Working code for Firewall Queue! Whoa! We could block traffic directly from ExaBGP hook

2024-11-24 02:46:36 +01:00 · 2015-05-15 21:53:38 +02:00 · 2015-05-15 21:53:38 +02:00 · aa1d08b897
commit aa1d08b897
parent b0cae2a958
2 changed files with 42 additions and 4 deletions
--- a/src/scripts/exabgp_queue_writer.py
+++ b/src/scripts/exabgp_queue_writer.py
@ -5,6 +5,9 @@ import sys
 import time
 from redis import Redis
 from rq import Queue
+import json
+from StringIO import StringIO
+import pprint

 # apt-get install -y python-redis python-pip
 # pip install rq
@ -31,7 +34,31 @@ while True:
 
        counter = 0

-        q.enqueue(firewall_queue.execute_ip_ban, line)
+# { "exabgp": "3.5.0", "time": 1431716393, "host" : "synproxied.fv.ee", "pid" : 2599, "ppid" : 2008, "counter": 1, "type": "update", "neighbor": { "address": { "local": "10.0.3.115", "peer": "10.0.3.114" }, "asn": { "local": "1234", "peer": "65001" }, "direction": "receive", "message": { "update": { "attribute": { "origin": "igp", "as-path": [ 65001 ], "confederation-path": [], "extended-community": [ 9225060886715039744 ] }, "announce": { "ipv4 flow": { "no-nexthop": { "flow-0": { "destination-ipv4": [ "10.0.0.2/32" ], "source-ipv4": [ "10.0.0.1/32" ], "protocol": [ "=tcp" ], "destination-port": [ "=3128" ], "string": "flow destination-ipv4 10.0.0.2/32 source-ipv4 10.0.0.1/32 protocol =tcp destination-port =3128" } } } } } } } }
+# { "exabgp": "3.5.0", "time": 1431716393, "host" : "synproxied.fv.ee", "pid" : 2599, "ppid" : 2008, "counter": 11, "type": "update", "neighbor": { "address": { "local": "10.0.3.115", "peer": "10.0.3.114" }, "asn": { "local": "1234", "peer": "65001" }, "direction": "receive", "message": { "eor": { "afi" : 11.22.33.44
+
+# u'destination-ipv4': [u'10.0.0.2/32'],
+# u'destination-port': [u'=3128'],
+# u'protocol': [u'=tcp'],
+# u'source-ipv4': [u'10.0.0.1/32'],
+# u'string': u'flow destination-ipv4 10.0.0.2/32 source-ipv4 10.0.0.1/32 protocol =tcp destination-port =3128'}
+
+        io = StringIO(line)
+        decoded_update = json.load(io) 
+
+        try:
+                pp = pprint.PrettyPrinter(indent=4, stream=sys.stderr)
+                current_flow_announce = decoded_update["neighbor"]["message"]["update"]["announce"]["ipv4 flow"]
+
+                for next_hop in current_flow_announce:
+                    flow_announce_with_certain_hop = current_flow_announce[next_hop]
+
+                    for flow in flow_announce_with_certain_hop: 
+                        # pp.pprint(flow_announce_with_certain_hop[flow])
+                        q.enqueue(firewall_queue.execute_ip_ban, flow_announce_with_certain_hop[flow])
+        except KeyError:
+            pass
+
        exabgp_log.write(line + "\n")
    except KeyboardInterrupt:
        pass
--- a/src/scripts/firewall_queue.py
+++ b/src/scripts/firewall_queue.py
@ -1,8 +1,19 @@
 from subprocess import call
+import pprint
+# u'destination-ipv4': [u'10.0.0.2/32'],
+# u'destination-port': [u'=3128'],
+# u'protocol': [u'=tcp'],
+# u'source-ipv4': [u'10.0.0.1/32'],
+# u'string': u'flow destination-ipv4 10.0.0.2/32 source-ipv4 10.0.0.1/32 protocol =tcp destination-port =3128'}

-def execute_ip_ban(ip):
-    print "Will ban IP: " + ip + "\n"
-    call(["iptables", "-A", "INPUT", "-s", ip, "-j", "DROP"])
+def execute_ip_ban(flow):
+    pp = pprint.PrettyPrinter(indent=4)
+    pp.pprint(flow)    
+
+    source_ip = flow["source-ipv4"][0]
+
+    print "Will ban IP: " + source_ip + "\n"
+    call(["iptables", "-A", "INPUT", "-s", source_ip, "-j", "DROP"])
    return True