firewall: trivial fixes

5b10ba8a · Bach Dániel · Bach Dániel · 9042d40f · 5b10ba8a · 5b10ba8a
Commit 5b10ba8a authored Aug 07, 2014 by Bach Dániel Committed by Bach Dániel Aug 12, 2014
Hide whitespace changes
Inline Side-by-side

Showing with 13 additions and 6 deletions

circle/firewall/fw.py
+3 -3

circle/firewall/iptables.py
+1 -1

circle/firewall/models.py
+3 -1

circle/firewall/templates/firewall/iptables.conf
+6 -1

No files found.
--- a/circle/firewall/fw.py
+++ b/circle/firewall/fw.py
@@ -194,7 +194,7 @@ def generate_ptr_records():

        # ipv6
        if host.ipv6:
-            DNS.append("^%s:%s:%s" % (host.ipv6.reverse_dns,
+            DNS.append("^%s:%s:%s" % (host.ipv6.reverse_dns.rstrip('.'),
                                      reverse, settings['dns_ttl']))

    return DNS
@@ -211,14 +211,14 @@ def generate_records():
             'CNAME': 'C%(fqdn)s:%(address)s:%(ttl)s',
             'MX': '@%(fqdn)s::%(address)s:%(dist)s:%(ttl)s',
             'PTR': '^%(fqdn)s:%(address)s:%(ttl)s',
-             'TXT': '%(fqdn)s:%(octal)s:%(ttl)s'}
+             'TXT': "'%(fqdn)s:%(octal)s:%(ttl)s"}

    retval = []

    for r in Record.objects.all():
        params = {'fqdn': r.fqdn, 'address': r.address, 'ttl': r.ttl}
        if r.type == 'MX':
-            params['address'], params['dist'] = r.address.split(':', 2)
+            params['dist'], params['address'] = r.address.split(':', 2)
        if r.type == 'AAAA':
            try:
                params['octal'] = ipv6_to_octal(r.address)

--- a/circle/firewall/iptables.py
+++ b/circle/firewall/iptables.py
@@ -22,7 +22,7 @@ from collections import OrderedDict
 logger = logging.getLogger()

 ipv4_re = re.compile(
-    r'^(25[0-5]|2[0-4]\d|[0-1]?\d?\d)(\.(25[0-5]|2[0-4]\d|[0-1]?\d?\d)){3}')
+    r'(25[0-5]|2[0-4]\d|[0-1]?\d?\d)(\.(25[0-5]|2[0-4]\d|[0-1]?\d?\d)){3}')


 class InvalidRuleExcepion(Exception):

--- a/circle/firewall/models.py
+++ b/circle/firewall/models.py
@@ -578,7 +578,7 @@ class Host(models.Model):
            # update existing records
            affected_records = Record.objects.filter(
                host=self, name=self.hostname,
-                type='A').update(address=self.ipv4)
+                type='A').update(address=ipv4)
            # create new record
            if affected_records == 0:
                Record(host=self,
@@ -714,6 +714,8 @@ class Host(models.Model):
        :type proto: str.
        """
        assert proto in ('ipv6', 'ipv4', )
+        if self.reverse:
+            return self.reverse
        try:
            if proto == 'ipv6':
                res = self.record_set.filter(type='AAAA',

--- a/circle/firewall/templates/firewall/iptables.conf
+++ b/circle/firewall/templates/firewall/iptables.conf
@@ -35,7 +35,7 @@ COMMIT
 {% if proto == "ipv4" %}
 -A FORWARD -p icmp --icmp-type echo-request -g LOG_ACC
 {% else %}
-A FORWARD -p icmpv6 --icmpv6-type echo-request -g LOG_ACC
+-A FORWARD -p icmpv6 -g LOG_ACC
 {% endif %}

 # initialize INPUT chain
@@ -45,6 +45,11 @@ COMMIT
 -A INPUT -m state --state INVALID -g LOG_DROP
 -A INPUT -i lo -j ACCEPT
 -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
+{% if proto == "ipv4" %}
+-A INPUT -p icmp --icmp-type echo-request -g LOG_ACC
+{% else %}
+-A INPUT -p icmpv6 -g LOG_ACC
+{% endif %}

 # initialize OUTPUT chain
 -A OUTPUT -m state --state INVALID -g LOG_DROP