cschlesselmann/zoboPublic

NotificationsYou must be signed in to change notification settings
Fork3
Star8

ZoBo helps you bootstrap your VyOS Zone-Based Firewall through an easy config file.

License

AGPL-3.0 license

8 stars 3 forks Branches Tags Activity

Star

Notifications

You must be signed in to change notification settings

Branches Tags

Folders and files

Name		Name	Last commit message	Last commit date
Latest commit History 8 Commits
Configuration		Configuration
.gitignore		.gitignore
CLIOptions.cs		CLIOptions.cs
Dockerfile		Dockerfile
LICENSE		LICENSE
Program.cs		Program.cs
README.md		README.md
zobo.csproj		zobo.csproj

Repository files navigation

ZoBo - Zone Based Firewall Bootstrapper for VyOS

ZoBo helps you bootstrap your VyOS Zone-Based Firewall through an easy config file to get you up and running asap.

Running

From Source

Note: You need to have theDotnet Core SDK installed!

git clone https://github.com/cschlesselmann/zobo.gitcd zobodotnet restoredotnet run

Config Syntax

TODO

Example

zones.yaml

zones:  -wan  -local  -lan  -mgmtdefinitions:wan:interface:["eth0"]description:"WAN Network"allow_ping_to:"local"allow_traffic_to:local:ports:["22"]local:description:"Local Zone"is_local_zone:trueallow_traffic_to:"*"lan:description:"LAN Network"interface:["eth1"]allow_traffic_to:local:# Whitelist DNSports:["53/tcp_udp"]wan:mgmt:description:"Management Network"interface:["eth1.1"]allow_ping_to:"*"allow_traffic_to:# Allow SSH to any zone"*":ports:["22"]wan:

Output

set zone-policy zone'wan' default-action'drop'set zone-policy zone'wan' description'WAN Network'set zone-policy zone'wan' interface'eth0'set zone-policy zone'local' default-action'drop'set zone-policy zone'local' description'Local Zone'set zone-policy zone'local' local-zoneset zone-policy zone'lan' default-action'drop'set zone-policy zone'lan' description'LAN Network'set zone-policy zone'lan' interface'eth1'set zone-policy zone'mgmt' default-action'drop'set zone-policy zone'mgmt' description'Management Network'set zone-policy zone'mgmt' interface'eth1.1'set firewall name'wan-local' default-action dropset firewall name'wan-local' enable-default-logset firewall name'wan-local' rule 10 action acceptset firewall name'wan-local' rule 10 state establishedenableset firewall name'wan-local' rule 10 state relatedenableset firewall name'wan-local' rule 10 description'Allow established connections'set firewall name'wan-local' rule 15 action acceptset firewall name'wan-local' rule 15 protocol icmpset firewall name'wan-local' rule 15 description'Allow pings'set firewall name'wan-local' rule 50 action acceptset firewall name'wan-local' rule 50 protocol tcpset firewall name'wan-local' rule 50 destination port 22set zone-policy zonelocal from wan firewall name wan-localset firewall name'wan-lan' default-action dropset firewall name'wan-lan' enable-default-logset firewall name'wan-lan' rule 10 action acceptset firewall name'wan-lan' rule 10 state establishedenableset firewall name'wan-lan' rule 10 state relatedenableset firewall name'wan-lan' rule 10 description'Allow established connections'set zone-policy zone lan from wan firewall name wan-lanset firewall name'wan-mgmt' default-action dropset firewall name'wan-mgmt' enable-default-logset firewall name'wan-mgmt' rule 10 action acceptset firewall name'wan-mgmt' rule 10 state establishedenableset firewall name'wan-mgmt' rule 10 state relatedenableset firewall name'wan-mgmt' rule 10 description'Allow established connections'set zone-policy zone mgmt from wan firewall name wan-mgmtset firewall name'local-wan' default-action acceptset firewall name'local-wan' enable-default-logset firewall name'local-wan' rule 10 action acceptset firewall name'local-wan' rule 10 state establishedenableset firewall name'local-wan' rule 10 state relatedenableset firewall name'local-wan' rule 10 description'Allow established connections'set zone-policy zone wan fromlocal firewall name local-wanset firewall name'local-lan' default-action acceptset firewall name'local-lan' enable-default-logset firewall name'local-lan' rule 10 action acceptset firewall name'local-lan' rule 10 state establishedenableset firewall name'local-lan' rule 10 state relatedenableset firewall name'local-lan' rule 10 description'Allow established connections'set zone-policy zone lan fromlocal firewall name local-lanset firewall name'local-mgmt' default-action acceptset firewall name'local-mgmt' enable-default-logset firewall name'local-mgmt' rule 10 action acceptset firewall name'local-mgmt' rule 10 state establishedenableset firewall name'local-mgmt' rule 10 state relatedenableset firewall name'local-mgmt' rule 10 description'Allow established connections'set zone-policy zone mgmt fromlocal firewall name local-mgmtset firewall name'lan-wan' default-action acceptset firewall name'lan-wan' enable-default-logset firewall name'lan-wan' rule 10 action acceptset firewall name'lan-wan' rule 10 state establishedenableset firewall name'lan-wan' rule 10 state relatedenableset firewall name'lan-wan' rule 10 description'Allow established connections'set zone-policy zone wan from lan firewall name lan-wanset firewall name'lan-local' default-action dropset firewall name'lan-local' enable-default-logset firewall name'lan-local' rule 10 action acceptset firewall name'lan-local' rule 10 state establishedenableset firewall name'lan-local' rule 10 state relatedenableset firewall name'lan-local' rule 10 description'Allow established connections'set firewall name'lan-local' rule 50 action acceptset firewall name'lan-local' rule 50 protocol tcp_udpset firewall name'lan-local' rule 50 destination port 53set zone-policy zonelocal from lan firewall name lan-localset firewall name'lan-mgmt' default-action dropset firewall name'lan-mgmt' enable-default-logset firewall name'lan-mgmt' rule 10 action acceptset firewall name'lan-mgmt' rule 10 state establishedenableset firewall name'lan-mgmt' rule 10 state relatedenableset firewall name'lan-mgmt' rule 10 description'Allow established connections'set zone-policy zone mgmt from lan firewall name lan-mgmtset firewall name'mgmt-wan' default-action acceptset firewall name'mgmt-wan' enable-default-logset firewall name'mgmt-wan' rule 10 action acceptset firewall name'mgmt-wan' rule 10 state establishedenableset firewall name'mgmt-wan' rule 10 state relatedenableset firewall name'mgmt-wan' rule 10 description'Allow established connections'set firewall name'mgmt-wan' rule 15 action acceptset firewall name'mgmt-wan' rule 15 protocol icmpset firewall name'mgmt-wan' rule 15 description'Allow pings'set firewall name'mgmt-wan' rule 50 action acceptset firewall name'mgmt-wan' rule 50 protocol tcpset firewall name'mgmt-wan' rule 50 destination port 22set zone-policy zone wan from mgmt firewall name mgmt-wanset firewall name'mgmt-local' default-action dropset firewall name'mgmt-local' enable-default-logset firewall name'mgmt-local' rule 10 action acceptset firewall name'mgmt-local' rule 10 state establishedenableset firewall name'mgmt-local' rule 10 state relatedenableset firewall name'mgmt-local' rule 10 description'Allow established connections'set firewall name'mgmt-local' rule 15 action acceptset firewall name'mgmt-local' rule 15 protocol icmpset firewall name'mgmt-local' rule 15 description'Allow pings'set firewall name'mgmt-local' rule 50 action acceptset firewall name'mgmt-local' rule 50 protocol tcpset firewall name'mgmt-local' rule 50 destination port 22set zone-policy zonelocal from mgmt firewall name mgmt-localset firewall name'mgmt-lan' default-action dropset firewall name'mgmt-lan' enable-default-logset firewall name'mgmt-lan' rule 10 action acceptset firewall name'mgmt-lan' rule 10 state establishedenableset firewall name'mgmt-lan' rule 10 state relatedenableset firewall name'mgmt-lan' rule 10 description'Allow established connections'set firewall name'mgmt-lan' rule 15 action acceptset firewall name'mgmt-lan' rule 15 protocol icmpset firewall name'mgmt-lan' rule 15 description'Allow pings'set firewall name'mgmt-lan' rule 50 action acceptset firewall name'mgmt-lan' rule 50 protocol tcpset firewall name'mgmt-lan' rule 50 destination port 22set zone-policy zone lan from mgmt firewall name mgmt-lan

Versioning

We useSemVer for versioning. For the versions available, see thetags on this repository.

License

This project is licensed under the AGPLv3 License - see theLICENSE file for details.

About

ZoBo helps you bootstrap your VyOS Zone-Based Firewall through an easy config file.

Releases1

1.0.0: Initial Release Latest

Sep 21, 2019

Packages

No packages published

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

License

Folders and files

Latest commit

History

Repository files navigation

ZoBo - Zone Based Firewall Bootstrapper for VyOS

Running

From Source

Config Syntax

Example

zones.yaml

Output

Versioning

License

About

Topics

Resources

License

Stars

Watchers

Forks

Releases1

Packages

Languages

Movatterモバイル変換

License

cschlesselmann/zobo

Folders and files

Latest commit

History

Repository files navigation

ZoBo - Zone Based Firewall Bootstrapper for VyOS

Running

From Source

Config Syntax

Example

zones.yaml

Output

Versioning

License

About

Topics

Resources

License

Stars

Watchers

Forks

Releases1

Packages0

Languages

Packages