Skip to content

GEANT/FOD

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1,296 Commits
.github/workflows
.github/workflows
 
 
Dockerfiles.d
Dockerfiles.d
 
 
Tests
Tests
 
 
accounts
accounts
 
 
context
context
 
 
djangobackends
djangobackends
 
 
doc
doc
 
 
docker-compose
docker-compose
 
 
exabgp
exabgp
 
 
flowspec
flowspec
 
 
flowspy
flowspy
 
 
fodcli
fodcli
 
 
freertr/run
freertr/run
 
 
inst
inst
 
 
locale/el/LC_MESSAGES
locale/el/LC_MESSAGES
 
 
longerusername
longerusername
 
 
peers
peers
 
 
poller
poller
 
 
requirements.txt.d
requirements.txt.d
 
 
router-container
router-container
 
 
static
static
 
 
status
status
 
 
systemd
systemd
 
 
templates
templates
 
 
utils
utils
 
 
vnet_router
vnet_router
 
 
widget_tweaks
widget_tweaks
 
 
.dockerignore
.dockerignore
 
 
.gitignore
.gitignore
 
 
ChangeLog
ChangeLog
 
 
Dockerfile
Dockerfile
 
 
Dockerfile.fod.centos.new
Dockerfile.fod.centos.new
 
 
Dockerfile.fod.centos.old
Dockerfile.fod.centos.old
 
 
Dockerfile.fod.debian
Dockerfile.fod.debian
 
 
Dockerfile.fod.debian-exabgp
Dockerfile.fod.debian-exabgp
 
 
Dockerfile.fod.debian-exabgp-and-tools
Dockerfile.fod.debian-exabgp-and-tools
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
Makefile-sphinx
Makefile-sphinx
 
 
README.md
README.md
 
 
Vagrantfile
Vagrantfile
 
 
__init__.py
__init__.py
 
 
_version.py
_version.py
 
 
beanstalkc.py
beanstalkc.py
 
 
cron_fetch_networks.py
cron_fetch_networks.py
 
 
docker-compose-exabgpremote.yml
docker-compose-exabgpremote.yml
 
 
docker-compose-novol.yml
docker-compose-novol.yml
 
 
docker-compose-singlefodctr-novol.yml
docker-compose-singlefodctr-novol.yml
 
 
docker-compose-singlefodctr-vol.yml
docker-compose-singlefodctr-vol.yml
 
 
docker-compose.yml
docker-compose.yml
 
 
install-centos-fixcentos-sqlite.sh
install-centos-fixcentos-sqlite.sh
 
 
install-centos.sh
install-centos.sh
 
 
install-debian.sh
install-debian.sh
 
 
manage.py
manage.py
 
 
mkdocs.yml
mkdocs.yml
 
 
patch-dependencies.sh
patch-dependencies.sh
 
 
pytest.ini
pytest.ini
 
 
requirements.txt
requirements.txt
 
 
runfod-fg.centos.sh
runfod-fg.centos.sh
 
 
runfod-fg.sh
runfod-fg.sh
 
 
runfod-supervisord.sh
runfod-supervisord.sh
 
 
runfod.sh
runfod.sh
 
 
supervisorctl-fod.sh
supervisorctl-fod.sh
 
 
supervisord-centos.conf
supervisord-centos.conf
 
 
supervisord.conf.dist
supervisord.conf.dist
 
 

Repository files navigation

Documentation Status

Firewall on Demand

Description

Firewall on Demand (hereafter FoD) is based on the flowspy project developed by GRNET.

The FOD server applies flow rules - via NETCONF - to a flowspec-capable network device which then propagates the rules via eBGP to other devices in the network.

Users are authenticated against Shibboleth. Authorization is performed via a combination of a Shibboleth attribute and the peer network address range that the user originates from. FoD is meant to operate using the following architecture:

   +-----------+          +------------+        +------------+
   |   FoD     | NETCONF  | flowspec   | ebgp   |   router   |
   | web app   +----------> device     +-------->            |
   +-----------+          +------+-----+        +------------+
                                 | ebgp
                                 |
                          +------v-----+
                          |   router   |
                          |            |
                          +------------+

Currently supported devices

Fod currently supports updating of router(s) via NETCONF (for more information see doc/prerequisites/generic.md) FoD currently does not support updating directly routers via BGP.

Example of inbound firewall rules required on your flowspec device

Name Protocol Port
NETCONF tcp 830
ssh tcp 22

Documentation

Please visit the documentation directory above (doc) to see FoD's documentation.

GRnet's original flowspy documentation is also available online.

Installation Considerations

If you are upgrading from a previous version bear in mind the changes introduced in Django 1.4.

Rest Api

FoD provides a rest api. It uses token as authentication method. For usage instructions & examples check the documentation.

Limitations

A user can belong to more than one Peer without any limitations.

The FoD UI polls the FoD server to dynamically update the dashboard and the

"Live Status" about the Routes they are aware of. In addition, the polling implementation fetches information for every Peer the user is associated with. Thus, if a user belongs to many Peers too many AJAX calls will be sent to the backend - which may result in a non responsive state. It is recommended to keep the peers associated with any user under 5.

Contact

You can contact us directly at fod{at}lists[dot]geant(.)org

Copyright and license

Copyright © 2017-2023 GÈANT GN4-2/GN4-3/GN5-1 Project

Copyright © 2010-2017 Greek Research and Technology Network (GRNET S.A.)

This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program. If not, see http://www.gnu.org/licenses/.

About

Firewall on Demand

Resources

Readme

License

GPL-3.0 license
Activity
Custom properties

Stars

2 stars

Watchers

10 watching

Forks

4 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 10

Languages