firewall: django modeldict

9060ddd7 · django · 156fc6bc · 9060ddd7 · 9060ddd7 · 9060ddd7
Commit 9060ddd7 authored Jan 25, 2013 by django
Expand all Hide whitespace changes
Inline Side-by-side

Showing with 75 additions and 35 deletions

firewall/admin.py
+14 -5

firewall/fw.py
+48 -28

firewall/migrations/0020_auto__add_setting.py
+0 -0

firewall/models.py
+7 -0

firewall/tasks.py
+6 -2

No files found.
--- a/firewall/admin.py
+++ b/firewall/admin.py
 from django.contrib import admin
 from firewall.models import *
+from django import contrib


+class AliasInline(contrib.admin.TabularInline):
+    model = Alias
+
 class HostAdmin(admin.ModelAdmin):
    list_display = ('hostname', 'vlan', 'ipv4', 'ipv6', 'pub_ipv4', 'mac', 'shared_ip', 'owner', 'groups_l', 'rules_l', 'description', 'reverse')
-    ordering = ('hostname',)
+    ordering = ('hostname', )
    list_filter = ('owner', 'vlan', 'groups')
    search_fields = ('hostname', 'description', 'ipv4', 'ipv6', 'mac')
-    filter_horizontal = ('groups', 'rules',)
+    filter_horizontal = ('groups', 'rules', )
+    inlines = (AliasInline, )
+
+class HostInline(contrib.admin.TabularInline):
+    model = Host
+    fields = ('hostname', 'ipv4', 'ipv6', 'pub_ipv4', 'mac', 'shared_ip', 'owner', 'reverse')

 class VlanAdmin(admin.ModelAdmin):
    list_display = ('vid', 'name', 'rules_l', 'ipv4', 'net_ipv4', 'ipv6', 'net_ipv6', 'description', 'domain', 'snat_ip', 'snat_to_l')
-    ordering = ('vid',)
+    ordering = ('vid', )
+    inlines = (HostInline, )

 class RuleAdmin(admin.ModelAdmin):
    list_display = ('r_type', 'color_desc', 'description', 'vlan_l', 'owner', 'extra', 'direction', 'accept', 'proto', 'sport', 'dport', 'nat', 'nat_dport')
    list_filter = ('r_type', 'vlan', 'owner', 'direction', 'accept', 'proto', 'nat')

 class AliasAdmin(admin.ModelAdmin):
-        list_display = ('alias', 'host')
+    list_display = ('alias', 'host')


 admin.site.register(Host, HostAdmin)
@@ -27,4 +37,3 @@ admin.site.register(Rule, RuleAdmin)
 admin.site.register(Alias, AliasAdmin)
 admin.site.register(Group)
 admin.site.register(Firewall)
-
--- a/firewall/fw.py
+++ b/firewall/fw.py
 from django.contrib import auth
 from firewall import models
+from modeldict import *
 import os

 import subprocess
 import re
-DNS_SERVER = "152.66.243.60"
+import json


 class firewall:
@@ -291,6 +292,12 @@ def ipv6_to_octal(ipv6):
            octets.append(int(part[2:], 16))
    return '\\' + '\\'.join(['%03o' % x for x in octets])

+def ipv4_to_arpa(ipv4, cname=False):
+    m2 = re.search(r'^([0-9]+)\.([0-9]+)\.([0-9]+)\.([0-9]+)$', ipv4)
+    if(cname):
+        return "%s.dns1.%s.%s.%s.in-addr.arpa" % (m2.group(4), m2.group(3), m2.group(2), m2.group(1))
+    else:
+        return "%s.%s.%s.%s.in-addr.arpa" % (m2.group(4), m2.group(3), m2.group(2), m2.group(1))

 def ipv6_to_arpa(ipv6):
    while len(ipv6.split(':')) < 8:
@@ -310,52 +317,65 @@ def ipv6_to_arpa(ipv6):



+# =fqdn:ip:ttl          A, PTR
+# &fqdn:ip:x:ttl        NS
+# ZfqdnSOA
+# +fqdn:ip:ttl          A
+# ^                     PTR
+# C                     CNAME
+# :                     generic
+
 def dns():
    vlans = models.Vlan.objects.all()
    regex = re.compile(r'^([0-9]+)\.([0-9]+)\.([0-9]+)\.([0-9]+)$')
    DNS = []
-    DNS.append("=cloud.ik.bme.hu:152.66.243.98:600::\n")
-    DNS.append(":cloud.ik.bme.hu:28:\040\001\007\070\040\001\100\061\000\002\000\000\000\007\000\000:600\n")
-# tarokkknak
-    DNS.append("^%s.dns1.%s.%s.%s.in-addr.arpa:%s:600::\n" % (75, 243, 66, 152, "se.hpc.iit.bme.hu"))
-    DNS.append("^%s.dns1.%s.%s.%s.in-addr.arpa:%s:600::\n" % (76, 243, 66, 152, "ce.hpc.iit.bme.hu"))
-    DNS.append("^%s.dns1.%s.%s.%s.in-addr.arpa:%s:600::\n" % (77, 243, 66, 152, "mon.hpc.iit.bme.hu"))
-    DNS.append("^%s.dns1.%s.%s.%s.in-addr.arpa:%s:600::\n" % (62, 243, 66, 152, "r.cloud.ik.bme.hu"))
-    DNS.append("=r.cloud.ik.bme.hu:152.66.243.62:600::\n")
+    DNS.append("=cloud.ik.bme.hu:152.66.243.98:600::")
+    DNS.append(":cloud.ik.bme.hu:28:\040\001\007\070\040\001\100\061\000\002\000\000\000\007\000\000:600")
+    DNS.append("=r.cloud.ik.bme.hu:152.66.243.62:600::")


-    DNS.append("Z1.3.0.4.1.0.0.2.8.3.7.0.1.0.0.2.ip6.arpa:dns1.ik.bme.hu:support.ik.bme.hu::::::600\n") # soa
-    DNS.append("&1.3.0.4.1.0.0.2.8.3.7.0.1.0.0.2.ip6.arpa::dns1.ik.bme.hu:600::\n")      # ns rekord
-    DNS.append("&1.3.0.4.1.0.0.2.8.3.7.0.1.0.0.2.ip6.arpa::nic.bme.hu:600::\n")      # ns rekord
-#   DNS.append("&1.3.0.4.1.0.0.2.8.3.7.0.1.0.0.2.ip6.arpa::ns.bme.hu:600::\n")      # ns rekord
+    DNS.append("Z1.3.0.4.1.0.0.2.8.3.7.0.1.0.0.2.ip6.arpa:dns1.ik.bme.hu:support.ik.bme.hu::::::600") # soa
+    DNS.append("&1.3.0.4.1.0.0.2.8.3.7.0.1.0.0.2.ip6.arpa::dns1.ik.bme.hu:600::")      # ns rekord
+    DNS.append("&1.3.0.4.1.0.0.2.8.3.7.0.1.0.0.2.ip6.arpa::nic.bme.hu:600::")      # ns rekord

    for i_vlan in vlans:
        m = regex.search(i_vlan.net4)
        if(i_vlan.name != "DMZ" and i_vlan.name != "PUB"):
-            DNS.append("Z%s.%s.in-addr.arpa:dns1.ik.bme.hu:support.ik.bme.hu::::::600\n" % (m.group(2), m.group(1)))
-            DNS.append("&%s.%s.in-addr.arpa::dns1.ik.bme.hu:600::\n" % (m.group(2), m.group(1)))
-            DNS.append("Z%s:dns1.ik.bme.hu:support.ik.bme.hu::::::600\n" % i_vlan.domain)
-            DNS.append("&%s::dns1.ik.bme.hu:600::\n" % i_vlan.domain)
+            DNS.append("Z%s.%s.in-addr.arpa:%s:support.ik.bme.hu::::::%s" % (m.group(2), m.group(1), models.settings['dns_hostname'], models.settings['dns_ttl']))
+            DNS.append("&%s.%s.in-addr.arpa::%s:%s:" % (m.group(2), m.group(1), models.settings['dns_hostname'], models.settings['dns_ttl']))
+            DNS.append("Z%s:%s:support.ik.bme.hu::::::%s" % (i_vlan.domain, models.settings['dns_hostname'], models.settings['dns_ttl']))
+            DNS.append("&%s::%s:%s" % (i_vlan.domain, models.settings['dns_hostname'], models.settings['dns_ttl']))
            if(i_vlan.name == "WAR"):
-                DNS.append("Zdns1.%s.%s.%s.in-addr.arpa:dns1.ik.bme.hu:support.ik.bme.hu::::::600\n" % (m.group(3), m.group(2), m.group(1)))
-                DNS.append("&dns1.%s.%s.%s.in-addr.arpa::dns1.ik.bme.hu:600::\n" % (m.group(3), m.group(2), m.group(1)))
+                DNS.append("Zdns1.%s.%s.%s.in-addr.arpa:%s:support.ik.bme.hu::::::%s" % (m.group(3), m.group(2), m.group(1), models.settings['dns_hostname'], models.settings['dns_ttl']))
+                DNS.append("&dns1.%s.%s.%s.in-addr.arpa::%s:%s::" % (m.group(3), m.group(2), m.group(1), models.settings['dns_hostname'], models.settings['dns_ttl']))
        for i_host in i_vlan.host_set.all():
            ipv4 = ( i_host.pub_ipv4 if i_host.pub_ipv4 and not i_host.shared_ip else i_host.ipv4 )
-            m2 = regex.search(ipv4)
+            reverse = i_host.reverse if(i_host.reverse and len(i_host.reverse)) else i_host.hostname + u'.' + i_vlan.domain
+            hostname = i_host.hostname + u'.' + i_vlan.domain
+
            # ipv4
-            DNS.append("+%s:%s:600::\n" % (i_host.hostname + u'.' + i_vlan.domain, ipv4))
-            DNS.append("^%s.%s.%s.%s.in-addr.arpa:%s:600::\n" % (m2.group(4), m2.group(3), m2.group(2), m2.group(1), i_host.reverse if(i_host.reverse and len(i_host.reverse)) else i_host.hostname + u'.' + i_vlan.domain))
-            DNS.append("^%s.dns1.%s.%s.%s.in-addr.arpa:%s:600::\n" % (m2.group(4), m2.group(3), m2.group(2), m2.group(1), i_host.reverse if(i_host.reverse and len(i_host.reverse)) else i_host.hostname + u'.' + i_vlan.domain))
+            if i_host.ipv4:
+                # A record
+                DNS.append("+%s:%s:%s" % (hostname, ipv4, models.settings['dns_ttl']))
+                # PTR record 4.3.2.1.in-addr.arpa
+                DNS.append("^%s:%s:%s" % (ipv4_to_arpa(i_host.ipv4), reverse, models.settings['dns_ttl']))
+                # PTR record 4.dns1.3.2.1.in-addr.arpa
+                DNS.append("^%s:%s:%s" % (ipv4_to_arpa(i_host.ipv4, cname=True), reverse, models.settings['dns_ttl']))
+
            # ipv6
            if i_host.ipv6:
-                DNS.append(":%s:28:%s:600\n" % (i_host.hostname + u'.' + i_vlan.domain, ipv6_to_octal(i_host.ipv6)))
-                DNS.append("^%s:%s:600::\n" % (ipv6_to_arpa(i_host.ipv6), i_host.reverse if(i_host.reverse and len(i_host.reverse)) else i_host.hostname + u'.' + i_vlan.domain))
+                # AAAA record
+                DNS.append(":%s:28:%s:%s" % (hostname, ipv6_to_octal(i_host.ipv6), models.settings['dns_ttl']))
+                # PTR record
+                DNS.append("^%s:%s:%s" % (ipv6_to_arpa(i_host.ipv6), reverse, models.settings['dns_ttl']))
+
            # cname
            for i_alias in i_host.alias_set.all():
-                DNS.append("C%s:%s.%s:600\n" % (i_alias.alias, i_host.hostname, i_vlan.domain))
+                DNS.append("C%s:%s:%s" % (i_alias.alias, hostname, models.settings['dns_ttl']))

-    process = subprocess.Popen(['/usr/bin/ssh', 'tinydns@%s' % DNS_SERVER], shell=False, stdin=subprocess.PIPE)
+    process = subprocess.Popen(['/usr/bin/ssh', 'tinydns@%s' % models.settings['dns_hostname']], shell=False, stdin=subprocess.PIPE)
    process.communicate("\n".join(DNS)+"\n")
+    # print "\n".join(DNS)+"\n"


 def prefix_to_mask(prefix):
@@ -396,7 +416,7 @@ def dhcp():
                    'domain': i_vlan.domain,
                    'router': i_vlan.ipv4,
                    'ntp': i_vlan.ipv4,
-                    'dnsserver': DNS_SERVER,
+                    'dnsserver': models.settings['rdns_ip'],
                    'extra': "range %s" % i_vlan.dhcp_pool if m else "deny unknown-clients",
                    'interface': i_vlan.interface,
                    'name': i_vlan.name,

--- a/firewall/migrations/0020_auto__add_setting.py
+++ b/firewall/migrations/0020_auto__add_setting.py
--- a/firewall/models.py
+++ b/firewall/models.py
@@ -7,6 +7,13 @@ from django.utils.translation import ugettext_lazy as _
 from firewall.fields import *
 from south.modelsinspector import add_introspection_rules
 from django.core.validators import MinValueValidator, MaxValueValidator
+from modeldict import ModelDict
+
+class Setting(models.Model):
+    key = models.CharField(max_length=32)
+    value = models.CharField(max_length=200)
+
+settings = ModelDict(Setting, key='key', value='value', instances=False)

 class Rule(models.Model):
    CHOICES_type = (('host', 'host'), ('firewall', 'firewall'), ('vlan', 'vlan'))

--- a/firewall/tasks.py
+++ b/firewall/tasks.py
@@ -3,7 +3,7 @@ from django.core.cache import cache
 import os
 import time
 from firewall.fw import *
-
+from firewall.models import settings

 def reload_firewall_lock():
    acquire_lock = lambda: cache.add("reload_lock1", "true", 9)
@@ -25,7 +25,11 @@ class ReloadTask(Task):
            return

        print "indul"
-        time.sleep(10)
+        try:
+            sleep = float(settings['reload_sleep'])
+        except:
+            sleep = 10
+        time.sleep(sleep)

        try:
            print "ipv4"