Firewall on Demand (hereafter FoD) is based on the flowspy project developed by GRNET.
The FOD server applies flow rules - via NETCONF - to a flowspec-capable network device which then propagates the rules via eBGP to other devices in the network.
Users are authenticated against Shibboleth. Authorization is performed via a combination of a Shibboleth attribute and the peer network address range that the user originates from. FoD is meant to operate using the following architecture:
+-----------+ +------------+ +------------+
| FoD | NETCONF | flowspec | ebgp | router |
| web app +----------> device +--------> |
+-----------+ +------+-----+ +------------+
| ebgp
|
+------v-----+
| router |
| |
+------------+
Fod currently supports updating of router(s) via NETCONF (for more information see doc/prerequisites/generic.md) FoD currently does not support updating directly routers via BGP.
| Name | Protocol | Port |
|---|---|---|
| NETCONF | tcp | 830 |
| ssh | tcp | 22 |
Please visit the documentation directory above (doc) to see FoD's documentation.
GRnet's original flowspy documentation is also available online.
If you are upgrading from a previous version bear in mind the changes introduced in Django 1.4.
FoD provides a rest api. It uses token as authentication method. For usage instructions & examples check the documentation.
A user can belong to more than one Peer without any limitations.
The FoD UI polls the FoD server to dynamically update the dashboard and the
"Live Status" about the Routes they are aware of. In addition, the polling
implementation fetches information for every Peer the user is associated
with. Thus, if a user belongs to many Peers too many AJAX calls will be sent
to the backend - which may result in a non responsive state. It is recommended to
keep the peers associated with any user under 5.
You can contact us directly at fod{at}lists[dot]geant(.)org
Copyright © 2017-2023 GÈANT GN4-2/GN4-3/GN5-1 Project
Copyright © 2010-2017 Greek Research and Technology Network (GRNET S.A.)
This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with this program. If not, see http://www.gnu.org/licenses/.
