GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → relaypro-open → dog

relaypro-open / dog

Licence: AGPL-3.0 license
A firewall management system.

Programming Languages

python
139335 projects - #7 most used programming language
SCSS
7915 projects
shell
77523 projects
Dockerfile
14818 projects
HCL
1544 projects
Makefile
30231 projects

Labels

securityec2iptablesfirewallsfirewall-managementdog-trainerdog-agentdog-fw

Projects that are alternatives of or similar to dog

Anti-DDOS-Script
Anti DDOS Protection that will stop DDOS from taking down your Linux Server
Stars: ✭ 51 (-23.88%)
Mutual labels:  firewalls, firewall-management
k8s-custom-iptables
How to add custom iptables rules to a Kubernetes cluster
Stars: ✭ 52 (-22.39%)
Mutual labels:  iptables
Autospotting
Saves up to 90% of AWS EC2 costs by automating the use of spot instances on existing AutoScaling groups. Installs in minutes using CloudFormation or Terraform. Convenient to deploy at scale using StackSets. Uses tagging to avoid launch configuration changes. Automated spot termination handling. Reliable fallback to on-demand instances.
Stars: ✭ 2,014 (+2905.97%)
Mutual labels:  ec2
Aws Ssh Config
Generate SSH config files from AWS EC2 inventory
Stars: ✭ 229 (+241.79%)
Mutual labels:  ec2
Aws Ec2 Assign Elastic Ip
Automatically assign Elastic IPs to AWS EC2 Auto Scaling Group instances
Stars: ✭ 172 (+156.72%)
Mutual labels:  ec2
Laravel Aws Eb
Ready-to-deploy configuration to run Laravel on AWS Elastic Beanstalk.
Stars: ✭ 247 (+268.66%)
Mutual labels:  ec2
Awscloudformation Samples
Sample AWS CloudFormation templates
Stars: ✭ 153 (+128.36%)
Mutual labels:  ec2
ocaml-aws
Generated OCaml bindings for Amazon Web Services
Stars: ✭ 126 (+88.06%)
Mutual labels:  ec2
ecs-ansible-packer-terraform-wordpress
Proof of concept: Install wordpress environment using ansible, packer, docker, terraform and AWS.
Stars: ✭ 29 (-56.72%)
Mutual labels:  ec2
Keymaker
Lightweight SSH key management on AWS EC2
Stars: ✭ 221 (+229.85%)
Mutual labels:  ec2
Awsssmchaosrunner
Amazon's light-weight library for chaos engineering on AWS. It can be used for EC2, ECS (with EC2 launch type) and Fargate.
Stars: ✭ 214 (+219.4%)
Mutual labels:  ec2
Aws Cost Saver
A tiny CLI tool to help save costs in development environments when you're asleep and don't need them!
Stars: ✭ 178 (+165.67%)
Mutual labels:  ec2
Aws Toolkit Eclipse
AWS Toolkit for Eclipse – an open-source plugin for developing, deploying, and managing AWS applications.
Stars: ✭ 252 (+276.12%)
Mutual labels:  ec2
Aws Virtual Bastion
A web based terminal for EC2 instances that does not require SSH or any other inbound connections to the instaces. Instead it uses the AWS Systems Manager (SSM) API to run commands (bash or powershell).
Stars: ✭ 166 (+147.76%)
Mutual labels:  ec2
terraform-aws-eks-workers
Terraform module to provision an AWS AutoScaling Group, IAM Role, and Security Group for EKS Workers
Stars: ✭ 82 (+22.39%)
Mutual labels:  ec2
Aws Sdk Perl
A community AWS SDK for Perl Programmers
Stars: ✭ 153 (+128.36%)
Mutual labels:  ec2
Kitchen Ec2
A Test Kitchen Driver for Amazon EC2
Stars: ✭ 211 (+214.93%)
Mutual labels:  ec2
Komiser
☁️ Cloud Environment Inspector 👮🔒 💰
Stars: ✭ 2,684 (+3905.97%)
Mutual labels:  ec2
Mignis
Mignis is a semantic based tool for firewall configuration.
Stars: ✭ 43 (-35.82%)
Mutual labels:  iptables
terraform-aws-ec2
Terraform module to create an EC2 resource on AWS with Elastic IP Addresses and Elastic Block Store.
Stars: ✭ 33 (-50.75%)
Mutual labels:  ec2
View All Similar Projects ➔

  1. What is dog?
  2. Why dog?
  3. Features
  4. Components
  5. Architecture
  6. Security
  7. Quick Install
  8. Install
  9. Use
  10. Road Map

What is dog?

dog is a distributed firewall management system designed to manage hundreds+ of per-server firewalls. Currently iptables on Linux supported, but others could be added.

dog is your network guard dog.

'dog-fw' is the search friendly name for dog.

Why dog?

  • Need consistent network access rules across hundreds+ of servers in multiple regions on multiple providers?
  • Need defense-in-depth, beyond gateway firewalls?
  • Need blocklists with thousands of addresses distributed across many servers updated constantly?
  • Need to limit number of connections and/or bandwidth usage?
  • Sick of error-prone manual updates of per-server iptables rules?

Features

  • Centrally manage hundreds+ of per-server iptables firewalls.
  • Works across clouds, regions, and on-premise infrastructure.
  • Adapts to dynamic address changes.
  • Large blocklists/allowlists can be used and will be updated across all servers in seconds.
  • Rules scale to tens of thousands of addresses (using ipsets).
  • Alerts if servers fail to communicate or if their firewalls are modified outside of dog control.
  • Reactive web interface.
  • API for external integrations.
  • Tested in production with hundreds of servers.
  • Multiple dog_trainers can be federated together to allow sharing of addresses, while allowing each dog_trainer to have its own security rules.
  • Integration with Flan Scan, a network vulnerability scanner.
  • Agents support Linux 2.6+ iptables firewalls.
  • Supports cloud public IP addresses (currently only EC2).
  • Manages cloud security groups across multiple regions (EC2).
  • Compatible with Docker, LXD localhost firewall rules.
  • Can be managed as code by terraform (https://github.com/relaypro-open/terraform-provider-dog)

Components

  • dog_trainer is a central server, used to configure and control dog agents.
    Multiple dog_trainers can be federated together to allow sharing of agents' addresses, while allowing each dog_trainer to have its own security rules.

  • dog agents are deployed to all managed servers. dog agents control the server's iptables firewalls.

  • dog_park is the browser user interface for dog_trainer.

Architecture

dog

  • dog Agents communicate with dog_trainer over RabbitMQ queues.
  • dog_trainer stores its configuration in a RethinkDB database.
  • dog_park communicates with dog_trainer via a RESTful API, which can be used for further integrations.

Security

  • Provides defense-in-depth, so you are not completely dependent on gateway firewalls.
  • dog agents authenticate to RabbitMQ with per-agent client certificates, and all communication is encrypted.
  • RabbitMQ should be configured to only communicate over private networks.
  • Additional federated RabbitMQs can be configured to allow communication over regional boundaries.
  • dog_trainer stores hashes of the iptables and ipsets it sends to agents. Agents send their own generated hashes to dog_trainer via a scheduled check-in.
  • dog_trainer will alert if agents fail to communicate over time or if the hashes the agents provide do not match what dog_trainer expects.
  • dog's use of ipsets not only allows highly scalable, fast rulesets, it also keeps iptables size small enough to be auditable by a human.

Quick Install

A working dog environment on containers in a local VM

Install

Use

Road Map

  • Manage Cloud security groups
    • AWS EC2
    • Google Cloud
    • Microsoft Azure
  • Support Cloud Instances
    • AWS EC2
    • Google Cloud
    • Microsoft Azure
  • Agent support for
    • More Linux distros
      • Arch
    • Other *nix OSes
      • BSD
  • Support for other firewall types
    • nftables (beyond the current iptables-legacy compatibility support)
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].