ruhnet
/
kazoo_firewall_agent
1
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 1 Wiki Activity
Daemon that listens for AMQP messages to add IP addresses and ports to FirewallD. IP addresses expire and are removed automatically after a configurable timeout.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
10 Commits
1 Branch
83 KiB
 
Branch: master
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'master'
${ noResults }
 ZIP  TAR.GZ
Ruel Tmeizeh - RuhNet ab77d1b224 Multiple AMQP connections (Kazoo multi-zone for Kamailio). 1 week ago
.gitignore Initial Commit 1 year ago
README.md Multiple AMQP connections (Kazoo multi-zone for Kamailio). 1 week ago
amqp.go Multiple AMQP connections (Kazoo multi-zone for Kamailio). 1 week ago
bitbucket-pipelines.yml Merged in pbx-2488-automate-rpm-package-building (pull request #1) 5 months ago
cache.go Release version. 1 year ago
config.go Initial Commit 1 year ago
firewall.go Support both temporary and permanent firewall, depending on server type. 1 week ago
go.mod Added README and updated go.mod for compatibility with older versions 10 months ago
go.sum Initial Commit 1 year ago
kazoo_firewall_agent.service Initial Commit 1 year ago
kazoo_firewall_agent_config.json.sample Initial Commit 1 year ago
kfa.spec Merged in pbx-2488-automate-rpm-package-building (pull request #1) 5 months ago
main.go Multiple AMQP connections (Kazoo multi-zone for Kamailio). 1 week ago
message.json Initial Commit 1 year ago
util.go Initial Commit 1 year ago

README.md

Kazoo Firewall Agent

Used in conjunction with call_shield Kazoo application.

Installation

Build

  • You must have go v1.20 or later installed.
  • clone the repo in the usual way
cd kazoo_firewall_agent
go build

Install

mkdir -p /opt/kazoo_firewall_agent
cp ./kazoo_firewall_agent /opt/kazoo_firewall_agent
cp ./kazoo_firewall_agent.service /etc/systemd/system/
cp ./kazoo_firewall_agent_config.json.sample /opt/kazoo_firewall_agent/kazoo_firewall_agent_config.json
systemctl daemon-reload

Enable the Service

-> Make sure you have FirewallD installed and running.

systemctl enable kazoo_firewall_agent
systemctl start kazoo_firewall_agent

Config

Specifying a server_type of freeswitch or ephemeral will use firewall rules that are temporary and are deleted when their cache timeout expires. Any other server type, such as kamailio or anything else, will NOT auto-delete records when the cache expires, and will use permanent firewall rules.

The amqp_uri config parameter can either be a single AMQP URI, or a comma separated list of multiple AMQP URIs (needed for kamailio server type with multiple Kazoo zones). Firewall agents running on Freeswitch do not need to connect to multiple Kazoo zones, only the local zone.

See the sample config file for other potentially useful configuration parameters.