This Flask application automates the generation of firewall requests from uploaded CSV files. It parses specific network configurations from the CSV, matches them against a predefined set of exporter configurations, and outputs a new CSV with detailed firewall rules.
- CSV Upload: Users can upload CSV files containing details about network endpoints.
- Rule Mapping: Maps incoming and outgoing rules based on predefined configurations.
- FQDN and IP Handling: Handles both Fully Qualified Domain Names (FQDN) and IP addresses to specify sources and destinations.
- Secure File Handling: Temporarily stores uploaded files in a secure manner and cleans up old files regularly.
- User Feedback: Provides user feedback via flash messages for file upload success or failure.
Here is a breakdown of the required CSV file fields mentioned in your script:
FQDN: Fully Qualified Domain Name of the target server. This field is crucial as it is used to match the target server in the firewall rule entries.
IP Address: The IP address of the target server. Like the FQDN, it is used to specify the source or destination IP in firewall rules.
Exporter_name_os: This field appears to indicate the operating system or platform specific exporter configurations, which determine what ports and protocols are allowed for source communications.
Exporter_name_app: Application-specific exporter configurations, detailing the ports and protocols used for destination communications.
These fields are utilized in the script to determine the rule mappings and to generate the necessary firewall configurations. When you create a CSV file for upload, each record should at least include these columns to ensure the script can process it correctly. Example CSV Structure
Your CSV files should have a structure similar to the following:
FQDN,IP Address,Exporter_name_os,Exporter_name_app
Tips for CSV File Preparation
Consistency: Ensure that the column headers in your CSV files match exactly with the field identifiers expected by the script. This includes maintaining the same case and spelling.
Validation: Validate the data in each column to ensure that IP addresses are properly formatted, FQDNs are valid, and exporter names correspond to those defined in your port mappings.
PORT MAPPINGS define the prometheus exporter src is from the monitoring server to the target and dst is from target server to monitoring server
port_mappings = {
"exporter_aes": {
"src": [("TCP", "22"), ("TCP", "443")],
"dst": [("UDP", "514"), ("TCP", "514"), ("UDP", "162")],
},
EXAMPLE INPUT CSV AND OUTPUT CSV: FQDN,IP Address,Exporter_name_os,Exporter_name_app server1.example.com,192.168.1.10,exporter_linux,exporter_iq server2.example.com,192.168.1.11,exporter_windows,exporter_aacc server3.example.com,192.168.1.12,exporter_vmware,exporter_breeze
This CSV contains the necessary information about several servers, specifying both the operating system and application-specific firewall rule settings. Example Output CSV
Based on the input data and the provided exporter configurations, the output would list detailed firewall rules needed for each server. For simplicity, let's say the Monitoring Server IP is 10.10.10.10 and its FQDN is monitor.example.com.
The output might look like this:
Source_FQDN,Source_IP_Address,Destination_FQDN,Destination_IP_Address,Port monitor.example.com,10.10.10.10,server1.example.com,192.168.1.10,"TCP: 22" monitor.example.com,10.10.10.10,server1.example.com,192.168.1.10,"TCP: 443" server1.example.com,192.168.1.10,monitor.example.com,10.10.10.10,"UDP: 514" server1.example.com,192.168.1.10,monitor.example.com,10.10.10.10,"TCP: 514" server2.example.com,192.168.1.11,monitor.example.com,10.10.10.10,"UDP: 514" server2.example.com,192.168.1.11,monitor.example.com,10.10.10.10,"TCP: 514" server3.example.com,192.168.1.12,monitor.example.com,10.10.10.10,"UDP: 162" server3.example.com,192.168.1.12,monitor.example.com,10.10.10.10,"UDP: 514" server3.example.com,192.168.1.12,monitor.example.com,10.10.10.10,"TCP: 514"
Before you can run this application, you'll need the following installed:
- Python 3.6 or higher
- Flask
- Werkzeug (usually installed with Flask)
To set up the project locally, follow these steps:
-
Clone the Repository
git clone https://github.com/Brownster/portmapper.git cd firewall-request-generator Set Up a Virtual Environment (optional but recommended): bash
python -m venv venv
source venv/bin/activate # On Windows use venv\Scripts\activate
Install Dependencies
bash
pip install -r requirements.txt
This command installs all the necessary Python packages, including Flask.
Environment Variables
Set up the necessary environment variables, if any (e.g., FLASK_APP, FLASK_ENV for development).
bash
export FLASK_APP=app.py
export FLASK_ENV=development
Running the Application
To run the application locally:
bash
flask run
This will start the Flask server on http://127.0.0.1:5000/, where you can access the web interface to upload CSV files and generate firewall requests. Usage
Access the Web Interface: Open a web browser and go to http://127.0.0.1:5000/.
Upload a CSV File: Click the "Browse" button to select a CSV file from your computer that matches the expected format.
Submit the Form: After selecting the file, enter the required MaaS-NG IP and FQDN, then submit the form.
Download the Resulting CSV: If the file is processed successfully, you will be prompted to download the resulting CSV with the firewall rules.
Contributing
Contributions are welcome, and any contributions you make are greatly appreciated.
Fork the Project
Create your Feature Branch (git checkout -b feature/AmazingFeature)
Commit your Changes (git commit -m 'Add some AmazingFeature')
Push to the Branch (git push origin feature/AmazingFeature)
Open a Pull Request
License
Distributed under the MIT License. See LICENSE for more information.