Skip to content
Toggle navigation
P
Projects
G
Groups
S
Snippets
Help
CIRCLE
/
cloud
This project
Loading...
Sign in
Toggle navigation
Go to a project
Project
Repository
Issues
94
Merge Requests
10
Pipelines
Wiki
Snippets
Members
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Commit
5a892e40
authored
Feb 26, 2013
by
Dudás Ádám
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
firewall: moar readability
parent
a47e41cb
Expand all
Show whitespace changes
Inline
Side-by-side
Showing
5 changed files
with
158 additions
and
126 deletions
+158
-126
cloud/settings.py
+0
-1
firewall/admin.py
+34
-31
firewall/fields.py
+34
-13
firewall/fw.py
+2
-1
firewall/models.py
+88
-80
No files found.
cloud/settings.py
View file @
5a892e40
...
...
@@ -200,7 +200,6 @@ store_settings = {
"store_public"
:
"store.ik.bme.hu"
,
}
firewall_settings
=
{
"default_vlangroup"
:
"publikus"
,
"reload_sleep"
:
"10"
,
...
...
firewall/admin.py
View file @
5a892e40
...
...
@@ -13,7 +13,7 @@ class RecordInline(contrib.admin.TabularInline):
class
HostAdmin
(
admin
.
ModelAdmin
):
list_display
=
(
'hostname'
,
'vlan'
,
'ipv4'
,
'ipv6'
,
'pub_ipv4'
,
'mac'
,
'shared_ip'
,
'owner'
,
'description'
,
'reverse'
,
'
groups_l
'
)
'shared_ip'
,
'owner'
,
'description'
,
'reverse'
,
'
list_groups
'
)
ordering
=
(
'hostname'
,
)
list_filter
=
(
'owner'
,
'vlan'
,
'groups'
)
search_fields
=
(
'hostname'
,
'description'
,
'ipv4'
,
'ipv6'
,
'mac'
)
...
...
@@ -21,7 +21,7 @@ class HostAdmin(admin.ModelAdmin):
inlines
=
(
RuleInline
,
RecordInline
)
@staticmethod
def
groups_l
(
instance
):
def
list_groups
(
instance
):
"""Returns instance's groups' names as a comma-separated list."""
names
=
[
group
.
name
for
group
in
instance
.
groups
.
all
()]
return
u', '
.
join
(
names
)
...
...
@@ -43,36 +43,39 @@ class RuleAdmin(admin.ModelAdmin):
list_filter
=
(
'r_type'
,
'vlan'
,
'owner'
,
'direction'
,
'accept'
,
'proto'
,
'nat'
)
def
color_desc
(
self
,
instance
):
@staticmethod
def
color_desc
(
instance
):
"""Returns a colorful description of the instance."""
para
=
'</span>'
if
instance
.
dport
:
para
=
'dport=
%
s
%
s'
%
(
instance
.
dport
,
para
)
if
instance
.
sport
:
para
=
'sport=
%
s
%
s'
%
(
instance
.
sport
,
para
)
if
instance
.
proto
:
para
=
'proto=
%
s
%
s'
%
(
instance
.
proto
,
para
)
para
=
u'<span style="color: #00FF00;">'
+
para
return
(
u'<span style="color: #FF0000;">[
%
s]</span> '
%
instance
.
r_type
+
(
u'
%
s<span style="color: #0000FF;"> ▸ </span>
%
s'
%
((
instance
.
foreign_network
.
name
,
instance
.
r_type
)
if
instance
.
direction
==
'1'
else
(
instance
.
r_type
,
instance
.
foreign_network
.
name
)))
+
' '
+
para
+
' '
+
instance
.
description
)
return
(
u'<span style="color: #FF0000;">[
%(type)
s]</span> '
u'
%(src)
s<span style="color: #0000FF;"> ▸ </span>
%(dst)
s '
u'
%(para)
s
%(desc)
s'
)
%
{
'type'
:
instance
.
r_type
,
'src'
:
(
instance
.
foreign_network
.
name
if
instance
.
direction
==
'1'
else
instance
.
r_type
),
'dst'
:
(
instance
.
r_type
if
instance
.
direction
==
'1'
else
instance
.
foreign_network
.
name
),
'para'
:
(
u'<span style="color: #00FF00;">'
+
((
'proto=
%
s '
%
instance
.
proto
)
if
instance
.
proto
else
''
)
+
((
'sport=
%
s '
%
instance
.
sport
)
if
instance
.
sport
else
''
)
+
((
'dport=
%
s '
%
instance
.
dport
)
if
instance
.
dport
else
''
)
+
'</span>'
),
'desc'
:
instance
.
description
}
color_desc
.
allow_tags
=
True
def
vlan_l
(
self
,
instance
):
@staticmethod
def
vlan_l
(
instance
):
"""Returns instance's VLANs' names as a comma-separated list."""
retval
=
[]
for
vlan
in
instance
.
foreign_network
.
vlans
.
all
():
retval
.
append
(
vlan
.
name
)
return
u', '
.
join
(
retval
)
names
=
[
vlan
.
name
for
vlan
in
instance
.
foreign_network
.
vlans
.
all
()]
return
u', '
.
join
(
names
)
def
used_in
(
self
,
instance
):
@staticmethod
def
used_in
(
instance
):
for
field
in
[
instance
.
vlan
,
instance
.
vlangroup
,
instance
.
host
,
instance
.
hostgroup
,
instance
.
firewall
]:
if
field
is
not
None
:
if
field
:
return
unicode
(
field
)
+
' '
+
field
.
_meta
.
object_name
...
...
@@ -92,15 +95,15 @@ class DomainAdmin(admin.ModelAdmin):
class
RecordAdmin
(
admin
.
ModelAdmin
):
list_display
=
(
'name_'
,
'type'
,
'address_'
,
'ttl'
,
'host'
,
'owner'
)
def
address_
(
self
,
instance
):
@staticmethod
def
address_
(
instance
):
a
=
instance
.
get_data
()
if
a
:
return
a
[
'address'
]
return
a
[
'address'
]
if
a
else
None
def
name_
(
self
,
instance
):
@staticmethod
def
name_
(
instance
):
a
=
instance
.
get_data
()
if
a
:
return
a
[
'name'
]
return
a
[
'name'
]
if
a
else
None
class
BlacklistAdmin
(
admin
.
ModelAdmin
):
list_display
=
(
'ipv4'
,
'reason'
,
'created_at'
,
'modified_at'
)
...
...
firewall/fields.py
View file @
5a892e40
...
...
@@ -2,6 +2,7 @@ from django.core.exceptions import ValidationError
from
django.forms
import
fields
from
django.db
import
models
from
django.utils.translation
import
ugettext_lazy
as
_
from
django.utils.ipv6
import
is_valid_ipv6_address
from
south.modelsinspector
import
add_introspection_rules
import
re
...
...
@@ -35,26 +36,46 @@ class MACAddressField(models.Field):
add_introspection_rules
([],
[
"firewall
\
.fields
\
.MACAddressField"
])
def
val_alfanum
(
value
):
"""Check whether the parameter is a valid alphanumeric value."""
if
alfanum_re
.
search
(
value
)
is
None
:
raise
ValidationError
(
_
(
u'
%
s - only letters, numbers, underscores and hyphens are '
'allowed!'
)
%
value
)
"""Validate whether the parameter is a valid alphanumeric value."""
if
alfanum_re
.
match
(
value
)
is
None
:
raise
ValidationError
(
_
(
u'
%
s - only letters, numbers, underscores '
'and hyphens are allowed!'
)
%
value
)
def
is_valid_domain
(
value
):
"""Check whether the parameter is a valid domain name."""
return
domain_re
.
match
(
value
)
is
not
None
def
val_domain
(
value
):
"""Check wheter the parameter is a valid domin."""
if
domain_re
.
search
(
value
)
is
None
:
raise
ValidationError
(
_
(
u'
%
s - invalid domain'
)
%
value
)
"""Validate whether the parameter is a valid domin name."""
if
not
is_valid_domain
(
value
):
raise
ValidationError
(
_
(
u'
%
s - invalid domain name'
)
%
value
)
def
is_valid_reverse_domain
(
value
):
"""Check whether the parameter is a valid reverse domain name."""
return
reverse_domain_re
.
match
(
value
)
is
not
None
def
val_reverse_domain
(
value
):
"""Check whether the parameter is a valid reverse domain."""
if
not
reverse_domain_re
.
search
(
value
):
raise
ValidationError
(
u'
%
s - reverse domain'
%
value
)
"""Validate whether the parameter is a valid reverse domain name."""
if
not
is_valid_reverse_domain
(
value
):
raise
ValidationError
(
u'
%
s - invalid reverse domain name'
%
value
)
def
is_valid_ipv4_address
(
value
):
"""Check whether the parameter is a valid IPv4 address."""
return
ipv4_re
.
match
(
value
)
is
not
None
def
val_ipv4
(
value
):
"""Validate whether the parameter is a valid IPv4 address."""
if
not
is_valid_ipv4_address
(
value
):
raise
ValidationError
(
_
(
u'
%
s - not an IPv4 address'
)
%
value
)
def
val_ipv6
(
value
):
"""Validate whether the parameter is a valid IPv6 address."""
if
not
is_valid_ipv6_address
(
value
):
raise
ValidationError
(
_
(
u'
%
s - not an IPv6 address'
)
%
value
)
def
ipv4_2_ipv6
(
ipv4
):
"""Convert IPv4 address string to IPv6 address string."""
val_ipv4
(
ipv4
)
m
=
ipv4_re
.
match
(
ipv4
)
if
m
is
None
:
raise
ValidationError
(
_
(
u'
%
s - not an IPv4 address'
)
%
ipv4
)
return
(
"2001:738:2001:4031:
%
s:
%
s:
%
s:0"
%
(
m
.
group
(
1
),
m
.
group
(
2
),
m
.
group
(
3
)))
firewall/fw.py
View file @
5a892e40
...
...
@@ -36,10 +36,11 @@ class firewall:
def
iptables
(
self
,
s
):
"""Append rule."""
"""Append rule
to filter table
."""
self
.
RULES
.
append
(
s
)
def
iptablesnat
(
self
,
s
):
"""Append rule to NAT table."""
self
.
RULES_NAT
.
append
(
s
)
def
host2vlan
(
self
,
host
,
rule
):
...
...
firewall/models.py
View file @
5a892e40
This diff is collapsed.
Click to expand it.
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment