TrafficCop is an iptables rule generator. It helps you:
- Enable iptables logging via ulogd
- Parse those logs to generate both a "traffic report" and a list of iptables rules
You can use the generated iptables rules as a starting point, to set an initial baseline of traffic control for your server.
- Python 2.7
- Click
- PrettyTable
- iptables, enabled
- ulog2 (apt-get/yum install ulogd2)
Installing ulogd:
sudo apt-get (or yum) install ulogd2Installing required Python modules:
pip install -r requirements.txt$ cd TrafficCop
$ vagrant up
$ vagrant ssh
$ cd /vagrant
$ ./tcop enable
(choose yes at the prompts)
# let's generate some traffic
$ curl www.google.com
$ exit
$ vagrant ssh
$ cd /vagrant
$ ./tcop report
# you should see the outbound to google and the inbound ssh, at least
# enjoy!Check out your current iptables ruleset:
sudo /sbin/iptables -LNotice the ACCEPT and DROP statements
Now let's enable logging:
./tcop enableThis will backup your current config so we can always return to it. It will also prompt you a few times to make sure you know what you're doing.
If all went well, logging is on! If you kept the ulog config default, you should see logs here:
tail -f /var/log/ulog/syslogemu.logTo run a traffic report and generate iptables rules:
./tcop reportYou can run the report at any time, but it's best to let it run for a few days/weeks to get a more complete understanding of all the external dependencies and users of the host.
To set your rules back to the way they were before mucking with them:
sudo /sbin/iptables-restore [path to backup rules]