opendaylight-firewall's Introduction

opendaylight-firewall

A litte experiment that tries to ensure a security policy into a set o openflow switches, similar to a firewall or a ACL, using Opendaylight Controller.

Requirements

Walkthrough

Clone the repository

https://github.com/mauromoura/opendaylight-firewall.git

Compile with maven

mvn clean install -DskipTests

Run Opendaylight controller

karaf/target/assembly/bin/karaf

Create a topology with mininet

If you are using a VM with VirtualBox, male sure to use Host-only networking so your virtual swithes can comunicate with the controller running on the host machine.

sudo mn --topo single,3 --mac --switch ovsk --controller remote,ip={controller_ip}

Add some flows to the switchs using openvswitch

ovs-ofctl add-flow s1 in_port=1,actions=output:2

ovs-ofctl add-flow s1 in_port=2,actions=output:1

Test the conectivity between the clients in mininet

h1 ping h2

h2 ping h1

Adding security rules to opendaylight

Security rules can be added to the controller using restconf. To add a rule, you can make a POST to:

http://localhost:8181/restconf/config/sdnfirewall:rule-registry/

The security rule must be a JSON with the format :

{"rule-registry-entry": [{ "name":"name_of_security_rule [test]", "node":"switch_name [openflow:1]", "ip-addr":"ip_ to block_traffic [10.0.0.2/24]", "port":"port [8080]" }] }

To view previosly saved rules, send a GET request to the same URL.

opendaylight-firewall's People

Contributors

Stargazers

Watchers

opendaylight-firewall's Issues

Make a Post

Can you describe make a post in more details please ?

Cannot Compile

[ERROR] Non-resolvable parent POM: Could not find artifact org.opendaylight.odlparent:odlparent:pom:1.6.0-SNAPSHOT and 'parent.relativePath' points at wrong local POM @ line 10, column 11 -> [Help 2]