Commit e7e4b3d0 by Dudás Ádám

firewall: translations, some doc comments

parent b73c91c6
...@@ -95,12 +95,12 @@ class RecordAdmin(admin.ModelAdmin): ...@@ -95,12 +95,12 @@ class RecordAdmin(admin.ModelAdmin):
def address_(self, instance): def address_(self, instance):
a = instance.get_data() a = instance.get_data()
if(a): if a:
return a['address'] return a['address']
def name_(self, instance): def name_(self, instance):
a = instance.get_data() a = instance.get_data()
if(a): if a:
return a['name'] return a['name']
admin.site.register(Host, HostAdmin) admin.site.register(Host, HostAdmin)
......
...@@ -47,6 +47,7 @@ def val_domain(value): ...@@ -47,6 +47,7 @@ def val_domain(value):
raise ValidationError(_(u'%s - invalid domain') % value) raise ValidationError(_(u'%s - invalid domain') % value)
def val_reverse_domain(value): def val_reverse_domain(value):
"""Check whether the parameter is a valid reverse domain."""
if not reverse_domain_re.search(value): if not reverse_domain_re.search(value):
raise ValidationError(u'%s - reverse domain' % value) raise ValidationError(u'%s - reverse domain' % value)
......
...@@ -118,7 +118,7 @@ class firewall: ...@@ -118,7 +118,7 @@ class firewall:
self.iptables(':FORWARD DROP [0:0]') self.iptables(':FORWARD DROP [0:0]')
self.iptables(':OUTPUT DROP [50:6936]') self.iptables(':OUTPUT DROP [50:6936]')
# inicialize logging # initialize logging
self.iptables('-N LOG_DROP') self.iptables('-N LOG_DROP')
# windows port scan are silently dropped # windows port scan are silently dropped
self.iptables('-A LOG_DROP -p tcp --dport 445 -j DROP') self.iptables('-A LOG_DROP -p tcp --dport 445 -j DROP')
...@@ -475,7 +475,7 @@ def dhcp(): ...@@ -475,7 +475,7 @@ def dhcp():
'ntp': i_vlan.ipv4, 'ntp': i_vlan.ipv4,
'dnsserver': settings['rdns_ip'], 'dnsserver': settings['rdns_ip'],
'extra': "range %s" % (i_vlan.dhcp_pool 'extra': "range %s" % (i_vlan.dhcp_pool
if m else "deny unknown-clients"), if m else "deny unknown clients"),
'interface': i_vlan.interface, 'interface': i_vlan.interface,
'name': i_vlan.name, 'name': i_vlan.name,
'tftp': i_vlan.ipv4 'tftp': i_vlan.ipv4
......
...@@ -162,9 +162,11 @@ class Host(models.Model): ...@@ -162,9 +162,11 @@ class Host(models.Model):
self.ipv6 = ipv4_2_ipv6(self.ipv4) self.ipv6 = ipv4_2_ipv6(self.ipv4)
if (not self.shared_ip and self.pub_ipv4 and Host.objects. if (not self.shared_ip and self.pub_ipv4 and Host.objects.
exclude(id=self.id).filter(pub_ipv4=self.pub_ipv4)): exclude(id=self.id).filter(pub_ipv4=self.pub_ipv4)):
raise ValidationError("Ha a shared_ip be van pipalva, akkor egyedinek kell lennie a pub_ipv4-nek!") raise ValidationError(_("If shared_ip has been checked, "
"pub_ipv4 has to be unique."))
if Host.objects.exclude(id=self.id).filter(pub_ipv4=self.ipv4): if Host.objects.exclude(id=self.id).filter(pub_ipv4=self.ipv4):
raise ValidationError("Egy masik host natolt cimet nem hasznalhatod sajat ipv4-nek") raise ValidationError(_("You can't use another host's NAT'd "
"address as your own IPv4."))
self.full_clean() self.full_clean()
super(Host, self).save(*args, **kwargs) super(Host, self).save(*args, **kwargs)
if id is None: if id is None:
...@@ -180,10 +182,10 @@ class Host(models.Model): ...@@ -180,10 +182,10 @@ class Host(models.Model):
def add_port(self, proto, public, private): def add_port(self, proto, public, private):
proto = "tcp" if (proto == "tcp") else "udp" proto = "tcp" if (proto == "tcp") else "udp"
if public < 1024: if public < 1024:
raise ValidationError("Csak az 1024 feletti portok hasznalhatok") raise ValidationError(_("Only ports above 1024 can be used."))
for host in Host.objects.filter(pub_ipv4=self.pub_ipv4): for host in Host.objects.filter(pub_ipv4=self.pub_ipv4):
if host.rules.filter(nat=True, proto=proto, dport=public): if host.rules.filter(nat=True, proto=proto, dport=public):
raise ValidationError("A %s %s port mar hasznalva" % raise ValidationError(_("Port %s %s is already in use.") %
(proto, public)) (proto, public))
rule = Rule(direction='1', owner=self.owner, dport=public, rule = Rule(direction='1', owner=self.owner, dport=public,
proto=proto, nat=True, accept=True, r_type="host", proto=proto, nat=True, accept=True, r_type="host",
...@@ -249,7 +251,7 @@ class Record(models.Model): ...@@ -249,7 +251,7 @@ class Record(models.Model):
a = self.get_data() a = self.get_data()
if a: if a:
return a['name'] + u' ' + a['type'] + u' ' + a['address'] return a['name'] + u' ' + a['type'] + u' ' + a['address']
return '(nincs)' return '(empty)'
def save(self, *args, **kwargs): def save(self, *args, **kwargs):
self.full_clean() self.full_clean()
...@@ -257,36 +259,39 @@ class Record(models.Model): ...@@ -257,36 +259,39 @@ class Record(models.Model):
def clean(self): def clean(self):
if self.name and self.name.endswith(u'.'): if self.name and self.name.endswith(u'.'):
raise ValidationError(u'a domain nem végződhet pontra') raise ValidationError(_("Domain can't be terminated with a dot."))
if self.host and self.type in ['CNAME', 'A', 'AAAA']: if self.host and self.type in ['CNAME', 'A', 'AAAA']:
if self.type == 'CNAME': if self.type == 'CNAME':
if not self.name or self.address: if not self.name or self.address:
raise ValidationError(u'CNAME rekordnal csak a name ' raise ValidationError(_("Only the 'name' field should "
'legyen kitoltve, ha van host beallitva') "be filled with a CNAME record if a host is "
"set."))
elif self.name or self.address: elif self.name or self.address:
raise ValidationError(u'A, AAAA rekord eseten nem szabad ' raise ValidationError(_("'name' and 'address' can't be "
'megadni name-t, address-t, ha tarsitva van host') "specified with an A or AAAA record if a host is "
"set."))
else: else:
if not self.address: if not self.address:
raise ValidationError(u'address hianyzik') raise ValidationError(_("'address' field must be filled."))
if self.type == 'A': if self.type == 'A':
if not ipv4_re.match(self.address): if not ipv4_re.match(self.address):
raise ValidationError(u'ez nem ipcim, ez nudli!') raise ValidationError(_("Not a valid IPv4 address."))
elif self.type in ['CNAME', 'NS', 'PTR', 'TXT']: elif self.type in ['CNAME', 'NS', 'PTR', 'TXT']:
if not domain_re.match(self.address): if not domain_re.match(self.address):
raise ValidationError(u'ez nem domain, ez nudli!') raise ValidationError(_("Not a valid domain."))
elif self.type == 'AAAA': elif self.type == 'AAAA':
if not is_valid_ipv6_address(self.address): if not is_valid_ipv6_address(self.address):
raise ValidationError(u'ez nem ipv6cim, ez nudli!') raise ValidationError(_("Not a valid IPv6 address."))
elif self.type == 'MX': elif self.type == 'MX':
mx = self.address.split(':', 1) mx = self.address.split(':', 1)
if not (len(mx) == 2 and mx[0].isdigit() and if not (len(mx) == 2 and mx[0].isdigit() and
domain_re.match(mx[1])): domain_re.match(mx[1])):
raise ValidationError(u'prioritas:hostname') raise ValidationError(_("Invalid address. "
"Valid format: <priority>:<hostname>"))
else: else:
raise ValidationError(u'ez ismeretlen rekord, ez nudli!') raise ValidationError(_("Unknown record."))
def get_data(self): def get_data(self):
retval = { 'name': self.name, 'type': self.type, 'ttl': self.ttl, retval = { 'name': self.name, 'type': self.type, 'ttl': self.ttl,
......
...@@ -7,6 +7,7 @@ from django.views.decorators.csrf import csrf_exempt ...@@ -7,6 +7,7 @@ from django.views.decorators.csrf import csrf_exempt
from django.db import IntegrityError from django.db import IntegrityError
from tasks import * from tasks import *
from celery.task.control import inspect from celery.task.control import inspect
from django.utils.translation import ugettext_lazy as _
import re import re
import base64 import base64
...@@ -17,71 +18,66 @@ import sys ...@@ -17,71 +18,66 @@ import sys
def reload_firewall(request): def reload_firewall(request):
if request.user.is_authenticated(): if request.user.is_authenticated():
if request.user.is_superuser: if request.user.is_superuser:
html = (u"Be vagy jelentkezve es admin is vagy, kedves %s!" % html = ((_("Dear %s, you've signed in as administrator!") %
request.user.username) request.user.username) + "<br>" +
html += "<br> 10 masodperc mulva ujratoltodik" _("Reloading in 10 seconds..."))
ReloadTask.delay() ReloadTask.delay()
else: else:
html = (u"Be vagy jelentkezve, csak nem vagy admin, kedves %s!" html = (_("Dear %s, you've signed in!")
% request.user.username) % request.user.username)
else: else:
html = u"Nem vagy bejelentkezve, kedves ismeretlen!" html = _("Dear anonymous, you've not signed in yet!")
return HttpResponse(html) return HttpResponse(html)
@csrf_exempt @csrf_exempt
@require_post
def firewall_api(request): def firewall_api(request):
if request.method == 'POST': try:
try: data=json.loads(base64.b64decode(request.POST["data"]))
data=json.loads(base64.b64decode(request.POST["data"])) command = request.POST["command"]
command = request.POST["command"] if data["password"] != "bdmegintelrontottaanetet":
if data["password"] != "bdmegintelrontottaanetet": raise Exception(_("Wrong password."))
raise Exception("rossz jelszo")
if not (data["vlan"] == "vm-net" or data["vlan"] == "war"): if not (data["vlan"] == "vm-net" or data["vlan"] == "war"):
raise Exception("csak vm-net es war-re mukodik") raise Exception(_("Only vm-net and war can be used."))
data["hostname"] = re.sub(r' ','_', data["hostname"]) data["hostname"] = re.sub(r' ','_', data["hostname"])
if command == "create": if command == "create":
data["owner"] = "opennebula" data["owner"] = "opennebula"
owner = auth.models.User.objects.get(username=data["owner"]) owner = auth.models.User.objects.get(username=data["owner"])
host = models.Host(hostname=data["hostname"], host = models.Host(hostname=data["hostname"],
vlan=models.Vlan.objects.get(name=data["vlan"]), vlan=models.Vlan.objects.get(name=data["vlan"]),
mac=data["mac"], ipv4=data["ip"], owner=owner, mac=data["mac"], ipv4=data["ip"], owner=owner,
description=data["description"], pub_ipv4=models. description=data["description"], pub_ipv4=models.
Vlan.objects.get(name=data["vlan"]).snat_ip, Vlan.objects.get(name=data["vlan"]).snat_ip,
shared_ip=True) shared_ip=True)
host.full_clean() host.full_clean()
host.save() host.save()
host.enable_net() host.enable_net()
for p in data["portforward"]: for p in data["portforward"]:
host.add_port(proto=p["proto"], host.add_port(proto=p["proto"],
public=int(p["public_port"]), public=int(p["public_port"]),
private=int(p["private_port"])) private=int(p["private_port"]))
elif command == "destroy": elif command == "destroy":
data["owner"] = "opennebula" data["owner"] = "opennebula"
print data["hostname"] print data["hostname"]
owner = auth.models.User.objects.get(username=data["owner"]) owner = auth.models.User.objects.get(username=data["owner"])
host = models.Host.objects.get(hostname=data["hostname"], host = models.Host.objects.get(hostname=data["hostname"],
owner=owner) owner=owner)
host.del_rules()
host.delete()
else:
raise Exception("rossz parancs")
reload_firewall_lock()
except (ValidationError, IntegrityError, AttributeError, Exception) as e:
return HttpResponse(u"rosszul hasznalod! :(\n%s\n" % e);
except:
# raise
return HttpResponse(u"rosszul hasznalod! :(\n");
return HttpResponse(u"ok");
return HttpResponse(u"ez kerlek egy api lesz!\n");
host.del_rules()
host.delete()
else:
raise Exception(_("Unknown command."))
reload_firewall_lock()
except (ValidationError, IntegrityError, AttributeError, Exception) as e:
return HttpResponse(_("Something went wrong!\n%s\n") % e);
except:
return HttpResponse(_("Something went wrong!\n"));
return HttpResponse(_("OK"));
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or sign in to comment