Question#!/usr/bin/python# CS 6250 Fall 2021 – SDN Firewall Project withPOX# build habit-v23from pox.core import coreimport pox.openflow.libopenflow_01 as ofimport pox.lib.packet as pktfrom pox.lib.revent import *from pox.lib.addresses import IPAddr, EthAddr# You may use this space before the firewall_policy_processing function to add any extra function that you # may need to complete your firewall implementation. No additional functions “should” be required to complete# this assignment.def firewall_policy_processing(policies): ”’ This is where you are to implement your code that will build POX/Openflow Match and Action operations to create a dynamic firewall meeting the requirements specified in your configure.pol file. Do NOT hardcode the IP/MAC Addresses/Protocols/Ports that are specified in the project description – this code should use the values provided in the configure.pol to implement the firewall. The policies passed to this function is a list of dictionary objects that contain the data imported from the configure.pol file. The policy variable in the “for policy in policies” represents a single line from the configure.pol file. Each of the configuration values are then accessed using the policy[‘field’] command. The fields are: ‘rulenum’,’action’,’mac-src’,’mac-dst’,’ip-src’,’ip-dst’,’ipprotocol’,’port-src’,’port-dst’, ‘comment’. Your return from this function is a list of flow_mods that represent the different rules in your configure.pol file. Implementation Hints: The documentation for the POX controller is available at https://noxrepo.github.io/pox-doc/html . This project is using the gar-experimental branch of POX in order to properly support Python 3. To complete this project, you need to use the OpenFlow match and flow_modification routines (https://noxrepo.github.io/pox-doc/html/#openflow-messages for flow_mod and https://noxrepo.github.io/pox-doc/html/#match-structure for match.) Also, do NOT wrap IP Addresses with IPAddr() unless you reformat the CIDR notation. Look at the https://github.com/att/pox/blob/master/pox/lib/addresses.py for what POX is expecting as an IP Address. ”’ rules = [] for policy in policies: # Enter your code here to implement matching and block/allow rules. See the links # in Implementation Hints on how to do this. # HINT: Think about how to use the priority in your flow modification. # rule = None # Please note that you need to redefine this variable below to create a valid POX Flow Modification Object # End Code Here print(‘Added Rule ‘,policy[‘rulenum’],’: ‘,policy[‘comment’]) #print(rule) #Uncomment this to debug your “rule” rules.append(rule) return rules#!/usr/bin/python# CS 6250 Fall 2021 – SDN Firewall Project with POX# build habit-v23# This file sets up the firewall. Do not edit this file or your code may fail to run in the# autograder. It will read in the contents of the configure.pol file and store the policies in a # list of a dictionary.from pox.core import coreimport pox.openflow.libopenflow_01 as offrom pox.lib.revent import *from pox.lib.addresses import IPAddr, EthAddrfrom pox.firewall.sdnfirewall import * import csvimport sysimport reimport datetimepolicy_filename = ‘pox/firewall/config.pol’def process_configuration(filename): ”’ This function imports the configure.pol file into the list “policies”. Each item in the list is a dictionary that includes all of the parsed data from the configuration file. The dictionary keys for each item in the list are ‘rulenum’,’action’,’mac-src’,’mac-dst’,’ip-src’,’ip-dst’,’ipprotocol’,’port-src’,’port-dst’,’comment’ which corresponds to the directions in the configure.pol file. All imported data is a string. Convert data as needed for the input into the POX match routines (or other possible implementations). This function also validates that the different addresses, ports, and protocol numbers are sensible and valid. You do NOT need to further validate the input. ”’ fields = (‘rulenum’,’action’,’mac-src’,’mac-dst’,’ip-src’,’ip-dst’,’ipprotocol’,’port-src’,’port-dst’,’comment’) policies = [] with open(filename,’r’) as config_file: configuration = csv.DictReader(filter(lambda row: row[0]!=’#’, config_file),fieldnames=fields) try:for rule in configuration: # Validate Action Item if rule[‘action’] not in (‘Block’,’Allow’): raise ValueError(‘Invalid Action Item for rulenum %s: %s’ % (rule[‘rulenum’],rule[‘action’])) # Validate MAC Addresses if rule[‘mac-src’] != ‘-‘ and (None == re.match(“[0-9a-f]{2}([:])[0-9a-f]{2}(1[0-9a-f]{2}){4}$”,rule[‘mac-src’].lower())): raise TypeError(“Invalid Format for Source MAC Address for rulenum %s” % rule[‘rulenum’]) if rule[‘mac-dst’] != ‘-‘ and (None == re.match(“[0-9a-f]{2}([:])[0-9a-f]{2}(1[0-9a-f]{2}){4}$”,rule[‘mac-dst’].lower())): raise TypeError(“Invalid Format for Destination MAC Address for rulenum %s” % rule[‘rulenum’]) # Validate IP Addresses if rule[‘ip-src’] != ‘-‘ and (None == re.match(“^(25[0-5]|2[0-4]d|[01]d{2}|d{1,2})(.(25[0-5]|2[0-4]d|[01]d{2}|d{1,2})){3}(/(3[012]|[12]d|d))$”,rule[‘ip-src’])): raise TypeError(“Invalid Format for Source IP Address for rulenum %s” % rule[‘rulenum’]) if rule[‘ip-dst’] != ‘-‘ and (None == re.match(“^(25[0-5]|2[0-4]d|[01]d{2}|d{1,2})(.(25[0-5]|2[0-4]d|[01]d{2}|d{1,2})){3}(/(3[012]|[12]d|d))$”,rule[‘ip-dst’])): raise TypeError(“Invalid Format for Destination IP Address for rulenum %s” % rule[‘rulenum’]) # Validate IP Protocol if (rule[‘ipprotocol’] != ‘-‘ and (int(rule[‘ipprotocol’]) > 256 or int(rule[‘ipprotocol’]) < -1)): raise TypeError(“Invalid IP Protocol for rulenum %s” % rule[‘rulenum’]) # Validate Application Port if (rule[‘port-src’] != ‘-‘ and (int(rule[‘port-src’]) > 65535 or int(rule[‘port-src’]) < 0)): raise TypeError(“Invalid Source Application Port for rulenum %s” % rule[‘rulenum’]) if (rule[‘port-dst’] != ‘-‘ and (int(rule[‘port-dst’]) > 65535 or int(rule[‘port-dst’]) < 0)): raise TypeError(“Invalid Destination Application Port for rulenum %s” % rule[‘rulenum’]) if rule[‘ip-src’] != ‘-‘: rule[‘ip-src-address’], rule[‘ip-src-subnet’] = rule[‘ip-src’].split(“/”) else: rule[‘ip-src-address’], rule[‘ip-src-subnet’] = “-“,”-” if rule[‘ip-dst’] != ‘-‘: rule[‘ip-dst-address’], rule[‘ip-dst-subnet’] = rule[‘ip-dst’].split(“/”) else: rule[‘ip-dst-address’], rule[‘ip-dst-subnet’] = “-“,”-” policies.append(rule) except csv.Error:sys.exit() return policiesclass SDNFirewall (EventMixin): def __init__ (self): self.listenTo(core.openflow) print(“Starting POX Instance”) print(“Starting date and time : ” + datetime.datetime.now().strftime(“%Y-%m-%d %H:%M:%S”)+’nn’)def _handle_ConnectionUp (self, event): policies = process_configuration(policy_filename) print(“List of Policy Objects imported from configure.pol:”) print(“—————————————————“) print(policies) rules = firewall_policy_processing(policies) for rule in rules:if rule is not None: event.connection.send(rule) def launch (): core.registerNew(SDNFirewall)def main(): print(“Starting POX Instance”) print(“Starting date and time : ” + datetime.datetime.now().strftime(“%Y-%m-%d %H:%M:%S”)+’nn’) policies = process_configuration(‘configure.pol’) print(“List of Policy Objects imported from configure.pol:”) print(“—————————————————“) print(policies)if __name__ == “__main__”: main()Computer ScienceEngineering & TechnologyPython Programming CS 6250
