So, I've been beating my head against a rock trying to figure out if it's possible to block specific IP addresses or straight up blacklist websites using SDN. I'm currently using Mininet and POX to block individual hosts from talking to each other via MAC address as rules in the .py file but I would like to be able to prevent them from say pinging or browsing to say vimeo or youtube.
I had thought about trying something like
curl -X POST -d '{"nw_src": "10.0.0.1/32", "nw_dst": "151.101.0.217/?", "nw_proto": "ICMP"}' http://localhost:8080/firewall/rules/0000000000000001
or
curl -X POST -d '{"nw_src": "10.0.0.1/32", "nw_dst": "151.101.0.217/?", "nw_proto": "TCP"}' http://localhost:8080/firewall/rules/0000000000000001
But I'd need to do that for each host and each IP, plus each protocol. I'm also unsure what the unknown portions of their IPs are for the internal ones it's easy since it's a /32. The ones I included above are just two of the IPs I found for vimeo, so I'd also need some way of finding all vimeo's server IPs.
Does anyone here know if it's possible or a way to go about doing it? I don't have access to anything more than opensource SDN tools.
No comments:
Post a Comment