F2F requires docker
Build the docker image
docker build -t f2fcont .
the executable is f2f
, that deals with the interaction with the docker application.
usage: ./f2f SOURCE-SYSTEM INTERFACE-FILE CONFIGURATION-FILE TARGET-SYSTEM
positional arguments: SOURCE-SYSTEM - the source firewall system, one between iptables, pf and ipfw INTERFACE-FILE - interface specification file (see the axamples) CONFIGURATION-FILE - the configuration file for the source firewall system TARGET-SYSTEM - the target firewall system, one between iptables, pf and ipfw
$ ./f2f iptables Example/interfaces Example/iptables.conf pf
!!! Inexpressible Pair Found !!!
============================================================================
|| sIp | sPort | dIp | dPort | prot || tr_src | tr_dst ||
============================================================================
|| 151.15.1.5 | * | 9.9.9.9 | 43 | tcp || id : id | 8.8.8.8 : id ||
|| 192.168.0.1 | | | | || | ||
============================================================================
!!! Conflicting Pairs Found !!!
(P1, t1):
==============================================================
|| sIp | sPort | dIp | dPort | prot || tr ||
==============================================================
|| 151.15.1.5 | * | 192.168.0.10 | * | * || DROP ||
|| | | | | || ||
==============================================================
(P2, t2):
====================================================================================
|| sIp | sPort | dIp | dPort | prot || tr_src | tr_dst ||
====================================================================================
|| 192.168.0.1 | * | 192.168.0.10 | * | * || 151.15.1.5 : id | id : id ||
|| | | | | || | ||
====================================================================================
in node q1:
with [P@ || t1@ || t2@]:
====================================================================================
|| sIp | sPort | dIp | dPort | prot || tr1 || tr2_src | tr2_dst ||
====================================================================================
|| 151.15.1.5 | * | 192.168.0.10 | * | * || DROP || id : id | id : id ||
|| | | | | || || | ||
====================================================================================
Hint: Apply tags to P1 in node q0 and use them to choose the transformation in node q1
$ ./f2f iptables Example/interfaces Example/iptables.conf ipfw
!!! Inexpressible Pair Found !!!
============================================================================
|| sIp | sPort | dIp | dPort | prot || tr_src | tr_dst ||
============================================================================
|| 151.15.1.5 | * | 9.9.9.9 | 43 | tcp || id : id | 8.8.8.8 : id ||
|| 192.168.0.1 | | | | || | ||
============================================================================
$ ./f2f table Example/interfaces Example/table.conf pf
!!! Inexpressible Pair Found !!!
==========================================================================================================
|| sIp | sPort | dIp | dPort | prot || tr_src | tr_dst ||
==========================================================================================================
|| 192.168.0.1 | * | 0.0.0.0 - 151.15.1.4 | 53 | * || 151.15.1.5 : id | 8.8.8.8 : id ||
|| | | 151.15.1.6 - 192.167.255.255 | | || | ||
|| | | 192.168.1.0 - 255.255.255.255 | | || | ||
==========================================================================================================
!!! Inexpressible Pair Found !!!
=================================================================================================
|| sIp | sPort | dIp | dPort | prot || tr_src | tr_dst ||
=================================================================================================
|| 151.15.1.5 | * | 0.0.0.0 - 151.15.1.4 | 53 | * || id : id | 8.8.8.8 : id ||
|| | | 151.15.1.6 - 192.167.255.255 | | || | ||
|| | | 192.168.1.0 - 255.255.255.255 | | || | ||
=================================================================================================
!!! Conflicting Pairs Found !!!
(P1, t1):
================================================================================
|| sIp | sPort | dIp | dPort | prot || tr ||
================================================================================
|| 0.0.0.0 - 151.15.1.4 | * | 192.168.0.7 | 443 | * || DROP ||
|| 151.15.1.6 - 192.167.255.255 | | | | || ||
|| 192.168.1.0 - 255.255.255.255 | | | | || ||
================================================================================
(P2, t2):
=====================================================================================================
|| sIp | sPort | dIp | dPort | prot || tr_src | tr_dst ||
=====================================================================================================
|| 0.0.0.0 - 151.15.1.4 | * | 151.15.1.5 | 443 | * || id : id | 192.168.0.7 : id ||
|| 151.15.1.6 - 192.167.255.255 | | | | || | ||
|| 192.168.1.0 - 255.255.255.255 | | | | || | ||
=====================================================================================================
in node q3:
with [P@ || t1@ || t2@]:
======================================================================================================
|| sIp | sPort | dIp | dPort | prot || tr1 || tr2_src | tr2_dst ||
======================================================================================================
|| 0.0.0.0 - 151.15.1.4 | * | 192.168.0.7 | 443 | * || DROP || id : id | id : id ||
|| 151.15.1.6 - 192.167.255.255 | | | | || || | ||
|| 192.168.1.0 - 255.255.255.255 | | | | || || | ||
======================================================================================================
Hint: Apply tags to P1 in node q2 and use them to choose the transformation in node q3
!!! Conflicting Pairs Found !!!
(P1, t1):
================================================================================
|| sIp | sPort | dIp | dPort | prot || tr ||
================================================================================
|| 0.0.0.0 - 151.15.1.4 | * | 192.168.0.6 | 22 | * || DROP ||
|| 151.15.1.6 - 192.167.255.255 | | | | || ||
|| 192.168.1.0 - 255.255.255.255 | | | | || ||
================================================================================
(P2, t2):
=====================================================================================================
|| sIp | sPort | dIp | dPort | prot || tr_src | tr_dst ||
=====================================================================================================
|| 0.0.0.0 - 151.15.1.4 | * | 151.15.1.5 | 22 | * || id : id | 192.168.0.6 : id ||
|| 151.15.1.6 - 192.167.255.255 | | | | || | ||
|| 192.168.1.0 - 255.255.255.255 | | | | || | ||
=====================================================================================================
in node q3:
with [P@ || t1@ || t2@]:
======================================================================================================
|| sIp | sPort | dIp | dPort | prot || tr1 || tr2_src | tr2_dst ||
======================================================================================================
|| 0.0.0.0 - 151.15.1.4 | * | 192.168.0.6 | 22 | * || DROP || id : id | id : id ||
|| 151.15.1.6 - 192.167.255.255 | | | | || || | ||
|| 192.168.1.0 - 255.255.255.255 | | | | || || | ||
======================================================================================================
Hint: Apply tags to P1 in node q2 and use them to choose the transformation in node q3
$ ./f2f table Example/interfaces Example/table.conf ipfw
!!! Inexpressible Pair Found !!!
==========================================================================================================
|| sIp | sPort | dIp | dPort | prot || tr_src | tr_dst ||
==========================================================================================================
|| 192.168.0.1 | * | 0.0.0.0 - 151.15.1.4 | 53 | * || 151.15.1.5 : id | 8.8.8.8 : id ||
|| | | 151.15.1.6 - 192.167.255.255 | | || | ||
|| | | 192.168.1.0 - 255.255.255.255 | | || | ||
==========================================================================================================
!!! Inexpressible Pair Found !!!
=================================================================================================
|| sIp | sPort | dIp | dPort | prot || tr_src | tr_dst ||
=================================================================================================
|| 151.15.1.5 | * | 0.0.0.0 - 151.15.1.4 | 53 | * || id : id | 8.8.8.8 : id ||
|| | | 151.15.1.6 - 192.167.255.255 | | || | ||
|| | | 192.168.1.0 - 255.255.255.255 | | || | ||
=================================================================================================
$ ./f2f table Example/interfaces Example/table.conf iptables
!!! Conflicting Pairs Found !!!
(P1, t1):
================================================================================
|| sIp | sPort | dIp | dPort | prot || tr ||
================================================================================
|| 0.0.0.0 - 151.15.1.4 | * | 192.168.0.7 | 443 | * || DROP ||
|| 151.15.1.6 - 192.167.255.255 | | | | || ||
|| 192.168.1.0 - 255.255.255.255 | | | | || ||
================================================================================
(P2, t2):
=====================================================================================================
|| sIp | sPort | dIp | dPort | prot || tr_src | tr_dst ||
=====================================================================================================
|| 0.0.0.0 - 151.15.1.4 | * | 151.15.1.5 | 443 | * || id : id | 192.168.0.7 : id ||
|| 151.15.1.6 - 192.167.255.255 | | | | || | ||
|| 192.168.1.0 - 255.255.255.255 | | | | || | ||
=====================================================================================================
in node q3:
with [P@ || t1@ || t2@]:
======================================================================================================
|| sIp | sPort | dIp | dPort | prot || tr1 || tr2_src | tr2_dst ||
======================================================================================================
|| 0.0.0.0 - 151.15.1.4 | * | 192.168.0.7 | 443 | * || DROP || id : id | id : id ||
|| 151.15.1.6 - 192.167.255.255 | | | | || || | ||
|| 192.168.1.0 - 255.255.255.255 | | | | || || | ||
======================================================================================================
Hint: Apply tags to P1 in node q1 and use them to choose the transformation in node q3
!!! Conflicting Pairs Found !!!
(P1, t1):
================================================================================
|| sIp | sPort | dIp | dPort | prot || tr ||
================================================================================
|| 0.0.0.0 - 151.15.1.4 | * | 192.168.0.6 | 22 | * || DROP ||
|| 151.15.1.6 - 192.167.255.255 | | | | || ||
|| 192.168.1.0 - 255.255.255.255 | | | | || ||
================================================================================
(P2, t2):
=====================================================================================================
|| sIp | sPort | dIp | dPort | prot || tr_src | tr_dst ||
=====================================================================================================
|| 0.0.0.0 - 151.15.1.4 | * | 151.15.1.5 | 22 | * || id : id | 192.168.0.6 : id ||
|| 151.15.1.6 - 192.167.255.255 | | | | || | ||
|| 192.168.1.0 - 255.255.255.255 | | | | || | ||
=====================================================================================================
in node q3:
with [P@ || t1@ || t2@]:
======================================================================================================
|| sIp | sPort | dIp | dPort | prot || tr1 || tr2_src | tr2_dst ||
======================================================================================================
|| 0.0.0.0 - 151.15.1.4 | * | 192.168.0.6 | 22 | * || DROP || id : id | id : id ||
|| 151.15.1.6 - 192.167.255.255 | | | | || || | ||
|| 192.168.1.0 - 255.255.255.255 | | | | || || | ||
======================================================================================================
Hint: Apply tags to P1 in node q1 and use them to choose the transformation in node q3