Firewalls POX Python

firewall_proativo.py

from pox.core import core
import pox.openflow.libopenflow_01 as of
from pox.lib.util import dpidToStr
from pox.lib.addresses import IPAddr, EthAddr

log = core.getLogger()

def _handle_connectionUp(event):
    msg = of.ofp_flow_mod()
    msg.match.dl_type = 0x800
    msg.match.nw_dst = IPAddr("10.0.0.3")
    event.connection.send(msg)
    log.info("Firewall ativo em %s", dpidToStr(event.dpid))

def launch():
    core.openflow.addListenerByName("ConnectionUp", _handle_connectionUp)
    log.info("firewall proativo ativado")

firewall_reativo.py

from pox.core import core
import pox.openflow.libopenflow_01 as of
from pox.lib.util import dpidToStr
from pox.lib.addresses import IPAddr, EthAddr

log = core.getLogger()

# Lista de bloqueios 
deny = [("00:00:00:00:00:01", "00:00:00:00:00:03"), ("00:00:00:00:00:02", "00:00:00:00:00:03")]

def _handle_packet_in(event):
    packet = event.parsed
    source = packet.src
    dest = packet.dst
    log.debug("connection on %s => %s", source, dest)
    for (src, dst) in deny:
        src = EthAddr(src)
        dst = EthAddr(dst)
        # se os MACs estão na lista de bloqueio
        if (source == src and dest == dst) or (source == dst and dest == src):
            msg = of.ofp_flow_mod()
            msg.match.dl_type = 0x800
            msg.match.dl_src = source
            msg.match.dl_dst = dest
            event.connection.send(msg)
            log.debug("Block installed on %s <==> %s", source, dest)


def launch():
    core.openflow.addListenerByName("PacketIn", _handle_packet_in)
    log.debug("firewall reativo ativado")