Logpresso FirewallOps is a single binary command-line tool for iptables and firewalld policy automation. It receives blocklist from Logpresso Watch and update firewall drop rule periodically.
- Logpresso Watch service user
- iptables or firewalld installation
- iptables with ipset
- firewalld
- Connectivity with Logpresso Watch
- If you cannot connect to internet from server farm directly, use Logpresso HTTP proxy for relay.
Logpresso Firewall Ops 1.0.0 (2022-02-03)
Usage: logpresso-firewall-ops [start|install|uninstall]
start
install [api-key] [http-proxy ip:port]
uninstall
- Join Logpresso Watch and copy Blocklist API Key from Profile page.
- Install FirewallOps as systemd service.
# ./logpresso-firewall-ops install YOUR_BLOCKLIST_API_KEY- logpresso-firewall-ops.conf file will be created in the same directory which contains logpresso-firewall-ops binary.
- FirewallOps uses
firewalld-cmd --stateto detect firewalld is running. If firewalld is not available, it fallback to iptables backend.
- Review logpresso-firewall-ops.conf configuration.
[allowlist]section contains default private network subnets to prevent accidental IP blocking like this:[allowlist] 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16- Add more IP addresses related to normal service operation.
- Start systemd service.
# systemctl start logpresso-firewall-ops
- Check service status
- For systemd service -
# systemctl status logpresso-firewall-ops - For iptables -
iptables -L -nDROP all -- 0.0.0.0/0 0.0.0.0/0 match-set logpresso-watch src- To see ipset content -
# ipset save logpresso-watch
- For systemd service -
- Stop systemd service first.
# systemctl stop logpresso-firewall-ops
- Run FirewallOps with uninstall option.
# ./logpresso-firewall-ops uninstall- It will delete systemd file, config file, and reload systemd daemon.
If you have any question or issue, create an issue in this repository.