SDN/Pox simple firewall module

1. '''
2. Software Defined Networking
3. Pox Controller module
4. Simple firewall module
5. All deny rules located in the firewall-policies file in CSV format
6. '''
7.  
8. from pox.core import core
9. import pox.openflow.libopenflow_01 as of
10. from pox.lib.revent import *
11. from pox.lib.util import dpidToStr
12. from pox.lib.addresses import EthAddr
13. from collections import namedtuple
14. import os
15. import csv
16.  
17.  
18. log = core.getLogger()
19. policyFile = "%s/pox/pox/misc/firewall-policies.csv" % os.environ[ 'HOME' ]  
20.  
21. rules = []
22.  
23. with open(policyFile, 'rb') as f:
24.     reader = csv.reader(f)
25.     header = f.readline()
26.     for row in reader:
27.         row.pop(0)
28.         rules.append(row)
29.  
30.  
31.  
32. log = core.getLogger()
33.  
34. HARD_TIMEOUT = 30
35. IDLE_TIMEOUT = 30
36. class FirewallLogic (EventMixin):
37.  
38.   def __init__ (self,connection):
39.  
40.     self.connection= connection
41.     self.listenTo(connection)
42.    
43.  
44.   def _handle_PacketIn (self, event):
45.  
46.    
47.     for (src,dst) in rules:
48.       # drop - no action
49.       log.debug("Packet from %s to %s is not allowed" % (src, dst))
50.       match = of.ofp_match()
51.       match.dl_src = src
52.       match.dl_dst = dst
53.       msg = of.ofp_packet_out()
54.       msg.match = match
55.       self.connection.send(msg)
56.       return
57.  
58.  
59. class Firewall (EventMixin):
60.  
61.     def __init__ (self):
62.         self.listenTo(core.openflow)
63.         log.debug("Enabling Firewall Module")
64.  
65.     def _handle_ConnectionUp (self, event):    
66.         FirewallLogic(event.connection)
67.  
68.    
69.         log.debug("Firewall rules installed on %s", dpidToStr(event.dpid))
70.  
71. def launch ():
72.     '''
73.    Starting the Firewall module
74.    '''
75.     core.registerNew(Firewall)