Skip to content

CIRCLE / cloud

Go to a project
Commit 5a892e40 by Dudás Ádám
Options

firewall: moar readability

parent a47e41cb
Showing with 167 additions and 135 deletions
cloud/settings.py
...@@ -189,18 +189,17 @@ CELERY_ROUTES = { ...@@ -189,18 +189,17 @@ CELERY_ROUTES = {
} }
store_settings = { store_settings = {
"basic_auth": "True", "basic_auth": "True",
"verify_ssl": "False", "verify_ssl": "False",
"ssl_auth": "False", "ssl_auth": "False",
"store_client_pass": "IQu8Eice", "store_client_pass": "IQu8Eice",
"store_client_user": "admin", "store_client_user": "admin",
"store_client_key": "/opt/webadmin/cloud/client.key", "store_client_key": "/opt/webadmin/cloud/client.key",
"store_client_cert": "/opt/webadmin/cloud/client.crt", "store_client_cert": "/opt/webadmin/cloud/client.crt",
"store_url": "http://localhost:9000", "store_url": "http://localhost:9000",
"store_public": "store.ik.bme.hu", "store_public": "store.ik.bme.hu",
} }
firewall_settings = { firewall_settings = {
"default_vlangroup": "publikus", "default_vlangroup": "publikus",
"reload_sleep": "10", "reload_sleep": "10",
......
firewall/admin.py
...@@ -13,7 +13,7 @@ class RecordInline(contrib.admin.TabularInline): ...@@ -13,7 +13,7 @@ class RecordInline(contrib.admin.TabularInline):
class HostAdmin(admin.ModelAdmin): class HostAdmin(admin.ModelAdmin):
list_display = ('hostname', 'vlan', 'ipv4', 'ipv6', 'pub_ipv4', 'mac', list_display = ('hostname', 'vlan', 'ipv4', 'ipv6', 'pub_ipv4', 'mac',
'shared_ip', 'owner', 'description', 'reverse', 'groups_l') 'shared_ip', 'owner', 'description', 'reverse', 'list_groups')
ordering = ('hostname', ) ordering = ('hostname', )
list_filter = ('owner', 'vlan', 'groups') list_filter = ('owner', 'vlan', 'groups')
search_fields = ('hostname', 'description', 'ipv4', 'ipv6', 'mac') search_fields = ('hostname', 'description', 'ipv4', 'ipv6', 'mac')
...@@ -21,7 +21,7 @@ class HostAdmin(admin.ModelAdmin): ...@@ -21,7 +21,7 @@ class HostAdmin(admin.ModelAdmin):
inlines = (RuleInline, RecordInline) inlines = (RuleInline, RecordInline)
@staticmethod @staticmethod
def groups_l(instance): def list_groups(instance):
"""Returns instance's groups' names as a comma-separated list.""" """Returns instance's groups' names as a comma-separated list."""
names = [group.name for group in instance.groups.all()] names = [group.name for group in instance.groups.all()]
return u', '.join(names) return u', '.join(names)
...@@ -43,36 +43,39 @@ class RuleAdmin(admin.ModelAdmin): ...@@ -43,36 +43,39 @@ class RuleAdmin(admin.ModelAdmin):
list_filter = ('r_type', 'vlan', 'owner', 'direction', 'accept', list_filter = ('r_type', 'vlan', 'owner', 'direction', 'accept',
'proto', 'nat') 'proto', 'nat')
def color_desc(self, instance): @staticmethod
def color_desc(instance):
"""Returns a colorful description of the instance.""" """Returns a colorful description of the instance."""
para = '</span>' return (u'<span style="color: #FF0000;">[%(type)s]</span> '
if instance.dport: u'%(src)s<span style="color: #0000FF;"> ▸ </span>%(dst)s '
para = 'dport=%s %s' % (instance.dport, para) u'%(para)s %(desc)s') % {
if instance.sport: 'type': instance.r_type,
para = 'sport=%s %s' % (instance.sport, para) 'src': (instance.foreign_network.name
if instance.proto: if instance.direction == '1' else instance.r_type),
para = 'proto=%s %s' % (instance.proto, para) 'dst': (instance.r_type if instance.direction == '1'
para = u'<span style="color: #00FF00;">' + para else instance.foreign_network.name),
return ( 'para': (u'<span style="color: #00FF00;">' +
u'<span style="color: #FF0000;">[%s]</span> ' % instance.r_type + (('proto=%s ' % instance.proto)
(u'%s<span style="color: #0000FF;"> ▸ </span>%s' % if instance.proto else '') +
((instance.foreign_network.name, instance.r_type) (('sport=%s ' % instance.sport)
if instance.direction == '1' else if instance.sport else '') +
(instance.r_type, instance.foreign_network.name))) + (('dport=%s ' % instance.dport)
' ' + para + ' ' + instance.description) if instance.dport else '') +
'</span>'),
'desc': instance.description}
color_desc.allow_tags = True color_desc.allow_tags = True
def vlan_l(self, instance): @staticmethod
def vlan_l(instance):
"""Returns instance's VLANs' names as a comma-separated list.""" """Returns instance's VLANs' names as a comma-separated list."""
retval = [] names = [vlan.name for vlan in instance.foreign_network.vlans.all()]
for vlan in instance.foreign_network.vlans.all(): return u', '.join(names)
retval.append(vlan.name)
return u', '.join(retval)
def used_in(self, instance): @staticmethod
def used_in(instance):
for field in [instance.vlan, instance.vlangroup, instance.host, for field in [instance.vlan, instance.vlangroup, instance.host,
instance.hostgroup, instance.firewall]: instance.hostgroup, instance.firewall]:
if field is not None: if field:
return unicode(field) + ' ' + field._meta.object_name return unicode(field) + ' ' + field._meta.object_name
...@@ -92,15 +95,15 @@ class DomainAdmin(admin.ModelAdmin): ...@@ -92,15 +95,15 @@ class DomainAdmin(admin.ModelAdmin):
class RecordAdmin(admin.ModelAdmin): class RecordAdmin(admin.ModelAdmin):
list_display = ('name_', 'type', 'address_', 'ttl', 'host', 'owner') list_display = ('name_', 'type', 'address_', 'ttl', 'host', 'owner')
def address_(self, instance): @staticmethod
def address_(instance):
a = instance.get_data() a = instance.get_data()
if a: return a['address'] if a else None
return a['address']
def name_(self, instance): @staticmethod
def name_(instance):
a = instance.get_data() a = instance.get_data()
if a: return a['name'] if a else None
return a['name']
class BlacklistAdmin(admin.ModelAdmin): class BlacklistAdmin(admin.ModelAdmin):
list_display = ('ipv4', 'reason', 'created_at', 'modified_at') list_display = ('ipv4', 'reason', 'created_at', 'modified_at')
......
firewall/fields.py
...@@ -2,6 +2,7 @@ from django.core.exceptions import ValidationError ...@@ -2,6 +2,7 @@ from django.core.exceptions import ValidationError
from django.forms import fields from django.forms import fields
from django.db import models from django.db import models
from django.utils.translation import ugettext_lazy as _ from django.utils.translation import ugettext_lazy as _
from django.utils.ipv6 import is_valid_ipv6_address
from south.modelsinspector import add_introspection_rules from south.modelsinspector import add_introspection_rules
import re import re
...@@ -35,26 +36,46 @@ class MACAddressField(models.Field): ...@@ -35,26 +36,46 @@ class MACAddressField(models.Field):
add_introspection_rules([], ["firewall\.fields\.MACAddressField"]) add_introspection_rules([], ["firewall\.fields\.MACAddressField"])
def val_alfanum(value): def val_alfanum(value):
"""Check whether the parameter is a valid alphanumeric value.""" """Validate whether the parameter is a valid alphanumeric value."""
if alfanum_re.search(value) is None: if alfanum_re.match(value) is None:
raise ValidationError( raise ValidationError(_(u'%s - only letters, numbers, underscores '
_(u'%s - only letters, numbers, underscores and hyphens are ' 'and hyphens are allowed!') % value)
'allowed!') % value)
def is_valid_domain(value):
"""Check whether the parameter is a valid domain name."""
return domain_re.match(value) is not None
def val_domain(value): def val_domain(value):
"""Check wheter the parameter is a valid domin.""" """Validate whether the parameter is a valid domin name."""
if domain_re.search(value) is None: if not is_valid_domain(value):
raise ValidationError(_(u'%s - invalid domain') % value) raise ValidationError(_(u'%s - invalid domain name') % value)
def is_valid_reverse_domain(value):
"""Check whether the parameter is a valid reverse domain name."""
return reverse_domain_re.match(value) is not None
def val_reverse_domain(value): def val_reverse_domain(value):
"""Check whether the parameter is a valid reverse domain.""" """Validate whether the parameter is a valid reverse domain name."""
if not reverse_domain_re.search(value): if not is_valid_reverse_domain(value):
raise ValidationError(u'%s - reverse domain' % value) raise ValidationError(u'%s - invalid reverse domain name' % value)
def is_valid_ipv4_address(value):
"""Check whether the parameter is a valid IPv4 address."""
return ipv4_re.match(value) is not None
def val_ipv4(value):
"""Validate whether the parameter is a valid IPv4 address."""
if not is_valid_ipv4_address(value):
raise ValidationError(_(u'%s - not an IPv4 address') % value)
def val_ipv6(value):
"""Validate whether the parameter is a valid IPv6 address."""
if not is_valid_ipv6_address(value):
raise ValidationError(_(u'%s - not an IPv6 address') % value)
def ipv4_2_ipv6(ipv4): def ipv4_2_ipv6(ipv4):
"""Convert IPv4 address string to IPv6 address string.""" """Convert IPv4 address string to IPv6 address string."""
val_ipv4(ipv4)
m = ipv4_re.match(ipv4) m = ipv4_re.match(ipv4)
if m is None:
raise ValidationError(_(u'%s - not an IPv4 address') % ipv4)
return ("2001:738:2001:4031:%s:%s:%s:0" % return ("2001:738:2001:4031:%s:%s:%s:0" %
(m.group(1), m.group(2), m.group(3))) (m.group(1), m.group(2), m.group(3)))
firewall/fw.py
...@@ -36,10 +36,11 @@ class firewall: ...@@ -36,10 +36,11 @@ class firewall:
def iptables(self, s): def iptables(self, s):
"""Append rule.""" """Append rule to filter table."""
self.RULES.append(s) self.RULES.append(s)
def iptablesnat(self, s): def iptablesnat(self, s):
"""Append rule to NAT table."""
self.RULES_NAT.append(s) self.RULES_NAT.append(s)
def host2vlan(self, host, rule): def host2vlan(self, host, rule):
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or sign in to comment