remote firewall loading

cloud/urls.py

@@ -4,6 +4,7 @@ from django.contrib import admin
 admin.autodiscover()
 
 import one.views
+import firewall.views
 
 urlpatterns = patterns('',
      url(r'^admin/doc/', include('django.contrib.admindocs.urls')),
@@ -14,4 +15,5 @@ urlpatterns = patterns('',
      url(r'^vm/new/(?P<template>\d+)/$', 'one.views.vm_new', name='vm_new'),
      url(r'^vm/show/(?P<iid>\d+)/$', 'one.views.vm_show', name='vm_show'),
      url(r'^vm/delete/(?P<iid>\d+)/$', 'one.views.vm_delete', name='vm_delete'),
+     url(r'^reload/$', 'firewall.views.reload_firewall', name='reload_firewall'),
 )

firewall/fields.py

+from django.core.exceptions import ValidationError
+from django.forms import fields
+from django.db import models
+from django.utils.translation import ugettext_lazy as _
+from south.modelsinspector import add_introspection_rules
+import re
+
+mac_re = re.compile(r'^([0-9a-fA-F]{2}([:-]?|$)){6}$')
+alfanum_re = re.compile(r'^[A-Za-z0-9_-]+$')
+domain_re = re.compile(r'^([A-Za-z0-9_-]\.?)+$')
+ipv4_re = re.compile('^[0-9]+\.([0-9]+)\.([0-9]+)\.([0-9]+)$')
+
+class MACAddressFormField(fields.RegexField):
+    default_error_messages = {
+        'invalid': _(u'Enter a valid MAC address.'),
+    }
+
+    def __init__(self, *args, **kwargs):
+        super(MACAddressFormField, self).__init__(mac_re, *args, **kwargs)
+
+class MACAddressField(models.Field):
+    empty_strings_allowed = False
+    def __init__(self, *args, **kwargs):
+        kwargs['max_length'] = 17
+        super(MACAddressField, self).__init__(*args, **kwargs)
+
+    def get_internal_type(self):
+        return "CharField"
+
+    def formfield(self, **kwargs):
+        defaults = {'form_class': MACAddressFormField}
+        defaults.update(kwargs)
+        return super(MACAddressField, self).formfield(**defaults)
+add_introspection_rules([], ["firewall\.fields\.MACAddressField"])
+
+def val_alfanum(value):
+     if not alfanum_re.search(value):
+          raise ValidationError(u'%s - csak betut, kotojelet, alahuzast, szamot tartalmazhat!' % value)
+
+def val_domain(value):
+     if not domain_re.search(value):
+          raise ValidationError(u'%s - helytelen domain' % value)
+
+def ipv4_2_ipv6(ipv4):
+	m = ipv4_re.match(ipv4)
+	return "2001:738:2001:4031:%s:%s:%s:0" % (m.group(1), m.group(2), m.group(3))

firewall/fw.py

@@ -6,12 +6,12 @@
 #setup_environ(settings)
 
 from django.contrib import auth
-from teszt.firewall import models
+from firewall import models
 import os
 
 import subprocess
 import re
-DNS_SERVER = "152.66.243.71"
+DNS_SERVER = "152.66.243.60"
 
 
 class firewall:
@@ -246,11 +246,10 @@ class firewall:
 
 	def reload(self):
 		if self.IPV6:
-			process = subprocess.Popen(['/usr/bin/sudo', '/sbin/ip6tables-restore', '-c'], shell=False, stdin=subprocess.PIPE)
+			process = subprocess.Popen(['/usr/bin/ssh', 'fw2', '/usr/bin/sudo', '/sbin/ip6tables-restore', '-c'], shell=False, stdin=subprocess.PIPE)
 			process.communicate("\n".join(self.SZABALYOK)+"\n")
 		else:
-			print "\n".join(self.SZABALYOK)+"\n"+"\n".join(self.SZABALYOK_NAT)+"\n"
-			process = subprocess.Popen(['/usr/bin/sudo', '/sbin/iptables-restore', '-c'], shell=False, stdin=subprocess.PIPE)
+			process = subprocess.Popen(['/usr/bin/ssh', 'fw2', '/usr/bin/sudo', '/sbin/iptables-restore', '-c'], shell=False, stdin=subprocess.PIPE)
 			process.communicate("\n".join(self.SZABALYOK)+"\n"+"\n".join(self.SZABALYOK_NAT)+"\n")
 
 
@@ -258,40 +257,42 @@ class firewall:
 
 def dns():
 	vlans = models.Vlan.objects.all()
-	regex = re.compile(r'^([0-9]+)\.([0-9]+)\.[0-9]+\.[0-9]+$')
+	regex = re.compile(r'^([0-9]+)\.([0-9]+)\.([0-9]+)\.([0-9]+)$')
 	DNS = []
-	DNS.append("=cloud.ik.bme.hu:152.66.243.98:::\n")
+	DNS.append("=cloud.ik.bme.hu:152.66.243.98:600::\n")
 	for i_vlan in vlans:
+		m = regex.search(i_vlan.net4)
 		if(i_vlan.name != "DMZ" and i_vlan.name != "PUB"):
-			m = regex.search(i_vlan.net4)
-			DNS.append("Z%s.%s.in-addr.arpa:dns1.ik.bme.hu:ez.miez:\n" % (m.group(2), m.group(1)))
-			DNS.append("&%s.%s.in-addr.arpa::dns1.ik.bme.hu:::\n" % (m.group(2), m.group(1)))
-			DNS.append("Z%s:dns1.ik.bme.hu:ez.miez:\n" % i_vlan.domain)
-			DNS.append("&%s::dns1.ik.bme.hu:::\n" % i_vlan.domain)
+			DNS.append("Z%s.%s.in-addr.arpa:dns1.ik.bme.hu:ez.miez::::::600\n" % (m.group(2), m.group(1)))
+			DNS.append("&%s.%s.in-addr.arpa::dns1.ik.bme.hu:600::\n" % (m.group(2), m.group(1)))
+			DNS.append("Z%s:dns1.ik.bme.hu:ez.miez::::::600\n" % i_vlan.domain)
+			DNS.append("&%s::dns1.ik.bme.hu:600::\n" % i_vlan.domain)
+			if(i_vlan.name == "WAR"):
+				DNS.append("Zdns1.%s.%s.%s.in-addr.arpa:dns1.ik.bme.hu:ez.miez::::::600\n" % (m.group(3), m.group(2), m.group(1)))
+				DNS.append("&dns1.%s.%s.%s.in-addr.arpa::dns1.ik.bme.hu:600::\n" % (m.group(3), m.group(2), m.group(1)))
 		for i_host in i_vlan.host_set.all():
 			ipv4 = ( i_host.pub_ipv4 if i_host.pub_ipv4 else i_host.ipv4 )
-			DNS.append("=%s.%s:%s:::\n" % (i_host.hostname, i_vlan.domain, ipv4))
-	try:
-		process = subprocess.Popen(['/usr/bin/ssh', 'tinydns@%s' % DNS_SERVER], shell=False, stdin=subprocess.PIPE)
-#		print "\n".join(DNS)+"\n"
-		process.communicate("\n".join(DNS)+"\n")
-	except:
-		return
+			m2 = regex.search(ipv4)
+			DNS.append("=%s.%s:%s:600::\n" % (i_host.hostname, i_vlan.domain, ipv4))
+			DNS.append("^%s.dns1.%s.%s.%s.in-addr.arpa:%s.%s:600::\n" % (m2.group(4), m2.group(3), m2.group(2), m2.group(1), i_host.hostname, i_vlan.domain))
+
+	process = subprocess.Popen(['/usr/bin/ssh', 'tinydns@%s' % DNS_SERVER], shell=False, stdin=subprocess.PIPE)
+	process.communicate("\n".join(DNS)+"\n")
+
 
 
 def dhcp():
 	vlans = models.Vlan.objects.all()
 	regex = re.compile(r'^([0-9]+)\.([0-9]+)\.[0-9]+\.[0-9]+\s+([0-9]+)\.([0-9]+)\.[0-9]+\.[0-9]+$')
-	try:
-		f = open('/tools/dhcp3/dhcpd.conf.generated','w')
-	except:
-		return
+	DHCP = []
+
+#/tools/dhcp3/dhcpd.conf.generated
 
 	for i_vlan in vlans:
 		if(i_vlan.dhcp_pool):
 			m = regex.search(i_vlan.dhcp_pool)
 			if(m or i_vlan.dhcp_pool == "manual"):
-				f.write ('''
+				DHCP.append ('''
 				#%(name)s - %(interface)s
 				subnet %(net)s netmask %(netmask)s {
 				  %(extra)s;
@@ -317,7 +318,7 @@ def dhcp():
 				})
 
 				for i_host in i_vlan.host_set.all():
-					f.write ('''
+					DHCP.append ('''
 					host %(hostname)s {
 					  hardware ethernet %(mac)s;
 					  fixed-address %(ipv4)s;
@@ -326,9 +327,10 @@ def dhcp():
 						'mac': i_host.mac,
 						'ipv4': i_host.ipv4,
 					})
-	f.write("\n")
-	f.close()
-	os.system("sudo /etc/init.d/isc-dhcp-server restart")
+
+	process = subprocess.Popen(['/usr/bin/ssh', 'fw2', 'cat > /tools/dhcp3/dhcpd.conf.generated;sudo /etc/init.d/isc-dhcp-server restart'], shell=False, stdin=subprocess.PIPE)
+#	print "\n".join(DHCP)+"\n"
+	process.communicate("\n".join(DHCP)+"\n")
 
 #ipt_filter()
 #ipt_nat()

firewall/models.py

-from django.forms import fields
-from django.db import models
 from django.contrib.auth.models import User
+from django.db import models
+from django.forms import fields
 from django.utils.translation import ugettext_lazy as _
-from django.core.exceptions import ValidationError
+from firewall.fields import *
 from south.modelsinspector import add_introspection_rules
-import re
-
-mac_re = re.compile(r'^([0-9a-fA-F]{2}([:-]?|$)){6}$')
-alfanum_re = re.compile(r'^[A-Za-z0-9_-]+$')
-domain_re = re.compile(r'^([A-Za-z0-9_-]\.?)+$')
-
-class MACAddressFormField(fields.RegexField):
-    default_error_messages = {
-        'invalid': _(u'Enter a valid MAC address.'),
-    }
-
-    def __init__(self, *args, **kwargs):
-        super(MACAddressFormField, self).__init__(mac_re, *args, **kwargs)
-
-class MACAddressField(models.Field):
-    empty_strings_allowed = False
-    def __init__(self, *args, **kwargs):
-        kwargs['max_length'] = 17
-        super(MACAddressField, self).__init__(*args, **kwargs)
-
-    def get_internal_type(self):
-        return "CharField"
-
-    def formfield(self, **kwargs):
-        defaults = {'form_class': MACAddressFormField}
-        defaults.update(kwargs)
-        return super(MACAddressField, self).formfield(**defaults)
-add_introspection_rules([], ["^firewall\.models\.MACAddressField"])
-
-def val_alfanum(value):
-     if not alfanum_re.search(value):
-          raise ValidationError(u'%s - csak betut, kotojelet, alahuzast, szamot tartalmazhat!' % value)
-
-def val_domain(value):
-     if not domain_re.search(value):
-          raise ValidationError(u'%s - helytelen domain' % value)
-
 
 class Rule(models.Model):
 #     DIRECTION_CH=(('TOHOST', 1), ('FROMHOST', 0))
@@ -49,7 +12,7 @@ class Rule(models.Model):
      vlan = models.ForeignKey('Vlan')
      extra = models.TextField(blank=True);
      action = models.BooleanField(default=False)
-#     owner = models.ForeignKey(User)
+     owner = models.ForeignKey(User, blank=True, null=True)
      def __unicode__(self):
         return self.description
 
@@ -88,7 +51,7 @@ class Host(models.Model):
     mac = MACAddressField(unique=True)
     ipv4 = models.GenericIPAddressField(protocol='ipv4', unique=True)
     pub_ipv4 = models.GenericIPAddressField(protocol='ipv4', unique=True, blank=True, null=True)
-    ipv6 = models.GenericIPAddressField(protocol='ipv6', unique=True)
+    ipv6 = models.GenericIPAddressField(protocol='ipv6', unique=True, blank=True)
     description = models.TextField(blank=True)
     comment = models.TextField(blank=True)
     location = models.TextField(blank=True)
@@ -98,6 +61,10 @@ class Host(models.Model):
     rules = models.ManyToManyField('Rule', symmetrical=False, blank=True, null=True)
     def __unicode__(self):
         return self.hostname
+    def save(self, *args, **kwargs):
+        if not self.id and not self.ipv6:
+            self.ipv6 = ipv4_2_ipv6(self.ipv4)
+        super(Host, self).save(*args, **kwargs)
     def groups_l(self):
 	retval = []
 	for grp in self.groups.all():

firewall/views.py

 from django.shortcuts import render_to_response
 from django.http import HttpResponse
 from django.shortcuts import render_to_response
-from teszt.firewall.models import *
-from teszt.firewall.fw import *
+from firewall.models import *
+from firewall.fw import *
 
 def reload_firewall(request):
 	if request.user.is_authenticated():