Files
@ d3e235399b35
Branch filter:
Location: conntrackt/docs/usage.rst - annotation
d3e235399b35
24.9 KiB
text/prs.fallenstein.rst
CONNT-33: Bumping version back maintenance.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461 462 463 464 465 466 467 468 469 470 471 472 473 474 475 476 477 478 479 480 481 482 483 484 485 486 487 488 489 490 491 492 493 494 495 496 497 498 499 500 501 502 503 504 505 506 507 508 509 510 511 512 513 514 515 516 517 518 519 520 521 522 523 524 525 526 527 528 529 530 531 532 533 534 535 536 537 538 539 540 541 542 543 544 545 546 547 548 549 550 551 552 553 554 555 556 557 558 559 560 561 562 563 564 565 566 567 568 569 570 571 572 573 574 575 576 577 578 579 580 581 582 583 584 585 586 587 588 589 590 591 592 593 594 595 596 597 598 599 600 601 602 603 604 605 606 607 608 609 610 611 612 613 614 615 616 617 | 265b2706e075 265b2706e075 265b2706e075 265b2706e075 265b2706e075 265b2706e075 265b2706e075 265b2706e075 265b2706e075 7d5e06b63135 c60fb2199532 6fd135ca87cc c60fb2199532 c60fb2199532 c60fb2199532 d676fab7bc8a d676fab7bc8a d676fab7bc8a 6fd135ca87cc d676fab7bc8a d676fab7bc8a 6fd135ca87cc 6fd135ca87cc 6fd135ca87cc 6fd135ca87cc 6fd135ca87cc 6fd135ca87cc 6fd135ca87cc 6fd135ca87cc 6fd135ca87cc 6fd135ca87cc 6fd135ca87cc d676fab7bc8a 6fd135ca87cc 6fd135ca87cc 6fd135ca87cc 6fd135ca87cc 6fd135ca87cc 6fd135ca87cc 6fd135ca87cc 6fd135ca87cc 6fd135ca87cc 6fd135ca87cc 6fd135ca87cc 6fd135ca87cc 6fd135ca87cc 6fd135ca87cc 6fd135ca87cc 6fd135ca87cc 6fd135ca87cc d676fab7bc8a 6fd135ca87cc 6fd135ca87cc d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a 6fd135ca87cc d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a 6fd135ca87cc d676fab7bc8a d676fab7bc8a d676fab7bc8a 6fd135ca87cc d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a 6fd135ca87cc d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a 6fd135ca87cc d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a 6fd135ca87cc d676fab7bc8a d676fab7bc8a 6fd135ca87cc d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a 6fd135ca87cc d676fab7bc8a d676fab7bc8a 6fd135ca87cc d676fab7bc8a 6fd135ca87cc d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a 6fd135ca87cc d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a 6fd135ca87cc 6fd135ca87cc 6fd135ca87cc 6fd135ca87cc d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a 6fd135ca87cc d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a 6fd135ca87cc d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a 3273586d0f89 3273586d0f89 6fd135ca87cc d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a 6fd135ca87cc d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a 6fd135ca87cc 6fd135ca87cc 6fd135ca87cc 6fd135ca87cc d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a 6fd135ca87cc d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a 6fd135ca87cc d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a 6fd135ca87cc d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a 6fd135ca87cc d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a 6fd135ca87cc d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a 6fd135ca87cc d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a 6fd135ca87cc d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a 6fd135ca87cc d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a 6fd135ca87cc d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a 6fd135ca87cc 6fd135ca87cc 6fd135ca87cc 6fd135ca87cc 6fd135ca87cc 6fd135ca87cc 6fd135ca87cc 6fd135ca87cc d676fab7bc8a 6fd135ca87cc d676fab7bc8a 6fd135ca87cc 6fd135ca87cc 6fd135ca87cc 6fd135ca87cc d676fab7bc8a d676fab7bc8a d676fab7bc8a 6fd135ca87cc 6fd135ca87cc 6fd135ca87cc d676fab7bc8a 6fd135ca87cc 6fd135ca87cc d676fab7bc8a d676fab7bc8a d676fab7bc8a d676fab7bc8a 6fd135ca87cc 6fd135ca87cc 6fd135ca87cc 6fd135ca87cc 6fd135ca87cc 6fd135ca87cc 6fd135ca87cc | .. Copyright (C) 2013 Branko Majic
This file is part of Django Conntrackt documentation.
This work is licensed under the Creative Commons Attribution-ShareAlike 3.0
Unported License. To view a copy of this license, visit
http://creativecommons.org/licenses/by-sa/3.0/ or send a letter to Creative
Commons, 444 Castro Street, Suite 900, Mountain View, California, 94041, USA.
.. _usage:
Usage
=====
Django Conntrackt provides a very simple interface for reading and editing the
information about network connections across projects, as well as for obtaining
*iptables* rules.
Key concepts
------------
There is a couple of key concepts to be aware of throughout the documentation:
Project
A project is used to group the related entities. Project usually maps to
business projects being worked on by the organisation members.
Location
Location is used to group the related entities within a project. Locations
can be abstract, like *primary site*, *secondary site*, or *disaster
site*. They can also be more specific, like *Belgrade*, or *Stockholm*. The
layout of locations is completely up to the user of Conntrackt.
Entity
Entity is an origin or destination of network communication. An entity can
represent a single physical or virtual device (server, router, or some other
network-capable device), or it can represent a subnet (therefore being
mapped to multiple physical or virtual devices).
Every entity must have an assigned project and location.
Interface
Interface is used for representing a specific network interface on an
entity. In regular case, where the entity is a physical or virtual device,
an interface will map to a single IP address.
An interface is also used to provide subnet information for entities that
represent subnets.
Entity can have more than one interface assigned to it.
Communication
Communication is used to specify possible connections between entities. Each
communication contains information about source interface (of a specific,
source entity), destination interface (of a specific, target entity),
protocol type (TCP, UDP, ICMP), and port number (or, in case of ICMP,
package type).
In addition to describing the various connections that happen between
entities, communication information is also used for generating the
*iptables* rules for servers.
Users and permissions
---------------------
Conntrackt employs standard Django permissions for object creation and
modification. This includes ability to *add*, *change*, and *delete* projects,
locations, entities, interfaces, and communications.
In addition to write-related permissions, Conntrackt also comes with a single
read permission that is used to restrict read access to Conntrackt data (**Can
view information**). This permission is required in order to allow the users to
view the projects, locations, entities, interfaces, and communications. This is
the minimal permission necessary that should be granted to all users.
Navigating the pages
--------------------
Navigation bar
~~~~~~~~~~~~~~
The navigation bar is available on every page. Navigation bar contains at least
the following elements:
* **Main Page** link will take you to Conntrackt homepage.
* **Administration** link will take you to Django's built-in administrator
interface, which can be used both for managing the users, and for adding and
modifying content. It is recommended to use Conntrackt's *native* user
interface for adding and modifying content.
If you are currently logged-in, you will also be presented with the following
two elements:
* **Username**, which links to your profile page (NOT IMPLEMENTED).
* **Log-out** link.
If you are not logged-in, you will instead be presented with the following
elements:
* **Log-in** link, which will take you to the log-in page.
Main page
~~~~~~~~~
The main page gives a simple listing of the available projects and
locations.
Each row in a project listing includes:
* **Project name**, which can be clicked on in order to get to the *project
details page*.
* **Download project iptables link** (small book icon), which can be used for
downloading the iptables rules for an entire project.
* **Edit project link** (small pen icon), which can be used for editing basic
information about a project.
* **Remove project link** (small cross icon), which can be used for removing a
project.
Each row in a location listing includes:
* *Location name*.
* **Edit location link** (small pen icon), which can be used for editing basic
information about a location.
* **Remove location link** (small cross icon), which can be used for removing a
location.
Project details page
~~~~~~~~~~~~~~~~~~~~
The project details page provides listing of entities, as well as a diagram
showing the communications between them. The project details page also includes
links and buttons for manipulating the project information (including entities).
From top to bottom the page includes the following elements:
* Project title.
* Description of a project.
* Buttons for project-specific actions.
* Listing of end entities, grouped by locations.
* Communications diagram.
The project-specific buttons are:
* **Edit**, which can be used for editing basic information about a project.
* **Remove**, which can be used for removing a project.
* **Add entity**, which can be used for adding new entities to a project.
* **Add communication**, which can be used for adding a new communication to the
project.
* **Get Iptables**, which can be used for downloading *iptables* rules for all
entities in a project.
Each location-specific entity listing includes a *download location iptables*
link (small book icon), which can be used for downloading the *iptables* rules
for entities of a project in that particular location. Each entity row in the
listing includes:
* **Entity name**, which can be clicked on in order to get to the *entity
details page*.
* **Download entity iptables link** (small list icon), which can be used for
downloading the *iptables* rules for an entity.
* **Edit entity link** (small pen icon), which can be used for editing basic
information about an entity.
* **Remove entity link** (small cross icon), which can be used for removing an
entity.
A small **add entity** button is available within each location-specific
listing, which can also be used for adding entities to a project. The difference
is that if location-specific button is used, the location of new entity will be
pre-populated (saving some time).
The communications diagram displays all project entities, grouped by the
location, as well as communications between the entities. Each entity will be
represented by a distinctly-coloured square. The arrows pointing outside of the
entity represent an outgoing communication of an entity. Communications
displayed will also include information about the protocol and port being used.
The format of the diagram image is *SVG*.
Entity details page
~~~~~~~~~~~~~~~~~~~
The entity details page provides listing of entity's general information,
interfaces, incoming and outgoing communications, as well as the *iptables* rules.
From top to bottom the page includes the following elements:
* Entity name.
* Entity description.
* Buttons for entity-specific actions.
* General information about the entity.
* Listing of entity's interfaces.
* Listing of entity's incoming communications.
* Listing of entity's outgoing communications.
* *Iptables* rules for the entity.
The entity-specific buttons are:
* **Edit**, which can be used for editing basic information about an entity.
* **Remove**, which can be used for removing an entity.
* **Get Iptables**, which can be used for downloading the *iptables* rules for the
entity.
The general information about an entity includes:
* **Project** to which the entity belongs. The project name can be clicked on in
order to get to the project details page.
* *Location* where the entity can be found.
Each row of the interface listing includes:
* *Interface name*, with IP/netmask as well.
* **Edit interface link** (small pen icon), which can be used for editing basic
information about an interface.
* **Remove interface link** (small pen icon), which can be used for removing an
interface.
An **add interface** button can be found at the bottom of the interface listing,
which can be used for adding a new interface to the entity.
Each row of the incoming/outgoing communications listing includes:
* **Entity and interface name**, which can be clicked on in order to get to the
source/destination entity.
* **Edit communication link** (small pen icon), which can be used for editing
communication information.
* **Remove communication link** (small cross icon), which can be used for removing
a communication.
The *iptables rules* section displays the full *iptables* rules for an
entity. It also sports a convenient **download** button for getting the *iptables*
rules.
Managing projects
-----------------
Adding a project
~~~~~~~~~~~~~~~~
New projects can be added from the *main page*. You can navigate to the *main
page* via link in the navigation bar.
Once at the *main page*, click on the **Add project** button. This will take you
to a page where some basic project information can be provided:
* *Name* (mandatory). This is the name of the project. Project name must be
unique.
* *Description* (optional). This is the project description. This is a free-form
field, and it can be filled-up by user as needed.
Once the mandatory fields have been filled-up, click on the **Add** button to add
the project. If no errors have been reported, and project was created
successfully, you will be taken to the *project details page*.
Removing a project
~~~~~~~~~~~~~~~~~~
Project can be removed either via the *main page* or via *project details
page*.
In order to remove a project via *main page*, navigate to it, and click on the
**remove icon** (small cross) next to the project name in the project listing.
In order to remove a project via *project details page*, navigate to the *main
page*, click on the project name in order to be taken to the *project details
page*, and then click on the **Remove** button towards the top of the page.
In both cases you will be prompted to confirm the removal of project. Keep in
mind that removing a project will also remove any entities that are associated
with it, interfaces of those entities, as well as communications involving those
entities.
Updating a project
~~~~~~~~~~~~~~~~~~
Basic project information can be updated either via *main page* or via *project
details page*.
In order to update a project via *main page*, navigate to it, and click on the
**edit icon** (small pen) next to the project name in the project listing.
In order to update a project via *project details page*, navigate to the *main
page*, click on the project name in order to be taken to the *project details
page*, and then click on the **Edit** button towards the top of the page.
Both actions will take you to the update page for a project where you can edit
the *name* and *description* of an existing project. In order to apply the
changes you made, click on the **Update** button.
Managing locations
------------------
Adding a location
~~~~~~~~~~~~~~~~~
New locations can be added from the *main page*. You can navigate to the *main
page* via link in the navigation bar.
Once at the *main page*, click on the **Add location** button. This will take
you to a page where some basic location information can be provided:
* *Name* (mandatory). This is the name of the location. Location name must be
unique.
* *Description* (optional). This is the location description. This is a
free-form field, and it can be filled-up by user as needed.
Once the mandatory fields have been filled-up, click on the **Add** button to
add the location.
Removing a location
~~~~~~~~~~~~~~~~~~~
Location can be removed via the *main page*.
Navigate to the *main page*, and click on the **remove icon** (small cross) next
to the location name in the location listing.
You will be prompted to confirm the removal of location. Keep in mind that
removing a location will also remove any entities that are associated with it,
as well as interfaces and communications associated with those entities.
Updating a location
~~~~~~~~~~~~~~~~~~~
Basic location information can be updated via *main page*.
In order to update a location navigate to *main page*, and click on the **edit
icon** (small pen) next to the location name in the location listing.
This will take you to the update page for a location where you can edit the
*name* and *description* of an existing location. In order to apply the changes
you made, click on the **Update** button.
Managing entities
-----------------
Adding an entity
~~~~~~~~~~~~~~~~
New entities can be added to a project via *project details page*. The page can
be reached by going to the *main page*, and then clicking on specific project
name in project list.
Once at the *project details page*, click on the **Add entity** button, either
on the one towards the top of the page, or location-specific one. This will take
you to a page where some basic entity information can be provided:
* *Name* (mandatory). This is the name of an entity. Entity name must be unique
in a project. Same name can be used by multiple entities as long as they
belong to separate projects.
* *Description* (optional). This is the entity description. This is a free-form
field, and it can be filled-up by user as needed.
* *Project* (mandatory). This is the project that the entity will belong to. The
project will have a fixed value.
* *Location* (mandatory). This is the location where the entity is located. If
location-specific **Add entity** button was used, this field will have a fixed
value.
Once the mandatory fields have been filled-up, click on the **Add** button to
add the entity.
.. tip::
Using location-specific **Add entity** can be a great time-saver if you need
to add a lot of entities to a single location. Use it sparingly.
Removing an entity
~~~~~~~~~~~~~~~~~~
Entity can be removed either via the *project details page* or via *entity
details page*.
In order to remove an entity via *project details page*, navigate to it, and
click on the **remove icon** (small cross) next to the entity name.
In order to remove an entity via *entity details page*, navigate to the *project
details page*, click on the entity name in order to be taken to the *entity
details page*, and then click on the **Remove** button towards the top of the
page.
In both cases you will be prompted to confirm the removal of entity. Keep in
mind that removing an entity will also remove any interfaces that are associated
with it, as well as related communications.
Updating an entity
~~~~~~~~~~~~~~~~~~
Basic entity information can be updated either via *project details page* or via
*entity details page*.
In order to update an entity via *project details page*, navigate to it, and
click on the **edit icon** (small pen) next to the entity.
In order to update an entity via *entity details page*, navigate to the *project
details page*, click on the entity name in order to be taken to the *entity
details page*, and then click on the **Edit** button towards the top of the
page.
Both actions will take you to the update page for an entity where you can edit
the *name*, *description*, *project*, or *location* of an existing entity. In
order to apply the changes you made, click on the **Update** button.
.. warning::
Project to which an entity belongs can only be changed if there's no defined
communications involving the entity in its current project.
Managing interfaces
-------------------
Adding an interface
~~~~~~~~~~~~~~~~~~~
New interface can be added to an entity via *entity details page*. The page can
be reached by going to the *project details page*, and then clicking on specific
entity name in the list.
Once at the *entity details page*, click on the **Add interface** button. This
will take you to a page where some basic entity information can be provided:
* *Name* (mandatory). This is the name of an interface. Interface name must be
unique in an entity. Same name can be used by multiple interfaces as long as
they belong to separate entities.
* *Description* (optional). This is the interface description. This is a
free-form field, and it can be filled-up by user as needed.
* *Entity* (mandatory). This is the entity that the interface will belong
to. The entity will have a fixed value.
* *Address* (mandatory). This is the IP address of an interface.
* *Netmask* (mandatory). This is the netmask associated with the interface IP
address. If the entity address is not a subnet (i.e. it's supposed to be a
single IP address), netmask should be set to `255.255.255.255`. Conntrackt
takes into account the difference between single IP address and subnet,
producing slightly different *iptables* rules based on this (for single IP
addresses, the netmask of *255.255.255.255* is omitted).
Once the mandatory fields have been filled-up, click on the **Add** button to
add the interface. This will take you back to the *entity details page*.
Removing an interface
~~~~~~~~~~~~~~~~~~~~~
Location can be removed via the *entity details page*.
Navigate to the *entity details page*, and click on the **remove icon** (small cross) next
to the interface name in the interface listing.
You will be prompted to confirm the removal of interface. Keep in mind that
removing an interface will also remove any communications associated with that
interface.
Updating an interface
~~~~~~~~~~~~~~~~~~~~~
Basic interface information can be updated via *entity details page*.
In order to update an interface, navigate to *entity details page*, and click on
the **edit icon** (small pen) next to the interface name in the interface
listing.
This will take you to the update page for an interface where you can edit the
*name*, *description*, *entity*, *address*, and *netmask* of an existing
interface. In order to apply the changes you made, click on the **Update**
button.
Managing communications
-----------------------
Adding a communication
~~~~~~~~~~~~~~~~~~~~~~
New communications can be added to a project via *project details page* or via
*entity details page*.
In order to add a communication via *project details page*, navigate to it, and
click on the **Add communication** button.
In order to add a communication via *entity details page*, navigate to it, and
click on one of the **Add communication** buttons located in incoming/outgoing
communication listings.
In both cases this will take you to a page where communication information can
be provided:
* *Source* (mandatory). This is the source interface from which the
communication originates.
* *Destination* (mandatory). This is the destination interface at which the
communication terminates.
* *Protocol* (mandatory). This is the protocol used for the communication (*TCP*,
*UDP*, or *ICMP*).
* *Port* (mandatory). This is the port used for communication (in case of
TCP/ICMP), or packet type (in case of ICMP).
* *Description* (optional). This is the communication description. This is a
free-form field, and it can be filled-up by user as needed. The communication
description will be visible in the generated *iptables* rules as well (just
above the rule).
Once the mandatory fields have been filled-up, click on the **Add** button to
add the communication.
.. tip::
Using the **Add communication** buttons from the *entity details page* means
that the form will have pre-selected the source or destination to be the
first interface of the entity at hand. This can be quite useful when adding a
lot of communications that affect a specific entity (for example, database
server).
Removing a communication
~~~~~~~~~~~~~~~~~~~~~~~~
Location can be removed via the *entity details page*.
Navigate to the *entity details page*, and click on the **remove icon** (small cross) next
to the communcation in the incoming/outgoing communication listing.
You will be prompted to confirm the removal of communication.
Updating a communication
~~~~~~~~~~~~~~~~~~~~~~~~
Communication can be updated via *entity details page*.
In order to update a location navigate to *entity details page*, and click on
the **edit icon** (small pen) next to the communication in the incoming/outgoing
communication listing.
This will take you to the update page for a communication where you can edit the
*source*, *destination*, *protocol*, *port*, and *description* of an existing
communication. In order to apply the changes you made, click on the **Update**
button.
Generating and downloading *iptables* rules
-------------------------------------------
In addition to tracking the communications across a project, one of the main
features of Conntrackt is its ability to generate the *iptables* rules for all
entities in a project based on provided communications data.
These *iptables* rules can then be easily applied to *GNU/Linux* entities. The
rules are generated with the following restrictions in mind:
* Default target for *INPUT* chain is *DROP*.
* Default target for *FORWARD* chain is *DROP*.
* Default target for *OUTPUT* chain is *ALLOW*.
* No limits are imposed on the *OUTPUT* chain.
* Rules for the *INPUT* chain are applied using a whitelist. Only explicitly
defined communications in the *iptables* will be used to generate the *ACCEPT*
rules. The matching is performed based on *source*, *protocol*, and
destination *port*.
* The *INPUT* chain will contain the following default rules as well::
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
This will allow all incoming connections from the localhost itself, as well as
any incoming packages of previously-established connections.
Rules can be downloaded either induvidually, for a specific entity, or in
bulk. If downloaded in bulk, the *iptables* rules can be downloaded either for
an entire project, or for a specific location of a project.
The bulk download results in a ZIP archive which contains the *iptables* rules
for each entity in a separate file.
The *iptables* rules for a specific entity can be downloaded both from a
`Project details page`_ (the **download entity iptables link** that looks like a
small list icon, right next to the entity name), or via `Entity details page`_
(the **get iptables** button at top, and **download** button just below the
iptables listing).
Project *iptables* rules can be downloaded either via the *Main page* (**download
project iptables link** that looks like a small book next to the project), or
through the project details page (**download iptables** button at top).
Project *iptables* rules for a specific location can be downloaded from `Project
details page`_, via the small **download location iptables link** (small book
icon), located right next to the location name.
Managaing data through django.contrib.admin
-------------------------------------------
Although the preferred interface for managing data in Conntrackt is through its
own pages, it is possible to make modifications to the data through Django's
built-in administration interface (*django.contrib.admin*). It is possible to
both add new data, as well as modify the existing information.
The admin interface for Conntrackt behaves the same as for every Django
application, except for some convenience functionality that helps speed-up
adding or modification of some data.
The interfaces, entities, and communications pages allow editing most of the
data inline, which can speed-up the process quite a bit. In addition, all three
pages provide filters that allow you to easily view data specific to a
particular project and/or location. The filters are available on the right side.
While interfaces can be managed separately, you may find it much easier to
manage them from within the entity pages. When adding or modifying an entity,
you will have some inline forms for specifying entity's interfaces. This is the
recommended way to add and modify the interfaces for entities.
Wherever possible, inline fields are used in order to allow easier updates to
existing information. This is particularly useful in case of communications, and
to lesser effect entities and interfaces.
When editing communications you may find it particularly useful to add them
through the communications list page by first specifying a filter (by project
and/or location), and then clicking on the **Add communication** link. This way
the filter will be applied to *source* and *destination* fields.
For example, if you choose project **Test**, and location **Main site**, and
then click on the **Add communication** button, the *source* and *destination*
fields will be limited to entity interfaces that specificaly belong to the
**Test** project and location **Main site**.
You can also easily modify existing communications using the communication
listing page. From there you can easily modify source, destination, protocol,
and port. Similarly to adding a new communication, you can apply a filter that
will narrow-down the selection for source and destination. It is highly
recommended to apply the filter in this way.
|