Skip to content
Toggle navigation
P
Projects
G
Groups
S
Snippets
Help
CIRCLE
/
cloud
This project
Loading...
Sign in
Toggle navigation
Go to a project
Project
Repository
Issues
94
Merge Requests
10
Pipelines
Wiki
Snippets
Members
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Commit
5a892e40
authored
Feb 26, 2013
by
Dudás Ádám
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
firewall: moar readability
parent
a47e41cb
Expand all
Hide whitespace changes
Inline
Side-by-side
Showing
5 changed files
with
167 additions
and
135 deletions
+167
-135
cloud/settings.py
+9
-10
firewall/admin.py
+34
-31
firewall/fields.py
+34
-13
firewall/fw.py
+2
-1
firewall/models.py
+88
-80
No files found.
cloud/settings.py
View file @
5a892e40
...
@@ -189,18 +189,17 @@ CELERY_ROUTES = {
...
@@ -189,18 +189,17 @@ CELERY_ROUTES = {
}
}
store_settings
=
{
store_settings
=
{
"basic_auth"
:
"True"
,
"basic_auth"
:
"True"
,
"verify_ssl"
:
"False"
,
"verify_ssl"
:
"False"
,
"ssl_auth"
:
"False"
,
"ssl_auth"
:
"False"
,
"store_client_pass"
:
"IQu8Eice"
,
"store_client_pass"
:
"IQu8Eice"
,
"store_client_user"
:
"admin"
,
"store_client_user"
:
"admin"
,
"store_client_key"
:
"/opt/webadmin/cloud/client.key"
,
"store_client_key"
:
"/opt/webadmin/cloud/client.key"
,
"store_client_cert"
:
"/opt/webadmin/cloud/client.crt"
,
"store_client_cert"
:
"/opt/webadmin/cloud/client.crt"
,
"store_url"
:
"http://localhost:9000"
,
"store_url"
:
"http://localhost:9000"
,
"store_public"
:
"store.ik.bme.hu"
,
"store_public"
:
"store.ik.bme.hu"
,
}
}
firewall_settings
=
{
firewall_settings
=
{
"default_vlangroup"
:
"publikus"
,
"default_vlangroup"
:
"publikus"
,
"reload_sleep"
:
"10"
,
"reload_sleep"
:
"10"
,
...
...
firewall/admin.py
View file @
5a892e40
...
@@ -13,7 +13,7 @@ class RecordInline(contrib.admin.TabularInline):
...
@@ -13,7 +13,7 @@ class RecordInline(contrib.admin.TabularInline):
class
HostAdmin
(
admin
.
ModelAdmin
):
class
HostAdmin
(
admin
.
ModelAdmin
):
list_display
=
(
'hostname'
,
'vlan'
,
'ipv4'
,
'ipv6'
,
'pub_ipv4'
,
'mac'
,
list_display
=
(
'hostname'
,
'vlan'
,
'ipv4'
,
'ipv6'
,
'pub_ipv4'
,
'mac'
,
'shared_ip'
,
'owner'
,
'description'
,
'reverse'
,
'
groups_l
'
)
'shared_ip'
,
'owner'
,
'description'
,
'reverse'
,
'
list_groups
'
)
ordering
=
(
'hostname'
,
)
ordering
=
(
'hostname'
,
)
list_filter
=
(
'owner'
,
'vlan'
,
'groups'
)
list_filter
=
(
'owner'
,
'vlan'
,
'groups'
)
search_fields
=
(
'hostname'
,
'description'
,
'ipv4'
,
'ipv6'
,
'mac'
)
search_fields
=
(
'hostname'
,
'description'
,
'ipv4'
,
'ipv6'
,
'mac'
)
...
@@ -21,7 +21,7 @@ class HostAdmin(admin.ModelAdmin):
...
@@ -21,7 +21,7 @@ class HostAdmin(admin.ModelAdmin):
inlines
=
(
RuleInline
,
RecordInline
)
inlines
=
(
RuleInline
,
RecordInline
)
@staticmethod
@staticmethod
def
groups_l
(
instance
):
def
list_groups
(
instance
):
"""Returns instance's groups' names as a comma-separated list."""
"""Returns instance's groups' names as a comma-separated list."""
names
=
[
group
.
name
for
group
in
instance
.
groups
.
all
()]
names
=
[
group
.
name
for
group
in
instance
.
groups
.
all
()]
return
u', '
.
join
(
names
)
return
u', '
.
join
(
names
)
...
@@ -43,36 +43,39 @@ class RuleAdmin(admin.ModelAdmin):
...
@@ -43,36 +43,39 @@ class RuleAdmin(admin.ModelAdmin):
list_filter
=
(
'r_type'
,
'vlan'
,
'owner'
,
'direction'
,
'accept'
,
list_filter
=
(
'r_type'
,
'vlan'
,
'owner'
,
'direction'
,
'accept'
,
'proto'
,
'nat'
)
'proto'
,
'nat'
)
def
color_desc
(
self
,
instance
):
@staticmethod
def
color_desc
(
instance
):
"""Returns a colorful description of the instance."""
"""Returns a colorful description of the instance."""
para
=
'</span>'
return
(
u'<span style="color: #FF0000;">[
%(type)
s]</span> '
if
instance
.
dport
:
u'
%(src)
s<span style="color: #0000FF;"> ▸ </span>
%(dst)
s '
para
=
'dport=
%
s
%
s'
%
(
instance
.
dport
,
para
)
u'
%(para)
s
%(desc)
s'
)
%
{
if
instance
.
sport
:
'type'
:
instance
.
r_type
,
para
=
'sport=
%
s
%
s'
%
(
instance
.
sport
,
para
)
'src'
:
(
instance
.
foreign_network
.
name
if
instance
.
proto
:
if
instance
.
direction
==
'1'
else
instance
.
r_type
),
para
=
'proto=
%
s
%
s'
%
(
instance
.
proto
,
para
)
'dst'
:
(
instance
.
r_type
if
instance
.
direction
==
'1'
para
=
u'<span style="color: #00FF00;">'
+
para
else
instance
.
foreign_network
.
name
),
return
(
'para'
:
(
u'<span style="color: #00FF00;">'
+
u'<span style="color: #FF0000;">[
%
s]</span> '
%
instance
.
r_type
+
((
'proto=
%
s '
%
instance
.
proto
)
(
u'
%
s<span style="color: #0000FF;"> ▸ </span>
%
s'
%
if
instance
.
proto
else
''
)
+
((
instance
.
foreign_network
.
name
,
instance
.
r_type
)
((
'sport=
%
s '
%
instance
.
sport
)
if
instance
.
direction
==
'1'
else
if
instance
.
sport
else
''
)
+
(
instance
.
r_type
,
instance
.
foreign_network
.
name
)))
+
((
'dport=
%
s '
%
instance
.
dport
)
' '
+
para
+
' '
+
instance
.
description
)
if
instance
.
dport
else
''
)
+
'</span>'
),
'desc'
:
instance
.
description
}
color_desc
.
allow_tags
=
True
color_desc
.
allow_tags
=
True
def
vlan_l
(
self
,
instance
):
@staticmethod
def
vlan_l
(
instance
):
"""Returns instance's VLANs' names as a comma-separated list."""
"""Returns instance's VLANs' names as a comma-separated list."""
retval
=
[]
names
=
[
vlan
.
name
for
vlan
in
instance
.
foreign_network
.
vlans
.
all
()]
for
vlan
in
instance
.
foreign_network
.
vlans
.
all
():
return
u', '
.
join
(
names
)
retval
.
append
(
vlan
.
name
)
return
u', '
.
join
(
retval
)
def
used_in
(
self
,
instance
):
@staticmethod
def
used_in
(
instance
):
for
field
in
[
instance
.
vlan
,
instance
.
vlangroup
,
instance
.
host
,
for
field
in
[
instance
.
vlan
,
instance
.
vlangroup
,
instance
.
host
,
instance
.
hostgroup
,
instance
.
firewall
]:
instance
.
hostgroup
,
instance
.
firewall
]:
if
field
is
not
None
:
if
field
:
return
unicode
(
field
)
+
' '
+
field
.
_meta
.
object_name
return
unicode
(
field
)
+
' '
+
field
.
_meta
.
object_name
...
@@ -92,15 +95,15 @@ class DomainAdmin(admin.ModelAdmin):
...
@@ -92,15 +95,15 @@ class DomainAdmin(admin.ModelAdmin):
class
RecordAdmin
(
admin
.
ModelAdmin
):
class
RecordAdmin
(
admin
.
ModelAdmin
):
list_display
=
(
'name_'
,
'type'
,
'address_'
,
'ttl'
,
'host'
,
'owner'
)
list_display
=
(
'name_'
,
'type'
,
'address_'
,
'ttl'
,
'host'
,
'owner'
)
def
address_
(
self
,
instance
):
@staticmethod
def
address_
(
instance
):
a
=
instance
.
get_data
()
a
=
instance
.
get_data
()
if
a
:
return
a
[
'address'
]
if
a
else
None
return
a
[
'address'
]
def
name_
(
self
,
instance
):
@staticmethod
def
name_
(
instance
):
a
=
instance
.
get_data
()
a
=
instance
.
get_data
()
if
a
:
return
a
[
'name'
]
if
a
else
None
return
a
[
'name'
]
class
BlacklistAdmin
(
admin
.
ModelAdmin
):
class
BlacklistAdmin
(
admin
.
ModelAdmin
):
list_display
=
(
'ipv4'
,
'reason'
,
'created_at'
,
'modified_at'
)
list_display
=
(
'ipv4'
,
'reason'
,
'created_at'
,
'modified_at'
)
...
...
firewall/fields.py
View file @
5a892e40
...
@@ -2,6 +2,7 @@ from django.core.exceptions import ValidationError
...
@@ -2,6 +2,7 @@ from django.core.exceptions import ValidationError
from
django.forms
import
fields
from
django.forms
import
fields
from
django.db
import
models
from
django.db
import
models
from
django.utils.translation
import
ugettext_lazy
as
_
from
django.utils.translation
import
ugettext_lazy
as
_
from
django.utils.ipv6
import
is_valid_ipv6_address
from
south.modelsinspector
import
add_introspection_rules
from
south.modelsinspector
import
add_introspection_rules
import
re
import
re
...
@@ -35,26 +36,46 @@ class MACAddressField(models.Field):
...
@@ -35,26 +36,46 @@ class MACAddressField(models.Field):
add_introspection_rules
([],
[
"firewall
\
.fields
\
.MACAddressField"
])
add_introspection_rules
([],
[
"firewall
\
.fields
\
.MACAddressField"
])
def
val_alfanum
(
value
):
def
val_alfanum
(
value
):
"""Check whether the parameter is a valid alphanumeric value."""
"""Validate whether the parameter is a valid alphanumeric value."""
if
alfanum_re
.
search
(
value
)
is
None
:
if
alfanum_re
.
match
(
value
)
is
None
:
raise
ValidationError
(
raise
ValidationError
(
_
(
u'
%
s - only letters, numbers, underscores '
_
(
u'
%
s - only letters, numbers, underscores and hyphens are '
'and hyphens are allowed!'
)
%
value
)
'allowed!'
)
%
value
)
def
is_valid_domain
(
value
):
"""Check whether the parameter is a valid domain name."""
return
domain_re
.
match
(
value
)
is
not
None
def
val_domain
(
value
):
def
val_domain
(
value
):
"""Check wheter the parameter is a valid domin."""
"""Validate whether the parameter is a valid domin name."""
if
domain_re
.
search
(
value
)
is
None
:
if
not
is_valid_domain
(
value
):
raise
ValidationError
(
_
(
u'
%
s - invalid domain'
)
%
value
)
raise
ValidationError
(
_
(
u'
%
s - invalid domain name'
)
%
value
)
def
is_valid_reverse_domain
(
value
):
"""Check whether the parameter is a valid reverse domain name."""
return
reverse_domain_re
.
match
(
value
)
is
not
None
def
val_reverse_domain
(
value
):
def
val_reverse_domain
(
value
):
"""Check whether the parameter is a valid reverse domain."""
"""Validate whether the parameter is a valid reverse domain name."""
if
not
reverse_domain_re
.
search
(
value
):
if
not
is_valid_reverse_domain
(
value
):
raise
ValidationError
(
u'
%
s - reverse domain'
%
value
)
raise
ValidationError
(
u'
%
s - invalid reverse domain name'
%
value
)
def
is_valid_ipv4_address
(
value
):
"""Check whether the parameter is a valid IPv4 address."""
return
ipv4_re
.
match
(
value
)
is
not
None
def
val_ipv4
(
value
):
"""Validate whether the parameter is a valid IPv4 address."""
if
not
is_valid_ipv4_address
(
value
):
raise
ValidationError
(
_
(
u'
%
s - not an IPv4 address'
)
%
value
)
def
val_ipv6
(
value
):
"""Validate whether the parameter is a valid IPv6 address."""
if
not
is_valid_ipv6_address
(
value
):
raise
ValidationError
(
_
(
u'
%
s - not an IPv6 address'
)
%
value
)
def
ipv4_2_ipv6
(
ipv4
):
def
ipv4_2_ipv6
(
ipv4
):
"""Convert IPv4 address string to IPv6 address string."""
"""Convert IPv4 address string to IPv6 address string."""
val_ipv4
(
ipv4
)
m
=
ipv4_re
.
match
(
ipv4
)
m
=
ipv4_re
.
match
(
ipv4
)
if
m
is
None
:
raise
ValidationError
(
_
(
u'
%
s - not an IPv4 address'
)
%
ipv4
)
return
(
"2001:738:2001:4031:
%
s:
%
s:
%
s:0"
%
return
(
"2001:738:2001:4031:
%
s:
%
s:
%
s:0"
%
(
m
.
group
(
1
),
m
.
group
(
2
),
m
.
group
(
3
)))
(
m
.
group
(
1
),
m
.
group
(
2
),
m
.
group
(
3
)))
firewall/fw.py
View file @
5a892e40
...
@@ -36,10 +36,11 @@ class firewall:
...
@@ -36,10 +36,11 @@ class firewall:
def
iptables
(
self
,
s
):
def
iptables
(
self
,
s
):
"""Append rule."""
"""Append rule
to filter table
."""
self
.
RULES
.
append
(
s
)
self
.
RULES
.
append
(
s
)
def
iptablesnat
(
self
,
s
):
def
iptablesnat
(
self
,
s
):
"""Append rule to NAT table."""
self
.
RULES_NAT
.
append
(
s
)
self
.
RULES_NAT
.
append
(
s
)
def
host2vlan
(
self
,
host
,
rule
):
def
host2vlan
(
self
,
host
,
rule
):
...
...
firewall/models.py
View file @
5a892e40
This diff is collapsed.
Click to expand it.
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment