Welcome, Guest. Please login or register.
Did you miss your activation email?
Wednesday 25 December 2024, 04:41:10 am

Login with username, password and session length

Download the latest community FREE version  HERE
14262 Posts in 4377 Topics by 6517 Members
Latest Member: Sandro
Search:     Advanced search
+  EFW Support
|-+  Announcements
| |-+  Project News
| | |-+  RazWall will be an Endian Community Fork
0 Members and 33 Guests are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: RazWall will be an Endian Community Fork  (Read 51389 times)
p3rlphr33k
Full Member
***
Offline Offline

Posts: 10



« on: Friday 08 November 2024, 12:45:38 pm »

I am probably a year out from completing the fork. All of the Endian components that have been replaced in the recent 3.3.X versions are compiled into binaries and closed source. I will have to completely recreate those closed components such as the web socket services, dashboard, some CLI components, and the custom service handler. Right now my primary objective is to fix the 4 zone lock in problem. Instead I will leverage the default zone rules as default rule sets to apply to additional zones (screenshot attached). I have already refactored tons of code and consolidated most of the components into a new filesystem structure. Once I resolve some of these issues with the way the firewall works, I will focus on a re-base to newer version of LFS or move to Rocky base. I want to know if this project is of any value to any of the members, or if I am just doing this for myself? I would like to hear some feed back.

In case anyone is concerned about the difficulty of this project, I have plenty of experience with complicated projects. I created the RazDC project!

Thanks for reading!

Screenshot:

supervene DOT com SLASH razwall DOT png
Logged
p3rlphr33k
Full Member
***
Offline Offline

Posts: 10



« Reply #1 on: Friday 08 November 2024, 12:53:24 pm »

Just a follow up.. I purchased razwall dot com and will begin setup of a new SMF to aid in communication during development. As soon as I have a fully usable code based on the modifications i will post in the github project "razwall".
Logged
devel.tech1
Jr. Member
*
Offline Offline

Posts: 5



« Reply #2 on: Sunday 10 November 2024, 07:28:05 pm »

Hi,
Thanks for your wonderful work. I appreciate it because community edition is quite old now. Yes, Limitation of zones in endian is big bottleneck but it is removed in the paid version and added many other features as well. I was looking in the IPFire 3.x version. they removed this limitation in the latest version but yet not public probably.  Can you explain how you are doing it. ?


 
Logged
p3rlphr33k
Full Member
***
Offline Offline

Posts: 10



« Reply #3 on: Monday 11 November 2024, 02:16:35 am »

No simple solution here. Endian tied every service into a core module that is closed source. So in order to gain control of the internal network configurations on a permanent basis, a new management interface must be written to replace the emi on this distro. The emi is the "endian management interface". The emi reports stats and statuses to both the UI and console, start and stops services, and does so over UI via web socket using Json. All of this needs to be replaced in order to gain control of the configs. And changes to the still open source parts of endian, result in breaking the software because of hard coded params, and template based configs in the service startup.
Logged
devel.tech1
Jr. Member
*
Offline Offline

Posts: 5



« Reply #4 on: Monday 11 November 2024, 03:01:39 am »

Yes. agreed. have you seen the sources given on the sourceforge site which may contain core moduel or emil module in it.
I have another suggestion if we can in your fork is to shift on the nft instead of iptables now. secondly, idea of multiple zones can be explored from other distributions like ipfire. do you have a breakdown list of modules or components to be developed in razwall?
Logged
p3rlphr33k
Full Member
***
Offline Offline

Posts: 10



« Reply #5 on: Monday 11 November 2024, 12:24:39 pm »

The "sources" on source forge do not include these compiled binaries as far as I can tell all that data was scrubbed before uploading. I have considered going back to a previous version to see how it was assembled before it was proprietary. I have also considered looking at other distros as you mentioned, but the usability and features of endian are very popular. I have not considered and new module development until I get the emi replaced. As of now, I have circumvented the rnzo e problem but the result is an token dashboard and broken uplink reporting on the console screen. My next step is to fix this, then see what's next. Netfilter will have to replace iptables down the road that's just a logical step.
Logged
p3rlphr33k
Full Member
***
Offline Offline

Posts: 10



« Reply #6 on: Monday 11 November 2024, 12:36:55 pm »

As for how I'm doing this, I stepped through the code and replaced all the colors with name based zones. Then recycled the colors as default rules that can be applied to the named zones. So red=wan, green=lan,orange=dmz,Blue=lan2 (wifi). The colors are only references to what default rules are used. So these can be applied to more than one zone. I also created a new config folder called zones, and store each of the zone names created in that settings file. Then I reference the zone name rather than the color, then reference the color for the rules. Only the color is now also a name. So you can create as many zones as you have interfaces. Next in line after the emi, is most likely adding additional predefined rulesets. For example a PCI ruleset for card processing, VOIP for PBX with qos etc..
Logged
p3rlphr33k
Full Member
***
Offline Offline

Posts: 10



« Reply #7 on: Saturday 16 November 2024, 07:41:47 am »

Here is a quick progress update:
Emi python and services have been removed
Endian dashboard has been redirected to perl based scripts in cgi
Efw-console has been removed and replaced with a perl based console
File system has been restructured
All color based zones have been removed
Dynamic name based zones have been implemented
Modern interface is in the works (mobile friendly)
Web socket server implementation for near realtime CPU/memory graphs and notifications
I will post screen shots later this coming week. The razwall website is beginning to take shape. I will get a support forum setup as soon as I can. I am. Hoping to have a tar package and some code for people to explore and contribute in about a month.
Logged
p3rlphr33k
Full Member
***
Offline Offline

Posts: 10



« Reply #8 on: Saturday 16 November 2024, 08:37:14 am »

smf forum is up as razwall dot com
Logged
devel.tech1
Jr. Member
*
Offline Offline

Posts: 5



« Reply #9 on: Sunday 24 November 2024, 02:03:33 am »

The "sources" on source forge do not include these compiled binaries as far as I can tell all that data was scrubbed before uploading. I have considered going back to a previous version to see how it was assembled before it was proprietary. I have also considered looking at other distros as you mentioned, but the usability and features of endian are very popular. I have not considered and new module development until I get the emi replaced. As of now, I have circumvented the rnzo e problem but the result is an token dashboard and broken uplink reporting on the console screen. My next step is to fix this, then see what's next. Netfilter will have to replace iptables down the road that's just a logical step.

Well, as per my understanding, sources were available on the sourceforge for different python modules. just for suggestion, can we ignore the emi depdency in the endian, i mean rewriting working which is provided by emi etc ?
Logged
devel.tech1
Jr. Member
*
Offline Offline

Posts: 5



« Reply #10 on: Sunday 24 November 2024, 02:09:38 am »

Here is a quick progress update:
Emi python and services have been removed
Endian dashboard has been redirected to perl based scripts in cgi
Efw-console has been removed and replaced with a perl based console
File system has been restructured
All color based zones have been removed
Dynamic name based zones have been implemented
Modern interface is in the works (mobile friendly)
Web socket server implementation for near realtime CPU/memory graphs and notifications
I will post screen shots later this coming week. The razwall website is beginning to take shape. I will get a support forum setup as soon as I can. I am. Hoping to have a tar package and some code for people to explore and contribute in about a month.

Hi,
Sir, good progress. it would be good if you make a TODO list for the remaining features in the razwall.    
Logged
devel.tech1
Jr. Member
*
Offline Offline

Posts: 5



« Reply #11 on: Sunday 24 November 2024, 02:45:34 am »

smf forum is up as razwall dot com

Hi,
I have seen your forum. Its wonderful job.
Logged
p3rlphr33k
Full Member
***
Offline Offline

Posts: 10



« Reply #12 on: Thursday 19 December 2024, 07:24:56 am »

Thanks! I probably won't be checking in here much anymore, you know where to find me  Wink
Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.125 seconds with 18 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com