Skip to content
Toggle navigation
P
Projects
G
Groups
S
Snippets
Help
CIRCLE
/
cloud
This project
Loading...
Sign in
Toggle navigation
Go to a project
Project
Repository
Issues
94
Merge Requests
10
Pipelines
Wiki
Snippets
Members
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Commit
e6dd3a56
authored
Dec 19, 2012
by
root
Committed by
Őry Máté
Dec 25, 2012
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
port forward as typical rule
parent
3ae7502b
Hide whitespace changes
Inline
Side-by-side
Showing
5 changed files
with
139 additions
and
61 deletions
+139
-61
cloud/urls.py
+1
-0
firewall/admin.py
+2
-2
firewall/fw.py
+65
-52
firewall/models.py
+27
-7
firewall/views.py
+44
-0
No files found.
cloud/urls.py
View file @
e6dd3a56
...
@@ -16,4 +16,5 @@ urlpatterns = patterns('',
...
@@ -16,4 +16,5 @@ urlpatterns = patterns('',
url
(
r'^vm/show/(?P<iid>\d+)/$'
,
'one.views.vm_show'
,
name
=
'vm_show'
),
url
(
r'^vm/show/(?P<iid>\d+)/$'
,
'one.views.vm_show'
,
name
=
'vm_show'
),
url
(
r'^vm/delete/(?P<iid>\d+)/$'
,
'one.views.vm_delete'
,
name
=
'vm_delete'
),
url
(
r'^vm/delete/(?P<iid>\d+)/$'
,
'one.views.vm_delete'
,
name
=
'vm_delete'
),
url
(
r'^reload/$'
,
'firewall.views.reload_firewall'
,
name
=
'reload_firewall'
),
url
(
r'^reload/$'
,
'firewall.views.reload_firewall'
,
name
=
'reload_firewall'
),
url
(
r'^fwapi/$'
,
'firewall.views.firewall_api'
,
name
=
'firewall_api'
),
)
)
firewall/admin.py
View file @
e6dd3a56
...
@@ -7,11 +7,11 @@ class HostAdmin(admin.ModelAdmin):
...
@@ -7,11 +7,11 @@ class HostAdmin(admin.ModelAdmin):
ordering
=
(
'-hostname'
,)
ordering
=
(
'-hostname'
,)
class
VlanAdmin
(
admin
.
ModelAdmin
):
class
VlanAdmin
(
admin
.
ModelAdmin
):
list_display
=
(
'vid'
,
'name'
,
'
en_dst_vlan'
,
'ipv4'
,
'net_ipv4'
,
'ipv6'
,
'net_ipv6'
,
'description'
,
'domain
'
)
list_display
=
(
'vid'
,
'name'
,
'
rules_l'
,
'ipv4'
,
'net_ipv4'
,
'ipv6'
,
'net_ipv6'
,
'description'
,
'domain'
,
'snat_ip'
,
'snat_to_l
'
)
ordering
=
(
'-vid'
,)
ordering
=
(
'-vid'
,)
class
RuleAdmin
(
admin
.
ModelAdmin
):
class
RuleAdmin
(
admin
.
ModelAdmin
):
list_display
=
(
'
description'
,
'vlan'
,
'extra'
,
'direction'
,
'action
'
)
list_display
=
(
'
r_type'
,
'desc'
,
'description'
,
'vlan_l'
,
'owner'
,
'extra'
,
'direction'
,
'action'
,
'nat'
,
'nat_dport
'
)
admin
.
site
.
register
(
Host
,
HostAdmin
)
admin
.
site
.
register
(
Host
,
HostAdmin
)
admin
.
site
.
register
(
Vlan
,
VlanAdmin
)
admin
.
site
.
register
(
Vlan
,
VlanAdmin
)
...
...
firewall/fw.py
View file @
e6dd3a56
...
@@ -21,6 +21,7 @@ class firewall:
...
@@ -21,6 +21,7 @@ class firewall:
vlans
=
None
vlans
=
None
dmz
=
None
dmz
=
None
pub
=
None
pub
=
None
hosts
=
None
fw
=
None
fw
=
None
def
iptables
(
self
,
s
):
def
iptables
(
self
,
s
):
...
@@ -35,39 +36,46 @@ class firewall:
...
@@ -35,39 +36,46 @@ class firewall:
else
:
else
:
ipaddr
=
host
.
ipv4
ipaddr
=
host
.
ipv4
action
=
"LOG_DROP"
extra
=
rule
.
extra
if
(
rule
.
action
):
if
(
rule
.
nat
and
rule
.
direction
):
if
((
not
rule
.
direction
)
and
rule
.
vlan
.
name
==
"PUB"
):
extra
=
re
.
sub
(
r'--dport [0-9]+'
,
'--dport
%
i'
%
rule
.
nat_dport
,
rule
.
extra
)
action
=
"PUB_OUT"
else
:
action
=
"LOG_ACC"
if
(
rule
.
direction
):
#HOSTHOZ megy
self
.
iptables
(
"-A
%
s_
%
s -d
%
s
%
s -g
%
s"
%
(
rule
.
vlan
,
host
.
vlan
,
ipaddr
,
rule
.
extra
,
action
));
else
:
self
.
iptables
(
"-A
%
s_
%
s -s
%
s
%
s -g
%
s"
%
(
host
.
vlan
,
rule
.
vlan
,
ipaddr
,
rule
.
extra
,
action
));
def
fw2vlan
(
self
,
rule
):
for
vlan
in
rule
.
vlan
.
all
(
):
snet
=
None
if
(
rule
.
action
):
if
((
not
rule
.
direction
)
and
vlan
.
name
==
"PUB"
):
if
(
self
.
IPV6
):
action
=
"PUB_OUT"
if
((
not
rule
.
direction
)
and
rule
.
vlan
.
name
==
"PUB"
)
:
else
:
snet
=
"::0/0
"
action
=
"LOG_ACC
"
else
:
else
:
snet
=
rule
.
vlan
.
net6
+
"/"
+
str
(
rule
.
vlan
.
prefix6
)
action
=
"LOG_DROP"
else
:
if
(
(
rule
.
direction
)
and
rule
.
vlan
.
name
==
"PUB"
):
if
(
rule
.
direction
):
#HOSTHOZ megy
s
net
=
"0.0.0.0/0"
s
elf
.
iptables
(
"-A
%
s_
%
s -d
%
s
%
s -g
%
s"
%
(
vlan
,
host
.
vlan
,
ipaddr
,
extra
,
action
));
else
:
else
:
s
net
=
rule
.
vlan
.
net4
+
"/"
+
str
(
rule
.
vlan
.
prefix4
)
s
elf
.
iptables
(
"-A
%
s_
%
s -s
%
s
%
s -g
%
s"
%
(
host
.
vlan
,
vlan
,
ipaddr
,
extra
,
action
));
if
(
rule
.
direction
):
#HOSTHOZ megy
def
fw2vlan
(
self
,
rule
):
# self.iptables("-A INPUT -i %s -s: %s %s -m state --state NEW -g %s" % (rule.vlan.interface, snet, rule.extra, "LOG_ACC" if rule.action else "LOG_DROP"));
for
vlan
in
rule
.
vlan
.
all
():
self
.
iptables
(
"-A INPUT -i
%
s
%
s -g
%
s"
%
(
rule
.
vlan
.
interface
,
rule
.
extra
,
"LOG_ACC"
if
rule
.
action
else
"LOG_DROP"
));
if
(
rule
.
direction
):
#HOSTHOZ megy
else
:
self
.
iptables
(
"-A INPUT -i
%
s
%
s -g
%
s"
%
(
vlan
.
interface
,
rule
.
extra
,
"LOG_ACC"
if
rule
.
action
else
"LOG_DROP"
));
self
.
iptables
(
"-A OUTPUT -o
%
s
%
s -g
%
s"
%
(
rule
.
vlan
.
interface
,
rule
.
extra
,
"LOG_ACC"
if
rule
.
action
else
"LOG_DROP"
));
else
:
self
.
iptables
(
"-A OUTPUT -o
%
s
%
s -g
%
s"
%
(
vlan
.
interface
,
rule
.
extra
,
"LOG_ACC"
if
rule
.
action
else
"LOG_DROP"
));
def
vlan2vlan
(
self
,
l_vlan
,
rule
):
for
vlan
in
rule
.
vlan
.
all
():
if
(
rule
.
action
):
if
((
not
rule
.
direction
)
and
vlan
.
name
==
"PUB"
):
action
=
"PUB_OUT"
else
:
action
=
"LOG_ACC"
else
:
action
=
"LOG_DROP"
if
(
rule
.
direction
):
#HOSTHOZ megy
self
.
iptables
(
"-A
%
s_
%
s
%
s -g
%
s"
%
(
vlan
,
l_vlan
,
rule
.
extra
,
action
));
else
:
self
.
iptables
(
"-A
%
s_
%
s
%
s -g
%
s"
%
(
l_vlan
,
vlan
,
rule
.
extra
,
action
));
def
prerun
(
self
):
def
prerun
(
self
):
...
@@ -155,32 +163,29 @@ class firewall:
...
@@ -155,32 +163,29 @@ class firewall:
self
.
iptablesnat
(
":OUTPUT ACCEPT [1:708]"
)
self
.
iptablesnat
(
":OUTPUT ACCEPT [1:708]"
)
self
.
iptablesnat
(
":POSTROUTING ACCEPT [1:708]"
)
self
.
iptablesnat
(
":POSTROUTING ACCEPT [1:708]"
)
for
host
in
self
.
dmz
.
host_set
.
all
():
#portforward
for
host
in
self
.
hosts
.
filter
(
pub_ipv4
=
None
):
for
rule
in
host
.
rules
.
filter
(
nat
=
True
,
direction
=
True
):
self
.
iptablesnat
(
"-A PREROUTING -d
%
s
%
s -j DNAT --to-destination
%
s:
%
s"
%
(
host
.
vlan
.
snat_ip
,
rule
.
extra
,
host
.
ipv4
,
rule
.
nat_dport
))
#sajat publikus ipvel rendelkezo gepek szabalyai
for
host
in
self
.
hosts
:
if
(
host
.
pub_ipv4
):
if
(
host
.
pub_ipv4
):
self
.
iptablesnat
(
"-A PREROUTING -d
%
s -j DNAT --to-destination
%
s"
%
(
host
.
pub_ipv4
,
host
.
ipv4
))
self
.
iptablesnat
(
"-A PREROUTING -d
%
s -j DNAT --to-destination
%
s"
%
(
host
.
pub_ipv4
,
host
.
ipv4
))
self
.
iptablesnat
(
"-A POSTROUTING -s
%
s -j SNAT --to-source
%
s"
%
(
host
.
ipv4
,
host
.
pub_ipv4
))
self
.
iptablesnat
(
"-A POSTROUTING -s
%
s -j SNAT --to-source
%
s"
%
(
host
.
ipv4
,
host
.
pub_ipv4
))
#natolas a vpn-nek
#alapertelmezett nat szabalyok a vlanokra
self
.
iptablesnat
(
"-A POSTROUTING -s 10.1.0.0/16 -o pub -j SNAT --to-source
%
s"
%
self
.
pub
.
ipv4
)
for
s_vlan
in
self
.
vlans
:
self
.
iptablesnat
(
"-A POSTROUTING -s 10.1.0.0/16 -o vlan0006 -j SNAT --to-source
%
s"
%
self
.
pub
.
ipv4
)
if
(
s_vlan
.
snat_ip
):
for
d_vlan
in
s_vlan
.
snat_to
.
all
():
#natolas az office-nak
self
.
iptablesnat
(
"-A POSTROUTING -s
%
s -o
%
s -j SNAT --to-source
%
s"
%
(
s_vlan
.
net_ipv4
(),
d_vlan
.
interface
,
s_vlan
.
snat_ip
))
self
.
iptablesnat
(
"-A POSTROUTING -s 10.5.0.0/16 -o pub -j SNAT --to-source
%
s"
%
self
.
pub
.
ipv4
)
self
.
iptablesnat
(
"-A POSTROUTING -s 10.5.0.0/16 -o vlan0006 -j SNAT --to-source
%
s"
%
self
.
pub
.
ipv4
)
self
.
iptablesnat
(
"-A POSTROUTING -s 10.5.0.0/16 -o vlan0003 -j SNAT --to-source 10.3.255.254"
)
self
.
iptablesnat
(
"-A POSTROUTING -s 10.5.0.0/16 -o vlan0008 -j SNAT --to-source 10.0.0.247"
)
#natolas a hotspotnak
self
.
iptablesnat
(
"-A POSTROUTING -s 10.4.0.0/16 -o pub -j SNAT --to-source
%
s"
%
self
.
pub
.
ipv4
)
self
.
iptablesnat
(
"-A POSTROUTING -s 10.4.0.0/16 -o vlan0006 -j SNAT --to-source
%
s"
%
self
.
pub
.
ipv4
)
#natolas a labnak
#bedrotozott szabalyok
self
.
iptablesnat
(
"-A POSTROUTING -s 10.7.0.0/16 -o pub -j SNAT --to-source
%
s"
%
self
.
pub
.
ipv4
)
self
.
iptablesnat
(
"-A POSTROUTING -s 10.5.0.0/16 -o vlan0003 -j SNAT --to-source 10.3.255.254"
)
#man elerheto legyen
self
.
iptablesnat
(
"-A POSTROUTING -s 10.7.0.0/16 -o vlan0006 -j SNAT --to-source
%
s"
%
self
.
pub
.
ipv4
)
self
.
iptablesnat
(
"-A POSTROUTING -s 10.5.0.0/16 -o vlan0008 -j SNAT --to-source 10.0.0.247"
)
#wolf halozat a nyomtatashoz
self
.
iptablesnat
(
"-A POSTROUTING -s 10.3.0.0/16 -o vlan0006 -j SNAT --to-source
%
s"
%
self
.
pub
.
ipv4
)
#kulonben nemmegy a du
#natolas a mannak
self
.
iptablesnat
(
"-A POSTROUTING -s 10.3.0.0/16 -o pub -j SNAT --to-source
%
s"
%
self
.
pub
.
ipv4
)
self
.
iptablesnat
(
"-A POSTROUTING -s 10.3.0.0/16 -o vlan0006 -j SNAT --to-source
%
s"
%
self
.
pub
.
ipv4
)
self
.
iptablesnat
(
"COMMIT"
)
self
.
iptablesnat
(
"COMMIT"
)
...
@@ -213,11 +218,8 @@ class firewall:
...
@@ -213,11 +218,8 @@ class firewall:
#vlanok kozotti kommunikacio engedelyezese
#vlanok kozotti kommunikacio engedelyezese
for
s_vlan
in
self
.
vlans
:
for
s_vlan
in
self
.
vlans
:
for
d_vlan
in
s_vlan
.
en_dst
.
all
():
for
rule
in
s_vlan
.
rules
.
all
():
if
(
d_vlan
.
name
==
"PUB"
):
self
.
vlan2vlan
(
s_vlan
,
rule
)
self
.
iptables
(
"-A
%
s_
%
s -g PUB_OUT"
%
(
s_vlan
,
d_vlan
))
else
:
self
.
iptables
(
"-A
%
s_
%
s -g LOG_ACC"
%
(
s_vlan
,
d_vlan
))
#zonak kozotti lancokat zarja le
#zonak kozotti lancokat zarja le
for
s_vlan
in
self
.
vlans
:
for
s_vlan
in
self
.
vlans
:
...
@@ -237,6 +239,7 @@ class firewall:
...
@@ -237,6 +239,7 @@ class firewall:
self
.
SZABALYOK
=
[]
self
.
SZABALYOK
=
[]
self
.
IPV6
=
IPV6
self
.
IPV6
=
IPV6
self
.
vlans
=
models
.
Vlan
.
objects
.
all
()
self
.
vlans
=
models
.
Vlan
.
objects
.
all
()
self
.
hosts
=
models
.
Host
.
objects
.
all
()
self
.
dmz
=
models
.
Vlan
.
objects
.
get
(
name
=
"DMZ"
)
self
.
dmz
=
models
.
Vlan
.
objects
.
get
(
name
=
"DMZ"
)
self
.
pub
=
models
.
Vlan
.
objects
.
get
(
name
=
"PUB"
)
self
.
pub
=
models
.
Vlan
.
objects
.
get
(
name
=
"PUB"
)
self
.
fw
=
models
.
Firewall
.
objects
.
all
()
self
.
fw
=
models
.
Firewall
.
objects
.
all
()
...
@@ -252,6 +255,11 @@ class firewall:
...
@@ -252,6 +255,11 @@ class firewall:
process
=
subprocess
.
Popen
([
'/usr/bin/ssh'
,
'fw2'
,
'/usr/bin/sudo'
,
'/sbin/iptables-restore'
,
'-c'
],
shell
=
False
,
stdin
=
subprocess
.
PIPE
)
process
=
subprocess
.
Popen
([
'/usr/bin/ssh'
,
'fw2'
,
'/usr/bin/sudo'
,
'/sbin/iptables-restore'
,
'-c'
],
shell
=
False
,
stdin
=
subprocess
.
PIPE
)
process
.
communicate
(
"
\n
"
.
join
(
self
.
SZABALYOK
)
+
"
\n
"
+
"
\n
"
.
join
(
self
.
SZABALYOK_NAT
)
+
"
\n
"
)
process
.
communicate
(
"
\n
"
.
join
(
self
.
SZABALYOK
)
+
"
\n
"
+
"
\n
"
.
join
(
self
.
SZABALYOK_NAT
)
+
"
\n
"
)
def
show
(
self
):
if
self
.
IPV6
:
return
"
\n
"
.
join
(
self
.
SZABALYOK
)
+
"
\n
"
else
:
return
"
\n
"
.
join
(
self
.
SZABALYOK
)
+
"
\n
"
+
"
\n
"
.
join
(
self
.
SZABALYOK_NAT
)
+
"
\n
"
...
@@ -260,6 +268,11 @@ def dns():
...
@@ -260,6 +268,11 @@ def dns():
regex
=
re
.
compile
(
r'^([0-9]+)\.([0-9]+)\.([0-9]+)\.([0-9]+)$'
)
regex
=
re
.
compile
(
r'^([0-9]+)\.([0-9]+)\.([0-9]+)\.([0-9]+)$'
)
DNS
=
[]
DNS
=
[]
DNS
.
append
(
"=cloud.ik.bme.hu:152.66.243.98:600::
\n
"
)
DNS
.
append
(
"=cloud.ik.bme.hu:152.66.243.98:600::
\n
"
)
#tarokkknak
DNS
.
append
(
"^
%
s.dns1.
%
s.
%
s.
%
s.in-addr.arpa:
%
s:600::
\n
"
%
(
75
,
243
,
66
,
152
,
"se.hpc.iit.bme.hu"
))
DNS
.
append
(
"^
%
s.dns1.
%
s.
%
s.
%
s.in-addr.arpa:
%
s:600::
\n
"
%
(
76
,
243
,
66
,
152
,
"ce.hpc.iit.bme.hu"
))
DNS
.
append
(
"^
%
s.dns1.
%
s.
%
s.
%
s.in-addr.arpa:
%
s:600::
\n
"
%
(
77
,
243
,
66
,
152
,
"mon.hpc.iit.bme.hu"
))
for
i_vlan
in
vlans
:
for
i_vlan
in
vlans
:
m
=
regex
.
search
(
i_vlan
.
net4
)
m
=
regex
.
search
(
i_vlan
.
net4
)
if
(
i_vlan
.
name
!=
"DMZ"
and
i_vlan
.
name
!=
"PUB"
):
if
(
i_vlan
.
name
!=
"DMZ"
and
i_vlan
.
name
!=
"PUB"
):
...
...
firewall/models.py
View file @
e6dd3a56
...
@@ -6,15 +6,25 @@ from firewall.fields import *
...
@@ -6,15 +6,25 @@ from firewall.fields import *
from
south.modelsinspector
import
add_introspection_rules
from
south.modelsinspector
import
add_introspection_rules
class
Rule
(
models
.
Model
):
class
Rule
(
models
.
Model
):
# DIRECTION_CH=(('TOHOST', 1), ('FROMHOST', 0
))
CHOICES
=
((
'host'
,
'host'
),
(
'firewall'
,
'firewall'
),
(
'vlan'
,
'vlan'
))
direction
=
models
.
BooleanField
()
direction
=
models
.
BooleanField
()
description
=
models
.
TextField
(
blank
=
True
)
description
=
models
.
TextField
(
blank
=
True
)
vlan
=
models
.
ForeignKey
(
'Vlan'
)
vlan
=
models
.
ManyToManyField
(
'Vlan'
,
symmetrical
=
False
,
blank
=
True
,
null
=
True
)
extra
=
models
.
TextField
(
blank
=
True
);
extra
=
models
.
TextField
(
blank
=
True
);
action
=
models
.
BooleanField
(
default
=
False
)
action
=
models
.
BooleanField
(
default
=
False
)
owner
=
models
.
ForeignKey
(
User
,
blank
=
True
,
null
=
True
)
owner
=
models
.
ForeignKey
(
User
,
blank
=
True
,
null
=
True
)
r_type
=
models
.
CharField
(
max_length
=
10
,
choices
=
CHOICES
)
nat
=
models
.
BooleanField
(
default
=
False
)
nat_dport
=
models
.
IntegerField
();
def
__unicode__
(
self
):
def
__unicode__
(
self
):
return
self
.
description
return
self
.
desc
()
def
desc
(
self
):
return
'['
+
self
.
r_type
+
'] '
+
(
self
.
vlan_l
()
+
'->'
+
self
.
r_type
if
self
.
direction
else
self
.
r_type
+
'->'
+
self
.
vlan_l
())
+
' '
+
self
.
description
def
vlan_l
(
self
):
retval
=
[]
for
vl
in
self
.
vlan
.
all
():
retval
.
append
(
vl
.
name
)
return
', '
.
join
(
retval
)
class
Vlan
(
models
.
Model
):
class
Vlan
(
models
.
Model
):
vid
=
models
.
IntegerField
(
unique
=
True
)
vid
=
models
.
IntegerField
(
unique
=
True
)
...
@@ -26,19 +36,29 @@ class Vlan(models.Model):
...
@@ -26,19 +36,29 @@ class Vlan(models.Model):
net6
=
models
.
GenericIPAddressField
(
protocol
=
'ipv6'
,
unique
=
True
)
net6
=
models
.
GenericIPAddressField
(
protocol
=
'ipv6'
,
unique
=
True
)
ipv4
=
models
.
GenericIPAddressField
(
protocol
=
'ipv4'
,
unique
=
True
)
ipv4
=
models
.
GenericIPAddressField
(
protocol
=
'ipv4'
,
unique
=
True
)
ipv6
=
models
.
GenericIPAddressField
(
protocol
=
'ipv6'
,
unique
=
True
)
ipv6
=
models
.
GenericIPAddressField
(
protocol
=
'ipv6'
,
unique
=
True
)
en_dst
=
models
.
ManyToManyField
(
'self'
,
symmetrical
=
False
,
blank
=
True
,
null
=
True
)
snat_ip
=
models
.
GenericIPAddressField
(
protocol
=
'ipv4'
,
blank
=
True
,
null
=
True
)
snat_to
=
models
.
ManyToManyField
(
'self'
,
symmetrical
=
False
,
blank
=
True
,
null
=
True
)
rules
=
models
.
ManyToManyField
(
'Rule'
,
related_name
=
"
%(app_label)
s_
%(class)
s_related"
,
symmetrical
=
False
,
blank
=
True
,
null
=
True
)
description
=
models
.
TextField
(
blank
=
True
)
description
=
models
.
TextField
(
blank
=
True
)
comment
=
models
.
TextField
(
blank
=
True
)
comment
=
models
.
TextField
(
blank
=
True
)
domain
=
models
.
TextField
(
blank
=
True
,
validators
=
[
val_domain
])
domain
=
models
.
TextField
(
blank
=
True
,
validators
=
[
val_domain
])
dhcp_pool
=
models
.
TextField
(
blank
=
True
)
dhcp_pool
=
models
.
TextField
(
blank
=
True
)
def
__unicode__
(
self
):
def
__unicode__
(
self
):
return
self
.
name
return
self
.
name
def
en_dst_vlan
(
self
):
return
self
.
en_dst
.
all
()
def
net_ipv6
(
self
):
def
net_ipv6
(
self
):
return
self
.
net6
+
"/"
+
str
(
self
.
prefix6
)
return
self
.
net6
+
"/"
+
str
(
self
.
prefix6
)
def
net_ipv4
(
self
):
def
net_ipv4
(
self
):
return
self
.
net4
+
"/"
+
str
(
self
.
prefix4
)
return
self
.
net4
+
"/"
+
str
(
self
.
prefix4
)
def
rules_l
(
self
):
retval
=
[]
for
rl
in
self
.
rules
.
all
():
retval
.
append
(
str
(
rl
))
return
', '
.
join
(
retval
)
def
snat_to_l
(
self
):
retval
=
[]
for
rl
in
self
.
snat_to
.
all
():
retval
.
append
(
str
(
rl
))
return
', '
.
join
(
retval
)
class
Group
(
models
.
Model
):
class
Group
(
models
.
Model
):
name
=
models
.
CharField
(
max_length
=
20
,
unique
=
True
)
name
=
models
.
CharField
(
max_length
=
20
,
unique
=
True
)
...
@@ -73,7 +93,7 @@ class Host(models.Model):
...
@@ -73,7 +93,7 @@ class Host(models.Model):
def
rules_l
(
self
):
def
rules_l
(
self
):
retval
=
[]
retval
=
[]
for
rl
in
self
.
rules
.
all
():
for
rl
in
self
.
rules
.
all
():
retval
.
append
(
rl
.
description
)
retval
.
append
(
str
(
rl
)
)
return
', '
.
join
(
retval
)
return
', '
.
join
(
retval
)
...
...
firewall/views.py
View file @
e6dd3a56
...
@@ -3,6 +3,12 @@ from django.http import HttpResponse
...
@@ -3,6 +3,12 @@ from django.http import HttpResponse
from
django.shortcuts
import
render_to_response
from
django.shortcuts
import
render_to_response
from
firewall.models
import
*
from
firewall.models
import
*
from
firewall.fw
import
*
from
firewall.fw
import
*
from
django.views.decorators.csrf
import
csrf_exempt
from
django.db
import
IntegrityError
import
base64
import
json
import
sys
def
reload_firewall
(
request
):
def
reload_firewall
(
request
):
if
request
.
user
.
is_authenticated
():
if
request
.
user
.
is_authenticated
():
...
@@ -11,6 +17,7 @@ def reload_firewall(request):
...
@@ -11,6 +17,7 @@ def reload_firewall(request):
try
:
try
:
print
"ipv4"
print
"ipv4"
ipv4
=
firewall
()
ipv4
=
firewall
()
# html += ipv4.show()
ipv4
.
reload
()
ipv4
.
reload
()
print
"ipv6"
print
"ipv6"
ipv6
=
firewall
(
True
)
ipv6
=
firewall
(
True
)
...
@@ -20,10 +27,47 @@ def reload_firewall(request):
...
@@ -20,10 +27,47 @@ def reload_firewall(request):
print
"dhcp"
print
"dhcp"
dhcp
()
dhcp
()
print
"vege"
print
"vege"
html
+=
"<br>sikerult :)"
except
:
except
:
raise
html
+=
"<br>nem sikerult :("
html
+=
"<br>nem sikerult :("
else
:
else
:
html
=
u"Be vagy jelentkezve, csak nem vagy admin, kedves
%
s!"
%
request
.
user
.
username
html
=
u"Be vagy jelentkezve, csak nem vagy admin, kedves
%
s!"
%
request
.
user
.
username
else
:
else
:
html
=
u"Nem vagy bejelentkezve, kedves ismeretlen!"
html
=
u"Nem vagy bejelentkezve, kedves ismeretlen!"
return
HttpResponse
(
html
)
return
HttpResponse
(
html
)
@csrf_exempt
def
firewall_api
(
request
):
if
request
.
method
==
'POST'
:
try
:
data
=
json
.
loads
(
base64
.
b64decode
(
request
.
POST
[
"data"
]))
command
=
request
.
POST
[
"command"
]
if
(
command
!=
"create"
and
command
!=
"destroy"
):
raise
Exception
(
"bajvan"
)
if
(
command
==
"create"
):
# data = {"hostname": "hello", "vlan": "dmz", "mac": "00:90:78:83:56:7f", "ip": "10.2.1.99", "description": "teszt", "portforward": [{"sport": 5353, "dport": "4949", "proto": "tcp"}]}
data
[
"owner"
]
=
"tarokkk"
owner
=
auth
.
models
.
User
.
objects
.
get
(
username
=
data
[
"owner"
])
host
=
models
.
Host
(
hostname
=
data
[
"hostname"
],
vlan
=
models
.
Vlan
.
objects
.
get
(
name
=
data
[
"vlan"
]),
mac
=
data
[
"mac"
],
ipv4
=
data
[
"ip"
],
owner
=
owner
,
description
=
data
[
"description"
])
host
.
save
()
for
p
in
data
[
"portforward"
]:
proto
=
"tcp"
if
(
p
[
"proto"
]
==
"tcp"
)
else
"udp"
rule
=
models
.
Rule
(
direction
=
True
,
owner
=
owner
,
description
=
"
%
s
%
s
%
s->
%
s"
%
(
data
[
"hostname"
],
proto
,
p
[
"sport"
],
p
[
"dport"
]),
extra
=
"-p
%
s --dport
%
s"
%
(
proto
,
int
(
p
[
"sport"
])),
nat
=
True
,
action
=
True
,
r_type
=
"host"
,
nat_dport
=
int
(
p
[
"dport"
]))
rule
.
save
()
rule
.
vlan
.
add
(
models
.
Vlan
.
objects
.
get
(
name
=
"PUB"
))
host
.
rules
.
add
(
rule
)
except
(
ValidationError
,
IntegrityError
,
AttributeError
)
as
e
:
return
HttpResponse
(
u"rosszul hasznalod! :(
\n
%
s
\n
"
%
e
);
except
:
raise
return
HttpResponse
(
u"rosszul hasznalod! :(
\n
"
);
return
HttpResponse
(
u"ok"
);
for
r
in
models
.
Rule
.
objects
.
filter
(
r_type
=
"host"
):
print
[
r
.
host_set
.
all
(),
r
.
group_set
.
all
()]
print
"VEGE"
return
HttpResponse
(
u"ez kerlek egy api lesz!
\n
"
);
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment