Skip to content
Toggle navigation
P
Projects
G
Groups
S
Snippets
Help
CIRCLE
/
cloud
This project
Loading...
Sign in
Toggle navigation
Go to a project
Project
Repository
Issues
94
Merge Requests
10
Pipelines
Wiki
Snippets
Members
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Commit
a668ab57
authored
Dec 25, 2012
by
Őry Máté
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
automatic firewall loading + minor cleanup
parent
2b73175f
Show whitespace changes
Inline
Side-by-side
Showing
5 changed files
with
92 additions
and
34 deletions
+92
-34
cloud/settings.py
+8
-0
firewall/fw.py
+0
-19
firewall/models.py
+15
-8
firewall/tasks.py
+41
-0
firewall/views.py
+28
-7
No files found.
cloud/settings.py
View file @
a668ab57
...
@@ -125,6 +125,8 @@ INSTALLED_APPS = (
...
@@ -125,6 +125,8 @@ INSTALLED_APPS = (
'cloud'
,
'cloud'
,
'firewall'
,
'firewall'
,
'south'
,
'south'
,
'djcelery'
,
'kombu.transport.django'
,
#'django_bfm',
#'django_bfm',
)
)
...
@@ -170,4 +172,10 @@ LOGGING = {
...
@@ -170,4 +172,10 @@ LOGGING = {
}
}
LOGIN_URL
=
"/login"
LOGIN_URL
=
"/login"
AUTH_PROFILE_MODULE
=
'school.Person'
AUTH_PROFILE_MODULE
=
'school.Person'
import
djcelery
djcelery
.
setup_loader
()
BROKER_URL
=
'django://'
# vim: et sw=4 ai fenc=utf8 smarttab :
# vim: et sw=4 ai fenc=utf8 smarttab :
firewall/fw.py
View file @
a668ab57
...
@@ -397,22 +397,3 @@ for mac, name, ipend in [("18:a9:05:64:19:aa", "mega6", 16), ("00:1e:0b:e9:79:1e
...
@@ -397,22 +397,3 @@ for mac, name, ipend in [("18:a9:05:64:19:aa", "mega6", 16), ("00:1e:0b:e9:79:1e
# h1.save()
# h1.save()
#except:
#except:
# print "nemsikerult"
# print "nemsikerult"
firewall/models.py
View file @
a668ab57
...
@@ -11,21 +11,28 @@ class Rule(models.Model):
...
@@ -11,21 +11,28 @@ class Rule(models.Model):
direction
=
models
.
BooleanField
()
direction
=
models
.
BooleanField
()
description
=
models
.
TextField
(
blank
=
True
)
description
=
models
.
TextField
(
blank
=
True
)
vlan
=
models
.
ManyToManyField
(
'Vlan'
,
symmetrical
=
False
,
blank
=
True
,
null
=
True
)
vlan
=
models
.
ManyToManyField
(
'Vlan'
,
symmetrical
=
False
,
blank
=
True
,
null
=
True
)
dport
=
models
.
IntegerField
(
blank
=
True
,
null
=
True
)
;
dport
=
models
.
IntegerField
(
blank
=
True
,
null
=
True
)
sport
=
models
.
IntegerField
(
blank
=
True
,
null
=
True
)
;
sport
=
models
.
IntegerField
(
blank
=
True
,
null
=
True
)
proto
=
models
.
CharField
(
max_length
=
10
,
choices
=
CHOICES_proto
,
blank
=
True
,
null
=
True
)
proto
=
models
.
CharField
(
max_length
=
10
,
choices
=
CHOICES_proto
,
blank
=
True
,
null
=
True
)
nat_dport
=
models
.
IntegerField
(
blank
=
True
,
null
=
True
)
;
nat_dport
=
models
.
IntegerField
(
blank
=
True
,
null
=
True
)
extra
=
models
.
TextField
(
blank
=
True
)
;
extra
=
models
.
TextField
(
blank
=
True
)
accept
=
models
.
BooleanField
(
default
=
False
)
accept
=
models
.
BooleanField
(
default
=
False
)
owner
=
models
.
ForeignKey
(
User
,
blank
=
True
,
null
=
True
)
owner
=
models
.
ForeignKey
(
User
,
blank
=
True
,
null
=
True
)
r_type
=
models
.
CharField
(
max_length
=
10
,
choices
=
CHOICES
)
r_type
=
models
.
CharField
(
max_length
=
10
,
choices
=
CHOICES
)
nat
=
models
.
BooleanField
(
default
=
False
)
nat
=
models
.
BooleanField
(
default
=
False
)
nat_dport
=
models
.
IntegerField
(
);
nat_dport
=
models
.
IntegerField
(
blank
=
True
,
null
=
True
)
def
__unicode__
(
self
):
def
__unicode__
(
self
):
return
self
.
desc
()
return
self
.
desc
()
def
desc
(
self
):
def
desc
(
self
):
return
'['
+
self
.
r_type
+
'] '
+
(
self
.
vlan_l
()
+
'->'
+
self
.
r_type
if
self
.
direction
else
self
.
r_type
+
'->'
+
self
.
vlan_l
())
+
' '
+
self
.
description
para
=
""
if
(
self
.
dport
):
para
=
"dport=
%
s
%
s"
%
(
self
.
dport
,
para
)
if
(
self
.
sport
):
para
=
"dport=
%
s
%
s"
%
(
self
.
sport
,
para
)
if
(
self
.
proto
):
para
=
"dport=
%
s
%
s"
%
(
self
.
proto
,
para
)
return
'['
+
self
.
r_type
+
'] '
+
(
self
.
vlan_l
()
+
'->'
+
self
.
r_type
if
self
.
direction
else
self
.
r_type
+
'->'
+
self
.
vlan_l
())
+
' '
+
para
+
' '
+
self
.
description
def
vlan_l
(
self
):
def
vlan_l
(
self
):
retval
=
[]
retval
=
[]
for
vl
in
self
.
vlan
.
all
():
for
vl
in
self
.
vlan
.
all
():
...
@@ -35,8 +42,8 @@ class Rule(models.Model):
...
@@ -35,8 +42,8 @@ class Rule(models.Model):
class
Vlan
(
models
.
Model
):
class
Vlan
(
models
.
Model
):
vid
=
models
.
IntegerField
(
unique
=
True
)
vid
=
models
.
IntegerField
(
unique
=
True
)
name
=
models
.
CharField
(
max_length
=
20
,
unique
=
True
,
validators
=
[
val_alfanum
])
name
=
models
.
CharField
(
max_length
=
20
,
unique
=
True
,
validators
=
[
val_alfanum
])
prefix4
=
models
.
IntegerField
(
default
=
16
)
;
prefix4
=
models
.
IntegerField
(
default
=
16
)
prefix6
=
models
.
IntegerField
(
default
=
80
)
;
prefix6
=
models
.
IntegerField
(
default
=
80
)
interface
=
models
.
CharField
(
max_length
=
20
,
unique
=
True
)
interface
=
models
.
CharField
(
max_length
=
20
,
unique
=
True
)
net4
=
models
.
GenericIPAddressField
(
protocol
=
'ipv4'
,
unique
=
True
)
net4
=
models
.
GenericIPAddressField
(
protocol
=
'ipv4'
,
unique
=
True
)
net6
=
models
.
GenericIPAddressField
(
protocol
=
'ipv6'
,
unique
=
True
)
net6
=
models
.
GenericIPAddressField
(
protocol
=
'ipv6'
,
unique
=
True
)
...
...
firewall/tasks.py
0 → 100644
View file @
a668ab57
from
celery.task
import
Task
,
PeriodicTask
from
django.core.cache
import
cache
import
os
from
firewall.fw
import
*
LOCK_EXPIRE
=
9
# Lock expires in 5 minutes
lock_id
=
"blabla"
def
lock
(
para
):
acquire_lock
=
lambda
:
cache
.
add
(
lock_id
,
"true"
,
LOCK_EXPIRE
)
if
acquire_lock
():
print
"megszereztem"
ReloadTask
.
delay
(
"asd"
)
else
:
print
"nem szereztem meg"
class
ReloadTask
(
Task
):
def
run
(
self
,
para
,
**
kwargs
):
print
"indul"
os
.
system
(
"sleep 10"
)
try
:
print
"ipv4"
ipv4
=
firewall
()
# html += ipv4.show()
ipv4
.
reload
()
print
"ipv6"
ipv6
=
firewall
(
True
)
ipv6
.
reload
()
print
"dns"
dns
()
print
"dhcp"
dhcp
()
print
"vege"
except
:
print
"nem sikerult :("
print
"leall"
firewall/views.py
View file @
a668ab57
...
@@ -5,11 +5,15 @@ from firewall.models import *
...
@@ -5,11 +5,15 @@ from firewall.models import *
from
firewall.fw
import
*
from
firewall.fw
import
*
from
django.views.decorators.csrf
import
csrf_exempt
from
django.views.decorators.csrf
import
csrf_exempt
from
django.db
import
IntegrityError
from
django.db
import
IntegrityError
from
tasks
import
*
from
celery.task.control
import
inspect
import
re
import
base64
import
base64
import
json
import
json
import
sys
import
sys
def
reload_firewall
(
request
):
def
reload_firewall
(
request
):
if
request
.
user
.
is_authenticated
():
if
request
.
user
.
is_authenticated
():
if
(
request
.
user
.
is_superuser
):
if
(
request
.
user
.
is_superuser
):
...
@@ -43,27 +47,47 @@ def firewall_api(request):
...
@@ -43,27 +47,47 @@ def firewall_api(request):
try
:
try
:
data
=
json
.
loads
(
base64
.
b64decode
(
request
.
POST
[
"data"
]))
data
=
json
.
loads
(
base64
.
b64decode
(
request
.
POST
[
"data"
]))
command
=
request
.
POST
[
"command"
]
command
=
request
.
POST
[
"command"
]
if
(
data
[
"password"
]
!=
"bdmegintelrontottaanetet"
):
raise
Exception
(
"rossz jelszo"
)
data
[
"hostname"
]
=
re
.
sub
(
r' '
,
'_'
,
data
[
"hostname"
])
if
(
command
==
"create"
):
if
(
command
==
"create"
):
data
[
"owner"
]
=
"
tarokkk
"
data
[
"owner"
]
=
"
opennebula
"
owner
=
auth
.
models
.
User
.
objects
.
get
(
username
=
data
[
"owner"
])
owner
=
auth
.
models
.
User
.
objects
.
get
(
username
=
data
[
"owner"
])
host
=
models
.
Host
(
hostname
=
data
[
"hostname"
],
vlan
=
models
.
Vlan
.
objects
.
get
(
name
=
data
[
"vlan"
]),
mac
=
data
[
"mac"
],
ipv4
=
data
[
"ip"
],
owner
=
owner
,
description
=
data
[
"description"
])
host
=
models
.
Host
(
hostname
=
data
[
"hostname"
],
vlan
=
models
.
Vlan
.
objects
.
get
(
name
=
data
[
"vlan"
]),
mac
=
data
[
"mac"
],
ipv4
=
data
[
"ip"
],
owner
=
owner
,
description
=
data
[
"description"
])
host
.
full_clean
()
host
.
full_clean
()
host
.
save
()
host
.
save
()
rule
=
models
.
Rule
(
direction
=
False
,
owner
=
owner
,
description
=
"
%
s netezhet"
%
(
data
[
"hostname"
]),
accept
=
True
,
r_type
=
"host"
,
nat_dport
=
0
)
rule
.
save
()
rule
.
vlan
.
add
(
models
.
Vlan
.
objects
.
get
(
name
=
"PUB"
))
host
.
rules
.
add
(
rule
)
for
p
in
data
[
"portforward"
]:
for
p
in
data
[
"portforward"
]:
proto
=
"tcp"
if
(
p
[
"proto"
]
==
"tcp"
)
else
"udp"
proto
=
"tcp"
if
(
p
[
"proto"
]
==
"tcp"
)
else
"udp"
rule
=
models
.
Rule
(
direction
=
True
,
owner
=
owner
,
description
=
"
%
s
%
s
%
s->
%
s"
%
(
data
[
"hostname"
],
proto
,
p
[
"public_port"
],
p
[
"private_port"
]),
dport
=
int
(
p
[
"public_port"
]),
proto
=
p
[
"proto"
],
nat
=
True
,
accept
=
True
,
r_type
=
"host"
,
nat_dport
=
int
(
p
[
"private_port"
]))
rule
=
models
.
Rule
(
direction
=
True
,
owner
=
owner
,
description
=
"
%
s
%
s
%
s->
%
s"
%
(
data
[
"hostname"
],
proto
,
p
[
"public_port"
],
p
[
"private_port"
]),
dport
=
int
(
p
[
"public_port"
]),
proto
=
p
[
"proto"
],
nat
=
True
,
accept
=
True
,
r_type
=
"host"
,
nat_dport
=
int
(
p
[
"private_port"
]))
rule
.
save
()
rule
.
save
()
rule
.
vlan
.
add
(
models
.
Vlan
.
objects
.
get
(
name
=
"PUB"
))
rule
.
vlan
.
add
(
models
.
Vlan
.
objects
.
get
(
name
=
"PUB"
))
rule
.
vlan
.
add
(
models
.
Vlan
.
objects
.
get
(
name
=
"DMZ"
))
rule
.
vlan
.
add
(
models
.
Vlan
.
objects
.
get
(
name
=
"VM-NET"
))
rule
.
vlan
.
add
(
models
.
Vlan
.
objects
.
get
(
name
=
"WAR"
))
host
.
rules
.
add
(
rule
)
host
.
rules
.
add
(
rule
)
elif
(
command
==
"destory"
):
elif
(
command
==
"destroy"
):
print
""
data
[
"owner"
]
=
"opennebula"
print
data
[
"hostname"
]
owner
=
auth
.
models
.
User
.
objects
.
get
(
username
=
data
[
"owner"
])
host
=
models
.
Host
.
objects
.
get
(
hostname
=
data
[
"hostname"
],
owner
=
owner
)
for
rule
in
host
.
rules
.
filter
(
owner
=
owner
):
rule
.
delete
()
host
.
delete
()
else
:
else
:
raise
Exception
(
"rossz parancs"
)
raise
Exception
(
"rossz parancs"
)
lock
(
"asd"
)
except
(
ValidationError
,
IntegrityError
,
AttributeError
,
Exception
)
as
e
:
except
(
ValidationError
,
IntegrityError
,
AttributeError
,
Exception
)
as
e
:
return
HttpResponse
(
u"rosszul hasznalod! :(
\n
%
s
\n
"
%
e
);
return
HttpResponse
(
u"rosszul hasznalod! :(
\n
%
s
\n
"
%
e
);
except
:
except
:
...
@@ -72,9 +96,6 @@ def firewall_api(request):
...
@@ -72,9 +96,6 @@ def firewall_api(request):
return
HttpResponse
(
u"ok"
);
return
HttpResponse
(
u"ok"
);
## for r in models.Rule.objects.filter(r_type="host"):
## print [r.host_set.all(), r.group_set.all()]
## print "VEGE"
return
HttpResponse
(
u"ez kerlek egy api lesz!
\n
"
);
return
HttpResponse
(
u"ez kerlek egy api lesz!
\n
"
);
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment