The highest tagged major version is v2.

firewall-controller

command module

v0.1.1 Latest Latest Go to latest Published: Jun 10, 2020 License: MIT Imports: 16 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/metal-stack/firewall-controller

Links

Open Source Insights

README ¶

Firewall Controller

Initial Setup

download kubebuilder
download kustomize from kustomize
init project and run kubebuilder

kubebuilder init --domain metal-stack.io
kubebuilder create api --group firewall --version v1 --kind Network

run test

export KUBEBUILDER_ASSETS=~/dev/kubebuilder_2.3.1_linux_amd64/bin
make test

Testing locally

# start kind cluster
kind create cluster

# deploy manifests
k apply -f deploy

# start the controller
bin/firewall-controller --hosts-file ./hosts

# watch results
k describe -n firewall firewall
cat nftables.v4
cat hosts

Suricata

By default only basic statistics are reported via the firewall crd, but if ids is enabled all events can be forwarded to a specified destination.

The basic statistics a gathered via the unix-command socket of suricata and the iface-stat <vrf10409> command sent to the controlling socket. There is a go library available to make calls to the unix-command socket of suricata: go-suricata
Forwarding of all events is controlled by the fever daemon Fever which is configured by this controller if IDS is set to enabled.

Documentation ¶

There is no documentation for this package.

Source Files ¶

View all Source files

main.go

Directories ¶

Path	Synopsis
api
v1 Package v1 contains API Schema definitions for the firewall v1 API group +kubebuilder:object:generate=true +groupName=metal-stack.io	Package v1 contains API Schema definitions for the firewall v1 API group +kubebuilder:object:generate=true +groupName=metal-stack.io
controllers
crd
pkg
collector
nftables
nftables/statik Package statik provides vfs access to static content content here is generated with the statik command from the make process.	Package statik provides vfs access to static content content here is generated with the statik command from the make process.
suricata
statik Package statik provides vfs access to static content content here is generated with the statik command from the make process.	Package statik provides vfs access to static content content here is generated with the statik command from the make process.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL