Skip to content

Instantly share code, notes, and snippets.

@wh5a
Created July 16, 2013 22:52
Show Gist options
  • Save wh5a/6015943 to your computer and use it in GitHub Desktop.
Save wh5a/6015943 to your computer and use it in GitHub Desktop.
SDN Module 4 OpenFlow Firewall
'''
Coursera:
- Software Defined Networking (SDN) course
-- Module 4 Programming Assignment
Professor: Nick Feamster
Teaching Assistant: Muhammad Shahbaz
'''
from pox.core import core
import pox.openflow.libopenflow_01 as of
from pox.lib.revent import *
from pox.lib.util import dpidToStr
from pox.lib.addresses import EthAddr
from collections import namedtuple
import os
import csv
log = core.getLogger()
policyFile = "%s/pox/pox/misc/firewall-policies.csv" % os.environ[ 'HOME' ]
''' Add your global variables here ... '''
class Firewall (EventMixin):
def __init__ (self):
self.listenTo(core.openflow)
log.debug("Enabling Firewall Module")
self.deny = []
with open(policyFile, 'rb') as f:
reader = csv.DictReader(f)
for row in reader:
self.deny.append((EthAddr(row['mac_0']), EthAddr(row['mac_1'])))
self.deny.append((EthAddr(row['mac_1']), EthAddr(row['mac_0'])))
def _handle_ConnectionUp (self, event):
for (src, dst) in self.deny:
match = of.ofp_match()
match.dl_src = src
match.dl_dst = dst
msg = of.ofp_flow_mod()
msg.match = match
event.connection.send(msg)
log.debug("Firewall rules installed on %s", dpidToStr(event.dpid))
def launch ():
'''
Starting the Firewall module
'''
core.registerNew(Firewall)
@longruiliu
Copy link

Hello,I had a problem here.Don.t know why a ofp_match() object match the mac1 and mac2,and make the object to ofp_flow_mod() object ,then the firewall worked .I read some documents about pox ,but don't know why,can you help me ?

@hasabd12
Copy link

Hi wh5a!

I'm getting error when executing this code, although I've clone it.

mininet@mininet-vm:/pox$ ./pox.py forwarding.l2_learning misc.firewall &
[1] 3621
mininet@mininet-vm:
/pox$ POX 0.1.0 (betta) / Copyright 2011-2013 James McCauley, et al.
Traceback (most recent call last):
File "/home/mininet/pox/pox/boot.py", line 459, in boot
if _do_launch(argv):
File "/home/mininet/pox/pox/boot.py", line 199, in _do_launch
f(*_params)
File "/home/mininet/pox/pox/misc/firewall.py", line 51, in launch
core.registerNew(Firewall)
File "/home/mininet/pox/pox/core.py", line 356, in registerNew
obj = __componentClass(_args, **kw)
File "/home/mininet/pox/pox/misc/firewall.py", line 34, in init
self.deny.append((EthAddr(row['mac_0']), EthAddr(row['mac_1'])))
KeyError: 'mac_0'

Any advice?

Thanks..

@Oomi
Copy link

Oomi commented Dec 31, 2014

Hi
I m getting an error by executing above code as;
ImportError: No module named pox.core

@mehran-pourvahab
Copy link

Hi
Note: Remove id,mac_0,mac_1 from first line of firewall-policies.csv file

Use the following code:

'''
Coursera:

  • Software Defined Networking (SDN) course
    -- Module 4 Programming Assignment

Professor: Nick Feamster
Teaching Assistant: Muhammad Shahbaz

Edited by: Mehran Pourvahab
'''

from pox.core import core
import pox.openflow.libopenflow_01 as of
from pox.lib.revent import *
from pox.lib.util import dpidToStr
from pox.lib.addresses import EthAddr
from collections import namedtuple
import os
''' Add your imports here ... '''

import csv

log = core.getLogger()

--> Remove id,mac_0,mac_1 from first line of firewall-policies.csv file

policyFile = "%s/pox/pox/misc/firewall-policies.csv" % os.environ[ 'HOME' ]

''' Add your global variables here ... '''
policyTable = []

with open(policyFile, 'rb') as f:
csv_entry = csv.reader(f, delimiter=',')
for row in csv_entry:
# --> ['1', '00:00:00:00:00:01', '00:00:00:00:00:02'] []
log.debug("row data from csv file %s ", row)
policyTable.append(row[1:])

for rule in policyTable:    
    # --> ['00:00:00:00:00:01', '00:00:00:00:00:02'] []
log.debug("rules are %s", rule)

class Firewall (EventMixin):

def __init__ (self):
    self.listenTo(core.openflow)
    log.debug("Enabling Firewall Module")

def _handle_ConnectionUp (self, event):    
    ''' Add your logic here ... '''

    for rule in policyTable: 

        my_match = of.ofp_match()

        my_match.dl_src = EthAddr(rule[0])
        my_match.dl_dst = EthAddr(rule[1])

    # construct flow modify message            
        msg = of.ofp_flow_mod()

        msg.match = my_match    

        action = of.ofp_action_output(port = of.OFPP_NONE)            

        msg.actions.append(action)
        event.connection.send(msg)

    log.debug("Firewall rules installed on %s", dpidToStr(event.dpid))

def launch ():
'''
Starting the Firewall module
'''
core.registerNew(Firewall)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment