I’m using Sophos Firewall virtual appliance at home. The reason is quite simple, it’s free of charge. There are numbers of opensource firewall, but most of them lacks essential features(eg. AntiVirus, SSL inspection). Sophos is providing XG firewall VM for home use, and you can claim home license, which is technically has the same functionality of the business use, just less performance. In this project, I use python to access sophos XG firewall so that it can be monitored/configured to secure home network.
Output Example:
$ python sophos_base.py OrderedDict([('Response', OrderedDict([('@APIVersion', '1700.1'), ('Login', OrderedDict([('status', 'Authentication Successful')])), ('SecurityPolicy', [OrderedDict([('@transactionid', ''), ('Name', 'Auto added firewall policy for ' 'MTA'), ('Description', 'This rule was added automatically ' 'by SFOS MTA. However you could ' 'edit this policy based on network ' 'requirement.'), ('IPFamily', 'IPv4'), ('Status', 'Enable'), ('Position', 'Top'), ('PolicyType', 'PublicNonHTTPPolicy'), ('MatchIdentity', 'Disable'), ('PublicNonHTTPBasedPolicy', OrderedDict([('ScanSMTP', 'Enable'), ('ScanIMAP', 'Disable'), ('ScanIMAPS', 'Disable'), ('ScanPOP3', 'Disable'), ('ScanSMTPS', 'Enable'), ('ScanPOP3S', 'Disable')])), ('IntrusionPrevention', 'None'), ('TrafficShappingPolicy', 'None'), ('LogTraffic', 'Disable'), ('ApplyNAT', 'CustomNatPolicy'), ('OverrideGatewayDefaultNATPolicy', 'Disable'), ('SourceSecurityHeartbeat', 'Disable'), ('MinimumSourceHBPermitted', 'No Restriction'), ('DestSecurityHeartbeat', 'Disable'), ('MinimumDestinationHBPermitted', 'No Restriction'), ('OutboundAddress', 'MASQ')]), OrderedDict([('@transactionid', ''), ('Name', '#Default_Network_Policy'), ('Description', None), ('IPFamily', 'IPv4'), ('Status', 'Enable'), ('Position', 'After'), ('PolicyType', 'Network'), ('After', OrderedDict([('Name', 'Auto added firewall ' 'policy for MTA')])), ('SourceZones', OrderedDict([('Zone', 'LAN')])), ('DestinationZones', OrderedDict([('Zone', 'WAN')])), ('Schedule', 'All The Time'), ('Action', 'Accept'), ('LogTraffic', 'Disable'), ('MatchIdentity', 'Disable'), ('DSCPMarking', '-1'), ('ApplicationControl', 'None'), ('ApplicationBaseQoSPolicy', 'Revoke'), ('WebFilter', 'Default Policy'), ('WebCategoryBaseQoSPolicy', 'Revoke'), ('IntrusionPrevention', 'lantowan_general'), ('TrafficShappingPolicy', 'None'), ('ApplyNAT', 'CustomNatPolicy'), ('OverrideGatewayDefaultNATPolicy', 'Disable'), ('PrimaryGateway', None), ('OutboundAddress', 'MASQ'), ('BackupGateway', None), ('ScanHTTP', 'Enable'), ('ScanHTTPS', 'Disable'), ('Sandstorm', 'Disable'), ('ScanFTP', 'Disable'), ('SourceSecurityHeartbeat', 'Disable'), ('MinimumSourceHBPermitted', 'No Restriction'), ('DestSecurityHeartbeat', 'Disable'), ('MinimumDestinationHBPermitted', 'No Restriction')])])]))])
Here is the code:
from dicttoxml import dicttoxml import xmltodict import requests from data_source import sophos_credentials def get_config(scope): param_dict = sophos_credentials.SEGFW_INT param_dict['GET'] = { scope: ""} xml = str(dicttoxml(param_dict, custom_root="Request", attr_type=False), 'utf-8') url = f"https://"firewall-ip":4444/webconsole/APIController?reqxml={xml}" resp = requests.get(url, verify=False) return resp.status_code, xmltodict.parse(resp.text) from pprint import pprint ret_code, ret_dict = get_config("SecurityPolicy") if ret_code == 200: pprint(ret_dict)