Skip to content

CIRCLE / fwdriver

Go to a project
Commit 0522e765 by Bach Dániel
Options

Initial commit

parents
Showing with 158 additions and 0 deletions
.gitignore 0 → 100644
# Python bytecode:
*.py[co]
# Packaging files:
*.egg*
# Editor temp files:
*.swp
*~
# Sphinx docs:
build
_build
# SQLite3 database files:
*.db
# Logs:
*.log
celeryconfig.py 0 → 100644
CELERY_TASK_RESULT_EXPIRES = 3600
BROKER_URL = 'amqp://nyuszi:teszt@localhost:5672/django'
fw.py 0 → 100644
from celery import Celery, task
import subprocess
import re
import socket
IRC_CHANNEL = '/home/cloud/irc/irc.atw.hu/#ik/in'
DHCP_LOGFILE = '/home/cloud/dhcp.log'
CELERY_CREATE_MISSING_QUEUES = True
celery = Celery('tasks', backend='amqp')
celery.config_from_object('celeryconfig')
@task(name="firewall.tasks.reload_firewall_task")
def reload_firewall(data4, data6):
print "fw"
process = subprocess.Popen(['/usr/bin/sudo',
'/sbin/ip6tables-restore', '-c'],
shell=False, stdin=subprocess.PIPE)
process.communicate("\n".join(data6['filter']) + "\n")
process = subprocess.Popen(['/usr/bin/sudo',
'/sbin/iptables-restore', '-c'],
shell=False, stdin=subprocess.PIPE)
process.communicate("\n".join(data4['filter'])
+ "\n" + "\n".join(data4['nat']) + "\n")
@task(name="firewall.tasks.reload_dhcp_task")
def reload_dhcp(data):
print "dhcp"
with open('/tools/dhcp3/dhcpd.conf.generated', 'w') as f:
f.write("\n".join(data) + "\n")
subprocess.call(['sudo', '/etc/init.d/isc-dhcp-server',
'restart'], shell=False)
def ipset_save(data):
r = re.compile(r'^add blacklist ([0-9.]+)$')
data_new = [x['ipv4'] for x in data]
data_old = []
p = subprocess.Popen(['/usr/bin/sudo', '/usr/sbin/ipset', 'save',
'blacklist'], shell=False, stdout=subprocess.PIPE)
for line in p.stdout:
x = r.match(line.rstrip())
if x:
data_old.append(x.group(1))
l_add = list(set(data_new).difference(set(data_old)))
l_del = list(set(data_old).difference(set(data_new)))
return (l_add, l_del, )
def ipset_restore(l_add, l_del):
ipset = []
ipset.append('create blacklist hash:ip family inet hashsize '
'4096 maxelem 65536')
ipset = ipset + ['add blacklist %s' % x for x in l_add]
ipset = ipset + ['del blacklist %s' % x for x in l_del]
print "\n".join(ipset) + "\n"
p = subprocess.Popen(['/usr/bin/sudo', '/usr/sbin/ipset', 'restore',
'-exist'], shell=False, stdin=subprocess.PIPE)
p.communicate("\n".join(ipset) + "\n")
def irc_message(data, l_add):
try:
with open(IRC_CHANNEL, 'w+') as f:
for x in data:
try:
hostname = socket.gethostbyaddr(x['ipv4'])[0]
except:
hostname = x['ipv4']
if x['ipv4'] in l_add:
f.write('%(ip)s(%(hostname)s) kibachva %(reason)s '
'miatt\n' % {'ip': x['ipv4'],
'reason': x['reason'],
'hostname': hostname})
except:
print "nem sikerult mircre irni"
# raise
@task(name="firewall.tasks.reload_blacklist_task")
def reload_blacklist(data):
print "blacklist"
l_add, l_del = ipset_save(data)
ipset_restore(l_add, l_del)
irc_message(data, l_add)
# 2013-06-26 12:16:59 DHCPACK on 10.4.0.14 to 5c:b5:24:e6:5c:81
# (android_b555bfdba7c837d) via vlan0004
dhcp_ack_re = re.compile(r'\S DHCPACK on (?P<ip>[0-9.]+) to '
r'(?P<mac>[a-zA-Z0-9:]+) '
r'(\((?P<hostname>[^)]+)\) )?'
r'via (?P<interface>[a-zA-Z0-9]+)')
# 2013-06-25 11:08:38 DHCPDISCOVER from 48:5b:39:8e:82:78
# via vlan0005: network 10.5.0.0/16: no free leases
dhcp_no_free_re = re.compile(r'\S DHCPDISCOVER '
r'from (?P<mac>[a-zA-Z0-9:]+) '
r'via (?P<interface>[a-zA-Z0-9]+):')
# r'.* no free leases')
# r'(\((?P<hostnamename>[^)]+)\) )?'
@task(name="firewall.tasks.get_dhcp_clients_task")
def get_dhcp_clients():
clients = {}
with open(DHCP_LOGFILE, 'r') as f:
for line in f:
m = dhcp_ack_re.search(line)
if m is None:
m = dhcp_no_free_re.search(line)
if m is None:
continue
m = m.groupdict()
mac = m['mac']
ip = m.get('ip', None)
hostname = m.get('hostname', None)
interface = m.get('interface', None)
clients[mac] = (ip, hostname, interface)
return clients
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or sign in to comment