Commit 8dc2613b by x

firewall: configurable reverse, cnames, optional ipv6

parent 40c3495c
......@@ -3,7 +3,7 @@ from firewall.models import *
class HostAdmin(admin.ModelAdmin):
list_display = ('hostname', 'vlan', 'ipv4', 'ipv6', 'pub_ipv4', 'mac', 'shared_ip', 'owner', 'groups_l', 'rules_l', 'description')
list_display = ('hostname', 'vlan', 'ipv4', 'ipv6', 'pub_ipv4', 'mac', 'shared_ip', 'owner', 'groups_l', 'rules_l', 'description', 'reverse')
ordering = ('hostname',)
list_filter = ('owner', 'vlan', 'groups')
search_fields = ('hostname', 'description', 'ipv4', 'ipv6', 'mac')
......@@ -17,9 +17,14 @@ class RuleAdmin(admin.ModelAdmin):
list_display = ('r_type', 'color_desc', 'description', 'vlan_l', 'owner', 'extra', 'direction', 'accept', 'proto', 'sport', 'dport', 'nat', 'nat_dport')
list_filter = ('r_type', 'vlan', 'owner', 'direction', 'accept', 'proto', 'nat')
class AliasAdmin(admin.ModelAdmin):
list_display = ('alias', 'host')
admin.site.register(Host, HostAdmin)
admin.site.register(Vlan, VlanAdmin)
admin.site.register(Rule, RuleAdmin)
admin.site.register(Alias, AliasAdmin)
admin.site.register(Group)
admin.site.register(Firewall)
......@@ -37,7 +37,7 @@ class firewall:
self.SZABALYOK_NAT.append(s)
def host2vlan(self, host, rule):
if(self.IPV6):
if(self.IPV6 and host.ipv6):
ipaddr = host.ipv6 + "/112"
else:
ipaddr = host.ipv4
......@@ -343,11 +343,16 @@ def dns():
ipv4 = ( i_host.pub_ipv4 if i_host.pub_ipv4 and not i_host.shared_ip else i_host.ipv4 )
m2 = regex.search(ipv4)
# ipv4
DNS.append("=%s.%s:%s:600::\n" % (i_host.hostname, i_vlan.domain, ipv4))
DNS.append("^%s.dns1.%s.%s.%s.in-addr.arpa:%s.%s:600::\n" % (m2.group(4), m2.group(3), m2.group(2), m2.group(1), i_host.hostname, i_vlan.domain))
DNS.append("+%s:%s:600::\n" % (i_host.hostname + u'.' + i_vlan.domain, ipv4))
DNS.append("^%s.%s.%s.%s.in-addr.arpa:%s:600::\n" % (m2.group(4), m2.group(3), m2.group(2), m2.group(1), i_host.reverse if(i_host.reverse and len(i_host.reverse)) else i_host.hostname + u'.' + i_vlan.domain))
DNS.append("^%s.dns1.%s.%s.%s.in-addr.arpa:%s:600::\n" % (m2.group(4), m2.group(3), m2.group(2), m2.group(1), i_host.reverse if(i_host.reverse and len(i_host.reverse)) else i_host.hostname + u'.' + i_vlan.domain))
# ipv6
DNS.append(":%s.%s:28:%s:600\n" % (i_host.hostname, i_vlan.domain, ipv6_to_octal(i_host.ipv6)))
DNS.append("^%s:%s.%s:600::\n" % (ipv6_to_arpa(i_host.ipv6), i_host.hostname, i_vlan.domain))
if i_host.ipv6:
DNS.append(":%s:28:%s:600\n" % (i_host.hostname + u'.' + i_vlan.domain, ipv6_to_octal(i_host.ipv6)))
DNS.append("^%s:%s:600::\n" % (ipv6_to_arpa(i_host.ipv6), i_host.reverse if(i_host.reverse and len(i_host.reverse)) else i_host.hostname + u'.' + i_vlan.domain))
# cname
for i_alias in i_host.alias_set.all():
DNS.append("C%s:%s.%s:600\n" % (i_alias.alias, i_host.hostname, i_vlan.domain))
process = subprocess.Popen(['/usr/bin/ssh', 'tinydns@%s' % DNS_SERVER], shell=False, stdin=subprocess.PIPE)
process.communicate("\n".join(DNS)+"\n")
......
......@@ -97,12 +97,19 @@ class Group(models.Model):
def __unicode__(self):
return self.name
class Alias(models.Model):
host = models.ForeignKey('Host')
alias = models.CharField(max_length=40, unique=True, validators=[val_domain])
class Meta:
verbose_name_plural = 'aliases'
class Host(models.Model):
hostname = models.CharField(max_length=40, unique=True, validators=[val_alfanum])
reverse = models.CharField(max_length=40, validators=[val_domain], blank=True, null=True)
mac = MACAddressField(unique=True)
ipv4 = models.GenericIPAddressField(protocol='ipv4', unique=True)
pub_ipv4 = models.GenericIPAddressField(protocol='ipv4', blank=True, null=True)
ipv6 = models.GenericIPAddressField(protocol='ipv6', unique=True, blank=True)
ipv6 = models.GenericIPAddressField(protocol='ipv6', unique=True, blank=True, null=True)
shared_ip = models.BooleanField(default=False)
description = models.TextField(blank=True)
comment = models.TextField(blank=True)
......@@ -115,7 +122,7 @@ class Host(models.Model):
def __unicode__(self):
return self.hostname
def save(self, *args, **kwargs):
if not self.id and not self.ipv6:
if not self.id and self.ipv6 == "auto":
self.ipv6 = ipv4_2_ipv6(self.ipv4)
if not self.shared_ip and self.pub_ipv4 and Host.objects.exclude(id=self.id).filter(pub_ipv4=self.pub_ipv4):
raise ValidationError("Ha a shared_ip be van pipalva, akkor egyedinek kell lennie a pub_ipv4-nek!")
......@@ -138,7 +145,7 @@ class Host(models.Model):
def add_port(self, proto, public, private):
proto = "tcp" if (proto == "tcp") else "udp"
if public < 1024:
if public < 1024:
raise ValidationError("Csak az 1024 feletti portok hasznalhatok")
for host in Host.objects.filter(pub_ipv4=self.pub_ipv4):
if host.rules.filter(nat=True, proto=proto, dport=public):
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or sign in to comment