This is the README for the Bouncer Project.
This RESTful API has implemented features for IP and Geo Location based blocking. It operates through the UFW firewall. Changes made to the firewall's database are implimented every minute.
There is no admin or valid user account to start with. Add the --testing flag in the start.sh script to enable the registration page.
This repository also hosts the Bouncer RESTful API; in API Blueprint format 1A.
The API is pubished in various forms:
- here, in
apiary.apib
- at nmftabouncer.docs.apiary.io as:
- Interactive documentation
- A mock server
- at apimatic/.../nmfta-bouncer as:
- Exportable API specifications in multiple formats including: Open API 3.0, RAML 1.0, and Swagger 2.0
- Downloadable (client) SDKs in .NET, Java and Python
The ipv4geolist.csv was downloaded from http://lite.ip2location.com. The list is updated periodically so make sure to download the most recent version to keep the database upto date.
Terms of Use for ipv4geolist.csv can be viewed online at https://lite.ip2location.com/terms-of-use
- Follow the client installation instructions in either
client/python
orclient/csharp
Bouncer realizes firewall changes by executing ufw
commands. It requires a working UFW installation (probably on Linux). Other server deps
- Python (use
appliance/src/requirements.txt
for all package dependencies) - a webserver to host the management interface and API, e.g. Apache2
- Follow the appliance installation instructions in
Bouncer Installation Document v1.pdf
- The appliance instructions assume installation on a netgate firewall appliance. You can also install on a Debian distribution following just the steps in section 1.2
- Install Apache2 and enable mod_wsgi
- Install mod_wsgi for Python 3
- sudo apt-get install libapache2-mod-wsgi-py3
- Copy REST API Configuration file to apache
- cp /opt/bouncer/src/rest_interface.conf /etc/apache2/sites-available
- Update Server Name in configuration file to proper IP Address or DNS
- To support SSL, copy the applicable certificate and configure it in Apache
- Update or add rest_interface.conf file for https
- Enable REST interface and reload Apache configuration
- a2ensite rest_interface.conf
- apache2ctl restart
- make sure firewall.db has write permission
- chmod 646 /opt/bouncer/src/firewall.db