firewall: reload_blacklist_task() added

1b7d6142 · Bach Dániel · 7da388f8 · 1b7d6142 · 1b7d6142 · 1b7d6142
Commit 1b7d6142 authored Feb 19, 2013 by Bach Dániel
Showing with 19 additions and 7 deletions

cloud/settings.py
+1 -0

firewall/fw.py
+4 -7

firewall/migrations/0031_auto__add_field_blacklist_snort_message__add_field_blacklist_type.py
+0 -0

firewall/models.py
+3 -0

firewall/tasks.py
+11 -0

No files found.
--- a/cloud/settings.py
+++ b/cloud/settings.py
@@ -185,6 +185,7 @@ CELERY_ROUTES = {
    'firewall.tasks.reload_dns_task': {'queue': 'dns'},
    'firewall.tasks.reload_firewall_task': {'queue': 'firewall'},
    'firewall.tasks.reload_dhcp_task': {'queue': 'dhcp'},
+    'firewall.tasks.reload_blacklist_task': {'queue': 'firewall'},
 }
 store_settings = {

--- a/firewall/fw.py
+++ b/firewall/fw.py
@@ -18,7 +18,6 @@ class firewall:
    pub = None
    hosts = None
    fw = None
-    ipset = None
    def dportsport(self, rule, repl=True):
        retval = ' '
@@ -263,7 +262,6 @@ class firewall:
    def __init__(self, IPV6=False):
        self.RULES=[]
        self.RULES_NAT=[]
-        self.IPSET = []
        self.IPV6 = IPV6
        self.vlans = models.Vlan.objects.all()
        self.hosts = models.Host.objects.all()
@@ -273,7 +271,6 @@ class firewall:
        self.ipt_filter()
        if not self.IPV6:
            self.ipt_nat()
-            self.IPSET=self.ipset()
    def reload(self):
        if self.IPV6:
@@ -292,7 +289,7 @@ class firewall:
        if self.IPV6:
            return { 'filter': self.RULES, }
        else:
-            return { 'filter': self.RULES, 'nat': self.RULES_NAT, 'ipset': self.IPSET }
+            return { 'filter': self.RULES, 'nat': self.RULES_NAT }
    def show(self):
        if self.IPV6:
@@ -301,9 +298,9 @@ class firewall:
            return ('\n'.join(self.RULES) + '\n' +
                '\n'.join(self.RULES_NAT) + '\n')
-    def ipset(self):
+def ipset(self):
-        week = datetime.now()-timedelta(days=7)
+    week = datetime.now()-timedelta(days=7)
-        return models.Blacklist.objects.filter(modified_at__gte=week).values_list('ipv4', flat=True)
+    return models.Blacklist.objects.filter(modified_at__gte=week).values_list('ipv4', flat=True)
 def ipv6_to_octal(ipv6):

--- a/firewall/migrations/0031_auto__add_field_blacklist_snort_message__add_field_blacklist_type.py
+++ b/firewall/migrations/0031_auto__add_field_blacklist_snort_message__add_field_blacklist_type.py
--- a/firewall/models.py
+++ b/firewall/models.py
@@ -319,8 +319,11 @@ class Record(models.Model):
        return retval
 class Blacklist(models.Model):
+    CHOICES_type = (('permban', 'permanent ban'), ('tempban', 'temporary ban'), ('whitelist', 'whitelist'))
    ipv4 = models.GenericIPAddressField(protocol='ipv4', unique=True)
    reason = models.TextField(blank=True)
+    snort_message = models.TextField(blank=True)
+    type = models.CharField(max_length=10, choices=CHOICES_type, default='tempban')
    created_at = models.DateTimeField(auto_now_add=True)
    modified_at = models.DateTimeField(auto_now=True)

--- a/firewall/tasks.py
+++ b/firewall/tasks.py
@@ -15,6 +15,9 @@ def reload_firewall_task(data4, data6):
 @celery.task
 def reload_dhcp_task(data):
    pass
+@celery.task
+def reload_blacklist_task(data):
+    pass
 class ReloadTask(Task):
    def run(self, type='Host'):
@@ -47,5 +50,13 @@ class ReloadTask(Task):
                ipv6 = firewall(True).get()
                reload_firewall_task.delay(ipv4, ipv6)
+        if type == "Blacklist":
+            lock = lambda: cache.add("blacklist_lock", "true", 9)
+            if lock():
+                if not sleep:
+                    sleep = True
+                    time.sleep(10)
+                reload_blacklist_task(ipset())
        print type