diff --git a/Makefile b/Makefile
index e759ac9f55f03860771c25f8df7cb5eab3c10daa..bae1767d48f43e18126f64a9921fddf4772bc56e 100644
--- a/Makefile
+++ b/Makefile
@@ -1,50 +1,7 @@
-flowspytag = $(shell git describe --abbrev=0)
-flowspyver = $(shell git describe --abbrev=0 | egrep -o '([0-9]+\.){1,10}[0-9]+' | sed -e 's/\./_/g')
-name = $(shell basename $(shell pwd))
-
-# You can set these variables from the command line.
-SPHINXOPTS =
-SPHINXBUILD = sphinx-build
-PAPER =
-BUILDDIR = doc/build
-
-# Internal variables.
-PAPEROPT_a4 = -D latex_paper_size=a4
-PAPEROPT_letter = -D latex_paper_size=letter
-ALLSPHINXOPTS = -d $(BUILDDIR)/doctrees $(PAPEROPT_$(PAPER)) $(SPHINXOPTS) doc/source
-
-.PHONY: help dist distclean docclean html latex text
help:
- @echo "Please use \`make <target>' where <target> is one of"
- @echo " html to make standalone HTML files"
- @echo " latex to make LaTeX files, you can set PAPER=a4 or PAPER=letter"
- @echo " text to make standalone txt files"
-
-dist:
- git archive --format tar --prefix $(name)-$(flowspyver)/ -o $(name)-$(flowspyver).tar $(flowspytag)
- gzip -f $(name)-$(flowspyver).tar
-
-distclean:
- @rm -f *tar.gz
-
-docclean:
- -rm -rf $(BUILDDIR)/*
-
-html:
- $(SPHINXBUILD) -b html $(ALLSPHINXOPTS) $(BUILDDIR)/html
- @echo
- @echo "Build finished. The HTML pages are in $(BUILDDIR)/html."
-
-latex:
- $(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex
- @echo
- @echo "Build finished; the LaTeX files are in $(BUILDDIR)/latex."
- @echo "Run \`make all-pdf' or \`make all-ps' in that directory to" \
- "run these through (pdf)latex."
+ @grep -E "^[^ ]+:" Makefile | grep -v ^help
-text:
- $(SPHINXBUILD) -b text $(ALLSPHINXOPTS) $(BUILDDIR)/text
- @echo
- @echo "Done"
+docu-html:
+ mkdocs build
diff --git a/Makefile-sphinx b/Makefile-sphinx
new file mode 100644
index 0000000000000000000000000000000000000000..e759ac9f55f03860771c25f8df7cb5eab3c10daa
--- /dev/null
+++ b/Makefile-sphinx
@@ -0,0 +1,50 @@
+flowspytag = $(shell git describe --abbrev=0)
+flowspyver = $(shell git describe --abbrev=0 | egrep -o '([0-9]+\.){1,10}[0-9]+' | sed -e 's/\./_/g')
+name = $(shell basename $(shell pwd))
+
+# You can set these variables from the command line.
+SPHINXOPTS =
+SPHINXBUILD = sphinx-build
+PAPER =
+BUILDDIR = doc/build
+
+# Internal variables.
+PAPEROPT_a4 = -D latex_paper_size=a4
+PAPEROPT_letter = -D latex_paper_size=letter
+ALLSPHINXOPTS = -d $(BUILDDIR)/doctrees $(PAPEROPT_$(PAPER)) $(SPHINXOPTS) doc/source
+
+.PHONY: help dist distclean docclean html latex text
+
+help:
+ @echo "Please use \`make <target>' where <target> is one of"
+ @echo " html to make standalone HTML files"
+ @echo " latex to make LaTeX files, you can set PAPER=a4 or PAPER=letter"
+ @echo " text to make standalone txt files"
+
+dist:
+ git archive --format tar --prefix $(name)-$(flowspyver)/ -o $(name)-$(flowspyver).tar $(flowspytag)
+ gzip -f $(name)-$(flowspyver).tar
+
+distclean:
+ @rm -f *tar.gz
+
+docclean:
+ -rm -rf $(BUILDDIR)/*
+
+html:
+ $(SPHINXBUILD) -b html $(ALLSPHINXOPTS) $(BUILDDIR)/html
+ @echo
+ @echo "Build finished. The HTML pages are in $(BUILDDIR)/html."
+
+latex:
+ $(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex
+ @echo
+ @echo "Build finished; the LaTeX files are in $(BUILDDIR)/latex."
+ @echo "Run \`make all-pdf' or \`make all-ps' in that directory to" \
+ "run these through (pdf)latex."
+
+text:
+ $(SPHINXBUILD) -b text $(ALLSPHINXOPTS) $(BUILDDIR)/text
+ @echo
+ @echo "Done"
+
diff --git a/doc/api.md b/doc/api/api-v1.3.md
similarity index 99%
rename from doc/api.md
rename to doc/api/api-v1.3.md
index 96bfb0c190ee388b1020b97b1fab6d184e6da5bb..6f536d83c77ca7246362b0d22aafd4c513d064cf 100644
--- a/doc/api.md
+++ b/doc/api/api-v1.3.md
@@ -1,3 +1,5 @@
+# REST API v1.3
+
# Description
Current version of FoD officially has a REST API.
diff --git a/doc/api/api-v1.7.md b/doc/api/api-v1.7.md
new file mode 100644
index 0000000000000000000000000000000000000000..daa8c11263582b3cb9d68b31841495cb8e71a182
--- /dev/null
+++ b/doc/api/api-v1.7.md
@@ -0,0 +1,345 @@
+# REST API v1.7
+
+# Description
+
+Current version of FoD officially has a REST API.
+The API needs authentication. Out of the box the supported authentication
+type is Token Authentication.
+
+TO UPDATE
+
+## Generating Tokens
+
+A user can generate an API token using the FoD UI. Select "My Profile" from the
+top right menu and on the "Api Token" section click "Generate One".
+
+## Accessing the API
+
+The API is available at `/api/`. One can see the available API endpoints for
+each model by making a GET request there. An authentication token must be added
+in the request:
+
+* Using `cURL`, add the `-H "Authorization: Token <your-token>"`
+parameter
+* Using Postman, under the "Headers" add a header with name
+"Authorization" and value "Token <your-token>".
+
+# Endpoints
+
+REST API provides the following endpoints that will be described in more detail in the next sections:
+
+* `/api/routes/`
+* `/api/thenactions/`
+* `/api/matchprotocol/`
+* `/api/matchdscp/`
+* `/api/fragmenttypes/`
+* `/api/stats/routes/`
+
+
+# Usage Examples
+
+Some basic usage examples will be provided including available
+actions. Examples will be provided in `cURL` form.
+
+An example will be provided for `ThenAction`. This example applies to most other
+models (`MatchPort`, `FragmentType`, `MatchProtocol`, `MatchDscp`) except
+`Route` which is more complex and will be treated separately.
+
+## ThenAction
+
+### GET
+
+#### All items
+
+URL: `/api/thenactions/`
+
+Example:
+```
+curl -X GET https://fod.example.com/api/thenactions/ -H "Authorization: Token <your-token>"
+
+RESPONSE:
+[
+ "discard",
+ "rate-limit:10000k",
+ "rate-limit:1000k",
+ "rate-limit:100k"
+]
+```
+
+## Route
+
+### GET
+
+#### All items
+
+URL: `/api/routes/`
+
+Example:
+```
+curl -X GET https://fod.example.com/api/routes/ -H "Authorization: Token <your-token>"
+
+RESPONSE:
+[
+ {
+ "applier": "admin",
+ "comments": "test comment",
+ "destination": "1.0.0.4/32",
+ "destinationport": "124",
+ "dscp": [],
+ "expires": "2021-04-15",
+ "filed": "2021-03-17T13:39:04.244120Z",
+ "fragmenttype": [],
+ "icmpcode": null,
+ "id": 62,
+ "last_updated": "2021-03-17T13:39:04.244151Z",
+ "name": "test_66ML9G",
+ "packetlength": null,
+ "port": null,
+ "protocol": [
+ "udp"
+ ],
+ "requesters_address": null,
+ "response": null,
+ "source": "0.0.0.0/0",
+ "sourceport": "123",
+ "status": "PENDING",
+ "tcpflag": null,
+ "then": [
+ "discard"
+ ]
+ }
+ ...
+]
+```
+
+#### A specific item
+
+One can also GET a specific `Route`, by using the `id` in the GET url
+
+URL: `/api/routes/<route-id>/`
+
+Example:
+```
+curl -X GET https://fod.example.com/api/routes/1/ -H "Authorization: Token <your-token>"
+
+RESPONSE:
+{
+ "applier": "admin",
+ "comments": "test comment",
+ "destination": "1.0.0.4/32",
+ "destinationport": "124",
+ "dscp": [],
+ "expires": "2021-04-15",
+ "filed": "2021-03-17T13:39:04.244120Z",
+ "fragmenttype": [],
+ "icmpcode": null,
+ "id": 62,
+ "last_updated": "2021-03-17T13:39:04.244151Z",
+ "name": "test_66ML9G",
+ "packetlength": null,
+ "port": null,
+ "protocol": [
+ "udp"
+ ],
+ "requesters_address": null,
+ "response": null,
+ "source": "0.0.0.0/0",
+ "sourceport": "123",
+ "status": "PENDING",
+ "tcpflag": null,
+ "then": [
+ "discard"
+ ]
+}
+```
+
+### POST
+
+Required fields:
+
+* `name`: a name for the route
+* `source`: a source subnet in CIDR formation
+* `destination`: a destination subnet in CIDR formation
+* `comments`: a small comment on what this route is about
+
+The response will contain all the additional fields
+
+URL: `/api/routes/`
+
+Example input data file `newroute.json`:
+
+```
+{
+ "comments": "test comment",
+ "destination": "1.0.0.4/32",
+ "destinationport": "124",
+ "name": "test",
+ "protocol": [
+ "udp"
+ ],
+ "source": "0.0.0.0/0",
+ "sourceport": "123",
+ "then": ["discard"]
+}
+```
+
+```
+curl -X POST --data-binary @newroute.json -H "Content-Type: application/json" -H "Authorization: Token <your-token>" https://fod.example.com/api/routes/
+
+RESPONSE:
+{
+ "name": "test_OLLFTU",
+ "id": 63,
+ "comments": "test comment",
+ "applier": "admin",
+ "source": "0.0.0.0/0",
+ "sourceport": "123",
+ "destination": "1.0.0.4/32",
+ "destinationport": "124",
+ "port": null,
+ "dscp": [],
+ "fragmenttype": [],
+ "icmpcode": null,
+ "packetlength": null,
+ "protocol": [
+ "udp"
+ ],
+ "tcpflag": null,
+ "then": [
+ "discard"
+ ],
+ "filed": "2021-04-14T12:11:58.352094Z",
+ "last_updated": "2021-04-14T12:11:58.352141Z",
+ "status": "PENDING",
+ "expires": "2021-05-13",
+ "response": null,
+ "requesters_address": null
+}
+```
+
+Notice that the `Route` has a `PENDING` status. This happens because the `Route`
+is applied asynchronously to the Flowspec device (the API does not wait for the
+operation). After a while the `Route` application will be finished and the
+`status` field will contain the updated status (`ACTIVE`, `ERROR` etc).
+You can check this `Route`s status by issuing a `GET` request with the `id`
+the API returned.
+
+This `Route`, however, is totally useless, since it applies no action for the
+matched traffic. Let's add one with a `then` action which will discard it.
+
+To do that, we must first add a `ThenAction` (or pick one of the already
+existing) since we need it's `id`. Let's assume a `ThenAction` with an `id` of
+`4` exists. To create a new `Route` with this `ThenAction`:
+
+```
+curl -X POST https://fod.example.com/api/routes/ -F "source=62.217.45.75/32" -F "destination=62.217.45.91/32" -F "name=testroute" -F "comments=Route for testing" -F "then=https://fod.example.com/api/thenactions/4" -H "Authorization: Token <your-token>"
+
+{
+ "name":"testroute_9Q5Y90",
+ "id":5,
+ "comments":"Route for testing",
+ "applier":"admin",
+ "source":"62.217.45.75/32",
+ "sourceport":[],
+ "destination":"62.217.45.94/32",
+ "destinationport":[],
+ "port":[],
+ "dscp":[],
+ "fragmenttype":[],
+ "icmpcode":null,
+ "packetlength":null,
+ "protocol":[],
+ "tcpflag":null,
+ "then":[
+ "https://fod.example.com/api/thenactions/4/"
+ ],
+ "filed":"2017-03-29T14:21:03.261Z",
+ "last_updated":"2017-03-29T14:21:03.261Z",
+ "status":"PENDING",
+ "expires":"2017-04-05",
+ "response":null,
+ "requesters_address":null
+}
+```
+
+With the same process one can associate a `Route` with the `MatchPort`,
+`FragmentType`, `MatchProtocol` & `MatchDscp` models.
+
+NOTE:
+
+When adding multiple `ForeignKey` related fields (such as multiple
+`MatchPort` or `ThenAction` items) it is best to use a `json` file on the
+request instead of specifying each field as a form argument.
+
+Example:
+
+```
+curl -X POST https://fod.example.com/api/routes/ -d@data.json -H "Authorization: Token <your-token>"
+
+data.json:
+{
+ "name": "testroute",
+ "comments": "Route for testing",
+ "then": [
+ "https://fod.example.com/api/thenactions/4",
+ "https://fod.example.com/api/thenactions/5",
+ ],
+ "source": "62.217.45.75/32",
+ "destination": "62.217.45.91/32"
+}
+
+RESPONSE:
+{
+ "name":"testroute_9Q5Y90",
+ "id":5,
+ "comments":"Route for testing",
+ "applier":"admin",
+ "source":"62.217.45.75/32",
+ "sourceport":[],
+ "destination":"62.217.45.94/32",
+ "destinationport":[],
+ "port":[],
+ "dscp":[],
+ "fragmenttype":[],
+ "icmpcode":null,
+ "packetlength":null,
+ "protocol":[],
+ "tcpflag":null,
+ "then":[
+ "https://fod.example.com/api/thenactions/4/"
+ ],
+ "filed":"2017-03-29T14:21:03.261Z",
+ "last_updated":"2017-03-29T14:21:03.261Z",
+ "status":"PENDING",
+ "expires":"2017-04-05",
+ "response":null,
+ "requesters_address":null
+}
+```
+
+### PUT, PATCH
+
+`Route` objects can be modified using the `PUT` / `PATCH` HTTP methods.
+
+When using `PUT` all fields should be specified (see `POST` section).
+However, when using `PATCH` one can specify single fields too. This is useful
+for changing the `status` of an `INACTIVE` `Route` to `ACTIVE`.
+
+The process is the same as described above with `POST`. Don't forget to use
+the correct method.
+
+### DELETE
+
+See `ThenAction`s.
+
+### General notes on `Route` models:
+
+* When `POST`ing a new `Route`, FoD will automatically commit it to the flowspec
+device. Thus, `POST`ing a new `Route` with a status of `INACTIVE` has no effect,
+since the `Route` will be activated and the status will be restored to `ACTIVE`.
+* When `DELETE`ing a `Route`, the actual `Route` object will remain. FoD will
+only delete the rule from the flowspec device and change the `Route`'s status to
+'INACTIVE'
+* When changing (`PUT`/`PATCH`) a `Route`, FoD will sync the changes to the
+flowspec device. Changing the status of the `Route` will activate / delete the
+rule respectively.
diff --git a/doc/configuration/configuration-v1.3.md b/doc/configuration/configuration-v1.3.md
new file mode 100644
index 0000000000000000000000000000000000000000..77e9b789339e617b64713b159b457e4e3fe02cb7
--- /dev/null
+++ b/doc/configuration/configuration-v1.3.md
@@ -0,0 +1,273 @@
+# Configuration v1.3
+
+Time to configure flowspy.
+
+First of all you have to copy the dist files to their proper position:
+
+ # cd /srv/flowspy/flowspy
+ # cp settings.py.dist settings.py
+ # cp urls.py.dist urls.py
+
+Then, you have to edit the settings.py file to correspond to your needs. The settings one has to focus on are:
+
+## Settings.py
+Its time to configure `settings.py` in order to connect flowspy with a database, a network device and a broker.
+
+So lets edit settings.py file.
+
+It is strongly advised that you do not change the following to False
+values unless, you want to integrate FoD with you CRM or members
+database. This implies that you are able/have the rights to create
+database views between the two databases:
+
+ PEER_MANAGED_TABLE = True
+ PEER_RANGE_MANAGED_TABLE = True
+ PEER_TECHC_MANAGED_TABLE = True
+
+By doing that the corresponding tables as defined in peers/models will
+not be created. As noted above, you have to create the views that the
+tables will rely on.
+
+### Administrators
+
+ ADMINS: set your admin name and email (assuming that your server can send notifications)
+
+### Secret Key
+Please put a random string in `SECRET_KEY` setting.
+Make this *unique*, and don't share it with anybody. It's the unique identifier of this instance of the application.
+
+### Allowed hosts
+A list of strings representing the host/domain names that this Django site can serve. This is a security measure to prevent an attacker from poisoning caches and password reset emails with links to malicious hosts by submitting requests with a fake HTTP Host header, which is possible even under many seemingly-safe webserver configurations.
+
+For example:
+
+ ALLOWED_HOSTS = ['*']
+
+### Protected subnets
+Subnets for which source or destination address will prevent rule creation and notify the `NOTIFY_ADMIN_MAILS`.
+
+ PROTECTED_SUBNETS = ['10.10.0.0/16']
+
+
+### Database
+`DATABASES` should contain the database credentials:
+
+ DATABASES = {
+ 'default': {
+ 'ENGINE': 'django.db.backends.mysql',
+ 'NAME': 'flowspy',
+ 'USER': '<db user>',
+ 'PASSWORD': '<db password>',
+ 'HOST': '<db host>',
+ 'PORT': '',
+ }
+ }
+
+### Localization
+By default Flowspy has translations for English and Greek. In case you want to add
+another language, or remove one of the existing, you can change the `LANGUAGES`
+variable and follow [django's localization documentation](https://docs.djangoproject.com/en/1.4/topics/i18n/translation/#localization-how-to-create-language-files)
+
+You might want to change `TIME_ZONE` setting too. Here is a [list](http://en.wikipedia.org/wiki/List_of_tz_database_time_zones)
+
+
+### Cache
+Flowspy uses cache in order to be fast. We recomend the usage of memcached, but
+any cache backend supported by django should work fine.
+
+ CACHES = {
+ 'default': {
+ 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
+ 'LOCATION': '127.0.0.1:11211',
+ }
+ }
+
+### Network device access
+We have to inform django about the device we set up earlier.
+
+ NETCONF_DEVICE = "device.example.com"
+ NETCONF_USER = "<netconf user>"
+ NETCONF_PASS = "<netconf password>"
+ NETCONF_PORT = 830
+
+
+### Beanstalkd
+Beanstalk configuration (as a broker for celery)
+
+ BROKER_HOST = "localhost"
+ BROKER_PORT = 11300
+ POLLS_TUBE = 'polls'
+ BROKER_URL = "beanstalk://localhost:11300//"
+
+### Notifications
+Outgoing mail address and prefix.
+
+ SERVER_EMAIL = "Example FoD Service <noreply@example.com>"
+ EMAIL_SUBJECT_PREFIX = "[FoD] "
+ NOTIFY_ADMIN_MAILS = ["admin@example.com"]
+
+
+If you have not installed an outgoing mail server you can always use your own account (either corporate or gmail, hotmail ,etc) by adding the
+following lines in settings.py:
+
+ EMAIL_USE_TLS = True #(or False)
+ EMAIL_HOST = 'smtp.example.com'
+ EMAIL_HOST_USER = 'username'
+ EMAIL_HOST_PASSWORD = 'yourpassword'
+ EMAIL_PORT = 587 #(outgoing)
+
+### Whois servers
+Add two whois servers in order to be able to get all the subnets for an AS.
+
+ PRIMARY_WHOIS = 'whois.example.com'
+ ALTERNATE_WHOIS = 'whois.example.net'
+
+### Branding
+Fill your company's information in order to show it in flowspy.
+
+ BRANDING = {
+ 'name': 'Example.com',
+ 'url': 'https://example.com',
+ 'footer_iframe': 'https://example.com/iframes/footer/',
+ 'facebook': '//facebook.com/example.com',
+ 'twitter': '//twitter.com/examplecom',
+ 'phone': '800-12-12345',
+ 'email': 'helpdesk@example.com',
+ 'logo': 'logo.png',
+ 'favicon': 'favicon.ico',
+ }
+
+
+### Shibboleth
+Flowspy supports shibboleth authentication.
+
+ SHIB_AUTH_ENTITLEMENT = 'urn:mace'
+ SHIB_ADMIN_DOMAIN = 'example.com'
+ SHIB_LOGOUT_URL = 'https://example.com/Shibboleth.sso/Logout'
+ SHIB_USERNAME = ['HTTP_EPPN']
+ SHIB_MAIL = ['mail', 'HTTP_MAIL', 'HTTP_SHIB_INETORGPERSON_MAIL']
+ SHIB_FIRSTNAME = ['HTTP_SHIB_INETORGPERSON_GIVENNAME']
+ SHIB_LASTNAME = ['HTTP_SHIB_PERSON_SURNAME']
+ SHIB_ENTITLEMENT = ['HTTP_SHIB_EP_ENTITLEMENT']
+
+### Syncing the database
+To create all the tables needed by FoD we have to run the following commands:
+
+ cd /srv/flowspy
+ ./manage.py syncdb --noinput
+ ./manage.py migrate
+
+## Create a superuser
+A superuser can be added by using the following command from `/srv/flowspy/`:
+
+ ./manage.py createsuperuser
+
+
+## Propagate the flatpages
+Inside the initial\_data/fixtures\_manual.xml file we have placed 4
+flatpages (2 for Greek, 2 for English) with Information and Terms of
+Service about the service. To import the flatpages, run from root
+folder:
+
+ python manage.py loaddata initial_data/fixtures_manual.xml
+
+### Celery
+Celery is a distributed task queue, which helps FoD run some async tasks, like applying a flowspec rule to a router.
+
+`Note` In order to check if celery runs or even debug it, you can run:
+
+ ./manage.py celeryd --loglevel=debug
+
+
+### Testing/Debugging
+In order to see what went wrong you can check the following things.
+
+#### Django
+You can start the server manually by running:
+
+ ./manage.py runserver 127.0.0.1:8081
+
+By doing so, you can serve your application like gunicord does just to test that its starting properly. This command should not be used in production!
+
+Of course you have to stop gunicorn and make sure that port 8081 is free.
+
+#### Gunicorn
+Just curl from the server http://localhost:8081
+
+#### Celery
+In order to check if celery is working properly one can start celery by typing:
+
+ ./manage.py celeryd --loglevel=debug
+
+Again this is for debug purposes.
+
+
+#### Connectivity to flowspec device
+Just try to connect with the credentials you entered in settings.py from the host that will be serving flowspy.
+
+
+#### General Test
+Log in to the admin interface via https://<hostname>/admin. Go to Peer ranges and add a new range (part of/or a complete subnet), eg. 10.20.0.0/19 Go to Peers and add a new peer, eg. id: 1, name: Test, AS: 16503, tag: TEST and move the network you have created from Available to Chosen. From the admin front, go to User, and edit your user. From the bottom of the page, select the TEST peer and save. Last but not least, modify as required the existing (example.com) Site instance (admin home->Sites). You are done. As you are logged-in via the admin, there is no need to go through Shibboleth at this time. Go to https://<hostname>/ and create a new rule. Your rule should be applied on the flowspec capable device after aprox. 10 seconds.
+
+## Footer
+Under the templates folder (templates), you can alter the footer.html
+file to include your own footer messages, badges, etc.
+
+## Welcome Page
+Under the templates folder (templates), you can alter the welcome page -
+welcome.html with your own images, carousel, videos, etc.
+
+## Usage
+
+### Web interface
+FoD comes with a web interface, in which one can edit and apply new routes.
+
+### Rest Api
+FoD provides a rest api. It uses token as authentication method.
+
+### Generating Tokens
+A user can generate a token for his account on "my profile" page from FoD's
+UI. Then by using this token in the header of the request he can list, retrieve,
+modify and create rules.
+
+### Example Usage
+Here are some examples:
+
+#### GET items
+- List all the rules your user has created (admin users can see all the rules)
+
+ curl -X GET https://fod.example.com/api/routes/ -H 'Authorization: Token <Your users token>'
+
+- Retrieve a specific rule:
+
+ curl -X GET https://fod.example.com/api/routes/<rule_id>/ -H 'Authorization: Token <Your users token>'
+
+- In order to create or modify a rule you have to use POST/PUT methods.
+
+#### POST/PUT rules
+In order to update or create rules you can follow this example:
+
+##### Foreign Keys
+In order to create/modify a rule you have to connect the rule with some foreign keys:
+
+###### Ports, Fragmentypes, protocols, thenactions
+When creating a rule, one can specify:
+
+- source port
+- destination port
+- port (if source = destination)
+
+That can be done by getting the url of the desired port instance from `/api/ports/<port_id>/`
+
+Same with Fragmentypes in `/api/fragmenttypes/<fragmenttype_id>/`, protocols in `/api/matchprotocol/<protocol_id>/` and then actions in `/api/thenactions/<action_id>/`.
+
+Since we have the urls we want to connect with the rule we want to create, we can make a POST request like the following:
+
+
+ curl -X POST -H 'Authorization: Token <Your users token>' -F "name=Example" -F "comments=Description" -F "source=0.0.0.0/0" -F "sourceport=https://fod.example.com/api/ports/7/" -F "destination=203.0.113.12" https://fod.example.com/api/routes/
+
+And here is a PUT request example:
+
+ curl -X PUT -F "name=Example" -F "comments=Description" -F "source=0.0.0.0/0" -F "sourceport=https://fod.example.com/api/ports/7/" -F "destination=83.212.9.93" https://fod.example.com/api/routes/12/ -H 'Authorization: Token <Your users token>'
+
+
diff --git a/doc/configuration.md b/doc/configuration/configuration-v1.7.md
similarity index 99%
rename from doc/configuration.md
rename to doc/configuration/configuration-v1.7.md
index 905a06be0a7db152a87049d5648925c2235a92e2..a5d85d4aa16df973bae5ec875487c5c62cf7333a 100644
--- a/doc/configuration.md
+++ b/doc/configuration/configuration-v1.7.md
@@ -1,3 +1,5 @@
+# Configuration v1.7
+
Time to configure flowspy.
First of all you have to copy the dist files to their proper position:
diff --git a/doc/index.md b/doc/index.md
index 27d4a5c555d936c21d3dfdb868fd640665140846..df54ab08dbb790e6529abaa1f51aca2e50687d2d 100644
--- a/doc/index.md
+++ b/doc/index.md
@@ -7,16 +7,18 @@ combination of a Shibboleth attribute and the peer network address range
that the user originates from. FoD is meant to operate over this
architecture:
- +-----------+ +------------+ +------------+
- | FoD | NETCONF | flowspec | ebgp | router |
- | web app +----------> device +--------> |
- +-----------+ +------+-----+ +------------+
- | ebgp
- |
- +------v-----+
- | router |
- | |
- +------------+
+```
+ +-----------+ +------------+ +------------+
+ | FoD | NETCONF | flowspec | ebgp | router |
+ | web app +----------> device +--------> |
+ +-----------+ +------+-----+ +------------+
+ | ebgp
+ |
+ +------v-----+
+ | router |
+ | |
+ +------------+
+```
NETCONF is chosen as the mgmt protocol to apply rules to a single
flowspec capable device. Rules are then propagated via igbp to all
@@ -28,7 +30,14 @@ case the flowspec capable device is an EX4200.
>
> Make sure your FoD server has SSH access to your flowspec device.
-# Contact
+# Contact
+
+You can find more about FoD or raise your issues at [Github FoD
+repository].
+
+You can contact us directly at fod{at}geant[dot]net
+
+# GRNET Contact
You can find more about FoD or raise your issues at [Github FoD
repository].
@@ -37,11 +46,15 @@ You can contact us directly at dev{at}noc[dot]grnet(.)gr
# Repositories
- - [Github FoD repository](https://github.com/grnet/flowspy)
+ - [GEANT Github FoD repository](https://github.com/GEANT/FOD)
+
+ - [GRNET Github FoD repository](https://github.com/grnet/flowspy)
## Copyright and license
+Copyright © 2017-2021 GÉANT4-3 WP8 T3
+
Copyright © 2010-2017 Greek Research and Technology Network (GRNET S.A.)
This program is free software: you can redistribute it and/or modify
diff --git a/doc/installation/debian_wheezy.md b/doc/installation/v1.3/debian_wheezy.md
similarity index 99%
rename from doc/installation/debian_wheezy.md
rename to doc/installation/v1.3/debian_wheezy.md
index 4018b011dfd8b877961ba745a78041fccbfb1570..0b94d90a29f8326c1448dc1c4f0104e018735b0d 100644
--- a/doc/installation/debian_wheezy.md
+++ b/doc/installation/v1.3/debian_wheezy.md
@@ -1,4 +1,5 @@
-# Debian Wheezy (x64) - Django 1.4.x
+# Installing Flowspy v1.3 on Debian Wheezy (x64) - Django 1.4.x
+
The following document describes the installation process of Firewall On Demand
on a Debian Wheezy machine with Django 1.4
diff --git a/doc/installation/generic.md b/doc/installation/v1.3/generic.md
similarity index 99%
rename from doc/installation/generic.md
rename to doc/installation/v1.3/generic.md
index b92df5c391a70b60beaa49698f19f89e95dc5849..67728249c8fba6183515c1226b92619b4cd4634c 100644
--- a/doc/installation/generic.md
+++ b/doc/installation/v1.3/generic.md
@@ -1,4 +1,5 @@
-# Installing Flowspy
+# Installing Flowspy v1.3 Generic
+
This guide provides general information about the installation of Flowspy. In case you use Debian Wheezy or Red Hat Linux, we provide detailed instructions for the installation.
Also it assumes that installation is carried out in `/srv/flowspy`
diff --git a/doc/installation/redhat.md b/doc/installation/v1.3/redhat.md
similarity index 99%
rename from doc/installation/redhat.md
rename to doc/installation/v1.3/redhat.md
index 196c218e0048e66b388b561f3d80aaa00342cab9..fd8f58c4da22271e2aa5004d299a6355dd7467e3 100644
--- a/doc/installation/redhat.md
+++ b/doc/installation/v1.3/redhat.md
@@ -1,3 +1,5 @@
+# Installing Flowspy v1.3 on Redhat
+
The following document describes the installation process of Firewall On Demand
on a redhat 6.5 machine with linux 2.6.32-431.17.1.el6.x86_64.
diff --git a/doc/installation/v1.7/docker.md b/doc/installation/v1.7/docker.md
new file mode 100644
index 0000000000000000000000000000000000000000..9df6b09ee23e80b8735098c5bea087ceadeb40a7
--- /dev/null
+++ b/doc/installation/v1.7/docker.md
@@ -0,0 +1,15 @@
+# Installing Flowspy v1.7 with Docker
+
+This guide provides general information about the installation of Flowspy. In case you use Debian Wheezy or Red Hat Linux, we provide detailed instructions for the installation.
+
+Also it assumes that installation is carried out in `/srv/flowspy`
+directory. If other directory is to be used, please change the
+corresponding configuration files. It is also assumed that the `root` user
+will perform every action.
+
+TO UPDATE
+
+## Requirements
+
+### System Requirements
+
diff --git a/doc/installation/v1.7/generic.md b/doc/installation/v1.7/generic.md
new file mode 100644
index 0000000000000000000000000000000000000000..17f877baf462c2faa076c97d4384d976503749ba
--- /dev/null
+++ b/doc/installation/v1.7/generic.md
@@ -0,0 +1,134 @@
+# Installing Flowspy v1.7 Generic
+
+This guide provides general information about the installation of Flowspy. In case you use Debian Wheezy or Red Hat Linux, we provide detailed instructions for the installation.
+
+Also it assumes that installation is carried out in `/srv/flowspy`
+directory. If other directory is to be used, please change the
+corresponding configuration files. It is also assumed that the `root` user
+will perform every action.
+
+TO UPDATE
+
+## Requirements
+
+### System Requirements
+In order to install FoD properly, make sure the following software is installed on your computer.
+
+- apache 2
+- memcached
+- libapache2-mod-proxy-html
+- gunicorn
+- beanstalkd
+- mysql
+- python
+- pip
+- libxml2-dev
+- libxslt-dev
+- gcc
+- python-dev
+
+### Pip
+In order to install the required python packages for Flowspy you can use pip:
+
+ pip install -r requirements.txt
+
+### Create a database
+If you are using mysql, you should create a database:
+
+ mysql -u root -p -e 'create database fod'
+
+### Download Flowspy
+You can download Fod from GRNETs github repository. Then you have to unzip the file and place it under /srv.
+
+ cd /tmp
+ wget https://github.com/grnet/flowspy/archive/v1.2.zip
+ unzip v1.2.zip
+ mv flowspy-1.2 /srv/flowspy/
+
+### Copy dist files
+
+ cd /srv/flowspy/flowspy
+ cp settings.py.dist settings.py
+ cp urls.py.dist urls.py
+
+### Device Configuration
+Flowspy generates and commits flowspec rules to a
+device via netconf. You have to create an account
+with rw access to flowspec and set these credentials
+in settings.py. See Configuration for details.
+
+
+### Adding some default data
+Into `/srv/flowspy` you will notice that there is a directory called `initial_data`. In there, there is a file called `fixtures_manual.xml` which contains some default static pages for django's flatpages app. In this file we have placed 4 flatpages (2 for Greek, 2 for English) with Information and Terms of Service about the service. To import the flatpages, run from `/srv/flowspy`:
+
+ ./manage.py loaddata initial_data/fixtures_manual.xml
+
+
+### Beanstalkd
+Just start beanstalk already!
+
+ service beanstalkd start
+
+
+### Apache2
+Apache proxies gunicorn. Things are more flexible here as you may follow your own configuration and conventions.
+
+#### Example config
+Here is an example configuration.
+
+ <VirtualHost *:80>
+ ServerName fod.example.org
+ DocumentRoot /var/www
+ ErrorLog /var/log/httpd/fod_error.log
+ LogLevel debug
+ CustomLog /var/log/httpd/fod_access.log combined
+ RewriteEngine On
+ RewriteRule ^/(.*) https://fod.example.com/$1 [L,R]
+ </VirtualHost>
+
+
+ <VirtualHost *:443>
+ SSLEngine on
+ SSLProtocol TLSv1
+
+ SSLCertificateFile /home/local/GEANT/dante.spatharas/filename.crt
+ SSLCertificateKeyFile /home/local/GEANT/dante.spatharas/filename.key
+ SSLCACertificateFile /home/local/GEANT/dante.spatharas/filename.crt
+
+
+ Alias /static /srv/flowspy/static
+
+ AddDefaultCharset UTF-8
+ IndexOptions +Charset=UTF-8
+
+ #SSLProxyEngine off
+ ProxyErrorOverride off
+ ProxyTimeout 28800
+ ProxyPass /static !
+ ProxyPass / http://localhost:8080/ retry=0
+ ProxyPassReverse / http://localhost:8080/
+
+ </VirtualHost>
+
+`Important!` You have to comment out/disable the default `Virtualhost` defined on line 74 until the end of this block at `/etc/httpd/conf.d/ssl.conf `.
+
+
+### Gunicorn
+FoD is served via gunicorn and is then proxied by Apache. If the above
+directory conventions have been followed so far, then your configuration
+should be:
+
+ CONFIG = {
+ 'mode': 'django',
+ 'working_dir': '/srv/flowspy',
+ 'args': (
+ '--bind=127.0.0.1:8081',
+ '--workers=1',
+ '--worker-class=egg:gunicorn#gevent',
+ '--timeout=30',
+ '--debug',
+ '--log-level=debug',
+ '--log-file=/var/log/gunicorn/fod.log',
+ ),
+ }
+
diff --git a/mkdocs.yml b/mkdocs.yml
index 505cc653d88c1a365cb09c9815167a3b6dbf1f00..9a1e39daec43b7e5e9c9c111ab6badabfb0c8d99 100644
--- a/mkdocs.yml
+++ b/mkdocs.yml
@@ -1,13 +1,25 @@
site_name: Firewall On Demand
-repo_url: https://github.com/grnet/flowspy/
+#repo_url: https://github.com/grnet/flowspy/
+repo_url: https://github.com/GEANT/FOD/
+#site_author: Stavros Kroustouris
+site_author: GÉANT4-3 WP8 T3
docs_dir: doc
-site_author: Stavros Kroustouris
-theme: readthedocs
-pages:
+#theme: readthedocs
+#pages:
+nav:
- 'Introduction': 'index.md'
- 'Installation':
- - 'Generic': 'installation/generic.md'
- - 'Debian': 'installation/debian_wheezy.md'
- - 'Red Hat': 'installation/redhat.md'
- - 'Configuration': 'configuration.md'
- - 'API': 'api.md'
+ - 'v1.3':
+ - 'Generic': 'installation/v1.3/generic.md'
+ - 'Debian': 'installation/v1.3/debian_wheezy.md'
+ - 'Red Hat': 'installation/v1.3/redhat.md'
+ - 'v1.7':
+ - 'Generic': 'installation/v1.7/generic.md'
+ - 'Docker': 'installation/v1.7/docker.md'
+ - 'Configuration':
+ - 'v1.3': 'configuration/configuration-v1.3.md'
+ - 'v1.7': 'configuration/configuration-v1.7.md'
+ - 'API':
+ - 'v1.3': 'api/api-v1.3.md'
+ - 'v1.7': 'api/api-v1.7.md'
+