This README file contains information on the contents of the meta-firewalltest and how to Build and run a demo for iptable firewall testing with scapy.
URI: https://git.yoctoproject.org/poky/ branch: nanbield
URI: https://git.openembedded.org/meta-openembedded branch: nanbield
- Clone poky and meta-openembedded
git clone -b nanbield git://git.yoctoproject.org/poky
git clone -b nanbield git://git.openembedded.org/meta-openembedded
- Ensure you have all dependencies for building poky installed. For a debian based distro this would be e.g.:
$ sudo apt install gawk wget git diffstat unzip texinfo gcc build-essential \
chrpath socat cpio python3 python3-pip python3-pexpect xz-utils \
debianutils iputils-ping python3-git python3-jinja2 libegl1-mesa \
libsdl1.2-dev python3-subunit mesa-common-dev zstd liblz4-tool file \
locales libacl1
$ sudo locale-gen en_US.UTF-8
Check [0] for other distros/options.
- Setup build env
$ source poky/oe-init-build-env
$ bitbake-layers add-layers <path_to>/meta-openembedded/meta-oe
$ bitbake-layers add-layers <path_to>/meta-openembedded/meta-networking
$ bitbake-layers add-layers <path_to>/meta-firewalltest
- Build image
$ bitbake core-image-base
- Run the image in qemu, and login with root
$ runqemu nographic
...
qemux86-64 login: root
root@qemux86-64:~#
- Testcases
Load firewall rules for test with iptables_setup.sh in qemu. It loads 3 rules and a default DROP policy.
-
Ingress: This is from host to qemu:
- Start on qemu: sniff_ingress.py from this folder here
- Send from host: send_ingress.py
- Observe changes in firewall with iptables-save -c!
-
Egress: This is from qemu to host:
- Start on host:
sniff_ingress.pyfrom this folder here - Send from qemu:
send_ingress.py - Observe changes in firewall with iptables-save -c!
- Start on host:
0: https://docs.yoctoproject.org/brief-yoctoprojectqs/index.html#compatible-linux-distribution