Skip to content
Toggle navigation
P
Projects
G
Groups
S
Snippets
Help
CIRCLE
/
cloud
This project
Loading...
Sign in
Toggle navigation
Go to a project
Project
Repository
Issues
94
Merge Requests
10
Pipelines
Wiki
Snippets
Members
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Commit
5b10ba8a
authored
Aug 07, 2014
by
Bach Dániel
Committed by
Bach Dániel
Aug 12, 2014
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
firewall: trivial fixes
parent
9042d40f
Hide whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
13 additions
and
6 deletions
+13
-6
circle/firewall/fw.py
+3
-3
circle/firewall/iptables.py
+1
-1
circle/firewall/models.py
+3
-1
circle/firewall/templates/firewall/iptables.conf
+6
-1
No files found.
circle/firewall/fw.py
View file @
5b10ba8a
...
...
@@ -194,7 +194,7 @@ def generate_ptr_records():
# ipv6
if
host
.
ipv6
:
DNS
.
append
(
"^
%
s:
%
s:
%
s"
%
(
host
.
ipv6
.
reverse_dns
,
DNS
.
append
(
"^
%
s:
%
s:
%
s"
%
(
host
.
ipv6
.
reverse_dns
.
rstrip
(
'.'
)
,
reverse
,
settings
[
'dns_ttl'
]))
return
DNS
...
...
@@ -211,14 +211,14 @@ def generate_records():
'CNAME'
:
'C
%(fqdn)
s:
%(address)
s:
%(ttl)
s'
,
'MX'
:
'@
%(fqdn)
s::
%(address)
s:
%(dist)
s:
%(ttl)
s'
,
'PTR'
:
'^
%(fqdn)
s:
%(address)
s:
%(ttl)
s'
,
'TXT'
:
'
%(fqdn)
s:
%(octal)
s:
%(ttl)
s'
}
'TXT'
:
"'
%(fqdn)
s:
%(octal)
s:
%(ttl)
s"
}
retval
=
[]
for
r
in
Record
.
objects
.
all
():
params
=
{
'fqdn'
:
r
.
fqdn
,
'address'
:
r
.
address
,
'ttl'
:
r
.
ttl
}
if
r
.
type
==
'MX'
:
params
[
'
address'
],
params
[
'dist
'
]
=
r
.
address
.
split
(
':'
,
2
)
params
[
'
dist'
],
params
[
'address
'
]
=
r
.
address
.
split
(
':'
,
2
)
if
r
.
type
==
'AAAA'
:
try
:
params
[
'octal'
]
=
ipv6_to_octal
(
r
.
address
)
...
...
circle/firewall/iptables.py
View file @
5b10ba8a
...
...
@@ -22,7 +22,7 @@ from collections import OrderedDict
logger
=
logging
.
getLogger
()
ipv4_re
=
re
.
compile
(
r'
^
(25[0-5]|2[0-4]\d|[0-1]?\d?\d)(\.(25[0-5]|2[0-4]\d|[0-1]?\d?\d)){3}'
)
r'(25[0-5]|2[0-4]\d|[0-1]?\d?\d)(\.(25[0-5]|2[0-4]\d|[0-1]?\d?\d)){3}'
)
class
InvalidRuleExcepion
(
Exception
):
...
...
circle/firewall/models.py
View file @
5b10ba8a
...
...
@@ -578,7 +578,7 @@ class Host(models.Model):
# update existing records
affected_records
=
Record
.
objects
.
filter
(
host
=
self
,
name
=
self
.
hostname
,
type
=
'A'
)
.
update
(
address
=
self
.
ipv4
)
type
=
'A'
)
.
update
(
address
=
ipv4
)
# create new record
if
affected_records
==
0
:
Record
(
host
=
self
,
...
...
@@ -714,6 +714,8 @@ class Host(models.Model):
:type proto: str.
"""
assert
proto
in
(
'ipv6'
,
'ipv4'
,
)
if
self
.
reverse
:
return
self
.
reverse
try
:
if
proto
==
'ipv6'
:
res
=
self
.
record_set
.
filter
(
type
=
'AAAA'
,
...
...
circle/firewall/templates/firewall/iptables.conf
View file @
5b10ba8a
...
...
@@ -35,7 +35,7 @@ COMMIT
{%
if
proto
==
"ipv4"
%}
-
A
FORWARD
-
p
icmp
--
icmp
-
type
echo
-
request
-
g
LOG_ACC
{%
else
%}
-
A
FORWARD
-
p
icmpv6
-
-
icmpv6
-
type
echo
-
request
-
g
LOG_ACC
-
A
FORWARD
-
p
icmpv6
-
g
LOG_ACC
{%
endif
%}
# initialize INPUT chain
...
...
@@ -45,6 +45,11 @@ COMMIT
-
A
INPUT
-
m
state
--
state
INVALID
-
g
LOG_DROP
-
A
INPUT
-
i
lo
-
j
ACCEPT
-
A
INPUT
-
m
state
--
state
ESTABLISHED
,
RELATED
-
j
ACCEPT
{%
if
proto
==
"ipv4"
%}
-
A
INPUT
-
p
icmp
--
icmp
-
type
echo
-
request
-
g
LOG_ACC
{%
else
%}
-
A
INPUT
-
p
icmpv6
-
g
LOG_ACC
{%
endif
%}
# initialize OUTPUT chain
-
A
OUTPUT
-
m
state
--
state
INVALID
-
g
LOG_DROP
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment