- Log into switch and run the following commands to download and run the firewall controller:
wget https://www.dropbox.com/s/wc4szossxjeairn/gpo-ryu-firewall.tar.gz
gunzip gpo-ryu-firewall.tar.gz
tar xvf gpo-ryu-firewall.tar
/tmp/ryu/bin/ryu-manager simple_firewall.py loading app simple_firewall.py
- Log into right and run a nc server:
nc -l 5001
- Log into left and run a nc client:
nc 10.10.11.1 5001
- Type some text in left and it should appear in right and vis versa.
- In the terminal for switch you should see messages about the flow being passed or not:
Extracted rule {'sport': '57430', 'dport': '5001', 'sip': '10.10.10.1', 'dip': '10.10.11.1'}
Allow Connection rule {'dport': '5001', 'dip': '10.10.11.1', 'sip': '10.10.10.1', 'sport': 'any'}
- CTRL-C to kill nc in each terminal.
- Run a nc server on port 5002, then 5003. Compare the observed behavior to the contents of ~/gpo-ryu-firewall/fw.conf. Does the behavior match the configuration file? Feel free to modify the configuration file to block other traffic.
|