for your environment. See below for more config information.
Now you can run locafw

web

http://localhost:8888/ip - returns a JSON array of all AP's with clients and foreach AP and array of IP addresses
http://localhost:8888/ipset - returns a generated ipset set, can be used with ipset -! restore
http://localhost:8888/realod - reloads the configuration file

config

locafw

locafw looks for locafw.yaml in current directory. (use -conf to specify another file)

Look at locafw.yaml.sample for an example

web:
    listen: ":8888" #ip and port to listen on
#list of your cisco WLC's, need public commmunity and snmp v2c
controllers:
    - 192.168.1.1
    - 192.168.1.2
#ipset configuration, name of the set and TTL of the entries
ipset:
    name: locafw
    timeout: 1500
#ACLs, name is the name of your AP's (can be a regexp)
#dstip are the destination addresses that are allowed to be accessed from the specified AP
acl:
- name: lwap-buildingA-1
  dstip:
  - 10.0.0.5
  - 10.0.0.6
- name: "lwap-buildingB-*"
  dstip:
  - 1.4.5.7
  - 2.4.5.7

iptables

iptables -I FORWARD -m set --match-set locafw src,dst -j ACCEPT

ipset

ipset create locafw hash:net,net family inet hashsize 2048 maxelem 65536 timeout 1800

TODO

Documentation

Documentation ¶

There is no documentation for this package.

Source Files ¶

View all Source files

locafw.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL