firewall: configurable reverse, cnames, optional ipv6

8dc2613b · x · 40c3495c · 8dc2613b · 8dc2613b · 8dc2613b
Commit 8dc2613b authored Jan 25, 2013 by x
7 changed files
--- a/firewall/admin.py
+++ b/firewall/admin.py
@@ -3,7 +3,7 @@ from firewall.models import *


 class HostAdmin(admin.ModelAdmin):
-    list_display = ('hostname', 'vlan', 'ipv4', 'ipv6', 'pub_ipv4', 'mac', 'shared_ip', 'owner', 'groups_l', 'rules_l', 'description')
+    list_display = ('hostname', 'vlan', 'ipv4', 'ipv6', 'pub_ipv4', 'mac', 'shared_ip', 'owner', 'groups_l', 'rules_l', 'description', 'reverse')
    ordering = ('hostname',)
    list_filter = ('owner', 'vlan', 'groups')
    search_fields = ('hostname', 'description', 'ipv4', 'ipv6', 'mac')
@@ -17,9 +17,14 @@ class RuleAdmin(admin.ModelAdmin):
    list_display = ('r_type', 'color_desc', 'description', 'vlan_l', 'owner', 'extra', 'direction', 'accept', 'proto', 'sport', 'dport', 'nat', 'nat_dport')
    list_filter = ('r_type', 'vlan', 'owner', 'direction', 'accept', 'proto', 'nat')

+class AliasAdmin(admin.ModelAdmin):
+        list_display = ('alias', 'host')
+
+
 admin.site.register(Host, HostAdmin)
 admin.site.register(Vlan, VlanAdmin)
 admin.site.register(Rule, RuleAdmin)
+admin.site.register(Alias, AliasAdmin)
 admin.site.register(Group)
 admin.site.register(Firewall)

--- a/firewall/fw.py
+++ b/firewall/fw.py
@@ -37,7 +37,7 @@ class firewall:
        self.SZABALYOK_NAT.append(s)

    def host2vlan(self, host, rule):
-        if(self.IPV6):
+        if(self.IPV6 and host.ipv6):
            ipaddr = host.ipv6 + "/112"
        else:
            ipaddr = host.ipv4
@@ -343,11 +343,16 @@ def dns():
            ipv4 = ( i_host.pub_ipv4 if i_host.pub_ipv4 and not i_host.shared_ip else i_host.ipv4 )
            m2 = regex.search(ipv4)
            # ipv4
-            DNS.append("=%s.%s:%s:600::\n" % (i_host.hostname, i_vlan.domain, ipv4))
-            DNS.append("^%s.dns1.%s.%s.%s.in-addr.arpa:%s.%s:600::\n" % (m2.group(4), m2.group(3), m2.group(2), m2.group(1), i_host.hostname, i_vlan.domain))
+            DNS.append("+%s:%s:600::\n" % (i_host.hostname + u'.' + i_vlan.domain, ipv4))
+            DNS.append("^%s.%s.%s.%s.in-addr.arpa:%s:600::\n" % (m2.group(4), m2.group(3), m2.group(2), m2.group(1), i_host.reverse if(i_host.reverse and len(i_host.reverse)) else i_host.hostname + u'.' + i_vlan.domain))
+            DNS.append("^%s.dns1.%s.%s.%s.in-addr.arpa:%s:600::\n" % (m2.group(4), m2.group(3), m2.group(2), m2.group(1), i_host.reverse if(i_host.reverse and len(i_host.reverse)) else i_host.hostname + u'.' + i_vlan.domain))
            # ipv6
-            DNS.append(":%s.%s:28:%s:600\n" % (i_host.hostname, i_vlan.domain, ipv6_to_octal(i_host.ipv6)))
-            DNS.append("^%s:%s.%s:600::\n" % (ipv6_to_arpa(i_host.ipv6), i_host.hostname, i_vlan.domain))
+            if i_host.ipv6:
+                DNS.append(":%s:28:%s:600\n" % (i_host.hostname + u'.' + i_vlan.domain, ipv6_to_octal(i_host.ipv6)))
+                DNS.append("^%s:%s:600::\n" % (ipv6_to_arpa(i_host.ipv6), i_host.reverse if(i_host.reverse and len(i_host.reverse)) else i_host.hostname + u'.' + i_vlan.domain))
+            # cname
+            for i_alias in i_host.alias_set.all():
+                DNS.append("C%s:%s.%s:600\n" % (i_alias.alias, i_host.hostname, i_vlan.domain))

    process = subprocess.Popen(['/usr/bin/ssh', 'tinydns@%s' % DNS_SERVER], shell=False, stdin=subprocess.PIPE)
    process.communicate("\n".join(DNS)+"\n")

--- a/firewall/migrations/0016_auto__add_alias__chg_field_host_ipv6.py
+++ b/firewall/migrations/0016_auto__add_alias__chg_field_host_ipv6.py
--- a/firewall/migrations/0017_auto__del_field_alias_hostname__add_field_alias_alias.py
+++ b/firewall/migrations/0017_auto__del_field_alias_hostname__add_field_alias_alias.py
--- a/firewall/migrations/0018_auto__add_field_host_reverse.py
+++ b/firewall/migrations/0018_auto__add_field_host_reverse.py
--- a/firewall/migrations/0019_auto__del_unique_host_reverse.py
+++ b/firewall/migrations/0019_auto__del_unique_host_reverse.py
--- a/firewall/models.py
+++ b/firewall/models.py
@@ -97,12 +97,19 @@ class Group(models.Model):
    def __unicode__(self):
        return self.name

+class Alias(models.Model):
+    host = models.ForeignKey('Host')
+    alias = models.CharField(max_length=40, unique=True, validators=[val_domain])
+    class Meta:
+        verbose_name_plural = 'aliases'
+
 class Host(models.Model):
    hostname = models.CharField(max_length=40, unique=True, validators=[val_alfanum])
+    reverse = models.CharField(max_length=40, validators=[val_domain], blank=True, null=True)
    mac = MACAddressField(unique=True)
    ipv4 = models.GenericIPAddressField(protocol='ipv4', unique=True)
    pub_ipv4 = models.GenericIPAddressField(protocol='ipv4', blank=True, null=True)
-    ipv6 = models.GenericIPAddressField(protocol='ipv6', unique=True, blank=True)
+    ipv6 = models.GenericIPAddressField(protocol='ipv6', unique=True, blank=True, null=True)
    shared_ip = models.BooleanField(default=False)
    description = models.TextField(blank=True)
    comment = models.TextField(blank=True)
@@ -115,7 +122,7 @@ class Host(models.Model):
    def __unicode__(self):
        return self.hostname
    def save(self, *args, **kwargs):
-        if not self.id and not self.ipv6:
+        if not self.id and self.ipv6 == "auto":
            self.ipv6 = ipv4_2_ipv6(self.ipv4)
        if not self.shared_ip and self.pub_ipv4 and Host.objects.exclude(id=self.id).filter(pub_ipv4=self.pub_ipv4):
            raise ValidationError("Ha a shared_ip be van pipalva, akkor egyedinek kell lennie a pub_ipv4-nek!")
@@ -138,7 +145,7 @@ class Host(models.Model):

    def add_port(self, proto, public, private):
        proto = "tcp" if (proto == "tcp") else "udp"
-        if public < 1024: 
+        if public < 1024:
            raise ValidationError("Csak az 1024 feletti portok hasznalhatok")
        for host in Host.objects.filter(pub_ipv4=self.pub_ipv4):
            if host.rules.filter(nat=True, proto=proto, dport=public):