Skip to content
/ ipt-onchain Public

Link iptables and onchain permissioning smart contracts (Ethereum)

License

Apache-2.0 license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

eum602/ipt-onchain

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

24 Commits
images
images
 
 
pkg
pkg
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
env.sh
env.sh
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
main.go
main.go
 
 
utils.go
utils.go
 
 

Repository files navigation

ipt-onchain

Introduction

How ipt-onchain works?

In a blockchain network, ipt-onchain is a particular implementation that allows a user secure its server connections to another participants in the network by using smart contracts as a source of trust.

In this implementation a daemon listens to an ethereum smart contract which tells the node to whom to establish a secure connection.

Basically two diagrams shows how it works:

  • An admin adds/remove a new participant in the newtowrk by adding this to a permissioning smart contract:

  • The daemon (that runs on your server) realizes a new connection has been added/removed in the smart contract and updates its firewall rules:

Requisites

  • golang 1.13 or higher versions

  • Your node should expose RPC in HTTP and WS protocols.

  • You need to allow access to the ethereum node to connect in the HTTP-RPC and WS-RPC ports (in this implemetation the ethereum node is hosted on the same machine where the daemon is running):

How to use

Deploy the onchain permissioning contracts

  • To interact with this project you should have deployed the smart contract to that allows you dinamically set which participants are allowed to connect. There are some permissioning smart contracts implementations out there. Particularly this project uses the Pegasys implementation. Please follow the instructions in order to deploy the smart contract in a set of nodes.

Clone the repository

Compile process (optional)

  • docker is required

  • Compiling contracts

cd pkg/onchain
chmod +x *.sh && ./main.sh
cd ../..

Building process

go get ./... && go build -o main

Preparing environment variables

  • Edit the environment variables on the file env.sh
vi ~/ipt-project/ipt-onchain/env.sh
export RPC_HTTP_URL=http://127.0.0.1:4545 #the RPC HTTP exposed port in your ethereum node.
export RPC_WS_URL=ws://127.0.0.1:4546 #the RPC WS exposed port in your ethereum node.
export NODE_INGRESS_CONTRACT_ADDRESS=0x0000000000000000000000000000000000009999 # please replace this address by the address corresponding to your permissioning smart contract deployment.
export ADD_DEFAULT_SECURITY_RULES=false #If set to true a new chain is added to the 'filter' table in the 'INPUT' chain

Running code

chmod +x env.sh
source env.sh
go run *.go

Results

  • Its is expected for you to have a chain "ONCHAIN" into the "filter" ip table in the INPUT chain.
  • Additionally if you configured ADD_DEFAULT_SECURITY_RULES environment variable as 'true' then and additional chain "DEFAULTSECURITYRULES" will be added into the INPUT chain in the "filter" ip table.

Contributions

Please feel free to contribute to this project.

About

Link iptables and onchain permissioning smart contracts (Ethereum)

Topics

ethereum security-automation firewall-rules onchain-permissioning

Resources

Readme

License

Apache-2.0 license
Activity

Stars

0 stars

Watchers

3 watching

Forks

0 forks
Report repository

Releases

1 tags

Packages

No packages published

Languages