Skip to content

Instantly share code, notes, and snippets.

@wh5a

wh5a/firewall.py

Created July 16, 2013 22:52
Show Gist options
  • Save wh5a/6015943 to your computer and use it in GitHub Desktop.
Save wh5a/6015943 to your computer and use it in GitHub Desktop.
Download ZIP
SDN Module 4 OpenFlow Firewall
Raw
firewall.py
'''
Coursera:
- Software Defined Networking (SDN) course
-- Module 4 Programming Assignment
Professor: Nick Feamster
Teaching Assistant: Muhammad Shahbaz
'''
from pox.core import core
import pox.openflow.libopenflow_01 as of
from pox.lib.revent import *
from pox.lib.util import dpidToStr
from pox.lib.addresses import EthAddr
from collections import namedtuple
import os
import csv
log = core.getLogger()
policyFile = "%s/pox/pox/misc/firewall-policies.csv" % os.environ[ 'HOME' ]
''' Add your global variables here ... '''
class Firewall (EventMixin):
def __init__ (self):
self.listenTo(core.openflow)
log.debug("Enabling Firewall Module")
self.deny = []
with open(policyFile, 'rb') as f:
reader = csv.DictReader(f)
for row in reader:
self.deny.append((EthAddr(row['mac_0']), EthAddr(row['mac_1'])))
self.deny.append((EthAddr(row['mac_1']), EthAddr(row['mac_0'])))
def _handle_ConnectionUp (self, event):
for (src, dst) in self.deny:
match = of.ofp_match()
match.dl_src = src
match.dl_dst = dst
msg = of.ofp_flow_mod()
msg.match = match
event.connection.send(msg)
log.debug("Firewall rules installed on %s", dpidToStr(event.dpid))
def launch ():
'''
Starting the Firewall module
'''
core.registerNew(Firewall)
@mehran-pourvahab
Copy link

Hi
Note: Remove id,mac_0,mac_1 from first line of firewall-policies.csv file

Use the following code:

'''
Coursera:

  • Software Defined Networking (SDN) course
    -- Module 4 Programming Assignment

Professor: Nick Feamster
Teaching Assistant: Muhammad Shahbaz

Edited by: Mehran Pourvahab
'''

from pox.core import core
import pox.openflow.libopenflow_01 as of
from pox.lib.revent import *
from pox.lib.util import dpidToStr
from pox.lib.addresses import EthAddr
from collections import namedtuple
import os
''' Add your imports here ... '''

import csv

log = core.getLogger()

--> Remove id,mac_0,mac_1 from first line of firewall-policies.csv file

policyFile = "%s/pox/pox/misc/firewall-policies.csv" % os.environ[ 'HOME' ]

''' Add your global variables here ... '''
policyTable = []

with open(policyFile, 'rb') as f:
csv_entry = csv.reader(f, delimiter=',')
for row in csv_entry:
# --> ['1', '00:00:00:00:00:01', '00:00:00:00:00:02'] []
log.debug("row data from csv file %s ", row)
policyTable.append(row[1:])

for rule in policyTable:    
    # --> ['00:00:00:00:00:01', '00:00:00:00:00:02'] []
log.debug("rules are %s", rule)

class Firewall (EventMixin):

def __init__ (self):
    self.listenTo(core.openflow)
    log.debug("Enabling Firewall Module")

def _handle_ConnectionUp (self, event):    
    ''' Add your logic here ... '''

    for rule in policyTable: 

        my_match = of.ofp_match()

        my_match.dl_src = EthAddr(rule[0])
        my_match.dl_dst = EthAddr(rule[1])

    # construct flow modify message            
        msg = of.ofp_flow_mod()

        msg.match = my_match    

        action = of.ofp_action_output(port = of.OFPP_NONE)            

        msg.actions.append(action)
        event.connection.send(msg)

    log.debug("Firewall rules installed on %s", dpidToStr(event.dpid))

def launch ():
'''
Starting the Firewall module
'''
core.registerNew(Firewall)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment