Merge branch 'feature-fw-api' into 'master'

Feature fw api ✅ See merge request !297

Merge branch 'feature-fw-api' into 'master'
Feature fw api ✅ See merge request !297
9fb5f44b · Bach Dániel · 59cb3f57 · 4a0abb1e · 9fb5f44b · 9fb5f44b
Commit 9fb5f44b authored Mar 03, 2015 by Bach Dániel
11 changed files
--- a/circle/circle/settings/base.py
+++ b/circle/circle/settings/base.py
@@ -564,3 +564,6 @@ MAX_NODE_RAM = get_env_variable("MAX_NODE_RAM", 1024)
 CLIENT_DOWNLOAD_URL = get_env_variable('CLIENT_DOWNLOAD_URL', 'http://circlecloud.org/client/download/')
 ADMIN_ENABLED = False
+BLACKLIST_PASSWORD = get_env_variable("BLACKLIST_PASSWORD", "")
+BLACKLIST_HOOK_URL = get_env_variable("BLACKLIST_HOOK_URL", "")
--- a/circle/circle/urls.py
+++ b/circle/circle/urls.py
@@ -27,21 +27,16 @@ from django.shortcuts import redirect
 from circle.settings.base import get_env_variable
 from dashboard.views import circle_login, HelpView
 from dashboard.forms import CirclePasswordResetForm, CircleSetPasswordForm
+from firewall.views import add_blacklist_item
 admin.autodiscover()
 urlpatterns = patterns(
    '',
-    # url(r'^$', TemplateView.as_view(template_name='base.html')),
-    # Examples:
-    # url(r'^$', 'circle.views.home', name='home'),
-    # url(r'^circle/', include('circle.foo.urls')),
-    # url(r'^admin/doc/', include('django.contrib.admindocs.urls')),
    url(r'^$', lambda x: redirect(reverse("dashboard.index"))),
    url(r'^network/', include('network.urls')),
+    url(r'^blacklist-add/', add_blacklist_item),
    url(r'^dashboard/', include('dashboard.urls')),
    # django/contrib/auth/urls.py (care when new version)

--- a/circle/firewall/admin.py
+++ b/circle/firewall/admin.py
@@ -132,7 +132,8 @@ class RecordAdmin(admin.ModelAdmin):
 class BlacklistItemAdmin(admin.ModelAdmin):
-    list_display = ('ipv4', 'type', 'reason', 'created_at', 'modified_at')
+    list_display = ('ipv4', 'whitelisted', 'reason', 'expires_at',
+                    'created_at', 'modified_at')
 class SwitchPortAdmin(admin.ModelAdmin):

--- a/circle/firewall/fw.py
+++ b/circle/firewall/fw.py
@@ -19,14 +19,12 @@ import re
 import logging
 from collections import OrderedDict
 from netaddr import IPAddress, AddrFormatError
-from datetime import timedelta
 from itertools import product
 from .models import (Host, Rule, Vlan, Domain, Record, BlacklistItem,
                     SwitchPort)
 from .iptables import IptRule, IptChain
 import django.conf
-from django.db.models import Q
 from django.template import loader, Context
 from django.utils import timezone
@@ -161,10 +159,9 @@ class BuildFirewall:
 def ipset():
-    week = timezone.now() - timedelta(days=2)
+    now = timezone.now()
-    filter_ban = (Q(type='tempban', modified_at__gte=week) |
+    return BlacklistItem.objects.filter(whitelisted=False).exclude(
-                  Q(type='permban'))
+        expires_at__lt=now).values('ipv4', 'reason')
-    return BlacklistItem.objects.filter(filter_ban).values('ipv4', 'reason')
 def ipv6_to_octal(ipv6):

--- a/circle/firewall/migrations/0003_auto_20150226_1927.py
+++ b/circle/firewall/migrations/0003_auto_20150226_1927.py
+# -*- coding: utf-8 -*-
+from __future__ import unicode_literals
+from django.db import models, migrations
+class Migration(migrations.Migration):
+    dependencies = [
+        ('firewall', '0002_auto_20150115_0021'),
+    ]
+    operations = [
+        migrations.RemoveField(
+            model_name='blacklistitem',
+            name='type',
+        ),
+        migrations.AddField(
+            model_name='blacklistitem',
+            name='expires_at',
+            field=models.DateTimeField(default=None, null=True, verbose_name='expires at', blank=True),
+            preserve_default=True,
+        ),
+        migrations.AddField(
+            model_name='blacklistitem',
+            name='whitelisted',
+            field=models.BooleanField(default=False, verbose_name='whitelisted'),
+            preserve_default=True,
+        ),
+        migrations.AlterField(
+            model_name='blacklistitem',
+            name='ipv4',
+            field=models.GenericIPAddressField(protocol=b'ipv4', unique=True, verbose_name=b'IPv4 address'),
+            preserve_default=True,
+        ),
+        migrations.AlterField(
+            model_name='blacklistitem',
+            name='reason',
+            field=models.TextField(null=True, verbose_name='reason', blank=True),
+            preserve_default=True,
+        ),
+        migrations.AlterField(
+            model_name='blacklistitem',
+            name='snort_message',
+            field=models.TextField(null=True, verbose_name='short message', blank=True),
+            preserve_default=True,
+        ),
+    ]
--- a/circle/firewall/models.py
+++ b/circle/firewall/models.py
@@ -1109,24 +1109,23 @@ class EthernetDevice(models.Model):
 class BlacklistItem(models.Model):
-    CHOICES_type = (('permban', 'permanent ban'), ('tempban', 'temporary ban'),
+    ipv4 = models.GenericIPAddressField(
-                    ('whitelist', 'whitelist'), ('tempwhite', 'tempwhite'))
+        protocol='ipv4', unique=True, verbose_name=("IPv4 address"))
-    ipv4 = models.GenericIPAddressField(protocol='ipv4', unique=True)
+    host = models.ForeignKey(
-    host = models.ForeignKey('Host', blank=True, null=True,
+        'Host', blank=True, null=True, verbose_name=_('host'))
-                             verbose_name=_('host'))
+    reason = models.TextField(
-    reason = models.TextField(blank=True, verbose_name=_('reason'))
+        blank=True, null=True, verbose_name=_('reason'))
-    snort_message = models.TextField(blank=True,
+    snort_message = models.TextField(
-                                     verbose_name=_('short message'))
+        blank=True, null=True, verbose_name=_('short message'))
-    type = models.CharField(
-        max_length=10,
+    whitelisted = models.BooleanField(
-        choices=CHOICES_type,
+        default=False, verbose_name=_("whitelisted"))
-        default='tempban',
-        verbose_name=_('type')
-    )
    created_at = models.DateTimeField(auto_now_add=True,
                                      verbose_name=_('created_at'))
    modified_at = models.DateTimeField(auto_now=True,
                                       verbose_name=_('modified_at'))
+    expires_at = models.DateTimeField(blank=True, null=True, default=None,
+                                      verbose_name=_('expires at'))
    def save(self, *args, **kwargs):
        self.full_clean()

--- a/circle/firewall/tasks/local_tasks.py
+++ b/circle/firewall/tasks/local_tasks.py
@@ -102,6 +102,7 @@ def reloadtask(type='Host', timeout=15):
        'Rule': ['firewall'],
        'SwitchPort': ['firewall_vlan'],
        'EthernetDevice': ['firewall_vlan'],
+        'BlacklistItem': ['blacklist'],
    }[type]
    logger.info("Reload %s on next periodic iteration applying change to %s.",
                ", ".join(reload), type)

--- a/circle/firewall/views.py
+++ b/circle/firewall/views.py
@@ -15,69 +15,97 @@
 # You should have received a copy of the GNU General Public License along
 # with CIRCLE.  If not, see <http://www.gnu.org/licenses/>.
-import base64
+from __future__ import absolute_import, unicode_literals
-import datetime
-import json
-from django.core.exceptions import ValidationError
+from datetime import timedelta
-from django.db import IntegrityError
+from json import dumps
+import logging
+from netaddr import AddrFormatError, IPAddress
+from requests import post
+from requests.exceptions import RequestException
+from django.core.exceptions import PermissionDenied
 from django.http import HttpResponse
-from django.utils.timezone import utc
+from django.utils import timezone
 from django.utils.translation import ugettext_lazy as _
 from django.views.decorators.csrf import csrf_exempt
 from django.views.decorators.http import require_POST
-from .tasks.local_tasks import reloadtask
 from .models import BlacklistItem, Host
+from django.conf import settings
-def reload_firewall(request):
+logger = logging.getLogger(__name__)
-    if request.user.is_authenticated():
-        if request.user.is_superuser:
-            html = (_("Dear %s, you've signed in as administrator!<br />"
+def send_request(obj):
-                      "Reloading in 10 seconds...") % request.user.username)
+    data = {"ip": obj.ipv4,
-            reloadtask.delay()
+            "msg": obj.snort_message,
-            reloadtask.delay('Vlan')
+            "reason": obj.reason,
-        else:
+            "expires_at": str(obj.expires_at).split('.')[0],
-            html = (_("Dear %s, you've signed in!") % request.user.username)
+            "object_kind": "ban"}
+    if obj.host:
+        data.update({"hostname": obj.host.hostname,
+                     "username": obj.host.owner.username,
+                     "fullname": obj.host.owner.get_full_name()})
+    try:
+        r = post(settings.BLACKLIST_HOOK_URL, data=dumps(data, indent=2),
+                 timeout=3)
+        r.raise_for_status()
+    except RequestException as e:
+        logger.warning("Error in HTTP POST: %s. url: %s params: %s",
+                       str(e), settings.BLACKLIST_HOOK_URL, data)
    else:
-        html = _("Dear anonymous, you've not signed in yet!")
+        logger.info("Successful HTTP POST. url: %s params: %s",
-    return HttpResponse(html)
+                    settings.BLACKLIST_HOOK_URL, data)
 @csrf_exempt
 @require_POST
-def firewall_api(request):
+def add_blacklist_item(request):
+    password = request.POST.get('password')
+    if (not settings.BLACKLIST_PASSWORD or
+            password != settings.BLACKLIST_PASSWORD):
+        logger.warning("Tried invalid password. Password: %s IP: %s",
+                       password, request.META["REMOTE_ADDR"])
+        raise PermissionDenied()
    try:
-        data = json.loads(base64.b64decode(request.POST["data"]))
+        address = request.POST.get('address')
-        command = request.POST["command"]
+        address_object = IPAddress(address, version=4)
-        if data["password"] != "bdmegintelrontottaanetet":
+    except (AddrFormatError, TypeError) as e:
-            raise Exception(_("Wrong password."))
+        logger.warning("Invalid IP address: %s (%s)", address, str(e))
+        return HttpResponse(_("Invalid IP address."))
-        if command == "blacklist":
-            obj, created = BlacklistItem.objects.get_or_create(ipv4=data["ip"])
+    obj, created = BlacklistItem.objects.get_or_create(ipv4=address)
-            obj.reason = data["reason"]
-            obj.snort_message = data["snort_message"]
    if created:
        try:
-                    obj.host = Host.objects.get(ipv4=data["ip"])
+            db_format = '.'.join("%03d" % x for x in address_object.words)
-                except (Host.DoesNotExist, ValidationError,
+            obj.host = Host.objects.get(ipv4=db_format)
-                        IntegrityError, AttributeError):
+        except Host.DoesNotExist:
            pass
-            modified = obj.modified_at + datetime.timedelta(minutes=1)
+    now = timezone.now()
-            now = datetime.dateime.utcnow().replace(tzinfo=utc)
+    can_update = (
-            if obj.type == 'tempwhite' and modified < now:
+        (obj.whitelisted and obj.expires_at and now > obj.expires_at) or
-                obj.type = 'tempban'
+        not obj.whitelisted)
-            if obj.type != 'whitelist':
+    is_new = created or (obj.expires_at and now > obj.expires_at)
+    if created or can_update:
+        obj.reason = request.POST.get('reason')
+        obj.snort_message = request.POST.get('snort_message')
+        obj.whitelisted = False
+        obj.expires_at = now + timedelta(weeks=1)
+        obj.full_clean()
        obj.save()
-            return HttpResponse(unicode(_("OK")))
-        else:
-            raise Exception(_("Unknown command."))
-    except (ValidationError, IntegrityError, AttributeError, Exception) as e:
+    if created:
-        return HttpResponse(_("Something went wrong!\n%s\n") % e)
+        logger.info("Successfully created blacklist item %s.", address)
-    except:
+    elif can_update:
-        return HttpResponse(_("Something went wrong!\n"))
+        logger.info("Successfully modified blacklist item %s.", address)
+    if is_new and settings.BLACKLIST_HOOK_URL:
+        send_request(obj)
    return HttpResponse(unicode(_("OK")))
--- a/circle/network/forms.py
+++ b/circle/network/forms.py
@@ -54,8 +54,10 @@ class BlacklistItemForm(ModelForm):
                '',
                'ipv4',
                'host',
+                'expires_at',
+                'whitelisted',
                'reason',
-                'type',
+                'snort_message',
            )
        ),
        FormActions(

--- a/circle/network/tables.py
+++ b/circle/network/tables.py
@@ -20,7 +20,8 @@ from django.utils.translation import ugettext_lazy as _
 from django.utils.html import format_html
 from django_tables2 import Table, A
-from django_tables2.columns import LinkColumn, TemplateColumn, Column
+from django_tables2.columns import (LinkColumn, TemplateColumn, Column,
+                                    BooleanColumn)
 from firewall.models import Host, Vlan, Domain, Group, Record, Rule, SwitchPort
@@ -41,12 +42,14 @@ class MACColumn(Column):
 class BlacklistItemTable(Table):
    ipv4 = LinkColumn('network.blacklist', args=[A('pk')])
+    whitelisted = BooleanColumn()
    class Meta:
        model = Domain
        attrs = {'class': 'table table-striped table-condensed'}
-        fields = ('ipv4', 'host', 'reason', 'type')
+        fields = ('ipv4', 'host', 'reason', 'whitelisted', 'expires_at',
-        order_by = ('ipv4', )
+                  'created_at')
+        order_by = ('-expires_at', )
 class DomainTable(Table):

--- a/circle/network/views.py
+++ b/circle/network/views.py
@@ -137,8 +137,7 @@ class BlacklistDetail(LoginRequiredMixin, SuperuserRequiredMixin,
    model = BlacklistItem
    template_name = "network/blacklist-edit.html"
    form_class = BlacklistItemForm
-    success_message = _(u'Successfully modified blacklist item'
+    success_message = _(u'Successfully modified blacklist item %(ipv4)s.')
-                        '%(ipv4)s - %(type)s!')
    def get_success_url(self):
        if 'pk' in self.kwargs:
@@ -155,8 +154,7 @@ class BlacklistCreate(LoginRequiredMixin, SuperuserRequiredMixin,
    model = BlacklistItem
    template_name = "network/blacklist-create.html"
    form_class = BlacklistItemForm
-    success_message = _(u'Successfully created blacklist item '
+    success_message = _(u'Successfully created blacklist item %(ipv4)s')
-                        '%(ipv4)s - %(type)s!')
 class BlacklistDelete(LoginRequiredMixin, SuperuserRequiredMixin, DeleteView):
@@ -168,9 +166,7 @@ class BlacklistDelete(LoginRequiredMixin, SuperuserRequiredMixin, DeleteView):
        context = super(BlacklistDelete, self).get_context_data(**kwargs)
        if 'pk' in self.kwargs:
            to_delete = BlacklistItem.objects.get(pk=self.kwargs['pk'])
-            context['object'] = "%s - %s - %s" % (to_delete.ipv4,
+            context['object'] = "%s - %s" % (to_delete.ipv4, to_delete.reason)
-                                                  to_delete.reason,
-                                                  to_delete.type)
            return context
    def get_success_url(self):
@@ -193,7 +189,7 @@ class DomainDetail(LoginRequiredMixin, SuperuserRequiredMixin,
    model = Domain
    template_name = "network/domain-edit.html"
    form_class = DomainForm
-    success_message = _(u'Successfully modified domain %(name)s!')
+    success_message = _(u'Successfully modified domain %(name)s.')
    def get_success_url(self):
        if 'pk' in self.kwargs:
@@ -220,7 +216,7 @@ class DomainCreate(LoginRequiredMixin, SuperuserRequiredMixin,
    model = Domain
    template_name = "network/domain-create.html"
    form_class = DomainForm
-    success_message = _(u'Successfully created domain %(name)s!')
+    success_message = _(u'Successfully created domain %(name)s.')
 class DomainDelete(LoginRequiredMixin, SuperuserRequiredMixin, DeleteView):
@@ -237,11 +233,11 @@ class DomainDelete(LoginRequiredMixin, SuperuserRequiredMixin, DeleteView):
    def delete(self, request, *args, **kwargs):
        self.object = self.get_object()
        if unicode(self.object) != request.POST.get('confirm'):
-            messages.error(request, _(u"Object name does not match!"))
+            messages.error(request, _(u"Object name does not match."))
            return self.get(request, *args, **kwargs)
        response = super(DomainDelete, self).delete(request, *args, **kwargs)
-        messages.success(request, _(u"Domain successfully deleted!"))
+        messages.success(request, _(u"Domain successfully deleted."))
        return response
    def get_context_data(self, **kwargs):
@@ -351,7 +347,7 @@ class GroupCreate(LoginRequiredMixin, SuperuserRequiredMixin,
    model = Group
    template_name = "network/group-create.html"
    form_class = GroupForm
-    success_message = _(u'Successfully created host group %(name)s!')
+    success_message = _(u'Successfully created host group %(name)s.')
 class GroupDetail(LoginRequiredMixin, SuperuserRequiredMixin,
@@ -359,7 +355,7 @@ class GroupDetail(LoginRequiredMixin, SuperuserRequiredMixin,
    model = Group
    template_name = "network/group-edit.html"
    form_class = GroupForm
-    success_message = _(u'Successfully modified host group %(name)s!')
+    success_message = _(u'Successfully modified host group %(name)s.')
    def get_success_url(self):
        if 'pk' in self.kwargs:
@@ -443,7 +439,7 @@ class HostDetail(HostMagicMixin, LoginRequiredMixin, SuperuserRequiredMixin,
    model = Host
    template_name = "network/host-edit.html"
    form_class = HostForm
-    success_message = _(u'Successfully modified host %(hostname)s!')
+    success_message = _(u'Successfully modified host %(hostname)s.')
    def _get_ajax(self, *args, **kwargs):
        if "vlan" not in self.request.GET:
@@ -516,7 +512,7 @@ class HostCreate(HostMagicMixin, LoginRequiredMixin, SuperuserRequiredMixin,
    model = Host
    template_name = "network/host-create.html"
    form_class = HostForm
-    success_message = _(u'Successfully created host %(hostname)s!')
+    success_message = _(u'Successfully created host %(hostname)s.')
    def get_initial(self):
        initial = super(HostCreate, self).get_initial()
@@ -564,11 +560,11 @@ class HostDelete(LoginRequiredMixin, SuperuserRequiredMixin, DeleteView):
    def delete(self, request, *args, **kwargs):
        self.object = self.get_object()
        if unicode(self.object) != request.POST.get('confirm'):
-            messages.error(request, _(u"Object name does not match!"))
+            messages.error(request, _(u"Object name does not match."))
            return self.get(request, *args, **kwargs)
        response = super(HostDelete, self).delete(request, *args, **kwargs)
-        messages.success(request, _(u"Host successfully deleted!"))
+        messages.success(request, _(u"Host successfully deleted."))
        return response
@@ -598,7 +594,7 @@ class RecordDetail(LoginRequiredMixin, SuperuserRequiredMixin,
    template_name = "network/record-edit.html"
    form_class = RecordForm
    # TODO fqdn
-    success_message = _(u'Successfully modified record!')
+    success_message = _(u'Successfully modified record.')
    def get_context_data(self, **kwargs):
        context = super(RecordDetail, self).get_context_data(**kwargs)
@@ -617,7 +613,7 @@ class RecordCreate(LoginRequiredMixin, SuperuserRequiredMixin,
    template_name = "network/record-create.html"
    form_class = RecordForm
    # TODO fqdn
-    success_message = _(u'Successfully created record!')
+    success_message = _(u'Successfully created record.')
    def get_initial(self):
        initial = super(RecordCreate, self).get_initial()
@@ -683,7 +679,7 @@ class RuleDetail(LoginRequiredMixin, SuperuserRequiredMixin,
    model = Rule
    template_name = "network/rule-edit.html"
    form_class = RuleForm
-    success_message = _(u'Successfully modified rule!')
+    success_message = _(u'Successfully modified rule.')
    def get_success_url(self):
        if 'pk' in self.kwargs:
@@ -703,7 +699,7 @@ class RuleCreate(LoginRequiredMixin, SuperuserRequiredMixin,
    model = Rule
    template_name = "network/rule-create.html"
    form_class = RuleForm
-    success_message = _(u'Successfully created rule!')
+    success_message = _(u'Successfully created rule.')
    def get_initial(self):
        initial = super(RuleCreate, self).get_initial()
@@ -739,7 +735,7 @@ class SwitchPortDetail(LoginRequiredMixin, SuperuserRequiredMixin,
    model = SwitchPort
    template_name = "network/switch-port-edit.html"
    form_class = SwitchPortForm
-    success_message = _(u'Succesfully modified switch port!')
+    success_message = _(u'Succesfully modified switch port.')
    def get_success_url(self):
        if 'pk' in self.kwargs:
@@ -758,7 +754,7 @@ class SwitchPortCreate(LoginRequiredMixin, SuperuserRequiredMixin,
    model = SwitchPort
    template_name = "network/switch-port-create.html"
    form_class = SwitchPortForm
-    success_message = _(u'Successfully created switch port!')
+    success_message = _(u'Successfully created switch port.')
 class SwitchPortDelete(LoginRequiredMixin, SuperuserRequiredMixin, DeleteView):
@@ -805,7 +801,7 @@ class VlanDetail(VlanMagicMixin, LoginRequiredMixin, SuperuserRequiredMixin,
    form_class = VlanForm
    slug_field = 'vid'
    slug_url_kwarg = 'vid'
-    success_message = _(u'Succesfully modified vlan %(name)s!')
+    success_message = _(u'Succesfully modified vlan %(name)s.')
    def get_context_data(self, **kwargs):
        context = super(VlanDetail, self).get_context_data(**kwargs)
@@ -825,7 +821,7 @@ class VlanCreate(VlanMagicMixin, LoginRequiredMixin, SuperuserRequiredMixin,
    model = Vlan
    template_name = "network/vlan-create.html"
    form_class = VlanForm
-    success_message = _(u'Successfully created vlan %(name)s!')
+    success_message = _(u'Successfully created vlan %(name)s.')
 class VlanDelete(LoginRequiredMixin, SuperuserRequiredMixin, DeleteView):
@@ -846,11 +842,11 @@ class VlanDelete(LoginRequiredMixin, SuperuserRequiredMixin, DeleteView):
    def delete(self, request, *args, **kwargs):
        self.object = self.get_object()
        if unicode(self.object) != request.POST.get('confirm'):
-            messages.error(request, _(u"Object name does not match!"))
+            messages.error(request, _(u"Object name does not match."))
            return self.get(request, *args, **kwargs)
        response = super(VlanDelete, self).delete(request, *args, **kwargs)
-        messages.success(request, _(u"Vlan successfully deleted!"))
+        messages.success(request, _(u"Vlan successfully deleted."))
        return response
    def get_context_data(self, **kwargs):
@@ -892,7 +888,7 @@ class VlanGroupDetail(LoginRequiredMixin, SuperuserRequiredMixin,
    template_name = "network/vlan-group-edit.html"
    form_class = VlanGroupForm
    success_url = reverse_lazy('network.vlan_group_list')
-    success_message = _(u'Successfully modified vlan group %(name)s!')
+    success_message = _(u'Successfully modified vlan group %(name)s.')
    def get_context_data(self, *args, **kwargs):
        context = super(VlanGroupDetail, self).get_context_data(**kwargs)
@@ -905,7 +901,7 @@ class VlanGroupCreate(LoginRequiredMixin, SuperuserRequiredMixin,
    model = VlanGroup
    template_name = "network/vlan-group-create.html"
    form_class = VlanGroupForm
-    success_message = _(u'Successfully created vlan group %(name)s!')
+    success_message = _(u'Successfully created vlan group %(name)s.')
 class VlanGroupDelete(LoginRequiredMixin, SuperuserRequiredMixin, DeleteView):
@@ -938,7 +934,7 @@ def remove_host_group(request, **kwargs):
        host.groups.remove(group)
        if not request.is_ajax():
            messages.success(request, _(u"Successfully removed %(host)s from "
-                                        "%(group)s group!" % {
+                                        "%(group)s group." % {
                                            'host': host,
                                            'group': group
                                        }))
@@ -954,7 +950,7 @@ def add_host_group(request, **kwargs):
        host.groups.add(group)
        if not request.is_ajax():
            messages.success(request, _(u"Successfully added %(host)s to group"
-                                        " %(group)s!" % {
+                                        " %(group)s." % {
                                            'host': host,
                                            'group': group
                                        }))
@@ -973,7 +969,7 @@ def remove_switch_port_device(request, **kwargs):
        device.delete()
        if not request.is_ajax():
            messages.success(request, _(u"Successfully deleted ethernet device"
-                                        " %(name)s!" % {
+                                        " %(name)s." % {
                                            'name': device.name,
                                        }))
        return redirect(reverse_lazy('network.switch_port',
@@ -997,9 +993,9 @@ def add_switch_port_device(request, **kwargs):
        return redirect(reverse_lazy('network.switch_port', kwargs=kwargs))
    elif not len(device_name) > 0:
-        messages.error(request, _("Ethernet device name cannot be empty!"))
+        messages.error(request, _("Ethernet device name cannot be empty."))
        return redirect(reverse_lazy('network.switch_port', kwargs=kwargs))
    elif EthernetDevice.objects.get(name=device_name) is not None:
        messages.error(request, _("There is already an ethernet device with"
-                                  " that name!"))
+                                  " that name."))
        return redirect(reverse_lazy('network.switch_port', kwargs=kwargs))