Commit 1b7d6142 by Bach Dániel

firewall: reload_blacklist_task() added

parent 7da388f8
......@@ -185,6 +185,7 @@ CELERY_ROUTES = {
'firewall.tasks.reload_dns_task': {'queue': 'dns'},
'firewall.tasks.reload_firewall_task': {'queue': 'firewall'},
'firewall.tasks.reload_dhcp_task': {'queue': 'dhcp'},
'firewall.tasks.reload_blacklist_task': {'queue': 'firewall'},
}
store_settings = {
......
......@@ -18,7 +18,6 @@ class firewall:
pub = None
hosts = None
fw = None
ipset = None
def dportsport(self, rule, repl=True):
retval = ' '
......@@ -263,7 +262,6 @@ class firewall:
def __init__(self, IPV6=False):
self.RULES=[]
self.RULES_NAT=[]
self.IPSET = []
self.IPV6 = IPV6
self.vlans = models.Vlan.objects.all()
self.hosts = models.Host.objects.all()
......@@ -273,7 +271,6 @@ class firewall:
self.ipt_filter()
if not self.IPV6:
self.ipt_nat()
self.IPSET=self.ipset()
def reload(self):
if self.IPV6:
......@@ -292,7 +289,7 @@ class firewall:
if self.IPV6:
return { 'filter': self.RULES, }
else:
return { 'filter': self.RULES, 'nat': self.RULES_NAT, 'ipset': self.IPSET }
return { 'filter': self.RULES, 'nat': self.RULES_NAT }
def show(self):
if self.IPV6:
......@@ -301,7 +298,7 @@ class firewall:
return ('\n'.join(self.RULES) + '\n' +
'\n'.join(self.RULES_NAT) + '\n')
def ipset(self):
def ipset(self):
week = datetime.now()-timedelta(days=7)
return models.Blacklist.objects.filter(modified_at__gte=week).values_list('ipv4', flat=True)
......
......@@ -319,8 +319,11 @@ class Record(models.Model):
return retval
class Blacklist(models.Model):
CHOICES_type = (('permban', 'permanent ban'), ('tempban', 'temporary ban'), ('whitelist', 'whitelist'))
ipv4 = models.GenericIPAddressField(protocol='ipv4', unique=True)
reason = models.TextField(blank=True)
snort_message = models.TextField(blank=True)
type = models.CharField(max_length=10, choices=CHOICES_type, default='tempban')
created_at = models.DateTimeField(auto_now_add=True)
modified_at = models.DateTimeField(auto_now=True)
......
......@@ -15,6 +15,9 @@ def reload_firewall_task(data4, data6):
@celery.task
def reload_dhcp_task(data):
pass
@celery.task
def reload_blacklist_task(data):
pass
class ReloadTask(Task):
def run(self, type='Host'):
......@@ -47,5 +50,13 @@ class ReloadTask(Task):
ipv6 = firewall(True).get()
reload_firewall_task.delay(ipv4, ipv6)
if type == "Blacklist":
lock = lambda: cache.add("blacklist_lock", "true", 9)
if lock():
if not sleep:
sleep = True
time.sleep(10)
reload_blacklist_task(ipset())
print type
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or sign in to comment