Skip to content
Toggle navigation
P
Projects
G
Groups
S
Snippets
Help
CIRCLE
/
cloud
This project
Loading...
Sign in
Toggle navigation
Go to a project
Project
Repository
Issues
94
Merge Requests
10
Pipelines
Wiki
Snippets
Members
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Commit
e83122c8
authored
Jan 30, 2013
by
Bach Dániel
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
firewall: redesign model
parent
dce55ba2
Expand all
Hide whitespace changes
Inline
Side-by-side
Showing
7 changed files
with
89 additions
and
67 deletions
+89
-67
firewall/admin.py
+43
-9
firewall/fw.py
+12
-3
firewall/migrations/0022_auto__add_vlangroup__add_field_setting_description__add_field_group_de.py
+0
-0
firewall/migrations/0023_auto__add_field_rule_firewall.py
+0
-0
firewall/models.py
+31
-52
firewall/views.py
+2
-0
one/models.py
+1
-3
No files found.
firewall/admin.py
View file @
e83122c8
...
...
@@ -8,38 +8,72 @@ from django import contrib
class
AliasInline
(
contrib
.
admin
.
TabularInline
):
model
=
Alias
class
RuleInline
(
contrib
.
admin
.
TabularInline
):
model
=
Rule
class
HostAdmin
(
admin
.
ModelAdmin
):
list_display
=
(
'hostname'
,
'vlan'
,
'ipv4'
,
'ipv6'
,
'pub_ipv4'
,
'mac'
,
'shared_ip'
,
'owner'
,
'
groups_l'
,
'rules_l'
,
'
description'
,
'reverse'
)
list_display
=
(
'hostname'
,
'vlan'
,
'ipv4'
,
'ipv6'
,
'pub_ipv4'
,
'mac'
,
'shared_ip'
,
'owner'
,
'description'
,
'reverse'
)
ordering
=
(
'hostname'
,
)
list_filter
=
(
'owner'
,
'vlan'
,
'groups'
)
search_fields
=
(
'hostname'
,
'description'
,
'ipv4'
,
'ipv6'
,
'mac'
)
filter_horizontal
=
(
'groups'
,
'rules'
,
)
inlines
=
(
AliasInline
,
)
filter_horizontal
=
(
'groups'
,
)
inlines
=
(
AliasInline
,
RuleInline
)
class
HostInline
(
contrib
.
admin
.
TabularInline
):
model
=
Host
fields
=
(
'hostname'
,
'ipv4'
,
'ipv6'
,
'pub_ipv4'
,
'mac'
,
'shared_ip'
,
'owner'
,
'reverse'
)
class
VlanAdmin
(
admin
.
ModelAdmin
):
list_display
=
(
'vid'
,
'name'
,
'
rules_l'
,
'ipv4'
,
'net_ipv4'
,
'ipv6'
,
'net_ipv6'
,
'description'
,
'domain'
,
'snat_ip'
,
'snat_to_l'
)
list_display
=
(
'vid'
,
'name'
,
'
ipv4'
,
'net_ipv4'
,
'ipv6'
,
'net_ipv6'
,
'description'
,
'domain'
,
'snat_ip'
,
)
ordering
=
(
'vid'
,
)
inlines
=
(
HostInline
,
)
inlines
=
(
HostInline
,
RuleInline
)
class
RuleAdmin
(
admin
.
ModelAdmin
):
list_display
=
(
'r_type'
,
'color_desc'
,
'
description'
,
'vlan_l'
,
'owner'
,
'extra'
,
'direction'
,
'accept'
,
'proto'
,
'sport'
,
'dport'
,
'nat'
,
'nat_dport
'
)
list_display
=
(
'r_type'
,
'color_desc'
,
'
owner'
,
'extra'
,
'direction'
,
'accept'
,
'proto'
,
'sport'
,
'dport'
,
'nat'
,
'nat_dport'
,
'used_in
'
)
list_filter
=
(
'r_type'
,
'vlan'
,
'owner'
,
'direction'
,
'accept'
,
'proto'
,
'nat'
)
def
color_desc
(
self
,
instance
):
para
=
'</span>'
if
(
instance
.
dport
):
para
=
"dport=
%
s
%
s"
%
(
instance
.
dport
,
para
)
if
(
instance
.
sport
):
para
=
"sport=
%
s
%
s"
%
(
instance
.
sport
,
para
)
if
(
instance
.
proto
):
para
=
"proto=
%
s
%
s"
%
(
instance
.
proto
,
para
)
para
=
u'<span style="color: #00FF00;">'
+
para
return
u'<span style="color: #FF0000;">['
+
instance
.
r_type
+
u']</span> '
+
(
instance
.
foreign_network
.
name
+
u'<span style="color: #0000FF;"> ▸ </span>'
+
instance
.
r_type
if
instance
.
direction
==
'1'
else
instance
.
r_type
+
u'<span style="color: #0000FF;"> ▸ </span>'
+
instance
.
foreign_network
.
name
)
+
' '
+
para
+
' '
+
instance
.
description
color_desc
.
allow_tags
=
True
def
vlan_l
(
self
,
instance
):
retval
=
[]
for
vl
in
instance
.
foreign_network
.
vlans
.
all
():
retval
.
append
(
vl
.
name
)
return
u', '
.
join
(
retval
)
def
used_in
(
self
,
instance
):
for
field
in
[
instance
.
vlan
,
instance
.
vlangroup
,
instance
.
host
,
instance
.
hostgroup
,
instance
.
firewall
]:
if
field
is
not
None
:
return
unicode
(
field
)
+
' '
+
field
.
_meta
.
object_name
class
AliasAdmin
(
admin
.
ModelAdmin
):
list_display
=
(
'alias'
,
'host'
)
class
SettingAdmin
(
admin
.
ModelAdmin
):
list_display
=
(
'key'
,
'value'
)
list_display
=
(
'key'
,
'value'
,
'description'
)
class
GroupAdmin
(
admin
.
ModelAdmin
):
list_display
=
(
'name'
,
'owner'
,
'description'
)
inlines
=
(
RuleInline
,
)
class
FirewallAdmin
(
admin
.
ModelAdmin
):
inlines
=
(
RuleInline
,
)
admin
.
site
.
register
(
Host
,
HostAdmin
)
admin
.
site
.
register
(
Vlan
,
VlanAdmin
)
admin
.
site
.
register
(
Rule
,
RuleAdmin
)
admin
.
site
.
register
(
Alias
,
AliasAdmin
)
admin
.
site
.
register
(
Setting
,
SettingAdmin
)
admin
.
site
.
register
(
Group
)
admin
.
site
.
register
(
Firewall
)
admin
.
site
.
register
(
Group
,
GroupAdmin
)
admin
.
site
.
register
(
VlanGroup
)
admin
.
site
.
register
(
Firewall
,
FirewallAdmin
)
firewall/fw.py
View file @
e83122c8
...
...
@@ -38,6 +38,9 @@ class firewall:
self
.
SZABALYOK_NAT
.
append
(
s
)
def
host2vlan
(
self
,
host
,
rule
):
if
rule
.
foreign_network
is
None
:
return
if
(
self
.
IPV6
and
host
.
ipv6
):
ipaddr
=
host
.
ipv6
+
"/112"
else
:
...
...
@@ -45,7 +48,7 @@ class firewall:
dport_sport
=
self
.
dportsport
(
rule
)
for
vlan
in
rule
.
vlan
.
all
():
for
vlan
in
rule
.
foreign_network
.
vlans
.
all
():
if
(
rule
.
accept
):
if
(
rule
.
direction
==
'0'
and
vlan
.
name
==
"PUB"
):
if
(
rule
.
dport
==
25
):
...
...
@@ -64,18 +67,24 @@ class firewall:
def
fw2vlan
(
self
,
rule
):
if
rule
.
foreign_network
is
None
:
return
dport_sport
=
self
.
dportsport
(
rule
)
for
vlan
in
rule
.
vlan
.
all
():
for
vlan
in
rule
.
foreign_network
.
vlans
.
all
():
if
(
rule
.
direction
==
'1'
):
# HOSTHOZ megy
self
.
iptables
(
"-A INPUT -i
%
s
%
s
%
s -g
%
s"
%
(
vlan
.
interface
,
dport_sport
,
rule
.
extra
,
"LOG_ACC"
if
rule
.
accept
else
"LOG_DROP"
))
else
:
self
.
iptables
(
"-A OUTPUT -o
%
s
%
s
%
s -g
%
s"
%
(
vlan
.
interface
,
dport_sport
,
rule
.
extra
,
"LOG_ACC"
if
rule
.
accept
else
"LOG_DROP"
))
def
vlan2vlan
(
self
,
l_vlan
,
rule
):
if
rule
.
foreign_network
is
None
:
return
dport_sport
=
self
.
dportsport
(
rule
)
for
vlan
in
rule
.
vlan
.
all
():
for
vlan
in
rule
.
foreign_network
.
vlans
.
all
():
if
(
rule
.
accept
):
if
((
rule
.
direction
==
'0'
)
and
vlan
.
name
==
"PUB"
):
action
=
"PUB_OUT"
...
...
firewall/migrations/0022_auto__add_vlangroup__add_field_setting_description__add_field_group_de.py
0 → 100644
View file @
e83122c8
This diff is collapsed.
Click to expand it.
firewall/migrations/0023_auto__add_field_rule_firewall.py
0 → 100644
View file @
e83122c8
This diff is collapsed.
Click to expand it.
firewall/models.py
View file @
e83122c8
...
...
@@ -23,7 +23,7 @@ class Rule(models.Model):
direction
=
models
.
CharField
(
max_length
=
1
,
choices
=
CHOICES_dir
,
blank
=
False
)
description
=
models
.
TextField
(
blank
=
True
)
vlan
=
models
.
ManyToManyField
(
'Vlan'
,
symmetrical
=
False
,
blank
=
True
,
null
=
True
)
foreign_network
=
models
.
ForeignKey
(
'VlanGroup'
,
related_name
=
"ForeignRules"
)
dport
=
models
.
IntegerField
(
blank
=
True
,
null
=
True
,
validators
=
[
MinValueValidator
(
1
),
MaxValueValidator
(
65535
)])
sport
=
models
.
IntegerField
(
blank
=
True
,
null
=
True
,
validators
=
[
MinValueValidator
(
1
),
MaxValueValidator
(
65535
)])
proto
=
models
.
CharField
(
max_length
=
10
,
choices
=
CHOICES_proto
,
blank
=
True
,
null
=
True
)
...
...
@@ -36,20 +36,22 @@ class Rule(models.Model):
created_at
=
models
.
DateTimeField
(
auto_now_add
=
True
)
modified_at
=
models
.
DateTimeField
(
auto_now
=
True
)
vlan
=
models
.
ForeignKey
(
'Vlan'
,
related_name
=
"rules"
,
blank
=
True
,
null
=
True
)
vlangroup
=
models
.
ForeignKey
(
'VlanGroup'
,
related_name
=
"rules"
,
blank
=
True
,
null
=
True
)
host
=
models
.
ForeignKey
(
'Host'
,
related_name
=
"rules"
,
blank
=
True
,
null
=
True
)
hostgroup
=
models
.
ForeignKey
(
'Group'
,
related_name
=
"rules"
,
blank
=
True
,
null
=
True
)
firewall
=
models
.
ForeignKey
(
'Firewall'
,
related_name
=
"rules"
,
blank
=
True
,
null
=
True
)
def
__unicode__
(
self
):
return
self
.
desc
()
def
color_desc
(
self
):
para
=
'</span>'
if
(
self
.
dport
):
para
=
"dport=
%
s
%
s"
%
(
self
.
dport
,
para
)
if
(
self
.
sport
):
para
=
"sport=
%
s
%
s"
%
(
self
.
sport
,
para
)
if
(
self
.
proto
):
para
=
"proto=
%
s
%
s"
%
(
self
.
proto
,
para
)
para
=
u'<span style="color: #00FF00;">'
+
para
return
u'<span style="color: #FF0000;">['
+
self
.
r_type
+
u']</span> '
+
(
self
.
vlan_l
()
+
u'<span style="color: #0000FF;"> ▸ </span>'
+
self
.
r_type
if
self
.
direction
==
'1'
else
self
.
r_type
+
u'<span style="color: #0000FF;"> ▸ </span>'
+
self
.
vlan_l
())
+
' '
+
para
+
' '
+
self
.
description
color_desc
.
allow_tags
=
True
def
clean
(
self
):
count
=
0
for
field
in
[
self
.
vlan
,
self
.
vlangroup
,
self
.
host
,
self
.
hostgroup
,
self
.
firewall
]:
if
field
is
None
:
count
=
count
+
1
if
count
!=
4
:
raise
ValidationError
(
'jaj'
)
def
desc
(
self
):
para
=
u""
...
...
@@ -59,12 +61,7 @@ class Rule(models.Model):
para
=
"sport=
%
s
%
s"
%
(
self
.
sport
,
para
)
if
(
self
.
proto
):
para
=
"proto=
%
s
%
s"
%
(
self
.
proto
,
para
)
return
u'['
+
self
.
r_type
+
u'] '
+
(
self
.
vlan_l
()
+
u' ▸ '
+
self
.
r_type
if
self
.
direction
==
'1'
else
self
.
r_type
+
u' ▸ '
+
self
.
vlan_l
())
+
u' '
+
para
+
u' '
+
self
.
description
def
vlan_l
(
self
):
retval
=
[]
for
vl
in
self
.
vlan
.
all
():
retval
.
append
(
vl
.
name
)
return
u', '
.
join
(
retval
)
return
u'['
+
self
.
r_type
+
u'] '
+
(
unicode
(
self
.
foreign_network
)
+
u' ▸ '
+
self
.
r_type
if
self
.
direction
==
'1'
else
self
.
r_type
+
u' ▸ '
+
unicode
(
self
.
foreign_network
))
+
u' '
+
para
+
u' '
+
self
.
description
class
Vlan
(
models
.
Model
):
vid
=
models
.
IntegerField
(
unique
=
True
)
...
...
@@ -78,7 +75,6 @@ class Vlan(models.Model):
ipv6
=
models
.
GenericIPAddressField
(
protocol
=
'ipv6'
,
unique
=
True
)
snat_ip
=
models
.
GenericIPAddressField
(
protocol
=
'ipv4'
,
blank
=
True
,
null
=
True
)
snat_to
=
models
.
ManyToManyField
(
'self'
,
symmetrical
=
False
,
blank
=
True
,
null
=
True
)
rules
=
models
.
ManyToManyField
(
'Rule'
,
related_name
=
"
%(app_label)
s_
%(class)
s_related"
,
symmetrical
=
False
,
blank
=
True
,
null
=
True
)
description
=
models
.
TextField
(
blank
=
True
)
comment
=
models
.
TextField
(
blank
=
True
)
domain
=
models
.
TextField
(
blank
=
True
,
validators
=
[
val_domain
])
...
...
@@ -95,20 +91,22 @@ class Vlan(models.Model):
def
net_ipv4
(
self
):
return
self
.
net4
+
"/"
+
unicode
(
self
.
prefix4
)
def
rules_l
(
self
):
retval
=
[]
for
rl
in
self
.
rules
.
all
():
retval
.
append
(
unicode
(
rl
))
return
', '
.
join
(
retval
)
def
snat_to_l
(
self
):
retval
=
[]
for
rl
in
self
.
snat_to
.
all
():
retval
.
append
(
unicode
(
rl
))
return
', '
.
join
(
retval
)
class
VlanGroup
(
models
.
Model
):
name
=
models
.
CharField
(
max_length
=
20
,
unique
=
True
)
vlans
=
models
.
ManyToManyField
(
'Vlan'
,
symmetrical
=
False
,
blank
=
True
,
null
=
True
)
description
=
models
.
TextField
(
blank
=
True
)
owner
=
models
.
ForeignKey
(
User
,
blank
=
True
,
null
=
True
)
created_at
=
models
.
DateTimeField
(
auto_now_add
=
True
)
modified_at
=
models
.
DateTimeField
(
auto_now
=
True
)
def
__unicode__
(
self
):
return
self
.
name
class
Group
(
models
.
Model
):
name
=
models
.
CharField
(
max_length
=
20
,
unique
=
True
)
rules
=
models
.
ManyToManyField
(
'Rule'
,
symmetrical
=
False
,
blank
=
True
,
null
=
True
)
description
=
models
.
TextField
(
blank
=
True
)
owner
=
models
.
ForeignKey
(
User
,
blank
=
True
,
null
=
True
)
created_at
=
models
.
DateTimeField
(
auto_now_add
=
True
)
modified_at
=
models
.
DateTimeField
(
auto_now
=
True
)
...
...
@@ -139,7 +137,6 @@ class Host(models.Model):
vlan
=
models
.
ForeignKey
(
'Vlan'
)
owner
=
models
.
ForeignKey
(
User
)
groups
=
models
.
ManyToManyField
(
'Group'
,
symmetrical
=
False
,
blank
=
True
,
null
=
True
)
rules
=
models
.
ManyToManyField
(
'Rule'
,
symmetrical
=
False
,
blank
=
True
,
null
=
True
)
created_at
=
models
.
DateTimeField
(
auto_now_add
=
True
)
modified_at
=
models
.
DateTimeField
(
auto_now
=
True
)
...
...
@@ -153,18 +150,9 @@ class Host(models.Model):
raise
ValidationError
(
"Ha a shared_ip be van pipalva, akkor egyedinek kell lennie a pub_ipv4-nek!"
)
if
Host
.
objects
.
exclude
(
id
=
self
.
id
)
.
filter
(
pub_ipv4
=
self
.
ipv4
):
raise
ValidationError
(
"Egy masik host natolt cimet nem hasznalhatod sajat ipv4-nek"
)
self
.
full_clean
()
super
(
Host
,
self
)
.
save
(
*
args
,
**
kwargs
)
def
groups_l
(
self
):
retval
=
[]
for
grp
in
self
.
groups
.
all
():
retval
.
append
(
grp
.
name
)
return
', '
.
join
(
retval
)
def
rules_l
(
self
):
retval
=
[]
for
rl
in
self
.
rules
.
all
():
retval
.
append
(
unicode
(
rl
.
color_desc
()))
return
'<br>'
.
join
(
retval
)
rules_l
.
allow_tags
=
True
def
enable_net
(
self
):
self
.
groups
.
add
(
Group
.
objects
.
get
(
name
=
"netezhet"
))
...
...
@@ -175,17 +163,9 @@ class Host(models.Model):
for
host
in
Host
.
objects
.
filter
(
pub_ipv4
=
self
.
pub_ipv4
):
if
host
.
rules
.
filter
(
nat
=
True
,
proto
=
proto
,
dport
=
public
):
raise
ValidationError
(
"A
%
s
%
s port mar hasznalva"
%
(
proto
,
public
))
rule
=
Rule
(
direction
=
'1'
,
owner
=
self
.
owner
,
d
escription
=
u"
%
s
%
s
%
s ▸
%
s"
%
(
self
.
hostname
,
proto
,
public
,
private
),
dport
=
public
,
proto
=
proto
,
nat
=
True
,
accept
=
True
,
r_type
=
"host"
,
nat_dport
=
private
)
rule
=
Rule
(
direction
=
'1'
,
owner
=
self
.
owner
,
d
port
=
public
,
proto
=
proto
,
nat
=
True
,
accept
=
True
,
r_type
=
"host"
,
nat_dport
=
private
,
host
=
host
,
foreign_network
=
VlanGroup
.
objects
.
get
(
name
=
settings
[
"default_vlangroup"
])
)
rule
.
full_clean
()
rule
.
save
()
rule
.
vlan
.
add
(
Vlan
.
objects
.
get
(
name
=
"PUB"
))
rule
.
vlan
.
add
(
Vlan
.
objects
.
get
(
name
=
"HOT"
))
rule
.
vlan
.
add
(
Vlan
.
objects
.
get
(
name
=
"LAB"
))
rule
.
vlan
.
add
(
Vlan
.
objects
.
get
(
name
=
"DMZ"
))
rule
.
vlan
.
add
(
Vlan
.
objects
.
get
(
name
=
"VM-NET"
))
rule
.
vlan
.
add
(
Vlan
.
objects
.
get
(
name
=
"WAR"
))
rule
.
vlan
.
add
(
Vlan
.
objects
.
get
(
name
=
"OFF2"
))
self
.
rules
.
add
(
rule
)
def
del_port
(
self
,
proto
,
public
):
self
.
rules
.
filter
(
owner
=
self
.
owner
,
proto
=
proto
,
nat
=
True
,
dport
=
public
)
.
delete
()
...
...
@@ -201,7 +181,6 @@ class Host(models.Model):
class
Firewall
(
models
.
Model
):
name
=
models
.
CharField
(
max_length
=
20
,
unique
=
True
)
rules
=
models
.
ManyToManyField
(
'Rule'
,
symmetrical
=
False
,
blank
=
True
,
null
=
True
)
def
__unicode__
(
self
):
return
self
.
name
...
...
firewall/views.py
View file @
e83122c8
...
...
@@ -17,6 +17,8 @@ import sys
def
reload_firewall
(
request
):
if
request
.
user
.
is_authenticated
():
if
(
request
.
user
.
is_superuser
):
ipv4
=
firewall
()
return
HttpResponse
(
ipv4
.
show
())
html
=
u"Be vagy jelentkezve es admin is vagy, kedves
%
s!"
%
request
.
user
.
username
html
+=
"<br> 10 masodperc mulva ujratoltodik"
ReloadTask
.
delay
()
...
...
one/models.py
View file @
e83122c8
...
...
@@ -392,8 +392,7 @@ class Instance(models.Model):
host
.
hostname
=
u"id-
%
d_user-
%
s"
%
(
inst
.
id
,
owner
.
username
)
host
.
mac
=
x
.
getElementsByTagName
(
"MAC"
)[
0
]
.
childNodes
[
0
]
.
nodeValue
host
.
ipv4
=
inst
.
ip
host
.
pub_ipv4
=
"152.66.243.62"
host
.
full_clean
()
host
.
pub_ipv4
=
Vlan
.
objects
.
get
(
name
=
template
.
network
.
name
)
.
snat_ip
host
.
save
()
host
.
enable_net
()
host
.
add_port
(
"tcp"
,
inst
.
get_port
(),
{
"rdp"
:
3389
,
"nx"
:
22
,
"ssh"
:
22
}[
inst
.
template
.
access_type
])
...
...
@@ -409,7 +408,6 @@ class Instance(models.Model):
proc
=
subprocess
.
Popen
([
"/opt/occi.sh"
,
"compute"
,
"delete"
,
"
%
d"
%
self
.
one_id
],
stdout
=
subprocess
.
PIPE
)
(
out
,
err
)
=
proc
.
communicate
()
self
.
firewall_host
.
del_rules
()
self
.
firewall_host
.
delete
()
reload_firewall_lock
()
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment