Commit 43391a3d by Őry Máté

firewall: merge from network-gui

parent a8c081dc
# -*- coding: utf8 -*- # -*- coding: utf-8 -*-
from django.contrib import admin from django.contrib import admin
from firewall.models import * from firewall.models import (Rule, Host, Vlan, Group, VlanGroup, Firewall,
Domain, Record, Blacklist)
from django import contrib from django import contrib
class RuleInline(contrib.admin.TabularInline): class RuleInline(contrib.admin.TabularInline):
model = Rule model = Rule
class RecordInline(contrib.admin.TabularInline): class RecordInline(contrib.admin.TabularInline):
model = Record model = Record
class HostAdmin(admin.ModelAdmin): class HostAdmin(admin.ModelAdmin):
list_display = ('hostname', 'vlan', 'ipv4', 'ipv6', 'pub_ipv4', 'mac', list_display = ('hostname', 'vlan', 'ipv4', 'ipv6', 'pub_ipv4', 'mac',
'shared_ip', 'owner', 'description', 'reverse', 'list_groups') 'shared_ip', 'owner', 'description', 'reverse',
'list_groups')
ordering = ('hostname', ) ordering = ('hostname', )
list_filter = ('owner', 'vlan', 'groups') list_filter = ('owner', 'vlan', 'groups')
search_fields = ('hostname', 'description', 'ipv4', 'ipv6', 'mac') search_fields = ('hostname', 'description', 'ipv4', 'ipv6', 'mac')
...@@ -26,20 +30,24 @@ class HostAdmin(admin.ModelAdmin): ...@@ -26,20 +30,24 @@ class HostAdmin(admin.ModelAdmin):
names = [group.name for group in instance.groups.all()] names = [group.name for group in instance.groups.all()]
return u', '.join(names) return u', '.join(names)
class HostInline(contrib.admin.TabularInline): class HostInline(contrib.admin.TabularInline):
model = Host model = Host
fields = ('hostname', 'ipv4', 'ipv6', 'pub_ipv4', 'mac', 'shared_ip', fields = ('hostname', 'ipv4', 'ipv6', 'pub_ipv4', 'mac', 'shared_ip',
'owner', 'reverse') 'owner', 'reverse')
class VlanAdmin(admin.ModelAdmin): class VlanAdmin(admin.ModelAdmin):
list_display = ('vid', 'name', 'ipv4', 'net_ipv4', 'ipv6', 'net_ipv6', list_display = ('vid', 'name', 'ipv4', 'net_ipv4', 'ipv6', 'net_ipv6',
'description', 'domain', 'snat_ip', ) 'description', 'domain', 'snat_ip', )
ordering = ('vid', ) ordering = ('vid', )
inlines = (RuleInline, ) inlines = (RuleInline, )
class RuleAdmin(admin.ModelAdmin): class RuleAdmin(admin.ModelAdmin):
list_display = ('r_type', 'color_desc', 'owner', 'extra', 'direction', list_display = ('r_type', 'color_desc', 'owner', 'extra', 'direction',
'accept', 'proto', 'sport', 'dport', 'nat', 'nat_dport', 'used_in') 'accept', 'proto', 'sport', 'dport', 'nat',
'nat_dport', 'used_in')
list_filter = ('r_type', 'vlan', 'owner', 'direction', 'accept', list_filter = ('r_type', 'vlan', 'owner', 'direction', 'accept',
'proto', 'nat') 'proto', 'nat')
...@@ -81,16 +89,20 @@ class RuleAdmin(admin.ModelAdmin): ...@@ -81,16 +89,20 @@ class RuleAdmin(admin.ModelAdmin):
class AliasAdmin(admin.ModelAdmin): class AliasAdmin(admin.ModelAdmin):
list_display = ('alias', 'host') list_display = ('alias', 'host')
class GroupAdmin(admin.ModelAdmin): class GroupAdmin(admin.ModelAdmin):
list_display = ('name', 'owner', 'description') list_display = ('name', 'owner', 'description')
inlines = (RuleInline, ) inlines = (RuleInline, )
class FirewallAdmin(admin.ModelAdmin): class FirewallAdmin(admin.ModelAdmin):
inlines = (RuleInline, ) inlines = (RuleInline, )
class DomainAdmin(admin.ModelAdmin): class DomainAdmin(admin.ModelAdmin):
list_display = ('name', 'owner') list_display = ('name', 'owner')
class RecordAdmin(admin.ModelAdmin): class RecordAdmin(admin.ModelAdmin):
list_display = ('name_', 'type', 'address_', 'ttl', 'host', 'owner') list_display = ('name_', 'type', 'address_', 'ttl', 'host', 'owner')
...@@ -104,6 +116,7 @@ class RecordAdmin(admin.ModelAdmin): ...@@ -104,6 +116,7 @@ class RecordAdmin(admin.ModelAdmin):
a = instance.get_data() a = instance.get_data()
return a['name'] if a else None return a['name'] if a else None
class BlacklistAdmin(admin.ModelAdmin): class BlacklistAdmin(admin.ModelAdmin):
list_display = ('ipv4', 'reason', 'created_at', 'modified_at') list_display = ('ipv4', 'reason', 'created_at', 'modified_at')
...@@ -116,4 +129,3 @@ admin.site.register(Firewall, FirewallAdmin) ...@@ -116,4 +129,3 @@ admin.site.register(Firewall, FirewallAdmin)
admin.site.register(Domain, DomainAdmin) admin.site.register(Domain, DomainAdmin)
admin.site.register(Record, RecordAdmin) admin.site.register(Record, RecordAdmin)
admin.site.register(Blacklist, BlacklistAdmin) admin.site.register(Blacklist, BlacklistAdmin)
...@@ -6,12 +6,14 @@ from django.utils.ipv6 import is_valid_ipv6_address ...@@ -6,12 +6,14 @@ from django.utils.ipv6 import is_valid_ipv6_address
from south.modelsinspector import add_introspection_rules from south.modelsinspector import add_introspection_rules
import re import re
mac_re = re.compile(r'^([0-9a-fA-F]{2}([:-]?|$)){6}$')
mac_re = re.compile(r'^([0-9a-fA-F]{2}(:|$)){6}$')
alfanum_re = re.compile(r'^[A-Za-z0-9_-]+$') alfanum_re = re.compile(r'^[A-Za-z0-9_-]+$')
domain_re = re.compile(r'^([A-Za-z0-9_-]\.?)+$') domain_re = re.compile(r'^([A-Za-z0-9_-]\.?)+$')
ipv4_re = re.compile('^[0-9]+\.([0-9]+)\.([0-9]+)\.([0-9]+)$') ipv4_re = re.compile('^[0-9]+\.([0-9]+)\.([0-9]+)\.([0-9]+)$')
reverse_domain_re = re.compile(r'^(%\([abcd]\)d|[a-z0-9.-])+$') reverse_domain_re = re.compile(r'^(%\([abcd]\)d|[a-z0-9.-])+$')
class MACAddressFormField(fields.RegexField): class MACAddressFormField(fields.RegexField):
default_error_messages = { default_error_messages = {
'invalid': _(u'Enter a valid MAC address.'), 'invalid': _(u'Enter a valid MAC address.'),
...@@ -20,8 +22,10 @@ class MACAddressFormField(fields.RegexField): ...@@ -20,8 +22,10 @@ class MACAddressFormField(fields.RegexField):
def __init__(self, *args, **kwargs): def __init__(self, *args, **kwargs):
super(MACAddressFormField, self).__init__(mac_re, *args, **kwargs) super(MACAddressFormField, self).__init__(mac_re, *args, **kwargs)
class MACAddressField(models.Field): class MACAddressField(models.Field):
empty_strings_allowed = False empty_strings_allowed = False
def __init__(self, *args, **kwargs): def __init__(self, *args, **kwargs):
kwargs['max_length'] = 17 kwargs['max_length'] = 17
super(MACAddressField, self).__init__(*args, **kwargs) super(MACAddressField, self).__init__(*args, **kwargs)
...@@ -35,44 +39,65 @@ class MACAddressField(models.Field): ...@@ -35,44 +39,65 @@ class MACAddressField(models.Field):
return super(MACAddressField, self).formfield(**defaults) return super(MACAddressField, self).formfield(**defaults)
add_introspection_rules([], ["firewall\.fields\.MACAddressField"]) add_introspection_rules([], ["firewall\.fields\.MACAddressField"])
def val_alfanum(value): def val_alfanum(value):
"""Validate whether the parameter is a valid alphanumeric value.""" """Validate whether the parameter is a valid alphanumeric value."""
if not alfanum_re.match(value): if not alfanum_re.match(value):
raise ValidationError(_(u'%s - only letters, numbers, underscores ' raise ValidationError(_(u'%s - only letters, numbers, underscores '
'and hyphens are allowed!') % value) 'and hyphens are allowed!') % value)
def is_valid_domain(value): def is_valid_domain(value):
"""Check whether the parameter is a valid domain name.""" """Check whether the parameter is a valid domain name."""
return domain_re.match(value) is not None return domain_re.match(value) is not None
def val_domain(value): def val_domain(value):
"""Validate whether the parameter is a valid domin name.""" """Validate whether the parameter is a valid domin name."""
if not is_valid_domain(value): if not is_valid_domain(value):
raise ValidationError(_(u'%s - invalid domain name') % value) raise ValidationError(_(u'%s - invalid domain name') % value)
def is_valid_reverse_domain(value): def is_valid_reverse_domain(value):
"""Check whether the parameter is a valid reverse domain name.""" """Check whether the parameter is a valid reverse domain name."""
return reverse_domain_re.match(value) is not None return reverse_domain_re.match(value) is not None
def val_reverse_domain(value): def val_reverse_domain(value):
"""Validate whether the parameter is a valid reverse domain name.""" """Validate whether the parameter is a valid reverse domain name."""
if not is_valid_reverse_domain(value): if not is_valid_reverse_domain(value):
raise ValidationError(u'%s - invalid reverse domain name' % value) raise ValidationError(u'%s - invalid reverse domain name' % value)
def is_valid_ipv4_address(value): def is_valid_ipv4_address(value):
"""Check whether the parameter is a valid IPv4 address.""" """Check whether the parameter is a valid IPv4 address."""
return ipv4_re.match(value) is not None return ipv4_re.match(value) is not None
def val_ipv4(value): def val_ipv4(value):
"""Validate whether the parameter is a valid IPv4 address.""" """Validate whether the parameter is a valid IPv4 address."""
if not is_valid_ipv4_address(value): if not is_valid_ipv4_address(value):
raise ValidationError(_(u'%s - not an IPv4 address') % value) raise ValidationError(_(u'%s - not an IPv4 address') % value)
def val_ipv6(value): def val_ipv6(value):
"""Validate whether the parameter is a valid IPv6 address.""" """Validate whether the parameter is a valid IPv6 address."""
if not is_valid_ipv6_address(value): if not is_valid_ipv6_address(value):
raise ValidationError(_(u'%s - not an IPv6 address') % value) raise ValidationError(_(u'%s - not an IPv6 address') % value)
def val_mx(value):
"""Validate whether the parameter is a valid MX address definition.
Expected form is <priority>:<hostname>.
"""
mx = value.split(':', 1)
if not (len(mx) == 2 and mx[0].isdigit() and
domain_re.match(mx[1])):
raise ValidationError(_("Bad MX address format. "
"Should be: <priority>:<hostname>"))
def ipv4_2_ipv6(ipv4): def ipv4_2_ipv6(ipv4):
"""Convert IPv4 address string to IPv6 address string.""" """Convert IPv4 address string to IPv6 address string."""
val_ipv4(ipv4) val_ipv4(ipv4)
......
from django.contrib import auth
from firewall import models from firewall import models
import os
import django.conf import django.conf
import subprocess import subprocess
import re import re
import json
from datetime import datetime, timedelta from datetime import datetime, timedelta
from django.db.models import Q from django.db.models import Q
settings = django.conf.settings.FIREWALL_SETTINGS settings = django.conf.settings.FIREWALL_SETTINGS
class Firewall: class Firewall:
IPV6=False IPV6 = False
RULES = None RULES = None
RULES_NAT = [] RULES_NAT = []
vlans = None vlans = None
dmz = None
pub = None pub = None
hosts = None hosts = None
fw = None fw = None
...@@ -36,7 +34,6 @@ class Firewall: ...@@ -36,7 +34,6 @@ class Firewall:
retval = '-p %s ' % rule.proto retval = '-p %s ' % rule.proto
return retval return retval
def iptables(self, s): def iptables(self, s):
"""Append rule to filter table.""" """Append rule to filter table."""
self.RULES.append(s) self.RULES.append(s)
...@@ -71,12 +68,13 @@ class Firewall: ...@@ -71,12 +68,13 @@ class Firewall:
action = 'LOG_DROP' action = 'LOG_DROP'
if rule.direction == '1': # going TO host if rule.direction == '1': # going TO host
self.iptables('-A %s_%s -d %s %s %s -g %s' % (vlan, self.iptables('-A %s_%s -d %s %s %s -g %s' %
host.vlan, ipaddr, dport_sport, rule.extra, action)) (vlan, host.vlan, ipaddr, dport_sport,
rule.extra, action))
else: else:
self.iptables('-A %s_%s -s %s %s %s -g %s' % (host.vlan, self.iptables('-A %s_%s -s %s %s %s -g %s' %
vlan, ipaddr, dport_sport, rule.extra, action)) (host.vlan, vlan, ipaddr, dport_sport,
rule.extra, action))
def fw2vlan(self, rule): def fw2vlan(self, rule):
if not rule.foreign_network: if not rule.foreign_network:
...@@ -110,12 +108,12 @@ class Firewall: ...@@ -110,12 +108,12 @@ class Firewall:
action = 'LOG_DROP' action = 'LOG_DROP'
if rule.direction == '1': # going TO host if rule.direction == '1': # going TO host
self.iptables('-A %s_%s %s %s -g %s' % (vlan, l_vlan, self.iptables('-A %s_%s %s %s -g %s' %
dport_sport, rule.extra, action)) (vlan, l_vlan, dport_sport, rule.extra, action))
else: else:
self.iptables('-A %s_%s %s %s -g %s' % (l_vlan, vlan, self.iptables('-A %s_%s %s %s -g %s' % (l_vlan, vlan,
dport_sport, rule.extra, action)) dport_sport,
rule.extra, action))
def prerun(self): def prerun(self):
self.iptables('*filter') self.iptables('*filter')
...@@ -138,7 +136,8 @@ class Firewall: ...@@ -138,7 +136,8 @@ class Firewall:
self.iptables('-N PUB_OUT') self.iptables('-N PUB_OUT')
self.iptables('-A FORWARD -m set --match-set blacklist src,dst -j DROP') self.iptables('-A FORWARD -m set --match-set blacklist src,dst '
'-j DROP')
self.iptables('-A FORWARD -m state --state INVALID -g LOG_DROP') self.iptables('-A FORWARD -m state --state INVALID -g LOG_DROP')
self.iptables('-A FORWARD -m state --state ESTABLISHED,RELATED ' self.iptables('-A FORWARD -m state --state ESTABLISHED,RELATED '
'-j ACCEPT') '-j ACCEPT')
...@@ -156,7 +155,6 @@ class Firewall: ...@@ -156,7 +155,6 @@ class Firewall:
self.iptables('-A OUTPUT -m state --state ESTABLISHED,RELATED ' self.iptables('-A OUTPUT -m state --state ESTABLISHED,RELATED '
'-j ACCEPT') '-j ACCEPT')
def postrun(self): def postrun(self):
self.iptables('-A PUB_OUT -s 152.66.243.160/27 -p tcp --dport 25 ' self.iptables('-A PUB_OUT -s 152.66.243.160/27 -p tcp --dport 25 '
'-j LOG_ACC') '-j LOG_ACC')
...@@ -172,9 +170,6 @@ class Firewall: ...@@ -172,9 +170,6 @@ class Firewall:
self.iptables('-A OUTPUT -g LOG_DROP') self.iptables('-A OUTPUT -g LOG_DROP')
self.iptables('COMMIT') self.iptables('COMMIT')
def ipt_nat(self): def ipt_nat(self):
self.iptablesnat('*nat') self.iptablesnat('*nat')
self.iptablesnat(':PREROUTING ACCEPT [0:0]') self.iptablesnat(':PREROUTING ACCEPT [0:0]')
...@@ -188,34 +183,37 @@ class Firewall: ...@@ -188,34 +183,37 @@ class Firewall:
dport_sport = self.dportsport(rule, False) dport_sport = self.dportsport(rule, False)
if host.vlan.snat_ip: if host.vlan.snat_ip:
self.iptablesnat('-A PREROUTING -d %s %s %s -j DNAT ' self.iptablesnat('-A PREROUTING -d %s %s %s -j DNAT '
'--to-destination %s:%s' % (host.pub_ipv4, '--to-destination %s:%s' %
dport_sport, rule.extra, host.ipv4, (host.pub_ipv4, dport_sport, rule.extra,
rule.nat_dport)) host.ipv4, rule.nat_dport))
# rules for machines with dedicated public IP # rules for machines with dedicated public IP
for host in self.hosts.exclude(shared_ip=True): for host in self.hosts.exclude(shared_ip=True):
if host.pub_ipv4: if host.pub_ipv4:
self.iptablesnat('-A PREROUTING -d %s -j DNAT ' self.iptablesnat('-A PREROUTING -d %s -j DNAT '
'--to-destination %s' % (host.pub_ipv4, host.ipv4)) '--to-destination %s' %
(host.pub_ipv4, host.ipv4))
self.iptablesnat('-A POSTROUTING -s %s -j SNAT ' self.iptablesnat('-A POSTROUTING -s %s -j SNAT '
'--to-source %s' % (host.ipv4, host.pub_ipv4)) '--to-source %s' %
(host.ipv4, host.pub_ipv4))
# default NAT rules for VLANs # default NAT rules for VLANs
for s_vlan in self.vlans: for s_vlan in self.vlans:
if s_vlan.snat_ip: if s_vlan.snat_ip:
for d_vlan in s_vlan.snat_to.all(): for d_vlan in s_vlan.snat_to.all():
self.iptablesnat('-A POSTROUTING -s %s -o %s -j SNAT ' self.iptablesnat('-A POSTROUTING -s %s -o %s -j SNAT '
'--to-source %s' % (s_vlan.net_ipv4(), '--to-source %s' %
d_vlan.interface, s_vlan.snat_ip)) (s_vlan.net_ipv4(), d_vlan.interface,
s_vlan.snat_ip))
# hard-wired rules # hard-wired rules
self.iptablesnat('-A POSTROUTING -s 10.5.0.0/16 -o vlan0003 -j SNAT ' self.iptablesnat('-A POSTROUTING -s 10.5.0.0/16 -o vlan0003 -j SNAT '
'--to-source 10.3.255.254') # man elerheto legyen '--to-source 10.3.255.254') # man elerheto legyen
self.iptablesnat('-A POSTROUTING -s 10.5.0.0/16 -o vlan0008 -j SNAT ' self.iptablesnat('-A POSTROUTING -o vlan0008 -j SNAT '
'--to-source 10.0.0.247') # wolf network for printing '--to-source 10.0.0.247') # wolf network for printing
self.iptablesnat('-A POSTROUTING -s 10.3.0.0/16 -o vlan0002 -j SNAT ' self.iptablesnat('-A POSTROUTING -s 10.3.0.0/16 -p udp --dport 53 '
'--to-source %s' % self.pub.ipv4) # kulonben nemmegy a du '-o vlan0002 -j SNAT ''--to-source %s' %
self.pub.ipv4) # kulonben nem megy a dns man-ban
self.iptablesnat('COMMIT') self.iptablesnat('COMMIT')
...@@ -235,7 +233,8 @@ class Firewall: ...@@ -235,7 +233,8 @@ class Firewall:
for d_vlan in self.vlans: for d_vlan in self.vlans:
self.iptables('-N %s_%s' % (s_vlan, d_vlan)) self.iptables('-N %s_%s' % (s_vlan, d_vlan))
self.iptables('-A FORWARD -i %s -o %s -g %s_%s' % self.iptables('-A FORWARD -i %s -o %s -g %s_%s' %
(s_vlan.interface, d_vlan.interface, s_vlan, d_vlan)) (s_vlan.interface, d_vlan.interface, s_vlan,
d_vlan))
# hosts' rules # hosts' rules
for i_vlan in self.vlans: for i_vlan in self.vlans:
...@@ -264,12 +263,11 @@ class Firewall: ...@@ -264,12 +263,11 @@ class Firewall:
self.RULES = [x.replace('icmp', 'icmpv6') for x in self.RULES] self.RULES = [x.replace('icmp', 'icmpv6') for x in self.RULES]
def __init__(self, IPV6=False): def __init__(self, IPV6=False):
self.RULES=[] self.RULES = []
self.RULES_NAT=[] self.RULES_NAT = []
self.IPV6 = IPV6 self.IPV6 = IPV6
self.vlans = models.Vlan.objects.all() self.vlans = models.Vlan.objects.all()
self.hosts = models.Host.objects.all() self.hosts = models.Host.objects.all()
self.dmz = models.Vlan.objects.get(name='DMZ')
self.pub = models.Vlan.objects.get(name='PUB') self.pub = models.Vlan.objects.get(name='PUB')
self.fw = models.Firewall.objects.all() self.fw = models.Firewall.objects.all()
self.ipt_filter() self.ipt_filter()
...@@ -279,21 +277,23 @@ class Firewall: ...@@ -279,21 +277,23 @@ class Firewall:
def reload(self): def reload(self):
if self.IPV6: if self.IPV6:
process = subprocess.Popen(['/usr/bin/ssh', 'fw2', process = subprocess.Popen(['/usr/bin/ssh', 'fw2',
'/usr/bin/sudo', '/sbin/ip6tables-restore', '-c'], '/usr/bin/sudo',
'/sbin/ip6tables-restore', '-c'],
shell=False, stdin=subprocess.PIPE) shell=False, stdin=subprocess.PIPE)
process.communicate('\n'.join(self.RULES) + '\n') process.communicate('\n'.join(self.RULES) + '\n')
else: else:
process = subprocess.Popen(['/usr/bin/ssh', 'fw2', process = subprocess.Popen(['/usr/bin/ssh', 'fw2',
'/usr/bin/sudo', '/sbin/iptables-restore', '-c'], '/usr/bin/sudo',
'/sbin/iptables-restore', '-c'],
shell=False, stdin=subprocess.PIPE) shell=False, stdin=subprocess.PIPE)
process.communicate('\n'.join(self.RULES) + '\n' + process.communicate('\n'.join(self.RULES) + '\n' +
'\n'.join(self.RULES_NAT) + '\n') '\n'.join(self.RULES_NAT) + '\n')
def get(self): def get(self):
if self.IPV6: if self.IPV6:
return { 'filter': self.RULES, } return {'filter': self.RULES, }
else: else:
return { 'filter': self.RULES, 'nat': self.RULES_NAT } return {'filter': self.RULES, 'nat': self.RULES_NAT}
def show(self): def show(self):
if self.IPV6: if self.IPV6:
...@@ -302,9 +302,12 @@ class Firewall: ...@@ -302,9 +302,12 @@ class Firewall:
return ('\n'.join(self.RULES) + '\n' + return ('\n'.join(self.RULES) + '\n' +
'\n'.join(self.RULES_NAT) + '\n') '\n'.join(self.RULES_NAT) + '\n')
def ipset(): def ipset():
week = datetime.now()-timedelta(days=2) week = datetime.now() - timedelta(days=2)
return models.Blacklist.objects.filter(Q(type='tempban', modified_at__gte=week) | Q(type='permban')).values('ipv4', 'reason') filter_ban = (Q(type='tempban', modified_at__gte=week) |
Q(type='permban')).values('ipv4', 'reason')
return models.Blacklist.objects.filter(filter_ban)
def ipv6_to_octal(ipv6): def ipv6_to_octal(ipv6):
...@@ -321,6 +324,7 @@ def ipv6_to_octal(ipv6): ...@@ -321,6 +324,7 @@ def ipv6_to_octal(ipv6):
octets.append(int(part[2:], 16)) octets.append(int(part[2:], 16))
return '\\' + '\\'.join(['%03o' % x for x in octets]) return '\\' + '\\'.join(['%03o' % x for x in octets])
def ipv4_to_arpa(ipv4, cname=False): def ipv4_to_arpa(ipv4, cname=False):
m2 = re.search(r'^([0-9]+)\.([0-9]+)\.([0-9]+)\.([0-9]+)$', ipv4) m2 = re.search(r'^([0-9]+)\.([0-9]+)\.([0-9]+)\.([0-9]+)$', ipv4)
if cname: if cname:
...@@ -330,6 +334,7 @@ def ipv4_to_arpa(ipv4, cname=False): ...@@ -330,6 +334,7 @@ def ipv4_to_arpa(ipv4, cname=False):
return ('%s.%s.%s.%s.in-addr.arpa' % return ('%s.%s.%s.%s.in-addr.arpa' %
(m2.group(4), m2.group(3), m2.group(2), m2.group(1))) (m2.group(4), m2.group(3), m2.group(2), m2.group(1)))
def ipv6_to_arpa(ipv6): def ipv6_to_arpa(ipv6):
while len(ipv6.split(':')) < 8: while len(ipv6.split(':')) < 8:
ipv6 = ipv6.replace('::', ':::') ipv6 = ipv6.replace('::', ':::')
...@@ -357,11 +362,11 @@ def ipv6_to_arpa(ipv6): ...@@ -357,11 +362,11 @@ def ipv6_to_arpa(ipv6):
def dns(): def dns():
vlans = models.Vlan.objects.all() vlans = models.Vlan.objects.all()
regex = re.compile(r'^([0-9]+)\.([0-9]+)\.([0-9]+)\.([0-9]+)$') # regex = re.compile(r'^([0-9]+)\.([0-9]+)\.([0-9]+)\.([0-9]+)$')
DNS = [] DNS = []
for i_vlan in vlans: for i_vlan in vlans:
m = regex.search(i_vlan.net4) # m = regex.search(i_vlan.net4)
rev = i_vlan.reverse_domain rev = i_vlan.reverse_domain
for i_host in i_vlan.host_set.all(): for i_host in i_vlan.host_set.all():
...@@ -374,8 +379,8 @@ def dns(): ...@@ -374,8 +379,8 @@ def dns():
# ipv4 # ipv4
if i_host.ipv4: if i_host.ipv4:
DNS.append("^%s:%s:%s" % ( DNS.append("^%s:%s:%s" % (
(rev % { 'a': int(i[0]), 'b': int(i[1]), 'c': int(i[2]), (rev % {'a': int(i[0]), 'b': int(i[1]), 'c': int(i[2]),
'd': int(i[3]) }), 'd': int(i[3])}),
reverse, models.settings['dns_ttl'])) reverse, models.settings['dns_ttl']))
# ipv6 # ipv6
...@@ -384,16 +389,17 @@ def dns(): ...@@ -384,16 +389,17 @@ def dns():
reverse, models.settings['dns_ttl'])) reverse, models.settings['dns_ttl']))
for domain in models.Domain.objects.all(): for domain in models.Domain.objects.all():
DNS.append("Z%s:%s:support.ik.bme.hu::::::%s" % (domain.name, DNS.append("Z%s:%s:support.ik.bme.hu::::::%s" %
settings['dns_hostname'], models.settings['dns_ttl'])) (domain.name, settings['dns_hostname'],
models.settings['dns_ttl']))
for r in models.Record.objects.all(): for r in models.Record.objects.all():
d = r.get_data() d = r.get_data()
if d['type'] == 'A': if d['type'] == 'A':
DNS.append("+%s:%s:%s" % (d['name'], d['address'], d['ttl'])) DNS.append("+%s:%s:%s" % (d['name'], d['address'], d['ttl']))
elif d['type'] == 'AAAA': elif d['type'] == 'AAAA':
DNS.append(":%s:28:%s:%s" % (d['name'], DNS.append(":%s:28:%s:%s" %
ipv6_to_octal(d['address']), d['ttl'])) (d['name'], ipv6_to_octal(d['address']), d['ttl']))
elif d['type'] == 'NS': elif d['type'] == 'NS':
DNS.append("&%s::%s:%s" % (d['name'], d['address'], d['ttl'])) DNS.append("&%s::%s:%s" % (d['name'], d['address'], d['ttl']))
elif d['type'] == 'CNAME': elif d['type'] == 'CNAME':
...@@ -408,8 +414,9 @@ def dns(): ...@@ -408,8 +414,9 @@ def dns():
return DNS return DNS
process = subprocess.Popen(['/usr/bin/ssh', 'tinydns@%s' % process = subprocess.Popen(['/usr/bin/ssh', 'tinydns@%s' %
settings['dns_hostname']], shell=False, stdin=subprocess.PIPE) settings['dns_hostname']],
process.communicate("\n".join(DNS)+"\n") shell=False, stdin=subprocess.PIPE)
process.communicate("\n".join(DNS) + "\n")
# print "\n".join(DNS)+"\n" # print "\n".join(DNS)+"\n"
...@@ -422,6 +429,7 @@ def prefix_to_mask(prefix): ...@@ -422,6 +429,7 @@ def prefix_to_mask(prefix):
t[i] = 256 - (2 ** ((i + 1) * 8 - prefix)) t[i] = 256 - (2 ** ((i + 1) * 8 - prefix))
return ".".join([str(i) for i in t]) return ".".join([str(i) for i in t])
def dhcp(): def dhcp():
vlans = models.Vlan.objects.all() vlans = models.Vlan.objects.all()
regex = re.compile(r'^([0-9]+)\.([0-9]+)\.[0-9]+\.[0-9]+\s+' regex = re.compile(r'^([0-9]+)\.([0-9]+)\.[0-9]+\.[0-9]+\s+'
...@@ -434,7 +442,7 @@ def dhcp(): ...@@ -434,7 +442,7 @@ def dhcp():
if(i_vlan.dhcp_pool): if(i_vlan.dhcp_pool):
m = regex.search(i_vlan.dhcp_pool) m = regex.search(i_vlan.dhcp_pool)
if(m or i_vlan.dhcp_pool == "manual"): if(m or i_vlan.dhcp_pool == "manual"):
DHCP.append (''' DHCP.append('''
# %(name)s - %(interface)s # %(name)s - %(interface)s
subnet %(net)s netmask %(netmask)s { subnet %(net)s netmask %(netmask)s {
%(extra)s; %(extra)s;
...@@ -461,7 +469,7 @@ def dhcp(): ...@@ -461,7 +469,7 @@ def dhcp():
}) })
for i_host in i_vlan.host_set.all(): for i_host in i_vlan.host_set.all():
DHCP.append (''' DHCP.append('''
host %(hostname)s { host %(hostname)s {
hardware ethernet %(mac)s; hardware ethernet %(mac)s;
fixed-address %(ipv4)s; fixed-address %(ipv4)s;
...@@ -474,22 +482,7 @@ def dhcp(): ...@@ -474,22 +482,7 @@ def dhcp():
return DHCP return DHCP
process = subprocess.Popen(['/usr/bin/ssh', 'fw2', process = subprocess.Popen(['/usr/bin/ssh', 'fw2',
'cat > /tools/dhcp3/dhcpd.conf.generated;' 'cat > /tools/dhcp3/dhcpd.conf.generated;'
'sudo /etc/init.d/isc-dhcp-server restart'], shell=False, 'sudo /etc/init.d/isc-dhcp-server restart'],
stdin=subprocess.PIPE) shell=False, stdin=subprocess.PIPE)
# print "\n".join(DHCP)+"\n" # print "\n".join(DHCP)+"\n"
process.communicate("\n".join(DHCP)+"\n") process.communicate("\n".join(DHCP) + "\n")
'''
i=2
for mac, name, ipend in [("18:a9:05:64:19:aa", "mega6", 16), ("00:1e:0b:e9:79:1e", "blade1", 21), ("00:22:64:9c:fd:34", "blade2", 22), ("00:1e:0b:ec:65:46", "blade3", 23), ("b4:b5:2f:61:d2:5a", "cloud-man", 1)]:
h1 = models.Host(hostname= name, vlan=models.Vlan.objects.get(vid=3), mac=mac, ipv4="10.3.1.%d" % ipend, ipv6="2001:738:2001:4031:3:1:%d:0" % ipend, owner=auth.models.User.objects.get(username="bd"))
try:
h1.save()
h1.groups.add(models.Group.objects.get(name="netezhet manbol"))
h1.save()
# i = i + 1
except:
print "nemok %s" % name
'''
# SOME DESCRIPTIVE TITLE.
# Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
# This file is distributed under the same license as the PACKAGE package.