python firewall for access control and reporting with rest api

My goal is to use a raspberry pi as a WiFi AP for restricted users, such as students, and interface the control through a rest API. I'll create a front end that allows administrators to restrict access to certain sites (i.e. youtube, netflix) for each wifi client or groups of clients based on the clients WiFi MAC address and the domain name or ip range of the websites. The ethernet plug will be used as an uplink.

My requirements are:

- please use python i want it to run natively on the raspberry pi, and i have some familiarity with the language

- all control functions are done through a rest API. you don't need to worry about the front end.

- maintain a local database (mysql is preferred) for configurations, and device history

- restrict access to certain internet sites/networks like an ACL based on the MAC and policies

- policies may apply to multiple MAC addresses and may apply at certain dates or times.

- policies restrict access based on IP range or domain name

- blocked clients are forced to a static html page hosted by the pi stating they are blocked

- i expect this will require a DNS server component which the wifi clients will use.

- clients may or may not interact with other clients on the network based on policy

- client traffic data is captured at high level (i.e. number of bytes per domain name or IP address) in five minute increments to generate internet history metrics.

- the API will have endpoints/functions such as:

-- listclients, returns a list of all clients, if they are blocked or isolated, their mac address, and a clientid (note i expect clientid and mac address to always be 1:1 but i dont' want to pass the mac address as api parameters)

-- clienthistory(clientid) -- returns the browsing history of the client based on clientid input

-- blockclient(clientid) -- places the client into a blocked policy restricting all internet access and lan access

-- unblockclient (clientid) -- removes that blocked policy

-- isolateclient(clientid) -- restricts the client to only internet communication, cannot access other nodes or clients on the local wifi network

-- unisolateclient(clientid) -- removes the isolation policy

-- nameclient(clientid, name) -- adds a friendly name to the client

-- addpolicy(name) -- creates a new policy shell, returns policyid (i.e. 'block_netflix')

-- clientpolicyadd (clientid, policyid) -- adds a client to the policy

-- clientpolicydelete (clientid, policyid) -- removes the client from the policy

-- clientpolicylist (policyid) -- returns the clients in that policy

-- schedulepolicyadd (policyid, starttime, endtime) -- adds a schedule to the policy that enforces the policy. the front end will handle recurring events as multiple api calls. the starttime and endtime will be unix utc time. returns schedulepolicyid

-- schedulepolicydelete (schedulepolicyid) -- removes the schedule from the policy

-- schedulepolicylist(policyid) -- returns a listing of all schedules for the policy (only future times). returns schedulepolicyid, starttime, endtime

-- domainpolicyadd (policyid, domainname) -- adds a domain name to the policy. note: in general, a wildcard subdomain should be applied for all domains (i.e. *.[login to view URL]). returns domainpolicyid

-- domainpolicydelete (domainpolicyid) -- deletes the domain policy

-- domainpolicylist (policyid) -- returns all the domain names and their domainpolicyid for that policy

-- ippolicyadd (policyid, ip_range) -- adds an internet ip address to the policy. ip_range should be in x.x.x.x/yy CIDR format so it allows a single or range of ip addresses. returns ippolicyid

-- ippolicydelete (ippolicyid) -- deletes the ippolicy from the policy

-- ippolicylist (policyid) -- returns all ip address ranges and ippolicyid within the policy

in general i prefer GET parameters for the API, and JSON for the returned content.

Skills: Python, MySQL, RESTful API, Network Administration, Raspberry Pi

See more: gae access control, source ip ranges, app engine firewall, which instances should you be able to ping from mynet-us-vm using internal ip addresses, gcp load balancer firewall rules, gcp firewall rules limit, firewall rule priority, gcp firewall rules, python post rest api, python rest api, python rest api client, rest api call access vba, python rest api populate database, access rest api, access 2003 rest api, using vba access rest api, rest api call access 2003 form, rest api vba access, call rest api access, python client rest api

About the Employer:
( 48 reviews ) Edmonton, Canada

Project ID: #25869095

Awarded to:

(6 Reviews)

6 freelancers are bidding on average $875 for this job


Hi, there. I am David, an IoT developer from France. I have developed WiFi devices based on Raspberry Pi and ESP32, ESP8266, other Arduino modules... 1. I will config the Raspberry Pi as Access Point. 2. I think the p More

$2500 CAD in 20 days
(1 Review)

Professional Python and RESTful API developer! I have worked on this field for 8+ years. My recent projects is similar to your requirement. I am confident about this project. I can start right now.

$700 CAD in 7 days
(2 Reviews)

Hi, I just reviewed your project description and interested in your job now . I am a full-stack developer who has rich experience in web development, especially in Raspberry Pi, Network Administration, RESTful API, Pyt More

$500 CAD in 3 days
(3 Reviews)

Hi Here is python and netork expert If you contact me, I can help you well. I'm ready now Please message me. Thanks Regards

$500 CAD in 7 days
(0 Reviews)

Hello, I have a few questions regarding your shared requirement. Please open the chat so we can discuss. I have 10 years of experience in PHP, Wordpress, Codeigniter, Laravel, Python, Django, JavaScript, Shopify, Magen More

$500 CAD in 7 days
(0 Reviews)