Commit efb55aec by Bach Dániel

(re)add LEGACY firewall support

parent f9472799
...@@ -14,25 +14,32 @@ FIREWALL_CONF = getenv('FIREWALL_CONF', 'firewall.conf') ...@@ -14,25 +14,32 @@ FIREWALL_CONF = getenv('FIREWALL_CONF', 'firewall.conf')
CACHE_URI = getenv('CACHE_URI') CACHE_URI = getenv('CACHE_URI')
AMQP_URI = getenv('AMQP_URI') AMQP_URI = getenv('AMQP_URI')
LEGACY = getenv('LEGACY', 'False').upper() == 'TRUE'
celery = Celery('tasks',) celery = Celery('tasks',)
celery.conf.update(CELERY_CACHE_BACKEND=CACHE_URI, celery.conf.update(CELERY_TASK_RESULT_EXPIRES=300,
CELERY_RESULT_BACKEND='cache',
CELERY_TASK_RESULT_EXPIRES=300,
BROKER_URL=AMQP_URI, BROKER_URL=AMQP_URI,
CELERY_CREATE_MISSING_QUEUES=True) CELERY_CREATE_MISSING_QUEUES=True)
if not LEGACY:
celery.conf.update(CELERY_CACHE_BACKEND=CACHE_URI,
CELERY_RESULT_BACKEND='cache')
logger = logging.getLogger(__name__) logger = logging.getLogger(__name__)
@task(name="firewall.reload_firewall") @task(name="firewall.reload_firewall")
def reload_firewall(data4, data6, save_config=True): def reload_firewall(data4, data6, save_config=True):
ns_exec(NETNS, ('/sbin/ip6tables-restore', '-c'), if isinstance(data4, dict):
'\n'.join(data6['filter']) + '\n') data4 = ('\n'.join(data4['filter']) + '\n' +
'\n'.join(data4['nat']) + '\n')
if isinstance(data6, dict):
data6 = ('\n'.join(data6['filter']) + '\n')
ns_exec(NETNS, ('/sbin/ip6tables-restore', '-c'), data6)
ns_exec(NETNS, ('/sbin/iptables-restore', '-c'), ns_exec(NETNS, ('/sbin/iptables-restore', '-c'), data4)
('\n'.join(data4['filter']) + '\n' +
'\n'.join(data4['nat']) + '\n'))
if save_config: if save_config:
with open(FIREWALL_CONF, 'w') as f: with open(FIREWALL_CONF, 'w') as f:
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or sign in to comment