Commit 35a3f12a authored by Lluis Gifre Renom's avatar Lluis Gifre Renom
Browse files

Tests - Tools - Firewall Agent: 

- Implement new Firewall Agent
- Expose RESTCONF/OpenConfig NBI
- Use NFTables backend
- Test scenarios
parent d574194b

src/tests/tools/firewall_agent/Dockerfile

0 → 100644
+30 −0
Original line number Diff line number Diff line 
# Copyright 2022-2025 ETSI SDG TeraFlowSDN (TFS) (https://tfs.etsi.org/)

#

# Licensed under the Apache License, Version 2.0 (the "License");

# you may not use this file except in compliance with the License.

# You may obtain a copy of the License at

#

#      http://www.apache.org/licenses/LICENSE-2.0

#

# Unless required by applicable law or agreed to in writing, software

# distributed under the License is distributed on an "AS IS" BASIS,

# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

# See the License for the specific language governing permissions and

# limitations under the License.





FROM python:3.11-slim



ENV PYTHONUNBUFFERED=0



RUN apt-get update -y

RUN apt-get install -y --no-install-recommends libxtables-dev iptables gcc libc6-dev python3-nftables

RUN apt-get clean -y && rm -rf /var/lib/apt/lists/*



WORKDIR /app

COPY requirements.txt ./

RUN pip install --no-cache-dir -r requirements.txt

COPY firewall_agent ./firewall_agent



EXPOSE 8888

CMD ["python", "-m", "firewall_agent.app"]

src/tests/tools/firewall_agent/README.md

0 → 100644
+6 −0
Original line number Diff line number Diff line 
# Firewall Agent



This repository contains a simple RESTCONF/OpenConfig firewall agent and a test deployment that demonstrates ACL behavior using two minimal HTTP servers.



__NOTE: TO BE COMPLETED__

src/tests/tools/firewall_agent/docker-compose-down.sh

0 → 100755
+20 −0
Original line number Diff line number Diff line 
#!/bin/bash

# Copyright 2022-2025 ETSI SDG TeraFlowSDN (TFS) (https://tfs.etsi.org/)

#

# Licensed under the Apache License, Version 2.0 (the "License");

# you may not use this file except in compliance with the License.

# You may obtain a copy of the License at

#

#      http://www.apache.org/licenses/LICENSE-2.0

#

# Unless required by applicable law or agreed to in writing, software

# distributed under the License is distributed on an "AS IS" BASIS,

# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

# See the License for the specific language governing permissions and

# limitations under the License.





set -euo pipefail



echo "Tearing down demo stack..."

docker compose -f docker-compose.yml down -v --remove-orphans

src/tests/tools/firewall_agent/docker-compose-up.sh

0 → 100755
+27 −0
Original line number Diff line number Diff line 
#!/bin/bash

# Copyright 2022-2025 ETSI SDG TeraFlowSDN (TFS) (https://tfs.etsi.org/)

#

# Licensed under the Apache License, Version 2.0 (the "License");

# you may not use this file except in compliance with the License.

# You may obtain a copy of the License at

#

#      http://www.apache.org/licenses/LICENSE-2.0

#

# Unless required by applicable law or agreed to in writing, software

# distributed under the License is distributed on an "AS IS" BASIS,

# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

# See the License for the specific language governing permissions and

# limitations under the License.





set -euo pipefail



echo "Starting demo stack with docker compose..."

docker compose -f docker-compose.yml up -d --build



echo "Waiting a few seconds for services to become healthy..."

sleep 3



echo "You can now run: python3 install_acls.py --ports 8001,8002"

echo "Services started. HTTP servers: http://localhost:8001 and http://localhost:8002."

echo "Firewall agent RESTCONF: http://localhost:8888/restconf/data"

src/tests/tools/firewall_agent/docker-compose.yml

0 → 100644
+37 −0
Original line number Diff line number Diff line 
# Copyright 2022-2025 ETSI SDG TeraFlowSDN (TFS) (https://tfs.etsi.org/)

#

# Licensed under the Apache License, Version 2.0 (the "License");

# you may not use this file except in compliance with the License.

# You may obtain a copy of the License at

#

#      http://www.apache.org/licenses/LICENSE-2.0

#

# Unless required by applicable law or agreed to in writing, software

# distributed under the License is distributed on an "AS IS" BASIS,

# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

# See the License for the specific language governing permissions and

# limitations under the License.





services:

  firewall_agent:

    build:

      context: .

      dockerfile: Dockerfile

    container_name: firewall-agent

    network_mode: host

    cap_add:

      - NET_ADMIN

      - NET_RAW



  public_server:

    image: python:3.11-slim

    container_name: public-server

    network_mode: host

    command: ["python", "-u", "-m", "http.server", "8001"]



  corporate_server:

    image: python:3.11-slim

    container_name: corporate-server

    network_mode: host

    command: ["python", "-u", "-m", "http.server", "8002"]