Skip to content

CIRCLE / cloud

Go to a project
Commit 10d51ec8 by Bach Dániel
Options

firewall: update Blacklist model

parent 9fd1d4fe
Showing with 73 additions and 30 deletions
circle/firewall/admin.py
...@@ -132,7 +132,8 @@ class RecordAdmin(admin.ModelAdmin): ...@@ -132,7 +132,8 @@ class RecordAdmin(admin.ModelAdmin):
class BlacklistItemAdmin(admin.ModelAdmin): class BlacklistItemAdmin(admin.ModelAdmin):
list_display = ('ipv4', 'type', 'reason', 'created_at', 'modified_at') list_display = ('ipv4', 'whitelisted', 'reason', 'expires_at',
'created_at', 'modified_at')
class SwitchPortAdmin(admin.ModelAdmin): class SwitchPortAdmin(admin.ModelAdmin):
......
circle/firewall/fw.py
...@@ -19,14 +19,12 @@ import re ...@@ -19,14 +19,12 @@ import re
import logging import logging
from collections import OrderedDict from collections import OrderedDict
from netaddr import IPAddress, AddrFormatError from netaddr import IPAddress, AddrFormatError
from datetime import timedelta
from itertools import product from itertools import product
from .models import (Host, Rule, Vlan, Domain, Record, BlacklistItem, from .models import (Host, Rule, Vlan, Domain, Record, BlacklistItem,
SwitchPort) SwitchPort)
from .iptables import IptRule, IptChain from .iptables import IptRule, IptChain
import django.conf import django.conf
from django.db.models import Q
from django.template import loader, Context from django.template import loader, Context
from django.utils import timezone from django.utils import timezone
...@@ -161,10 +159,9 @@ class BuildFirewall: ...@@ -161,10 +159,9 @@ class BuildFirewall:
def ipset(): def ipset():
week = timezone.now() - timedelta(days=2) now = timezone.now()
filter_ban = (Q(type='tempban', modified_at__gte=week) | return BlacklistItem.objects.filter(whitelisted=False).exclude(
Q(type='permban')) expires_at__lt=now).values('ipv4', 'reason')
return BlacklistItem.objects.filter(filter_ban).values('ipv4', 'reason')
def ipv6_to_octal(ipv6): def ipv6_to_octal(ipv6):
......
circle/firewall/migrations/0003_auto_20150226_1927.py 0 → 100644
# -*- coding: utf-8 -*-
from __future__ import unicode_literals
from django.db import models, migrations
class Migration(migrations.Migration):
dependencies = [
('firewall', '0002_auto_20150115_0021'),
]
operations = [
migrations.RemoveField(
model_name='blacklistitem',
name='type',
),
migrations.AddField(
model_name='blacklistitem',
name='expires_at',
field=models.DateTimeField(default=None, null=True, verbose_name='expires at', blank=True),
preserve_default=True,
),
migrations.AddField(
model_name='blacklistitem',
name='whitelisted',
field=models.BooleanField(default=False, verbose_name='whitelisted'),
preserve_default=True,
),
migrations.AlterField(
model_name='blacklistitem',
name='ipv4',
field=models.GenericIPAddressField(protocol=b'ipv4', unique=True, verbose_name=b'IPv4 address'),
preserve_default=True,
),
migrations.AlterField(
model_name='blacklistitem',
name='reason',
field=models.TextField(null=True, verbose_name='reason', blank=True),
preserve_default=True,
),
migrations.AlterField(
model_name='blacklistitem',
name='snort_message',
field=models.TextField(null=True, verbose_name='short message', blank=True),
preserve_default=True,
),
]
circle/firewall/models.py
...@@ -1109,24 +1109,23 @@ class EthernetDevice(models.Model): ...@@ -1109,24 +1109,23 @@ class EthernetDevice(models.Model):
class BlacklistItem(models.Model): class BlacklistItem(models.Model):
CHOICES_type = (('permban', 'permanent ban'), ('tempban', 'temporary ban'), ipv4 = models.GenericIPAddressField(
('whitelist', 'whitelist'), ('tempwhite', 'tempwhite')) protocol='ipv4', unique=True, verbose_name=("IPv4 address"))
ipv4 = models.GenericIPAddressField(protocol='ipv4', unique=True) host = models.ForeignKey(
host = models.ForeignKey('Host', blank=True, null=True, 'Host', blank=True, null=True, verbose_name=_('host'))
verbose_name=_('host')) reason = models.TextField(
reason = models.TextField(blank=True, verbose_name=_('reason')) blank=True, null=True, verbose_name=_('reason'))
snort_message = models.TextField(blank=True, snort_message = models.TextField(
verbose_name=_('short message')) blank=True, null=True, verbose_name=_('short message'))
type = models.CharField(
max_length=10, whitelisted = models.BooleanField(
choices=CHOICES_type, default=False, verbose_name=_("whitelisted"))
default='tempban',
verbose_name=_('type')
)
created_at = models.DateTimeField(auto_now_add=True, created_at = models.DateTimeField(auto_now_add=True,
verbose_name=_('created_at')) verbose_name=_('created_at'))
modified_at = models.DateTimeField(auto_now=True, modified_at = models.DateTimeField(auto_now=True,
verbose_name=_('modified_at')) verbose_name=_('modified_at'))
expires_at = models.DateTimeField(blank=True, null=True, default=None,
verbose_name=_('expires at'))
def save(self, *args, **kwargs): def save(self, *args, **kwargs):
self.full_clean() self.full_clean()
......
circle/network/forms.py
...@@ -54,8 +54,10 @@ class BlacklistItemForm(ModelForm): ...@@ -54,8 +54,10 @@ class BlacklistItemForm(ModelForm):
'', '',
'ipv4', 'ipv4',
'host', 'host',
'expires_at',
'whitelisted',
'reason', 'reason',
'type', 'snort_message',
) )
), ),
FormActions( FormActions(
......
circle/network/tables.py
...@@ -45,7 +45,7 @@ class BlacklistItemTable(Table): ...@@ -45,7 +45,7 @@ class BlacklistItemTable(Table):
class Meta: class Meta:
model = Domain model = Domain
attrs = {'class': 'table table-striped table-condensed'} attrs = {'class': 'table table-striped table-condensed'}
fields = ('ipv4', 'host', 'reason', 'type') fields = ('ipv4', 'host', 'expires_at', 'whitelisted', 'reason')
order_by = ('ipv4', ) order_by = ('ipv4', )
......
circle/network/views.py
...@@ -137,8 +137,7 @@ class BlacklistDetail(LoginRequiredMixin, SuperuserRequiredMixin, ...@@ -137,8 +137,7 @@ class BlacklistDetail(LoginRequiredMixin, SuperuserRequiredMixin,
model = BlacklistItem model = BlacklistItem
template_name = "network/blacklist-edit.html" template_name = "network/blacklist-edit.html"
form_class = BlacklistItemForm form_class = BlacklistItemForm
success_message = _(u'Successfully modified blacklist item ' success_message = _(u'Successfully modified blacklist item %(ipv4)s.')
'%(ipv4)s - %(type)s.')
def get_success_url(self): def get_success_url(self):
if 'pk' in self.kwargs: if 'pk' in self.kwargs:
...@@ -155,8 +154,7 @@ class BlacklistCreate(LoginRequiredMixin, SuperuserRequiredMixin, ...@@ -155,8 +154,7 @@ class BlacklistCreate(LoginRequiredMixin, SuperuserRequiredMixin,
model = BlacklistItem model = BlacklistItem
template_name = "network/blacklist-create.html" template_name = "network/blacklist-create.html"
form_class = BlacklistItemForm form_class = BlacklistItemForm
success_message = _(u'Successfully created blacklist item ' success_message = _(u'Successfully created blacklist item %(ipv4)s')
'%(ipv4)s - %(type)s.')
class BlacklistDelete(LoginRequiredMixin, SuperuserRequiredMixin, DeleteView): class BlacklistDelete(LoginRequiredMixin, SuperuserRequiredMixin, DeleteView):
...@@ -168,9 +166,7 @@ class BlacklistDelete(LoginRequiredMixin, SuperuserRequiredMixin, DeleteView): ...@@ -168,9 +166,7 @@ class BlacklistDelete(LoginRequiredMixin, SuperuserRequiredMixin, DeleteView):
context = super(BlacklistDelete, self).get_context_data(**kwargs) context = super(BlacklistDelete, self).get_context_data(**kwargs)
if 'pk' in self.kwargs: if 'pk' in self.kwargs:
to_delete = BlacklistItem.objects.get(pk=self.kwargs['pk']) to_delete = BlacklistItem.objects.get(pk=self.kwargs['pk'])
context['object'] = "%s - %s - %s" % (to_delete.ipv4, context['object'] = "%s - %s" % (to_delete.ipv4, to_delete.reason)
to_delete.reason,
to_delete.type)
return context return context
def get_success_url(self): def get_success_url(self):
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or sign in to comment