Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - razwall

Pages: [1] 2

News / SourceForge

« on: January 21, 2025, 11:15:19 AM »

Hello,
The RazWall Firewall project has a sourceforge project site for the ISO builds located here: https://sourceforge.net/projects/razwall/. The initial ISO test build has been published. This ISO does NOT install RazWall, but is just a modified Slackware64 15 installer. I will post additional ISOs as I make progress towards getting this to work as intended.

If you do decide to download the ISO, please be aware that the package groups A,AP,D,L,N are the only groups available and with minimum supported packages intended for RazWall in the near future.

More coming soon.. Enjoy!

Dev Stuff / Required packages

« on: January 21, 2025, 10:20:19 AM »

a/aaa_base
a/aaa_glibc-solibs
a/aaa_libraries
a/aaa_terminfo
a/acl
a/attr
a/bash
a/bin
a/coreutils
a/cpio
a/cracklib
a/dbus
a/dcron
a/devs
a/dialog
a/e2fsprogs
a/elogind
a/etc
a/eudev
a/file
a/findutils
a/gawk
a/glibc-zoneinfo
a/grep
a/gzip
a/hostname
a/kernel-generic
a/kernel-huge
a/kernel-modules
a/kmod
a/less
a/libgudev
a/libpwquality
a/lilo
a/logrotate
a/mkinitrd
a/nvi
a/openssl-solibs
a/os-prober
a/pam
a/pkgtools
a/procps-ng
a/sed
a/shadow
a/sharutils
a/sysklogd
a/syslinux
a/sysvinit
a/sysvinit-scripts
a/tar
a/tree
a/util-linux
a/which
a/xz
a/bzip2

ap/slackpkg
ap/mariadb
ap/nano
ap/sqlite
ap/screen
ap/screen

d/autoconf
d/autoconf-archive
d/automake
d/binutils
d/cmake
d/gcc
d/git
d/perl
d/subversion
d/yasm

l/libproxy
l/libsigc++
l/libpcap
l/libssh
l/libunistring
l/libxml2
l/libxslt
l/libyaml
l/mhash
l/ncurses

n/bind
n/bootp
n/bridge-utils
n/bsd-finger
n/ca-certificates
n/curl
n/cyrus-sasl
n/dhcp
n/dhcpd
n/ebtables
n/ethtool
n/htdig
n/httpd
n/icmpinfo
n/iftop
n/inetd
n/iproute2
n/iptables
n/iptraf-ng
n/iputils
n/krb5
n/libmnl
n/libnetfilter_acct
n/libnetfilter_conntrack
n/libnetfilter_cthelper
n/libnetfilter_cttimeout
n/libnetfilter_log
n/libnetfilter_queue
n/libnfnetlink
n/libnftnl
n/net-tools
n/network-scripts
n/ntp
n/openssh
n/ca-certificates
n/gnupg
n/openssl
n/openvpn
n/ppp
n/rp-pppoe
n/traceroute
n/ulogd
n/vlan
n/wget
n/whois

r/razwall
r/razwall-ui
r/razwall-iptables
r/razwall-nf

News / Re: Firewall update

« on: January 13, 2025, 08:54:09 AM »

I started building a custom ISO this weekend. I will release for testing as soon as I am able to rebuild without error. This will NOT be a functional build rather a "developer preview". Once released this will serve as a development platform and (hopefully) used to make pull requests for testing.

News / Firewall update

« on: January 10, 2025, 11:28:42 AM »

I have completed the SNAT and DNAT rewrite in Perl. I will continue to work on converting the other firewall components. I am also working on building an automated ISO so users can begin testing and participating in development. I am probably a month or so out from having an auto-install ready.

Dev Stuff / Edian Menu Items

« on: January 08, 2025, 02:10:25 PM »

Dev Stuff / Test Rules

« on: January 08, 2025, 02:08:30 PM »

/razwall/config/dnat/config
on,tcp,,any,x.x.x.51:UPLINK:main,,8080,192.168.0.14,8080,DNAT,internal www server,,ACCEPT
on,tcp,,any,x.x.x.51:UPLINK:main,,443,192.168.0.14,443,DNAT,inernal www SSL server,,ACCEPT
on,tcp&udp,,any,x.x.x.54:UPLINK:main,,80&443,192.168.0.46,,DNAT,Mobile Print Server,,ALLOW
on,,,any,x.x.x.53:UPLINK:main,,,192.168.14.2,,DNAT,CCREADER on x.x.x.53,,ALLOW

/razwall/config/incomming/config
on,,,103.79.141.172&172.206.138.254&163.172.204.79&103.77.192.219&104.140.114.110&185.224.128.83&104.250.191.110&114.141.53.82&108.61.246.56&149.28.14.163&194.233.83.109&157.230.221.198&167.99.168.251&185.250.151.72&192.81.208.169&203.160.69.66&211.56.98.146&5.254.43.18&80.92.205.81&79.124.62.182&209.141.60.60&176.58.124.134&194.26.29.11&87.251.75.145&144.172.73.40&192.35.168.128&37.64.150.50&222.186.136.150&193.27.228.27&80.82.65.213&185.132.53.161&185.202.2.68&45.148.10.202&84.54.51.37&152.32.173.15&80.82.77.202&91.92.247.159&184.105.247.252&78.153.140.179&118.193.73.8&115.231.78.3&106.75.166.204&184.105.139.70&91.243.50.206&158.46.145.178&91.92.241.222&194.165.1.22&101.36.97.187&27.222.11.186,,,,DROP,BLOCK'EM,on

/razwall/config/outgoing/config
on,,,198.54.115.49&thluongphu.online,,DROP,,PHISING SITES,,,,
on,,,,,ALLOW,,Allow all PHONE outbound,,lan2,,
on,,,,,ALLOW,,allow lan all TEST,,PHYSDEV:eth0.1,,
on,udp,,,1194,ALLOW,,OUTBOUND OPENVPN,,PHYSDEV:eth0.1,,
on,tcp&udp,,,119&123&13,ACCEPT,,Allow NTP,,,,
on,tcp&udp,,,49152:65535,ALLOW,,ROBLOX PORTS,,,,
on,tcp&udp,,8.8.8.8&8.8.4.4&208.67.222.222&208.67.220.220&185.228.168.168&185.228.169.168&185.228.168.10&185.228.169.11&185.228.168.9&185.228.169.9&x.x.x.130,53,ACCEPT,,allow DNS,,,,
on,tcp,,,80,ALLOW,,allow HTTP,,lan2&dmz&PHYSDEV:eth0.1,,
on,tcp,,,443,ALLOW,,allow HTTPS,,lan&lan2&dmz,,
on,tcp,,,21,ALLOW,,allow FTP,,PHYSDEV:eth0.1,,
on,tcp,192.168.0.23&192.168.0.38&192.168.0.60&192.168.1.103&192.168.1.102&192.168.0.114&192.168.0.81&192.168.0.9,,25,ALLOW,,allow SMTP,on,,,
on,tcp,,,110,ALLOW,,allow POP,off,lan,,
on,tcp,,,143,ALLOW,,allow IMAP,,PHYSDEV:eth0.1,,
on,tcp,,,995,ALLOW,,allow POP3s,,PHYSDEV:eth0.1,,
on,tcp,,,993,ALLOW,,allow IMAPs,,PHYSDEV:eth0.1,,
on,icmp,,,8&30,ALLOW,,allow PING,,lan2&dmz&PHYSDEV:eth0.1,,
on,tcp&udp,,,6333&5363&6048,ACCEPT,,ALEPH/POLARIS,,,,
on,tcp&udp,,,22&2220,ACCEPT,,web ssh,,,,
on,tcp&udp,,,4433,ACCEPT,,Connie SSL VPN to City,,PHYSDEV:eth0.1,,
on,,,24.111.245.154,,ALLOW,,Supervene All Access,,,,
on,tcp&udp,,,2050:2150,ALLOW,,ODIN Proxy,,lan2&dmz&PHYSDEV:eth0.1,,
on,tcp&udp,,,993&465&587,ALLOW,,GMAIL imap ssl,,lan2&dmz&PHYSDEV:eth0.1,,
on,tcp,,,843&2221&2222&2227&13207&13217&13227&13237&13247&13257,ALLOW,,ALLOW VUDU STREAMING,,lan2&dmz&PHYSDEV:eth0.1,,
on,tcp&udp,,,25&993&587&143&110&995,ALLOW,,Allow Mail Application Ports,,dmz,,
on,tcp&udp,,,1935,ACCEPT,,ADOBE CONNECT,,,,
on,udp,,,1024:65534,DROP,,block torrent ports,on,,,
on,,,192.42.116.41,,DROP,,BLOCK BOTNET OUTBOUND,on,,,
on,,,24.111.245.154,,ACCEPT,,allow all to bryan ip,,,,
on,tcp&udp,,,500&4500&1701&1723,ALLOW,,Guest VPN Out,,dmz,,
on,tcp&udp,,,4435&6667&123&,ALLOW,,PBX SWITCH - NEBULA,on,PHYSDEV:eth0.1,,
on,,,,,ALLOW,,Allow CC outbound for all,,PHYSDEV:eth0.700,,

/razwall/config/routing/config
on,,,UPLINK:main,Failover for LAN to WAN,,,,,,lan2&dmz&PHYSDEV:eth0.1&PHYSDEV:eth0.600&PHYSDEV:eth0.700,on
off,,192.168.0.8&192.168.0.26,192.168.1.1,allow dhcp vlan to lan,,udp,67&68,,,dmz,

/razwall/config/snat/config
on,,192.168.0.14,,,UPLINK:main,SNAT,web.domain.local out .51,,x.x.x.51
on,,192.168.14.0/24,,,UPLINK:main,SNAT,vlan 700 to x.x.x.53 external IP,,x.x.x.53

/razwall/config/vpnfw/config
on,,,,,ALLOW,,,,VPN:gfptohome,lan&dmz

/razwall/config/xtaccess/config
tcp,192.168.0.0/24,22&80&10443,off,,x.x.x.50:UPLINK:main,,INPUTFW,ACCEPT,,
tcp,,22,on,,PHYSDEV:eth0.1,,INPUTFW,ALLOW,,

/razwall/config/zonefw/config
on,,,,,DROP,,BLOCK VLAN1 to VLAN700,,PHYSDEV:eth0.1,PHYSDEV:eth0.700
on,,,,,DROP,,BLOCK VLAN700 to VLAN1,,PHYSDEV:eth0.700,PHYSDEV:eth0.1
on,,,,,ACCEPT,,ALLOW VLAN1 lan to VLAN1 lan,,PHYSDEV:eth0.1,PHYSDEV:eth0.1
on,,,,,ACCEPT,,LAN to PHONES,,PHYSDEV:eth0.1,lan2
on,,,,,ACCEPT,,,,lan&PHYSDEV:eth0.1,dmz&PHYSDEV:eth1.200
on,,,,,ACCEPT,,,,lan2,lan2
on,,,,,ACCEPT,,,,dmz,dmz
on,tcp&udp,,192.168.0.34,7725,ACCEPT,,DEEP FREEZE,,dmz,
on,tcp&udp,,192.168.0.2&192.168.0.3&,53,ALLOW,,INTERNAL DNS LOOKUPS,,dmz,
on,tcp,,192.168.0.14,80,ALLOW,,,,dmz,
on,tcp&udp,,192.168.0.33,1688,ACCEPT,,Allow KMS Activation,,dmz,
on,tcp,192.168.1.102&192.168.1.103,192.168.0.19,25,ALLOW,,allow checks to send mail from LAN,,,
on,tcp,,192.168.0.82,80,ALLOW,,CaptivePortalTest,,dmz,

Dev Stuff / uplink status JSON response

« on: January 08, 2025, 02:04:37 PM »

{
   "cacheHitAt": 1731600455.4530821,
   "cachedOn": 1731600454.6696789,
   "time": 1731600454.66975,
   "uplinks": [
      {
         "status": "ACTIVE",
         "defaultGatewayTimestamp": 1731349117.8499999,
         "managed": "on",
         "shouldBeUp": true,
         "canStart": true,
         "isLinkAlive": true,
         "data": {
            "name": "'Main uplink'",
            "ip": "x.x.x.x",
            "last_retry": "",
            "interface": "eth3",
            "type": "STATIC",
            "gateway": "x.x.x.x"
         },
         "defaultGateway": true,
         "uptime": "2d 21h 50m 14s",
         "name": "main",
         "isLinkActive": true,
         "enabled": "on",
         "autostart": "on",
         "hasChanged": true
      },
      {
         "status": "ACTIVE",
         "defaultGatewayTimestamp": -1,
         "managed": "on",
         "shouldBeUp": true,
         "canStart": true,
         "isLinkAlive": true,
         "data": {
            "name": "'WAN2'",
            "ip": "x.x.x.x",
            "last_retry": "",
            "interface": "eth2",
            "type": "DHCP",
            "gateway": "x.x.x.x"
         },
         "defaultGateway": false,
         "uptime": "2d 21h 49m 37s",
         "name": "uplink1",
         "isLinkActive": true,
         "enabled": "on",
         "autostart": "on",
         "hasChanged": true
      }
   ],
   "cached": true
}

{
   "cacheHitAt":1735250063,
   "cached":true,
   "time":1735250063,
   "cachedOn":1735250063,
   "uplinks": [
      {
         "managed":"on",
         "defaultGatewayTimestamp":"1731349077",
         "isLinkAlive":true,
         "enabled":"on",
         "name":"uplink1",
         "shouldBeUp":true,
         "uptime":"9d 3h 30m 48s",
         "data": {
            "last_retry":"",
            "ip":"x.x.x.x",
            "name":"'WAN2'",
            "type":"DHCP",
            "gateway":"x.x.x.x",
            "interface":"eth2"
         },
         "isLinkActive":true,
         "autostart":"on",
         "defaultGateway":false,
         "status":"ACTIVE",
         "hasChanged":true,
         "canStart":true
      },
      {
         "autostart":"on",
         "defaultGateway":true,
         "isLinkActive":true,
         "status":"ACTIVE",
         "hasChanged":true,
         "canStart":true,
         "managed":"on",
         "defaultGatewayTimestamp":"1731349040",
         "isLinkAlive":true,
         "enabled":"on",
         "name":"main",
         "shouldBeUp":true,
         "uptime":"9d 3h 30m 48s",
         "data": {
            "type":"STATIC",
            "gateway":"x.x.x.x",
            "ip":"x.x.x.x",
            "name":"'Main uplink'",
            "last_retry":"",
            "interface":"eth3"
         }
      }
   ]
}

Dev Stuff / Endian ip chains

« on: January 08, 2025, 02:02:43 PM »

Chain INPUT (policy DROP)
Chain FORWARD (policy DROP)
Chain OUTPUT (policy ACCEPT)
Chain ALLOW (109 references)
Chain ALLOW_HOOKS (1 references)
Chain BADTCP (2 references)
Chain BADTCP_LOGDROP (11 references)
Chain CUSTOMFORWARD (1 references)
Chain CUSTOMINPUT (1 references)
Chain CUSTOMOUTPUT (1 references)
Chain HAFORWARD (1 references)
Chain HANDLE_ESTABLISHED (2 references)
Chain ICMP_LOGDROP (2 references)
Chain INCOMINGFW (1 references)
Chain INPUTFW (13 references)
Chain INPUTFW_LOGDROP (12 references)
Chain INPUTTRAFFIC (1 references)
Chain LOG_FORWARD (1 references)
Chain LOG_INPUT (1 references)
Chain NEWNOTSYN (0 references)
Chain NEWNOTSYN_LOGDROP (2 references)
Chain OPENVPNCLIENTDHCP (1 references)
Chain OPENVPNDHCP (1 references)
Chain OUTGOINGFW (1 references)
Chain PORTFWACCESS (1 references)
Chain PROXYIN (1 references)
Chain PROXYOUT (1 references)
Chain PROXYOUTGOINGFW (62 references)
Chain QUEUEFW (1 references)
Chain REDINPUT (1 references)
Chain VPNFW (19 references)
Chain VPNFWBRIDGE (1 references)
Chain VPNFWDST (0 references)
Chain VPNFW_LOGDROP (19 references)
Chain VPNTRAFFIC (1 references)
Chain VPN_AS (1 references)
Chain ZONEFW (9 references)
Chain ZONEFW_LOGDROP (9 references)
Chain ZONETRAFFIC (1 references)

Dev Stuff / Re: Canned Perl based Dashboard JSON XHR Request Data Responses

« on: December 30, 2024, 04:03:10 PM »

New dashboard:

Code: [Select]

#!/usr/bin/perl

#
#        +-----------------------------------------------------------------------------+
#        | RazWall Firewall                                                             |
#        +-----------------------------------------------------------------------------+
#        | Copyright (c) 2024 RazWall                                                  |
#        |                                                                             |
#        | This program is free software; you can redistribute it and/or               |
#        | modify it under the terms of the GNU General Public License                 |
#        | as published by the Free Software Foundation; either version 2              |
#        | of the License, or (at your option) any later version.                      |
#        |                                                                             |
#        | This program is distributed in the hope that it will be useful,             |
#        | but WITHOUT ANY WARRANTY; without even the implied warranty of              |
#        | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               |
#        | GNU General Public License for more details.                                |
#        |                                                                             |
#        | You should have received a copy of the GNU General Public License           |
#        | along with this program; if not, write to the Free Software                 |
#        | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA. |
#        | http://www.fsf.org/                                                         |
#        +-----------------------------------------------------------------------------+
#

use lib '/razwall/web/cgi-bin/';
require 'header.pl';

$thisPath = $ENV{'REQUEST_URI'};
$thisAddress = $ENV{'SERVER_NAME'};

getcgihash(\%par);
%template = ();

undef $pagename;
undef $nomenu;
undef $nostatus;

readhash($productfile, \%producthash);
readhash($wizardfile, \%wizardhash);

# build system paths
$cgi_path = $1 if (($ENV{'SCRIPT_FILENAME'}||$0) =~ m/^(.*)(\\|\/)(.+?)$/);
$templates = $cgi_path . '/templates.pl';

# Check that templates file can be loaded..
&loadTemplates;

showhttpheaders();

openpage('Dashboard');

&getTemplate('dashboard');
&doSub('TITLE', 'RazWall Dashboard');
&printTemplate;

&closepage();

1;

News / Re: Github

« on: December 30, 2024, 02:46:41 PM »

Pushed a bunch more code changes today.
The I have almost everything working on Slackware 15 without python and without EMI

News / Minor Website update

« on: December 30, 2024, 02:45:49 PM »

Added a small carousel to show a few extra screenshots.
Fixed the responsive code for mobile viewing.

News / Re: Github

« on: December 18, 2024, 02:24:03 PM »

In addition to the coding nightmare that Endian has made out of the mosh pit of python, perl, shell scripts, and cython. I will most likely remove the bulk of features that are not firewall specific until I can rebuild them individually. I wasn't really sure how I planned to tackle this since its a LOT of moving parts, but I think my road map will look something like this:

Firewall Only- port forwarding, NAT (dNAT/sNAT), Multi-zoned
Firewall/VPN - Add OpenVPN Gw/Client
Firewall/VPN/Proxy - Add Squid
Firewall/VPN/Proxy/Mail Filter - Add Spam Assassin

maybe I will just make packages out of these that can be installed if needed..

News / Re: Github

« on: December 18, 2024, 02:16:00 PM »

That is correct. I have been porting the code over to Slackware15 as the base OS. Before you get bent out of shape over my distro selection, let me be forward in saying: Its not easy to find a slim and modern distro that still uses SysV. Most linux distos have switched to Systemd and to save my aching back from additional coding, I choose to keep the SysV init system Endian had originally used as of Endian Community 3.3. Maybe i will rewrite these at a later time for another base OS, but If this project is to ever come to life i had to make a decision that would allow me to move forward while recycling as much code as possible.

Thanks for checking in!

News / Re: Github

« on: December 11, 2024, 04:34:51 PM »

Finally pushed some data to Github. not usable as it sits, but you are welcome to pick it apart.

News / RazWall 1.0 Console Demo Screenshot

« on: December 11, 2024, 04:04:21 PM »

Here is the progress on a new console. Enjoy!

Pages: [1] 2

News:

Show Posts

Messages - razwall

News / SourceForge

Dev Stuff / Required packages

News / Re: Firewall update

News / Firewall update

Dev Stuff / Edian Menu Items

Dev Stuff / Test Rules

Dev Stuff / uplink status JSON response

Dev Stuff / Endian ip chains

Dev Stuff / Re: Canned Perl based Dashboard JSON XHR Request Data Responses

News / Re: Github

News / Minor Website update

News / Re: Github

News / Re: Github

News / Re: Github

News / RazWall 1.0 Console Demo Screenshot