Commit 30a50ad7 by Dudás Ádám

erőltetem a szabályokat

parent 61dac5d1
...@@ -261,7 +261,8 @@ class firewall: ...@@ -261,7 +261,8 @@ class firewall:
for s_vlan in self.vlans: for s_vlan in self.vlans:
for d_vlan in self.vlans: for d_vlan in self.vlans:
self.iptables('-N %s_%s' % (s_vlan, d_vlan)) self.iptables('-N %s_%s' % (s_vlan, d_vlan))
self.iptables('-A FORWARD -i %s -o %s -g %s_%s' % (s_vlan.interface, d_vlan.interface, s_vlan, d_vlan)) self.iptables('-A FORWARD -i %s -o %s -g %s_%s' %
(s_vlan.interface, d_vlan.interface, s_vlan, d_vlan))
# hosts' rules # hosts' rules
for i_vlan in self.vlans: for i_vlan in self.vlans:
......
...@@ -13,37 +13,50 @@ from django.db.models.signals import post_save ...@@ -13,37 +13,50 @@ from django.db.models.signals import post_save
import re import re
class Rule(models.Model): class Rule(models.Model):
CHOICES_type = (('host', 'host'), ('firewall', 'firewall'), ('vlan', 'vlan')) CHOICES_type = (('host', 'host'), ('firewall', 'firewall'),
('vlan', 'vlan'))
CHOICES_proto = (('tcp', 'tcp'), ('udp', 'udp'), ('icmp', 'icmp')) CHOICES_proto = (('tcp', 'tcp'), ('udp', 'udp'), ('icmp', 'icmp'))
CHOICES_dir = (('0', 'out'), ('1', 'in')) CHOICES_dir = (('0', 'out'), ('1', 'in'))
direction = models.CharField(max_length=1, choices=CHOICES_dir, blank=False) direction = models.CharField(max_length=1, choices=CHOICES_dir,
blank=False)
description = models.TextField(blank=True) description = models.TextField(blank=True)
foreign_network = models.ForeignKey('VlanGroup', related_name="ForeignRules") foreign_network = models.ForeignKey('VlanGroup',
dport = models.IntegerField(blank=True, null=True, validators=[MinValueValidator(1), MaxValueValidator(65535)]) related_name="ForeignRules")
sport = models.IntegerField(blank=True, null=True, validators=[MinValueValidator(1), MaxValueValidator(65535)]) dport = models.IntegerField(blank=True, null=True,
proto = models.CharField(max_length=10, choices=CHOICES_proto, blank=True, null=True) validators=[MinValueValidator(1), MaxValueValidator(65535)])
sport = models.IntegerField(blank=True, null=True,
validators=[MinValueValidator(1), MaxValueValidator(65535)])
proto = models.CharField(max_length=10, choices=CHOICES_proto,
blank=True, null=True)
extra = models.TextField(blank=True) extra = models.TextField(blank=True)
accept = models.BooleanField(default=False) accept = models.BooleanField(default=False)
owner = models.ForeignKey(User, blank=True, null=True) owner = models.ForeignKey(User, blank=True, null=True)
r_type = models.CharField(max_length=10, choices=CHOICES_type) r_type = models.CharField(max_length=10, choices=CHOICES_type)
nat = models.BooleanField(default=False) nat = models.BooleanField(default=False)
nat_dport = models.IntegerField(blank=True, null=True, validators=[MinValueValidator(1), MaxValueValidator(65535)]) nat_dport = models.IntegerField(blank=True, null=True,
validators=[MinValueValidator(1), MaxValueValidator(65535)])
created_at = models.DateTimeField(auto_now_add=True) created_at = models.DateTimeField(auto_now_add=True)
modified_at = models.DateTimeField(auto_now=True) modified_at = models.DateTimeField(auto_now=True)
vlan = models.ForeignKey('Vlan', related_name="rules", blank=True, null=True) vlan = models.ForeignKey('Vlan', related_name="rules", blank=True,
vlangroup = models.ForeignKey('VlanGroup', related_name="rules", blank=True, null=True) null=True)
host = models.ForeignKey('Host', related_name="rules", blank=True, null=True) vlangroup = models.ForeignKey('VlanGroup', related_name="rules",
hostgroup = models.ForeignKey('Group', related_name="rules", blank=True, null=True) blank=True, null=True)
firewall = models.ForeignKey('Firewall', related_name="rules", blank=True, null=True) host = models.ForeignKey('Host', related_name="rules", blank=True,
null=True)
hostgroup = models.ForeignKey('Group', related_name="rules",
blank=True, null=True)
firewall = models.ForeignKey('Firewall', related_name="rules",
blank=True, null=True)
def __unicode__(self): def __unicode__(self):
return self.desc() return self.desc()
def clean(self): def clean(self):
count = 0 count = 0
for field in [self.vlan, self.vlangroup, self.host, self.hostgroup, self.firewall]: for field in [self.vlan, self.vlangroup, self.host, self.hostgroup,
self.firewall]:
if field is None: if field is None:
count = count + 1 count = count + 1
if count != 4: if count != 4:
...@@ -57,11 +70,16 @@ class Rule(models.Model): ...@@ -57,11 +70,16 @@ class Rule(models.Model):
para = "sport=%s %s" % (self.sport, para) para = "sport=%s %s" % (self.sport, para)
if(self.proto): if(self.proto):
para = "proto=%s %s" % (self.proto, para) para = "proto=%s %s" % (self.proto, para)
return u'[' + self.r_type + u'] ' + (unicode(self.foreign_network) + u' ▸ ' + self.r_type if self.direction=='1' else self.r_type + u' ▸ ' + unicode(self.foreign_network)) + u' ' + para + u' ' +self.description return (u'[' + self.r_type + u'] ' +
(unicode(self.foreign_network) + u' ▸ ' + self.r_type
if self.direction == '1' else self.r_type + u' ▸ ' +
unicode(self.foreign_network)) + u' ' + para + u' ' +
self.description)
class Vlan(models.Model): class Vlan(models.Model):
vid = models.IntegerField(unique=True) vid = models.IntegerField(unique=True)
name = models.CharField(max_length=20, unique=True, validators=[val_alfanum]) name = models.CharField(max_length=20, unique=True,
validators=[val_alfanum])
prefix4 = models.IntegerField(default=16) prefix4 = models.IntegerField(default=16)
prefix6 = models.IntegerField(default=80) prefix6 = models.IntegerField(default=80)
interface = models.CharField(max_length=20, unique=True) interface = models.CharField(max_length=20, unique=True)
...@@ -69,8 +87,10 @@ class Vlan(models.Model): ...@@ -69,8 +87,10 @@ class Vlan(models.Model):
net6 = models.GenericIPAddressField(protocol='ipv6', unique=True) net6 = models.GenericIPAddressField(protocol='ipv6', unique=True)
ipv4 = models.GenericIPAddressField(protocol='ipv4', unique=True) ipv4 = models.GenericIPAddressField(protocol='ipv4', unique=True)
ipv6 = models.GenericIPAddressField(protocol='ipv6', unique=True) ipv6 = models.GenericIPAddressField(protocol='ipv6', unique=True)
snat_ip = models.GenericIPAddressField(protocol='ipv4', blank=True, null=True) snat_ip = models.GenericIPAddressField(protocol='ipv4', blank=True,
snat_to = models.ManyToManyField('self', symmetrical=False, blank=True, null=True) null=True)
snat_to = models.ManyToManyField('self', symmetrical=False, blank=True,
null=True)
description = models.TextField(blank=True) description = models.TextField(blank=True)
comment = models.TextField(blank=True) comment = models.TextField(blank=True)
domain = models.ForeignKey('Domain') domain = models.ForeignKey('Domain')
...@@ -91,7 +111,8 @@ class Vlan(models.Model): ...@@ -91,7 +111,8 @@ class Vlan(models.Model):
class VlanGroup(models.Model): class VlanGroup(models.Model):
name = models.CharField(max_length=20, unique=True) name = models.CharField(max_length=20, unique=True)
vlans = models.ManyToManyField('Vlan', symmetrical=False, blank=True, null=True) vlans = models.ManyToManyField('Vlan', symmetrical=False, blank=True,
null=True)
description = models.TextField(blank=True) description = models.TextField(blank=True)
owner = models.ForeignKey(User, blank=True, null=True) owner = models.ForeignKey(User, blank=True, null=True)
created_at = models.DateTimeField(auto_now_add=True) created_at = models.DateTimeField(auto_now_add=True)
...@@ -111,19 +132,24 @@ class Group(models.Model): ...@@ -111,19 +132,24 @@ class Group(models.Model):
return self.name return self.name
class Host(models.Model): class Host(models.Model):
hostname = models.CharField(max_length=40, unique=True, validators=[val_alfanum]) hostname = models.CharField(max_length=40, unique=True,
reverse = models.CharField(max_length=40, validators=[val_domain], blank=True, null=True) validators=[val_alfanum])
reverse = models.CharField(max_length=40, validators=[val_domain],
blank=True, null=True)
mac = MACAddressField(unique=True) mac = MACAddressField(unique=True)
ipv4 = models.GenericIPAddressField(protocol='ipv4', unique=True) ipv4 = models.GenericIPAddressField(protocol='ipv4', unique=True)
pub_ipv4 = models.GenericIPAddressField(protocol='ipv4', blank=True, null=True) pub_ipv4 = models.GenericIPAddressField(protocol='ipv4', blank=True,
ipv6 = models.GenericIPAddressField(protocol='ipv6', unique=True, blank=True, null=True) null=True)
ipv6 = models.GenericIPAddressField(protocol='ipv6', unique=True,
blank=True, null=True)
shared_ip = models.BooleanField(default=False) shared_ip = models.BooleanField(default=False)
description = models.TextField(blank=True) description = models.TextField(blank=True)
comment = models.TextField(blank=True) comment = models.TextField(blank=True)
location = models.TextField(blank=True) location = models.TextField(blank=True)
vlan = models.ForeignKey('Vlan') vlan = models.ForeignKey('Vlan')
owner = models.ForeignKey(User) owner = models.ForeignKey(User)
groups = models.ManyToManyField('Group', symmetrical=False, blank=True, null=True) groups = models.ManyToManyField('Group', symmetrical=False, blank=True,
null=True)
created_at = models.DateTimeField(auto_now_add=True) created_at = models.DateTimeField(auto_now_add=True)
modified_at = models.DateTimeField(auto_now=True) modified_at = models.DateTimeField(auto_now=True)
...@@ -134,16 +160,19 @@ class Host(models.Model): ...@@ -134,16 +160,19 @@ class Host(models.Model):
id = self.id id = self.id
if not self.id and self.ipv6 == "auto": if not self.id and self.ipv6 == "auto":
self.ipv6 = ipv4_2_ipv6(self.ipv4) self.ipv6 = ipv4_2_ipv6(self.ipv4)
if not self.shared_ip and self.pub_ipv4 and Host.objects.exclude(id=self.id).filter(pub_ipv4=self.pub_ipv4): if (not self.shared_ip and self.pub_ipv4 and Host.objects.
exclude(id=self.id).filter(pub_ipv4=self.pub_ipv4)):
raise ValidationError("Ha a shared_ip be van pipalva, akkor egyedinek kell lennie a pub_ipv4-nek!") raise ValidationError("Ha a shared_ip be van pipalva, akkor egyedinek kell lennie a pub_ipv4-nek!")
if Host.objects.exclude(id=self.id).filter(pub_ipv4=self.ipv4): if Host.objects.exclude(id=self.id).filter(pub_ipv4=self.ipv4):
raise ValidationError("Egy masik host natolt cimet nem hasznalhatod sajat ipv4-nek") raise ValidationError("Egy masik host natolt cimet nem hasznalhatod sajat ipv4-nek")
self.full_clean() self.full_clean()
super(Host, self).save(*args, **kwargs) super(Host, self).save(*args, **kwargs)
if(id is None): if id is None:
Record(domain=self.vlan.domain, host=self, type='A', owner=self.owner).save() Record(domain=self.vlan.domain, host=self, type='A',
owner=self.owner).save()
if self.ipv6: if self.ipv6:
Record(domain=self.vlan.domain, host=self, type='AAAA', owner=self.owner).save() Record(domain=self.vlan.domain, host=self, type='AAAA',
owner=self.owner).save()
def enable_net(self): def enable_net(self):
self.groups.add(Group.objects.get(name="netezhet")) self.groups.add(Group.objects.get(name="netezhet"))
...@@ -154,18 +183,24 @@ class Host(models.Model): ...@@ -154,18 +183,24 @@ class Host(models.Model):
raise ValidationError("Csak az 1024 feletti portok hasznalhatok") raise ValidationError("Csak az 1024 feletti portok hasznalhatok")
for host in Host.objects.filter(pub_ipv4=self.pub_ipv4): for host in Host.objects.filter(pub_ipv4=self.pub_ipv4):
if host.rules.filter(nat=True, proto=proto, dport=public): if host.rules.filter(nat=True, proto=proto, dport=public):
raise ValidationError("A %s %s port mar hasznalva" % (proto, public)) raise ValidationError("A %s %s port mar hasznalva" %
rule = Rule(direction='1', owner=self.owner, dport=public, proto=proto, nat=True, accept=True, r_type="host", nat_dport=private, host=self, foreign_network=VlanGroup.objects.get(name=settings["default_vlangroup"])) (proto, public))
rule = Rule(direction='1', owner=self.owner, dport=public,
proto=proto, nat=True, accept=True, r_type="host",
nat_dport=private, host=self, foreign_network=VlanGroup.
objects.get(name=settings["default_vlangroup"]))
rule.full_clean() rule.full_clean()
rule.save() rule.save()
def del_port(self, proto, public): def del_port(self, proto, public):
self.rules.filter(owner=self.owner, proto=proto, nat=True, dport=public).delete() self.rules.filter(owner=self.owner, proto=proto, nat=True,
dport=public).delete()
def list_ports(self): def list_ports(self):
retval = [] retval = []
for rule in self.rules.filter(owner=self.owner, nat=True): for rule in self.rules.filter(owner=self.owner, nat=True):
retval.append({'proto': rule.proto, 'public': rule.dport, 'private': rule.nat_dport}) retval.append({'proto': rule.proto, 'public': rule.dport,
'private': rule.nat_dport})
return retval return retval
def del_rules(self): def del_rules(self):
...@@ -193,8 +228,10 @@ class Domain(models.Model): ...@@ -193,8 +228,10 @@ class Domain(models.Model):
return self.name return self.name
class Record(models.Model): class Record(models.Model):
CHOICES_type = (('A', 'A'), ('CNAME', 'CNAME'), ('AAAA', 'AAAA'), ('MX', 'MX'), ('NS', 'NS'), ('PTR', 'PTR'), ('TXT', 'TXT')) CHOICES_type = (('A', 'A'), ('CNAME', 'CNAME'), ('AAAA', 'AAAA'),
name = models.CharField(max_length=40, validators=[val_domain], blank=True, null=True) ('MX', 'MX'), ('NS', 'NS'), ('PTR', 'PTR'), ('TXT', 'TXT'))
name = models.CharField(max_length=40, validators=[val_domain],
blank=True, null=True)
domain = models.ForeignKey('Domain') domain = models.ForeignKey('Domain')
host = models.ForeignKey('Host', blank=True, null=True) host = models.ForeignKey('Host', blank=True, null=True)
type = models.CharField(max_length=6, choices=CHOICES_type) type = models.CharField(max_length=6, choices=CHOICES_type)
...@@ -225,9 +262,11 @@ class Record(models.Model): ...@@ -225,9 +262,11 @@ class Record(models.Model):
if self.host and self.type in ['CNAME', 'A', 'AAAA']: if self.host and self.type in ['CNAME', 'A', 'AAAA']:
if self.type == 'CNAME': if self.type == 'CNAME':
if not self.name or self.address: if not self.name or self.address:
raise ValidationError(u'CNAME rekordnal csak a name legyen kitoltve, ha van host beallitva') raise ValidationError(u'CNAME rekordnal csak a name '
'legyen kitoltve, ha van host beallitva')
elif self.name or self.address: elif self.name or self.address:
raise ValidationError(u'A, AAAA rekord eseten nem szabad megadni name-t, address-t, ha tarsitva van host') raise ValidationError(u'A, AAAA rekord eseten nem szabad '
'megadni name-t, address-t, ha tarsitva van host')
else: else:
if not self.address: if not self.address:
raise ValidationError(u'address hianyzik') raise ValidationError(u'address hianyzik')
...@@ -243,16 +282,20 @@ class Record(models.Model): ...@@ -243,16 +282,20 @@ class Record(models.Model):
raise ValidationError(u'ez nem ipv6cim, ez nudli!') raise ValidationError(u'ez nem ipv6cim, ez nudli!')
elif self.type == 'MX': elif self.type == 'MX':
mx = self.address.split(':', 1) mx = self.address.split(':', 1)
if not (len(mx) == 2 and mx[0].isdigit() and domain_re.match(mx[1])): if not (len(mx) == 2 and mx[0].isdigit() and
domain_re.match(mx[1])):
raise ValidationError(u'prioritas:hostname') raise ValidationError(u'prioritas:hostname')
else: else:
raise ValidationError(u'ez ismeretlen rekord, ez nudli!') raise ValidationError(u'ez ismeretlen rekord, ez nudli!')
def get_data(self): def get_data(self):
retval = { 'name': self.name, 'type': self.type, 'ttl': self.ttl, 'address': self.address } retval = { 'name': self.name, 'type': self.type, 'ttl': self.ttl,
'address': self.address }
if self.host and self.type in ['CNAME', 'A', 'AAAA']: if self.host and self.type in ['CNAME', 'A', 'AAAA']:
if self.type == 'A': if self.type == 'A':
retval['address'] = self.host.pub_ipv4 if self.host.pub_ipv4 and not self.host.shared_ip else self.host.ipv4 retval['address'] = (self.host.pub_ipv4
if self.host.pub_ipv4 and not self.host.shared_ip
else self.host.ipv4)
retval['name'] = self.host.get_fqdn() retval['name'] = self.host.get_fqdn()
elif self.type == 'AAAA': elif self.type == 'AAAA':
if not self.host.ipv6: if not self.host.ipv6:
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or sign in to comment