firewall: random fixes

235ff37f · Bach Dániel · 717e1e0e · 235ff37f · 235ff37f · 235ff37f
Commit 235ff37f authored May 13, 2013 by Bach Dániel
Hide whitespace changes
Inline Side-by-side

Showing with 9 additions and 11 deletions

cloud/settings/base.py
+1 -1

firewall/fw.py
+3 -3

firewall/views.py
+5 -7

No files found.
--- a/cloud/settings/base.py
+++ b/cloud/settings/base.py
@@ -263,7 +263,7 @@ FIREWALL_SETTINGS = {
 }
 SITE_NAME = "IK Cloud"
 DEFAULT_FROM_EMAIL = "noreply@cloud.ik.bme.hu"
-DELETE_VM = False
+DELETE_VM = True
 EMAIL_HOST = '152.66.243.92'  # giccero ipv4
 CLOUD_URL = 'https://cloud.ik.bme.hu/'
 try:

--- a/firewall/fw.py
+++ b/firewall/fw.py
@@ -212,10 +212,10 @@ class Firewall:
        # hard-wired rules
        self.iptablesnat('-A POSTROUTING -s 10.5.0.0/16 -o vlan0003 -j SNAT '
                '--to-source 10.3.255.254') # man elerheto legyen
-        self.iptablesnat('-A POSTROUTING -s 10.5.0.0/16 -o vlan0008 -j SNAT '
+        self.iptablesnat('-A POSTROUTING -o vlan0008 -j SNAT '
                '--to-source 10.0.0.247') # wolf network for printing
-        self.iptablesnat('-A POSTROUTING -s 10.3.0.0/16 -o vlan0002 -j SNAT '
-                '--to-source %s' % self.pub.ipv4) # kulonben nemmegy a du
+        self.iptablesnat('-A POSTROUTING -s 10.3.0.0/16 -p udp --dport 53 -o vlan0002 -j SNAT '
+                '--to-source %s' % self.pub.ipv4) # kulonben nem megy a dns man-ban

        self.iptablesnat('COMMIT')


--- a/firewall/views.py
+++ b/firewall/views.py
@@ -49,7 +49,7 @@ def firewall_api(request):
            obj.snort_message=data["snort_message"]
            if created:
                try:
-                    obj.host = models.Host.objects.get(ipv4=data["ip"])
+                    obj.host = Host.objects.get(ipv4=data["ip"])
                    user = obj.host.owner
                    lang = user.person_set.all()[0].language
                    translation.activate(lang)
@@ -61,8 +61,6 @@ def firewall_api(request):
                    SendMailTask.delay(to=obj.host.owner.email, subject='[IK Cloud] %s' % obj.host.instance_set.get().name, msg=msg, sender=u'cloud@ik.bme.hu')
                except (Host.DoesNotExist, ValidationError, IntegrityError, AttributeError):
                    pass
-            print obj.modified_at + datetime.timedelta(minutes=5)
-            print datetime.datetime.utcnow().replace(tzinfo=utc)
            if obj.type == 'tempwhite' and obj.modified_at + datetime.timedelta(minutes=1) < datetime.datetime.utcnow().replace(tzinfo=utc):
                obj.type = 'tempban'
            obj.save()
@@ -76,10 +74,10 @@ def firewall_api(request):
        if command == "create":
            data["owner"] = "opennebula"
            owner = auth.models.User.objects.get(username=data["owner"])
-            host = models.Host(hostname=data["hostname"],
-                    vlan=models.Vlan.objects.get(name=data["vlan"]),
+            host = Host(hostname=data["hostname"],
+                    vlan=Vlan.objects.get(name=data["vlan"]),
                    mac=data["mac"], ipv4=data["ip"], owner=owner,
-                    description=data["description"], pub_ipv4=models.
+                    description=data["description"], pub_ipv4=
                        Vlan.objects.get(name=data["vlan"]).snat_ip,
                    shared_ip=True)
            host.full_clean()
@@ -96,7 +94,7 @@ def firewall_api(request):
            data["owner"] = "opennebula"
            print data["hostname"]
            owner = auth.models.User.objects.get(username=data["owner"])
-            host = models.Host.objects.get(hostname=data["hostname"],
+            host = Host.objects.get(hostname=data["hostname"],
                    owner=owner)

            host.delete()