firewall: update Blacklist model

10d51ec8 · Bach Dániel · 9fd1d4fe · 10d51ec8 · 10d51ec8 · 10d51ec8
Commit 10d51ec8 authored Feb 26, 2015 by Bach Dániel
7 changed files
--- a/circle/firewall/admin.py
+++ b/circle/firewall/admin.py
@@ -132,7 +132,8 @@ class RecordAdmin(admin.ModelAdmin):


 class BlacklistItemAdmin(admin.ModelAdmin):
-    list_display = ('ipv4', 'type', 'reason', 'created_at', 'modified_at')
+    list_display = ('ipv4', 'whitelisted', 'reason', 'expires_at',
+                    'created_at', 'modified_at')


 class SwitchPortAdmin(admin.ModelAdmin):

--- a/circle/firewall/fw.py
+++ b/circle/firewall/fw.py
@@ -19,14 +19,12 @@ import re
 import logging
 from collections import OrderedDict
 from netaddr import IPAddress, AddrFormatError
-from datetime import timedelta
 from itertools import product

 from .models import (Host, Rule, Vlan, Domain, Record, BlacklistItem,
                     SwitchPort)
 from .iptables import IptRule, IptChain
 import django.conf
-from django.db.models import Q
 from django.template import loader, Context
 from django.utils import timezone

@@ -161,10 +159,9 @@ class BuildFirewall:


 def ipset():
-    week = timezone.now() - timedelta(days=2)
-    filter_ban = (Q(type='tempban', modified_at__gte=week) |
-                  Q(type='permban'))
-    return BlacklistItem.objects.filter(filter_ban).values('ipv4', 'reason')
+    now = timezone.now()
+    return BlacklistItem.objects.filter(whitelisted=False).exclude(
+        expires_at__lt=now).values('ipv4', 'reason')


 def ipv6_to_octal(ipv6):

--- a/circle/firewall/migrations/0003_auto_20150226_1927.py
+++ b/circle/firewall/migrations/0003_auto_20150226_1927.py
+# -*- coding: utf-8 -*-
+from __future__ import unicode_literals
+
+from django.db import models, migrations
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('firewall', '0002_auto_20150115_0021'),
+    ]
+
+    operations = [
+        migrations.RemoveField(
+            model_name='blacklistitem',
+            name='type',
+        ),
+        migrations.AddField(
+            model_name='blacklistitem',
+            name='expires_at',
+            field=models.DateTimeField(default=None, null=True, verbose_name='expires at', blank=True),
+            preserve_default=True,
+        ),
+        migrations.AddField(
+            model_name='blacklistitem',
+            name='whitelisted',
+            field=models.BooleanField(default=False, verbose_name='whitelisted'),
+            preserve_default=True,
+        ),
+        migrations.AlterField(
+            model_name='blacklistitem',
+            name='ipv4',
+            field=models.GenericIPAddressField(protocol=b'ipv4', unique=True, verbose_name=b'IPv4 address'),
+            preserve_default=True,
+        ),
+        migrations.AlterField(
+            model_name='blacklistitem',
+            name='reason',
+            field=models.TextField(null=True, verbose_name='reason', blank=True),
+            preserve_default=True,
+        ),
+        migrations.AlterField(
+            model_name='blacklistitem',
+            name='snort_message',
+            field=models.TextField(null=True, verbose_name='short message', blank=True),
+            preserve_default=True,
+        ),
+    ]
--- a/circle/firewall/models.py
+++ b/circle/firewall/models.py
@@ -1109,24 +1109,23 @@ class EthernetDevice(models.Model):


 class BlacklistItem(models.Model):
-    CHOICES_type = (('permban', 'permanent ban'), ('tempban', 'temporary ban'),
-                    ('whitelist', 'whitelist'), ('tempwhite', 'tempwhite'))
-    ipv4 = models.GenericIPAddressField(protocol='ipv4', unique=True)
-    host = models.ForeignKey('Host', blank=True, null=True,
-                             verbose_name=_('host'))
-    reason = models.TextField(blank=True, verbose_name=_('reason'))
-    snort_message = models.TextField(blank=True,
-                                     verbose_name=_('short message'))
-    type = models.CharField(
-        max_length=10,
-        choices=CHOICES_type,
-        default='tempban',
-        verbose_name=_('type')
-    )
+    ipv4 = models.GenericIPAddressField(
+        protocol='ipv4', unique=True, verbose_name=("IPv4 address"))
+    host = models.ForeignKey(
+        'Host', blank=True, null=True, verbose_name=_('host'))
+    reason = models.TextField(
+        blank=True, null=True, verbose_name=_('reason'))
+    snort_message = models.TextField(
+        blank=True, null=True, verbose_name=_('short message'))
+
+    whitelisted = models.BooleanField(
+        default=False, verbose_name=_("whitelisted"))
    created_at = models.DateTimeField(auto_now_add=True,
                                      verbose_name=_('created_at'))
    modified_at = models.DateTimeField(auto_now=True,
                                       verbose_name=_('modified_at'))
+    expires_at = models.DateTimeField(blank=True, null=True, default=None,
+                                      verbose_name=_('expires at'))

    def save(self, *args, **kwargs):
        self.full_clean()

--- a/circle/network/forms.py
+++ b/circle/network/forms.py
@@ -54,8 +54,10 @@ class BlacklistItemForm(ModelForm):
                '',
                'ipv4',
                'host',
+                'expires_at',
+                'whitelisted',
                'reason',
-                'type',
+                'snort_message',
            )
        ),
        FormActions(

--- a/circle/network/tables.py
+++ b/circle/network/tables.py
@@ -45,7 +45,7 @@ class BlacklistItemTable(Table):
    class Meta:
        model = Domain
        attrs = {'class': 'table table-striped table-condensed'}
-        fields = ('ipv4', 'host', 'reason', 'type')
+        fields = ('ipv4', 'host', 'expires_at', 'whitelisted', 'reason')
        order_by = ('ipv4', )



--- a/circle/network/views.py
+++ b/circle/network/views.py
@@ -137,8 +137,7 @@ class BlacklistDetail(LoginRequiredMixin, SuperuserRequiredMixin,
    model = BlacklistItem
    template_name = "network/blacklist-edit.html"
    form_class = BlacklistItemForm
-    success_message = _(u'Successfully modified blacklist item '
-                        '%(ipv4)s - %(type)s.')
+    success_message = _(u'Successfully modified blacklist item %(ipv4)s.')

    def get_success_url(self):
        if 'pk' in self.kwargs:
@@ -155,8 +154,7 @@ class BlacklistCreate(LoginRequiredMixin, SuperuserRequiredMixin,
    model = BlacklistItem
    template_name = "network/blacklist-create.html"
    form_class = BlacklistItemForm
-    success_message = _(u'Successfully created blacklist item '
-                        '%(ipv4)s - %(type)s.')
+    success_message = _(u'Successfully created blacklist item %(ipv4)s')


 class BlacklistDelete(LoginRequiredMixin, SuperuserRequiredMixin, DeleteView):
@@ -168,9 +166,7 @@ class BlacklistDelete(LoginRequiredMixin, SuperuserRequiredMixin, DeleteView):
        context = super(BlacklistDelete, self).get_context_data(**kwargs)
        if 'pk' in self.kwargs:
            to_delete = BlacklistItem.objects.get(pk=self.kwargs['pk'])
-            context['object'] = "%s - %s - %s" % (to_delete.ipv4,
-                                                  to_delete.reason,
-                                                  to_delete.type)
+            context['object'] = "%s - %s" % (to_delete.ipv4, to_delete.reason)
            return context

    def get_success_url(self):