{ "info": { "author": "la Fleur", "author_email": "lafleur@boum.org", "bugtrack_url": null, "classifiers": [ "Development Status :: 4 - Beta", "License :: OSI Approved :: GNU General Public License v3 (GPLv3)", "Operating System :: POSIX", "Programming Language :: Python :: 3" ], "description": "# ServiceWall\n\n\n## What to expect\n\nServiceWall is a firewall intended for laptops and all devices that connect to\nseveral different networks. It will drop incoming requests, excepted for those\nthat you allow. Each service you allow in will be remembered either :\n- for the network you're connected to (the realm's ruleset), or\n- for unregistered networks (the default ruleset)\n\nAt the moment the default ruleset is : accept `ssh` and `DHCP` incoming \nconnections. `ssh` connections are accepted from anywhere, whereas `DHCP` ones\nare only accepted on the local network (connected to the same gateway as you).\nAll new rules will be limited to this local network.\n\nIt won't remember the network you're connected to until you change the default\nruleset. Once you do, it writes down an identifier for the network realm, \ntogether with the default ruleset plus the rule you added. Now when you connect \nto another network, it will put this identified ruleset aside, and try to find \na ruleset for the new network. If it can't find any, it'll fallback to the \ndefault ruleset. When you connect to the identified network back, it will \nautomagically bring back the rules you chose (magic here involves a network \ndispatcher telling it network changes).\n\nThe default ruleset also has a few basic stateful rules : accept icmp requests,\naccept all from the localhost loop, accept already established connections, drop\ninvalid packets, and log anything dropped.\n\n\n## What _not_ to expect\n\nThis firewall works on incoming traffic ; it won't be very useful on a server \nneeding to forward anything.\n\nAt the moment, you can't expect it to let any traffic come in from out of the \nlocal network realm either (excepted ssh, which is is a kind of \"special\" \nrule). At the moment, you can't either change the default ruleset on the \ncommand line ; you would have to manually edit /etc/servicewall/realms.json for \nthat.\n\nSo basically, if your device is not a laptop you use as a personal device, this\nsoftware shouldn't be really fitted.\n\n\n## Installation\n\n### Dependencies\n\nRequired dependencies are `python 3`, `iptables`, `systemd`, and either \n`NetworkManager` or `systemd-networkd` enabled. If you run a linux on a laptop,\nyou should be all set.\n\nThere are python packages needed as well, but if you use a decent install \nmethod like `pip`, they should be managed all right. Those are :\n- optional : `python-argcomplete`\n- build-time : `python-setuptools`\n- `python-iptables`\n- `python-netifaces`\n- `python-argparse`\n\nYou might really wish to have `python-argcomplete` for the command-line \ncompletion to work. This can really prove handy when you're looking for a \nservice to allow.\n\n### Install\n\nOnce you have the required dependencies, install the package with :\n\n # pip install servicewall\n\nFor those using Arch linux, there is a PKGBUILD script for this, coming soon \ninto AUR. Give it a try !\n\n\n## Usage\n\nThe firewall is disabled by default. To enable it now _and at boot-time_ :\n\n # braise enable\n\n(you indeed get the corresponding `disable`). Once started, the default \nbehaviour is to drop all that come in, excepted for `ssh` from anywhere and \n`DHCP` from the local network. All that go out is allowed.\n\nTo have details on the status, use :\n\n # braise status\n\nServiceWall works with service definitions provided by [jhansonxi](https://www.blogger.com/profile/02954133518928245196). They link a service to ports it \nneeds. To allow a specific service, do :\n\n # braise allow service \"Service Name\"\n\nwhich will add this service to this realm's definition. If you connect to\ninternet in another place, the rules for this place will be put aside, and \nbrought back when you connect to it again. You can move back with\n`braise disallow service ...`\n\nDon't know what's the exact name of the service you want to allow ? You'll need \nto :\n\n # braise show services\n\nThe list is quite long. Once you want exhaustive informations on a single \nservice, do\n\n # braise show service \"Service Name\"\n\nAnd if you wonder which services use to use port 80, do\n\n # braise show port 80\n\nThese rules are stored together with a string identifying the network you're\nconnected to, in a dictionary called realm_defs. To interrogate it, do :\n\n # braise show realms\n\nAnd in the end, the firewall logs all that it drops ; there's a log processor\ntool included ; try it with\n\n # braise show logs\n\nor\n\n # braise show logs since NUMBER_OF_SECONDS\n\n\n## Copyright\n\nThis software is copyrighted under the [GNU](http://www.gnu.org) Version 3 \nlicense.\n\n\n\n", "description_content_type": "text/markdown", "docs_url": null, "download_url": "", "downloads": { "last_day": -1, "last_month": -1, "last_week": -1 }, "home_page": "https://github.com/lafleurdeboum/servicewall", "keywords": "dynamic adaptable iptables firewall", "license": "GNUv3", "maintainer": "", "maintainer_email": "", "name": "servicewall", "package_url": "https://pypi.org/project/servicewall/", "platform": "", "project_url": "https://pypi.org/project/servicewall/", "project_urls": { "Homepage": "https://github.com/lafleurdeboum/servicewall" }, "release_url": "https://pypi.org/project/servicewall/0.4.2/", "requires_dist": [ "python-iptables", "python-argparse", "python-netifaces", "python-systemd", "python-arpreq", "python-argcomplete ; extra == 'argument_completion_as_root'" ], "requires_python": ">=3", "summary": "the desktop firewall that adapts to different network connections", "version": "0.4.2" }, "last_serial": 5103150, "releases": { "0.3": [ { "comment_text": "", "digests": { "md5": "ee3909f7b251b4056dcf4ba76144b7e2", "sha256": "1fb343b8380596469e0921f68c7679c1668edb3220a43fead44de744dfc385af" }, "downloads": -1, "filename": "servicewall-0.3.tar.gz", "has_sig": false, "md5_digest": "ee3909f7b251b4056dcf4ba76144b7e2", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 1046730, "upload_time": "2018-11-10T20:28:02", "url": "https://files.pythonhosted.org/packages/6e/2e/9a9792c1323ac510e9714760062a2867d7ce4d38beae3c52af195e8d82f3/servicewall-0.3.tar.gz" } ], "0.3.1": [ { "comment_text": "", "digests": { "md5": "d80761b4b4e1f7131f13795215e2e096", "sha256": "967abba645b4f12bc580a303a5cf79009a2b17424799898e1eeb6313daf818cd" }, "downloads": -1, "filename": "servicewall-0.3.1.tar.gz", "has_sig": false, "md5_digest": "d80761b4b4e1f7131f13795215e2e096", "packagetype": "sdist", "python_version": "source", "requires_python": ">=3", "size": 1048200, "upload_time": "2018-11-11T12:05:19", "url": "https://files.pythonhosted.org/packages/8c/f8/e33528b1d23a1a548200748466b0ae0f266b71f491862ad2338349395c97/servicewall-0.3.1.tar.gz" } ], "0.3.2": [ { "comment_text": "", "digests": { "md5": "1a2d6ad498cb6ee4b4dadae46dacf62d", "sha256": "632f209a9e0c44b71796f384f5d969d4ffde9f359f6e233b4b20b73fefc657c4" }, "downloads": -1, "filename": "servicewall-0.3.2.tar.gz", "has_sig": false, "md5_digest": "1a2d6ad498cb6ee4b4dadae46dacf62d", "packagetype": "sdist", "python_version": "source", "requires_python": ">=3", "size": 1048159, "upload_time": "2018-11-14T12:36:12", "url": "https://files.pythonhosted.org/packages/ee/4c/3445206f27711b33196c05d8954108c10401fa683473e522aea44ecd4603/servicewall-0.3.2.tar.gz" } ], "0.4.1": [ { "comment_text": "", "digests": { "md5": "fb273ad92435546cab93127be069f4bf", "sha256": "9a833d739b41f1127b5d9f799e2788e8dd0e05972669b373bc992de96b2f48ea" }, "downloads": -1, "filename": "servicewall-0.4.1-py3-none-any.whl", "has_sig": false, "md5_digest": "fb273ad92435546cab93127be069f4bf", "packagetype": "bdist_wheel", "python_version": "py3", "requires_python": ">=3", "size": 157064, "upload_time": "2019-04-05T10:29:08", "url": "https://files.pythonhosted.org/packages/6d/7e/df029a85c2e425bc1084d247364884c99d14b26ac7e5e7dd7f547269d913/servicewall-0.4.1-py3-none-any.whl" } ], "0.4.2": [ { "comment_text": "", "digests": { "md5": "d0ea21c260a74879c3dfebef7aac1704", "sha256": "f30b767001b6bbd7a337417a3fe1c5234d29404d14fdd61c62c65a4819496073" }, "downloads": -1, "filename": "servicewall-0.4.2-py3-none-any.whl", "has_sig": false, "md5_digest": "d0ea21c260a74879c3dfebef7aac1704", "packagetype": "bdist_wheel", "python_version": "py3", "requires_python": ">=3", "size": 156956, "upload_time": "2019-04-05T11:00:55", "url": "https://files.pythonhosted.org/packages/65/8c/bcc018cddf68d4cd2a0528315707268d67f0b8616922659ab9b69efbf5cd/servicewall-0.4.2-py3-none-any.whl" } ] }, "urls": [ { "comment_text": "", "digests": { "md5": "d0ea21c260a74879c3dfebef7aac1704", "sha256": "f30b767001b6bbd7a337417a3fe1c5234d29404d14fdd61c62c65a4819496073" }, "downloads": -1, "filename": "servicewall-0.4.2-py3-none-any.whl", "has_sig": false, "md5_digest": "d0ea21c260a74879c3dfebef7aac1704", "packagetype": "bdist_wheel", "python_version": "py3", "requires_python": ">=3", "size": 156956, "upload_time": "2019-04-05T11:00:55", "url": "https://files.pythonhosted.org/packages/65/8c/bcc018cddf68d4cd2a0528315707268d67f0b8616922659ab9b69efbf5cd/servicewall-0.4.2-py3-none-any.whl" } ] }