This project demonstrates the implementation of a basic Layer 2 firewall in a Software-Defined Network (SDN) environment, using the POX controller. The application acts as a learning switch with firewall functionality: it dynamically learns device locations and also blocks traffic between specific MAC address pairs based on a policy file.
- Layer 2 MAC Address Firewall: Enforces blocking between specified MAC address pairs.
- Learning Switch Logic: Forwards packets efficiently by learning device locations.
- Simple Policy File: Easily specify which MAC address pairs should not communicate.
- Mininet-based Test Topologies: Rapidly emulate and test network topologies.
sdn-firewall-project/
├── README.md
├── LICENSE
├── requirements.txt
├── setup_instructions.md
├── firewall-switch-app.py
├── firewall-mac-policies.csv
├── report/
│ ├── Major_Project_Report.pdf
│ ├── mp.pptx
└── docs/
├── project_summary.md
├── sdn_overview.md
└── annotated_code.md
- Ubuntu 20.04 (recommended, in a VM or natively)
- Mininet (for network emulation)
- POX controller (as the SDN controller)
- Python 2.7 (POX default)
- Optional: Wireshark, Iperf for networking/debugging
- Set up your environment
- Install Ubuntu (VM preferred).
- Update system:
sudo apt-get update && sudo apt-get upgrade
- Install Git:
sudo apt-get install git
- Install Mininet
git clone https://github.com/mininet/mininet
sudo apt install mininet- Test:
sudo mn --topo single,4 --test pingall
- Install POX
git clone https://github.com/noxrepo/pox- Test POX:
cd pox
./pox.py forwarding.l2_learning
- Clone this repository and copy your files
git clone https://github.com/yourusername/sdn-firewall-project.git- Set your MAC address policy
Edit
firewall-mac-policies.csv. Example:
00:00:00:00:00:01 00:00:00:00:00:03
00:00:00:00:00:02 00:00:00:00:00:04
Place this file at ~/pox/pox/forwarding/firewall-mac-policies.csv (or edit the code path to match your setup).
2. Run the POX firewall-switch app
cd ~/pox
./pox.py forwarding.firewall-switch-app- Start Mininet with your desired topology
- Minimal topology:
sudo mn --topo=single,4 --mac --controller=remote
- Test connectivity:
- Blocked: h1 to h3, h2 to h4 (if in policy file)
- Allowed: any not listed in policy
- Firewall rules are installed on switch connection by reading
firewall-mac-policies.csv. - Packets matching firewall rules (specific MAC src/dst pairs) are dropped.
- All other packets are handled by learning switch logic: the app learns device locations and optimizes forwarding.
- Pings between hosts as listed in the policy file will fail (blocked).
- All other pings will succeed (unless blocked by another rule).
firewall-switch-app.py— Main controller code.firewall-mac-policies.csv— MAC address firewall policy file.report/anddocs/— Project documentation, in-depth explanations, and academic materials.setup_instructions.md— Extended, step-by-step setup workflow.
- Project report:
report/Major_Project_Report.pdf - Presentation:
report/mp.pptx - See
report/for supporting documentation and academic references.
Add a LICENSE file as appropriate (MIT recommended for most academic projects).
Project by:
- Satya Swarup Panda — 1801227442
- Sibasis Rath — 1801227495
- Shreyansh — 1801227487
Supervised by Prof. Manas Ranjan Mishra, Department of Computer Science and Engineering, C.V. Raman Global University, Bhubaneswar.
For detailed setup and troubleshooting, refer to setup_instructions.md and the full project report.