diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2014-04-27 15:04:07 +0200 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2014-05-02 18:31:13 +0200 |
| commit | c179ee88d91a84fc75dc4602cca500e8fa72ed66 (patch) | |
| tree | b6b149622e02c81265a673145d6b9a260776f799 /src/Makefile.am | |
initial commit
This patch bootstrap the new nft-sync software. Basically, this
software aims to support two different setups:
1) Rule-set repository server. The software serves the nft rule-set to
clients that request the ruleset.
Basically from the system that acts as repository, you have to run:
# nft-sync -c ../contrib/nft-sync.conf.server
Then, from the client:
# nft-sync -c ../contrib/nft-sync.conf.client --fetch
Which displays the nft rule-set in the standard output, so you
can inspect the nft rule-set.
Alternatively, the client can also retrieve and apply the nft
rule-set using the pull command instead:
# nft-sync -c ../contrib/nft-sync.conf.client --pull
[ Note that this command above does not work in this bootstrap yet ]
2) Rule-set synchronization: In case of primary-backup and multiprimary
firewall configurations, the software makes sure that the firewall
cluster is deploying the same filtering policy. In this case, you have
to launch the process:
# nft-sync -c ../contrib/nft-sync.conf --sync
[ Note that this command above does not work in this bootstrap yet ]
This bootstrap provides the basic infrastructure as a proof-of-concept.
Many of the necessary features are still lacking:
* Implement --sync and --pull commands.
* Interaction with nft through libnftnl, which allows the software to
retrieve the local nft rule-set, as well as to parse it and apply it.
* SSL support, specifically the repository mode needs it to make sure
nobody can steal your filtering policy from the network.
* IPv6 support.
* Allow to serve different rule-sets in the repository mode.
And many others that will be added progressively.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/Makefile.am')
| -rw-r--r-- | src/Makefile.am | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/src/Makefile.am b/src/Makefile.am new file mode 100644 index 0000000..5c09b24 --- /dev/null +++ b/src/Makefile.am @@ -0,0 +1,26 @@ +include $(top_srcdir)/Make_global.am + +sbin_PROGRAMS = nft-sync + +AM_YFLAGS = -d + +CLEANFILES = config-parser.c \ + config-scanner.c + +nft_sync_SOURCES = event.c \ + logging.c \ + msg_buff.c \ + server.c \ + client.c \ + tcp.c \ + timer.c \ + main.c \ + fd.c \ + config-parser.y \ + config-scanner.l +nft_sync_LDADD = ${LIBMNL_LIBS} ${LIBNFTNL_LIBS} -lev + +# yacc and lex generate dirty code +config-scanner.o config-parser.o: AM_CFLAGS += -Wno-missing-prototypes -Wno-missing-declarations -Wno-implicit-function-declaration -Wno-nested-externs -Wno-undef -Wno-redundant-decls + +EXTRA_DIST = config-parser.h |