ruhnet
/
kazoo_firewall_agent
1
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 1 Wiki Activity
Daemon that listens for AMQP messages to add IP addresses and ports to FirewallD. IP addresses expire and are removed automatically after a configurable timeout.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
10 Commits
1 Branch
83 KiB
 
Branch: master
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'master'
${ noResults }
kazoo_firewall_agent/README.md

1.3 KiB
Raw Permalink Blame History

Kazoo Firewall Agent

Used in conjunction with call_shield Kazoo application.

Installation

Build

  • You must have go v1.20 or later installed.
  • clone the repo in the usual way
cd kazoo_firewall_agent
go build

Install

mkdir -p /opt/kazoo_firewall_agent
cp ./kazoo_firewall_agent /opt/kazoo_firewall_agent
cp ./kazoo_firewall_agent.service /etc/systemd/system/
cp ./kazoo_firewall_agent_config.json.sample /opt/kazoo_firewall_agent/kazoo_firewall_agent_config.json
systemctl daemon-reload

Enable the Service

-> Make sure you have FirewallD installed and running.

systemctl enable kazoo_firewall_agent
systemctl start kazoo_firewall_agent

Config

Specifying a server_type of freeswitch or ephemeral will use firewall rules that are temporary and are deleted when their cache timeout expires. Any other server type, such as kamailio or anything else, will NOT auto-delete records when the cache expires, and will use permanent firewall rules.

The amqp_uri config parameter can either be a single AMQP URI, or a comma separated list of multiple AMQP URIs (needed for kamailio server type with multiple Kazoo zones). Firewall agents running on Freeswitch do not need to connect to multiple Kazoo zones, only the local zone.

See the sample config file for other potentially useful configuration parameters.