Skip to content

CIRCLE / cloud

Go to a project
Commit c1c44020 by Bach Dániel
Options

firewall: remove old code part 2

parent a3ab3d68
Showing with 9 additions and 31 deletions
circle/firewall/fw.py
from firewall import models from firewall import models
import django.conf import django.conf
import subprocess
import re import re
from datetime import datetime, timedelta from datetime import datetime, timedelta
from django.db.models import Q from django.db.models import Q
...@@ -12,14 +10,6 @@ settings = django.conf.settings.FIREWALL_SETTINGS ...@@ -12,14 +10,6 @@ settings = django.conf.settings.FIREWALL_SETTINGS
class Firewall: class Firewall:
IPV6 = False
RULES = None
RULES_NAT = []
vlans = None
pub = None
hosts = None
fw = None
def dportsport(self, rule, repl=True): def dportsport(self, rule, repl=True):
retval = ' ' retval = ' '
if rule.proto == 'tcp' or rule.proto == 'udp': if rule.proto == 'tcp' or rule.proto == 'udp':
...@@ -46,7 +36,7 @@ class Firewall: ...@@ -46,7 +36,7 @@ class Firewall:
if not rule.foreign_network: if not rule.foreign_network:
return return
if self.IPV6 and host.ipv6: if self.proto == 6 and host.ipv6:
ipaddr = host.ipv6 + '/112' ipaddr = host.ipv6 + '/112'
else: else:
ipaddr = host.ipv4 ipaddr = host.ipv4
...@@ -245,30 +235,29 @@ class Firewall: ...@@ -245,30 +235,29 @@ class Firewall:
# post-run stuff # post-run stuff
self.postrun() self.postrun()
if self.IPV6: if self.proto == 6:
self.RULES = [x for x in self.RULES if not ipv4_re.search(x)] self.RULES = [x for x in self.RULES if not ipv4_re.search(x)]
self.RULES = [x.replace('icmp', 'icmpv6') for x in self.RULES] self.RULES = [x.replace('icmp', 'icmpv6') for x in self.RULES]
def __init__(self, IPV6=False): def __init__(self, proto=4):
self.RULES = [] self.RULES = []
self.RULES_NAT = [] self.RULES_NAT = []
self.IPV6 = IPV6 self.proto = proto
self.vlans = models.Vlan.objects.all() self.vlans = models.Vlan.objects.all()
self.hosts = models.Host.objects.all() self.hosts = models.Host.objects.all()
self.pub = models.Vlan.objects.get(name='PUB')
self.fw = models.Firewall.objects.all() self.fw = models.Firewall.objects.all()
self.ipt_filter() self.ipt_filter()
if not self.IPV6: if self.proto != 6:
self.ipt_nat() self.ipt_nat()
def get(self): def get(self):
if self.IPV6: if self.proto == 6:
return {'filter': self.RULES, } return {'filter': self.RULES, }
else: else:
return {'filter': self.RULES, 'nat': self.RULES_NAT} return {'filter': self.RULES, 'nat': self.RULES_NAT}
def show(self): def show(self):
if self.IPV6: if self.proto == 6:
return '\n'.join(self.RULES) + '\n' return '\n'.join(self.RULES) + '\n'
else: else:
return ('\n'.join(self.RULES) + '\n' + return ('\n'.join(self.RULES) + '\n' +
...@@ -385,11 +374,6 @@ def dns(): ...@@ -385,11 +374,6 @@ def dns():
DNS.append("^%s:%s:%s" % (d['name'], d['address'], d['ttl'])) DNS.append("^%s:%s:%s" % (d['name'], d['address'], d['ttl']))
return DNS return DNS
process = subprocess.Popen(['/usr/bin/ssh', 'tinydns@%s' %
settings['dns_hostname']],
shell=False, stdin=subprocess.PIPE)
process.communicate("\n".join(DNS) + "\n")
# print "\n".join(DNS)+"\n"
def prefix_to_mask(prefix): def prefix_to_mask(prefix):
...@@ -452,9 +436,3 @@ def dhcp(): ...@@ -452,9 +436,3 @@ def dhcp():
}) })
return DHCP return DHCP
process = subprocess.Popen(['/usr/bin/ssh', 'fw2',
'cat > /tools/dhcp3/dhcpd.conf.generated;'
'sudo /etc/init.d/isc-dhcp-server restart'],
shell=False, stdin=subprocess.PIPE)
# print "\n".join(DHCP)+"\n"
process.communicate("\n".join(DHCP) + "\n")
circle/firewall/tasks/local_tasks.py
...@@ -21,8 +21,8 @@ def periodic_task(): ...@@ -21,8 +21,8 @@ def periodic_task():
if cache.get('firewall_lock'): if cache.get('firewall_lock'):
cache.delete("firewall_lock") cache.delete("firewall_lock")
ipv4 = Firewall().get() ipv4 = Firewall(proto=4).get()
ipv6 = Firewall(True).get() ipv6 = Firewall(proto=6).get()
remote_tasks.reload_firewall_task.delay(ipv4, ipv6) remote_tasks.reload_firewall_task.delay(ipv4, ipv6)
print "firewall ujratoltese kesz" print "firewall ujratoltese kesz"
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or sign in to comment