Merge branch 'feature-improve-firewall' into 'master'

Feature: Improve Firewall

✅ tests

circle/dashboard/fixtures/node.json

@@ -33,7 +33,6 @@
     "hostname": "devenv", 
     "modified_at": "2014-02-24T15:55:01.412Z", 
     "location": "", 
-    "pub_ipv4": null, 
     "mac": "11:22:33:44:55:66", 
     "shared_ip": false, 
     "ipv4": "10.7.0.96", 

circle/firewall/admin.py

@@ -16,7 +16,7 @@ class RecordInline(contrib.admin.TabularInline):
 
 
 class HostAdmin(admin.ModelAdmin):
-    list_display = ('hostname', 'vlan', 'ipv4', 'ipv6', 'pub_ipv4', 'mac',
+    list_display = ('hostname', 'vlan', 'ipv4', 'ipv6', 'external_ipv4', 'mac',
                     'shared_ip', 'owner', 'description', 'reverse',
                     'list_groups')
     ordering = ('hostname', )
@@ -25,6 +25,10 @@ class HostAdmin(admin.ModelAdmin):
     filter_horizontal = ('groups', )
     inlines = (RuleInline, RecordInline)
 
+    def queryset(self, request):
+        qs = super(HostAdmin, self).queryset(request)
+        return qs.prefetch_related('groups')
+
     @staticmethod
     def list_groups(instance):
         """Returns instance's groups' names as a comma-separated list."""
@@ -48,9 +52,9 @@ class VlanAdmin(admin.ModelAdmin):
 
 class RuleAdmin(admin.ModelAdmin):
     list_display = ('r_type', 'color_desc', 'owner', 'extra', 'direction',
-                    'accept', 'proto', 'sport', 'dport', 'nat',
-                    'nat_dport', 'used_in')
-    list_filter = ('vlan', 'owner', 'direction', 'accept',
+                    'action', 'proto', 'sport', 'dport', 'nat',
+                    'nat_external_port', 'used_in')
+    list_filter = ('vlan', 'owner', 'direction', 'action',
                    'proto', 'nat')
 
     def color_desc(self, instance):

circle/firewall/fw.py

-from firewall import models
-import django.conf
-
 import re
+import logging
+from collections import OrderedDict
+from netaddr import IPAddress, AddrFormatError
 from datetime import datetime, timedelta
+from itertools import product
+
+from .models import (Host, Rule, Vlan, Domain, Record, Blacklist, SwitchPort)
+from .iptables import IptRule, IptChain
+import django.conf
 from django.db.models import Q
+from django.template import loader, Context
 
 
 settings = django.conf.settings.FIREWALL_SETTINGS
+logger = logging.getLogger(__name__)
 
 
-class Firewall:
-    def dportsport(self, rule, repl=True):
-        retval = ' '
-        if rule.proto == 'tcp' or rule.proto == 'udp':
-            retval = '-p %s ' % rule.proto
-            if rule.sport:
-                retval += ' --sport %s ' % rule.sport
-            if rule.dport:
-                retval += ' --dport %s ' % (rule.nat_dport
-                          if (repl and rule.nat and rule.direction == '1')
-                          else rule.dport)
-        elif rule.proto == 'icmp':
-            retval = '-p %s ' % rule.proto
-        return retval
-
-    def iptables(self, s):
-        """Append rule to filter table."""
-        self.RULES.append(s)
+class BuildFirewall:
 
-    def iptablesnat(self, s):
-        """Append rule to NAT table."""
-        self.RULES_NAT.append(s)
+    def __init__(self):
+        self.chains = OrderedDict()
 
-    def host2vlan(self, host, rule):
-        if not rule.foreign_network:
-            return
+    def add_rules(self, *args, **kwargs):
+        for chain_name, ipt_rule in kwargs.items():
+            if chain_name not in self.chains:
+                self.create_chain(chain_name)
+            self.chains[chain_name].add(ipt_rule)
 
-        if self.proto == 6 and host.ipv6:
-            ipaddr = str(host.ipv6) + '/112'
-        else:
-            ipaddr = str(host.ipv4)
-
-        dport_sport = self.dportsport(rule)
-
-        for vlan in rule.foreign_network.vlans.all():
-            if rule.accept:
-                if rule.direction == '0' and vlan.name == 'PUB':
-                    if rule.dport == 25:
-                        self.iptables('-A PUB_OUT -s %s %s -p tcp '
-                                      '--dport 25 -j LOG_ACC' %
-                                      (ipaddr, rule.extra))
-                        break
-                    action = 'PUB_OUT'
-                else:
-                    action = 'LOG_ACC'
-            else:
-                action = 'LOG_DROP'
-
-            if rule.direction == '1':  # going TO host
-                self.iptables('-A %s_%s -d %s %s %s -g %s' %
-                              (vlan.name, host.vlan.name, ipaddr, dport_sport,
-                               rule.extra, action))
-            else:
-                self.iptables('-A %s_%s -s %s %s %s -g %s' %
-                              (host.vlan.name, vlan.name, ipaddr, dport_sport,
-                               rule.extra, action))
-
-    def fw2vlan(self, rule):
-        if not rule.foreign_network:
-            return
-
-        dport_sport = self.dportsport(rule)
-
-        for vlan in rule.foreign_network.vlans.all():
-            if rule.direction == '1':  # going TO host
-                self.iptables('-A INPUT -i %s %s %s -g %s' %
-                              (vlan.name, dport_sport, rule.extra,
-                               'LOG_ACC' if rule.accept else 'LOG_DROP'))
-            else:
-                self.iptables('-A OUTPUT -o %s %s %s -g %s' %
-                              (vlan.name, dport_sport, rule.extra,
-                               'LOG_ACC' if rule.accept else 'LOG_DROP'))
-
-    def vlan2vlan(self, l_vlan, rule):
-        if not rule.foreign_network:
-            return
-
-        dport_sport = self.dportsport(rule)
-
-        for vlan in rule.foreign_network.vlans.all():
-            if rule.accept:
-                if rule.direction == '0' and vlan.name == 'PUB':
-                    action = 'PUB_OUT'
-                else:
-                    action = 'LOG_ACC'
-            else:
-                action = 'LOG_DROP'
-
-            if rule.direction == '1':  # going TO host
-                self.iptables('-A %s_%s %s %s -g %s' %
-                              (vlan.name, l_vlan.name, dport_sport,
-                               rule.extra, action))
-            else:
-                self.iptables('-A %s_%s %s %s -g %s' % (l_vlan.name, vlan.name,
-                                                        dport_sport,
-                                                        rule.extra, action))
-
-    def prerun(self):
-        self.iptables('*filter')
-        self.iptables(':INPUT DROP [88:6448]')
-        self.iptables(':FORWARD DROP [0:0]')
-        self.iptables(':OUTPUT DROP [50:6936]')
-
-        # initialize logging
-        self.iptables('-N LOG_DROP')
-        # windows port scan are silently dropped
-        self.iptables('-A LOG_DROP -p tcp --dport 445 -j DROP')
-        self.iptables('-A LOG_DROP -p udp --dport 137 -j DROP')
-        self.iptables('-A LOG_DROP -j LOG --log-level 7 '
-                      '--log-prefix "[ipt][drop]"')
-        self.iptables('-A LOG_DROP -j DROP')
-        self.iptables('-N LOG_ACC')
-        self.iptables('-A LOG_ACC -j LOG --log-level 7 '
-                      '--log-prefix "[ipt][isok]"')
-        self.iptables('-A LOG_ACC -j ACCEPT')
-
-        self.iptables('-N PUB_OUT')
-
-        self.iptables('-A FORWARD -m set --match-set blacklist src,dst '
-                      '-j DROP')
-        self.iptables('-A FORWARD -m state --state INVALID -g LOG_DROP')
-        self.iptables('-A FORWARD -m state --state ESTABLISHED,RELATED '
-                      '-j ACCEPT')
-        self.iptables('-A FORWARD -p icmp --icmp-type echo-request '
-                      '-g LOG_ACC')
-
-        self.iptables('-A INPUT -m set --match-set blacklist src -j DROP')
-        self.iptables('-A INPUT -m state --state INVALID -g LOG_DROP')
-        self.iptables('-A INPUT -i lo -j ACCEPT')
-        self.iptables('-A INPUT -m state --state ESTABLISHED,RELATED '
-                      '-j ACCEPT')
-
-        self.iptables('-A OUTPUT -m state --state INVALID -g LOG_DROP')
-        self.iptables('-A OUTPUT -o lo -j ACCEPT')
-        self.iptables('-A OUTPUT -m state --state ESTABLISHED,RELATED '
-                      '-j ACCEPT')
-
-    def postrun(self):
-        self.iptables('-A PUB_OUT -p tcp --dport 25 -j LOG_DROP')
-        self.iptables('-A PUB_OUT -p tcp --dport 445 -j LOG_DROP')
-        self.iptables('-A PUB_OUT -p udp --dport 445 -j LOG_DROP')
-
-        self.iptables('-A PUB_OUT -g LOG_ACC')
-        self.iptables('-A FORWARD -g LOG_DROP')
-        self.iptables('-A INPUT -g LOG_DROP')
-        self.iptables('-A OUTPUT -g LOG_DROP')
-        self.iptables('COMMIT')
-
-    def ipt_nat(self):
-        self.iptablesnat('*nat')
-        self.iptablesnat(':PREROUTING ACCEPT [0:0]')
-        self.iptablesnat(':INPUT ACCEPT [0:0]')
-        self.iptablesnat(':OUTPUT ACCEPT [1:708]')
-        self.iptablesnat(':POSTROUTING ACCEPT [1:708]')
+    def create_chain(self, chain_name):
+        self.chains[chain_name] = IptChain(name=chain_name)
 
+    def build_ipt_nat(self):
         # portforward
-        for host in self.hosts.exclude(pub_ipv4=None):
-            for rule in host.rules.filter(nat=True, direction='1'):
-                dport_sport = self.dportsport(rule, False)
-                if host.vlan.snat_ip:
-                    self.iptablesnat('-A PREROUTING -d %s %s %s -j DNAT '
-                                     '--to-destination %s:%s' %
-                                     (host.pub_ipv4, dport_sport, rule.extra,
-                                      host.ipv4, rule.nat_dport))
-
-        # rules for machines with dedicated public IP
-        for host in self.hosts.exclude(shared_ip=True):
-            if host.pub_ipv4:
-                self.iptablesnat('-A PREROUTING -d %s -j DNAT '
-                                 '--to-destination %s' %
-                                 (host.pub_ipv4, host.ipv4))
-                self.iptablesnat('-A POSTROUTING -s %s -j SNAT '
-                                 '--to-source %s' %
-                                 (host.ipv4, host.pub_ipv4))
-
-        # default NAT rules for VLANs
-        for s_vlan in self.vlans:
-            if s_vlan.snat_ip:
-                for d_vlan in s_vlan.snat_to.all():
-                    self.iptablesnat('-A POSTROUTING -s %s -o %s -j SNAT '
-                                     '--to-source %s' %
-                                     (str(s_vlan.network4), d_vlan.name,
-                                      s_vlan.snat_ip))
-
-        self.iptablesnat('COMMIT')
-
-    def ipt_filter(self):
-
-        self.prerun()
-
-        self.ipt_filter_firewall()
-        self.ipt_filter_zones()
-        self.ipt_filter_host_rules()
-        self.ipt_filter_vlan_rules()
-        self.ipt_filter_vlan_drop()
-
-        self.postrun()
-
-        if self.proto == 6:  # remove ipv4-specific rules
-            ipv4_re = re.compile('([0-9]{1,3}\.){3}[0-9]{1,3}')
-            self.RULES = [x for x in self.RULES if not ipv4_re.search(x)]
-            self.RULES = [x.replace('icmp', 'icmpv6') for x in self.RULES]
+        for rule in Rule.objects.filter(
+                action__in=['accept', 'drop'],
+                nat=True, direction='in').select_related('host'):
+            self.add_rules(PREROUTING=IptRule(
+                priority=1000,
+                dst=(rule.get_external_ipv4(), None),
+                proto=rule.proto,
+                dport=rule.get_external_port('ipv4'),
+                extra='-j DNAT --to-destination %s:%s' % (rule.host.ipv4,
+                                                          rule.dport)))
+
+        # default outbound NAT rules for VLANs
+        for vl_in in Vlan.objects.exclude(
+                snat_ip=None).prefetch_related('snat_to'):
+            for vl_out in vl_in.snat_to.all():
+                self.add_rules(POSTROUTING=IptRule(
+                    priority=1000,
+                    src=(vl_in.network4, None),
+                    extra='-o %s -j SNAT --to-source %s' % (
+                        vl_out.name, vl_in.snat_ip)))
 
     def ipt_filter_firewall(self):
         """Build firewall's own rules."""
 
-        for f in self.fw:
-            for rule in f.rules.all():
-                self.fw2vlan(rule)
-
-    def ipt_filter_zones(self):
-        """Jumping to chains between zones."""
-
-        for s_vlan in self.vlans:
-            for d_vlan in self.vlans:
-                self.iptables('-N %s_%s' % (s_vlan.name, d_vlan.name))
-                self.iptables('-A FORWARD -i %s -o %s -g %s_%s' %
-                              (s_vlan.name, d_vlan.name, s_vlan.name,
-                               d_vlan.name))
+        rules = Rule.objects.filter(action__in=['accept', 'drop'])
+        for rule in rules.exclude(firewall=None).select_related(
+                'foreign_network').prefetch_related('foreign_network__vlans'):
+            self.add_rules(**rule.get_ipt_rules())
 
     def ipt_filter_host_rules(self):
         """Build hosts' rules."""
 
-        for i_vlan in self.vlans:
-            for i_host in i_vlan.host_set.all():
-                for group in i_host.groups.all():
-                    for rule in group.rules.all():
-                        self.host2vlan(i_host, rule)
-                for rule in i_host.rules.all():
-                    self.host2vlan(i_host, rule)
+        # host rules
+        rules = Rule.objects.filter(action__in=['accept', 'drop'])
+        for rule in rules.exclude(host=None).select_related(
+                'foreign_network', 'host', 'host__vlan').prefetch_related(
+                'foreign_network__vlans'):
+            self.add_rules(**rule.get_ipt_rules(rule.host))
+        # group rules
+        for rule in rules.exclude(hostgroup=None).select_related(
+                'hostgroup', 'foreign_network').prefetch_related(
+                'hostgroup__host_set__vlan', 'foreign_network__vlans'):
+            for host in rule.hostgroup.host_set.all():
+                self.add_rules(**rule.get_ipt_rules(host))
 
     def ipt_filter_vlan_rules(self):
         """Enable communication between VLANs."""
 
-        for s_vlan in self.vlans:
-            for rule in s_vlan.rules.all():
-                self.vlan2vlan(s_vlan, rule)
+        rules = Rule.objects.filter(action__in=['accept', 'drop'])
+        for rule in rules.exclude(vlan=None).select_related(
+                'vlan', 'foreign_network').prefetch_related(
+                'foreign_network__vlans'):
+            self.add_rules(**rule.get_ipt_rules())
 
     def ipt_filter_vlan_drop(self):
         """Close intra-VLAN chains."""
 
-        for s_vlan in self.vlans:
-            for d_vlan in self.vlans:
-                self.iptables('-A %s_%s -g LOG_DROP' % (s_vlan.name,
-                                                        d_vlan.name))
-
-    def __init__(self, proto=4):
-        self.RULES = []
-        self.RULES_NAT = []
-        self.proto = proto
-        self.vlans = models.Vlan.objects.all()
-        self.hosts = models.Host.objects.all()
-        self.fw = models.Firewall.objects.all()
-        self.ipt_filter()
-        if self.proto != 6:
-            self.ipt_nat()
-
-    def get(self):
-        if self.proto == 6:
-            return {'filter': self.RULES, }
-        else:
-            return {'filter': self.RULES, 'nat': self.RULES_NAT}
+        for chain in self.chains.values():
+            close_chain_rule = IptRule(priority=1, action='LOG_DROP')
+            chain.add(close_chain_rule)
+
+    def ipt_filter_vlan_jump(self):
+        """Create intra-VLAN jump rules."""
 
-    def show(self):
-        if self.proto == 6:
-            return '\n'.join(self.RULES) + '\n'
+        vlans = Vlan.objects.all().values_list('name', flat=True)
+        for vl_in, vl_out in product(vlans, repeat=2):
+            name = '%s_%s' % (vl_in, vl_out)
+            try:
+                chain = self.chains[name]
+            except KeyError:
+                pass
             else:
-            return ('\n'.join(self.RULES) + '\n' +
-                    '\n'.join(self.RULES_NAT) + '\n')
+                jump_rule = IptRule(priority=65535, action=chain.name,
+                                    extra='-i %s -o %s' % (vl_in, vl_out))
+                self.add_rules(FORWARD=jump_rule)
+
+    def build_ipt(self):
+        """Build rules."""
+
+        self.ipt_filter_firewall()
+        self.ipt_filter_host_rules()
+        self.ipt_filter_vlan_rules()
+        self.ipt_filter_vlan_jump()
+        self.ipt_filter_vlan_drop()
+        self.build_ipt_nat()
+
+        context = {
+            'filter': lambda: (chain for name, chain in self.chains.iteritems()
+                               if chain.name not in IptChain.nat_chains),
+            'nat': lambda: (chain for name, chain in self.chains.iteritems()
+                            if chain.name in IptChain.nat_chains)}
+
+        template = loader.get_template('firewall/iptables.conf')
+        context['proto'] = 'ipv4'
+        ipv4 = unicode(template.render(Context(context)))
+        context['proto'] = 'ipv6'
+        ipv6 = unicode(template.render(Context(context)))
+        return (ipv4, ipv6)
 
 
 def ipset():
     week = datetime.now() - timedelta(days=2)
     filter_ban = (Q(type='tempban', modified_at__gte=week) |
-                  Q(type='permban')).values('ipv4', 'reason')
-    return models.Blacklist.objects.filter(filter_ban)
+                  Q(type='permban'))
+    return Blacklist.objects.filter(filter_ban).values('ipv4', 'reason')
 
 
 def ipv6_to_octal(ipv6):
-    while len(ipv6.split(':')) < 8:
-        ipv6 = ipv6.replace('::', ':::')
+    ipv6 = IPAddress(ipv6, version=6)
     octets = []
-    for part in ipv6.split(':'):
-        if not part:
-            octets.extend([0, 0])
-        else:
+    for part in ipv6.words:
         # Pad hex part to 4 digits.
-            part = '%04x' % int(part, 16)
+        part = '%04x' % part
         octets.append(int(part[:2], 16))
         octets.append(int(part[2:], 16))
-    return '\\' + '\\'.join(['%03o' % x for x in octets])
+    return "".join(r"\%03o" % x for x in octets)
 
 
 # =fqdn:ip:ttl          A, PTR
@@ -314,25 +162,22 @@ def ipv6_to_octal(ipv6):
 def generate_ptr_records():
     DNS = []
 
-    for host in models.Host.objects.order_by('vlan').all():
-        rev = host.vlan.reverse_domain
-        ipv4 = str(host.pub_ipv4 if host.pub_ipv4 and
-                   not host.shared_ip else host.ipv4)
-        i = ipv4.split('.', 4)
-        reverse = (host.reverse if host.reverse and
-                   len(host.reverse) else host.get_fqdn())
+    for host in Host.objects.order_by('vlan').all():
+        template = host.vlan.reverse_domain
+        i = host.get_external_ipv4().words
+        reverse = (host.reverse if host.reverse not in [None, '']
+                   else host.get_fqdn())
 
         # ipv4
         if host.ipv4:
-            DNS.append("^%s:%s:%s" % (
-                (rev % {'a': int(i[0]), 'b': int(i[1]), 'c': int(i[2]),
-                        'd': int(i[3])}),
-                reverse, models.settings['dns_ttl']))
+            fqdn = template % {'a': i[0], 'b': i[1], 'c': i[2], 'd': i[3]}
+            DNS.append("^%s:%s:%s" % (fqdn, reverse, settings['dns_ttl']))
 
         # ipv6
         if host.ipv6:
             DNS.append("^%s:%s:%s" % (host.ipv6.reverse_dns,
-                                      reverse, models.settings['dns_ttl']))
+                                      reverse, settings['dns_ttl']))
+
     return DNS
 
 
@@ -341,30 +186,32 @@ def txt_to_octal(txt):
 
 
 def generate_records():
-    DNS = []
-
-    for r in models.Record.objects.all():
-        if r.type == 'A':
-            DNS.append("+%s:%s:%s" % (r.fqdn, r.address, r.ttl))
-        elif r.type == 'AAAA':
-            DNS.append(":%s:28:%s:%s" %
-                       (r.fqdn, ipv6_to_octal(r.address), r.ttl))
-        elif r.type == 'NS':
-            DNS.append("&%s::%s:%s" % (r.fqdn, r.address, r.ttl))
-        elif r.type == 'CNAME':
-            DNS.append("C%s:%s:%s" % (r.fqdn, r.address, r.ttl))
-        elif r.type == 'MX':
-            mx = r.address.split(':', 2)
-            DNS.append("@%(fqdn)s::%(mx)s:%(dist)s:%(ttl)s" %
-                       {'fqdn': r.fqdn, 'mx': mx[1], 'dist': mx[0],
-                        'ttl': r.ttl})
-        elif r.type == 'PTR':
-            DNS.append("^%s:%s:%s" % (r.fqdn, r.address, r.ttl))
-        elif r.type == 'TXT':
-            DNS.append("'%s:%s:%s" % (r.fqdn,
-                                      txt_to_octal(r.address), r.ttl))
+    types = {'A': '+%(fqdn)s:%(address)s:%(ttl)s',
+             'AAAA': ':%(fqdn)s:28:%(octal)s:%(ttl)s',
+             'NS': '&%(fqdn)s::%(address)s:%(ttl)s',
+             'CNAME': 'C%(fqdn)s:%(address)s:%(ttl)s',
+             'MX': '@%(fqdn)s::%(address)s:%(dist)s:%(ttl)s',
+             'PTR': '^%(fqdn)s:%(address)s:%(ttl)s',
+             'TXT': '%(fqdn)s:%(octal)s:%(ttl)s'}
+
+    retval = []
+
+    for r in Record.objects.all():
+        params = {'fqdn': r.fqdn, 'address': r.address, 'ttl': r.ttl}
+        if r.type == 'MX':
+            params['address'], params['dist'] = r.address.split(':', 2)
+        if r.type == 'AAAA':
+            try:
+                params['octal'] = ipv6_to_octal(r.address)
+            except AddrFormatError:
+                logger.error('Invalid ipv6 address: %s, record: %s',
+                             r.address, r)
+                continue
+        if r.type == 'TXT':
+            params['octal'] = txt_to_octal(r.address)
+        retval.append(types[r.type] % params)
 
-    return DNS
+    return retval
 
 
 def dns():
@@ -374,10 +221,10 @@ def dns():
     DNS += generate_ptr_records()
 
     # domain SOA record
-    for domain in models.Domain.objects.all():
+    for domain in Domain.objects.all():
         DNS.append("Z%s:%s:support.ik.bme.hu::::::%s" %
                    (domain.name, settings['dns_hostname'],
-                    models.settings['dns_ttl']))
+                    settings['dns_ttl']))
 
     # records
     DNS += generate_records()
@@ -385,18 +232,24 @@ def dns():
     return DNS
 
 
+class UniqueHostname(object):
+    """Append vlan id if hostname already exists."""
+    def __init__(self):
+        self.used_hostnames = set()
+
+    def get(self, hostname, vlan_id):
+        if hostname in self.used_hostnames:
+            hostname = "%s-%s" % (hostname, vlan_id)
+        self.used_hostnames.add(hostname)
+        return hostname
+
+
 def dhcp():
     regex = re.compile(r'^([0-9]+)\.([0-9]+)\.[0-9]+\.[0-9]+\s+'
                        r'([0-9]+)\.([0-9]+)\.[0-9]+\.[0-9]+$')
-    DHCP = []
-
-# /tools/dhcp3/dhcpd.conf.generated
+    config = []
 
-    for i_vlan in models.Vlan.objects.all():
-        if(i_vlan.dhcp_pool):
-            m = regex.search(i_vlan.dhcp_pool)
-            if(m or i_vlan.dhcp_pool == "manual"):
-                DHCP.append('''
+    VLAN_TEMPLATE = '''
     # %(name)s - %(interface)s
     subnet %(net)s netmask %(netmask)s {
       %(extra)s;
@@ -408,43 +261,53 @@ def dhcp():
       authoritative;
       filename \"pxelinux.0\";
       allow bootp; allow booting;
-    }''' % {
-                    'net': str(i_vlan.network4.network),
-                    'netmask': str(i_vlan.network4.netmask),
-                    'domain': i_vlan.domain,
-                    'router': i_vlan.ipv4,
-                    'ntp': i_vlan.ipv4,
-                    'dnsserver': settings['rdns_ip'],
-                    'extra': ("range %s" % i_vlan.dhcp_pool
-                              if m else "deny unknown-clients"),
-                    'interface': i_vlan.name,
-                    'name': i_vlan.name,
-                    'tftp': i_vlan.ipv4
-                })
+    }'''
 
-                for i_host in i_vlan.host_set.all():
-                    DHCP.append('''
+    HOST_TEMPLATE = '''
     host %(hostname)s {
         hardware ethernet %(mac)s;
         fixed-address %(ipv4)s;
-                    }''' % {
-                        'hostname': i_host.hostname,
-                        'mac': i_host.mac,
-                        'ipv4': i_host.ipv4,
+    }'''
+
+    unique_hostnames = UniqueHostname()
+
+    for vlan in Vlan.objects.exclude(
+            dhcp_pool=None).select_related(
+            'domain').prefetch_related('host_set'):
+        m = regex.search(vlan.dhcp_pool)
+        if(m or vlan.dhcp_pool == "manual"):
+            config.append(VLAN_TEMPLATE % {
+                'net': str(vlan.network4.network),
+                'netmask': str(vlan.network4.netmask),
+                'domain': vlan.domain,
+                'router': vlan.network4.ip,
+                'ntp': vlan.network4.ip,
+                'dnsserver': settings['rdns_ip'],
+                'extra': ("range %s" % vlan.dhcp_pool
+                          if m else "deny unknown-clients"),
+                'interface': vlan.name,
+                'name': vlan.name,
+                'tftp': vlan.network4.ip})
+
+            for host in vlan.host_set.all():
+                config.append(HOST_TEMPLATE % {
+                    'hostname': unique_hostnames.get(host.hostname, vlan.vid),
+                    'mac': host.mac,
+                    'ipv4': host.ipv4,
                 })
 
-    return DHCP
+    return config
 
 
 def vlan():
-    obj = models.Vlan.objects.values('vid', 'name', 'network4', 'network6')
+    obj = Vlan.objects.values('vid', 'name', 'network4', 'network6')
     retval = {x['name']: {'tag': x['vid'],
                           'type': 'internal',
                           'interfaces': [x['name']],
                           'addresses': [str(x['network4']),
                                         str(x['network6'])]}
               for x in obj}
-    for p in models.SwitchPort.objects.all():
+    for p in SwitchPort.objects.all():
         eth_count = p.ethernet_devices.count()
         if eth_count > 1:
             name = 'bond%d' % p.id

circle/firewall/iptables.py

+import logging
+import re
+from collections import OrderedDict
+
+logger = logging.getLogger()
+
+ipv4_re = re.compile(
+    r'^(25[0-5]|2[0-4]\d|[0-1]?\d?\d)(\.(25[0-5]|2[0-4]\d|[0-1]?\d?\d)){3}')
+
+
+class InvalidRuleExcepion(Exception):
+    pass
+
+
+class IptRule(object):
+
+    def __init__(self, priority=1000, action=None, src=None, dst=None,
+                 proto=None, sport=None, dport=None, extra=None,
+                 ipv4_only=False, comment=None):
+        if proto not in ['tcp', 'udp', 'icmp', None]:
+            raise InvalidRuleExcepion()
+        if proto not in ['tcp', 'udp'] and (sport is not None or
+                                            dport is not None):
+            raise InvalidRuleExcepion()
+
+        self.priority = int(priority)
+        self.action = action
+
+        (self.src4, self.src6) = (None, None)
+        if isinstance(src, tuple):
+            (self.src4, self.src6) = src
+            if not self.src6:
+                ipv4_only = True
+        (self.dst4, self.dst6) = (None, None)
+        if isinstance(dst, tuple):
+            (self.dst4, self.dst6) = dst
+            if not self.dst6:
+                ipv4_only = True
+
+        self.proto = proto
+        self.sport = sport
+        self.dport = dport
+
+        self.extra = extra
+        self.ipv4_only = (ipv4_only or
+                          extra is not None and bool(ipv4_re.search(extra)))
+        self.comment = comment
+
+    def __hash__(self):
+        return hash(frozenset(self.__dict__.items()))
+
+    def __eq__(self, other):
+        return self.__dict__ == other.__dict__
+
+    def __lt__(self, other):
+        return self.priority < other.priority
+
+    def __repr__(self):
+        return '<IptRule: @%d %s >' % (self.priority, self.compile())
+
+    def __unicode__(self):
+        return self.__repr__()
+
+    def compile(self, proto='ipv4'):
+        opts = OrderedDict([('src4' if proto == 'ipv4' else 'src6', '-s %s'),
+                            ('dst4' if proto == 'ipv4' else 'dst6', '-d %s'),
+                            ('proto', '-p %s'),
+                            ('sport', '--sport %s'),
+                            ('dport', '--dport %s'),
+                            ('extra', '%s'),
+                            ('comment', '-m comment --comment "%s"'),
+                            ('action', '-g %s')])
+        params = [opts[param] % getattr(self, param)
+                  for param in opts
+                  if getattr(self, param) is not None]
+        return ' '.join(params)
+
+
+class IptChain(object):
+    nat_chains = ('PREROUTING', 'POSTROUTING')
+    builtin_chains = ('FORWARD', 'INPUT', 'OUTPUT') + nat_chains
+
+    def __init__(self, name):
+        self.rules = set()
+        self.name = name
+
+    def add(self, *args, **kwargs):
+        for rule in args:
+            self.rules.add(rule)
+
+    def sort(self):
+        return sorted(list(self.rules))
+
+    def __len__(self):
+        return len(self.rules)
+
+    def __repr__(self):
+        return '<IptChain: %s %s>' % (self.name, self.rules)
+
+    def __unicode__(self):
+        return self.__repr__()
+
+    def compile(self, proto='ipv4'):
+        assert proto in ('ipv4', 'ipv6')
+        prefix = '-A %s ' % self.name
+        return '\n'.join([prefix + rule.compile(proto)
+                          for rule in self.sort()
+                          if not (proto == 'ipv6' and rule.ipv4_only)])
+
+    def compile_v6(self):
+        return self.compile('ipv6')

circle/firewall/migrations/0045_auto__del_field_host_pub_ipv4__add_field_host_external_ipv4__del_field.py

+# -*- coding: utf-8 -*-
+import datetime
+from south.db import db
+from south.v2 import SchemaMigration
+from django.db import models
+
+
+class Migration(SchemaMigration):
+
+    def forwards(self, orm):
+        # Renaming field 'Host.pub_ipv4' to 'Host.external_ipv4'
+        db.rename_column(u'firewall_host', 'pub_ipv4', 'external_ipv4')
+
+        # Renaming field 'Rule.nat_dport' to 'Rule.nat_external_port'
+        db.rename_column(u'firewall_rule', 'nat_dport', 'nat_external_port')
+
+        # Adding field 'Rule.priority'
+        db.add_column(u'firewall_rule', 'priority',
+                      self.gf('django.db.models.fields.IntegerField')(default=1000, null=True, blank=True),
+                      keep_default=False)
+
+        # Adding field 'Rule.nat_external_ipv4'
+        db.add_column(u'firewall_rule', 'nat_external_ipv4',
+                      self.gf('firewall.fields.IPAddressField')(max_length=100, null=True, blank=True),
+                      keep_default=False)
+
+        # Changing field 'Rule.direction'
+        db.alter_column(u'firewall_rule', 'direction', self.gf('django.db.models.fields.CharField')(max_length=3))
+
+        # Migrating data
+        for rule in orm.Rule.objects.all():
+            if rule.nat:
+                # swap
+                tmp = rule.dport
+#                rule.dport = rule.nat_external_port
+#                rule.nat_external_port = tmp
+            if rule.direction == '0':
+                rule.direction = 'out'
+            elif rule.direction == '1':
+                rule.direction = 'in'
+            rule.save()
+
+    def backwards(self, orm):
+
+        # Renaming field 'Host.external_ipv4' to 'Host.pub_ipv4'
+        db.rename_column(u'firewall_host', 'external_ipv4', 'pub_ipv4')
+
+        # Renaming field 'Rule.nat_external_port' to 'Rule.nat_dport'
+        db.rename_column(u'firewall_rule', 'nat_external_port', 'nat_dport')
+
+        # Deleting field 'Rule.priority'
+        db.delete_column(u'firewall_rule', 'priority')
+
+        # Deleting field 'Rule.nat_external_ipv4'
+        db.delete_column(u'firewall_rule', 'nat_external_ipv4')
+
+        # Changing field 'Rule.direction'
+        db.alter_column(u'firewall_rule', 'direction', self.gf('django.db.models.fields.CharField')(max_length=3))
+
+    models = {
+        u'acl.level': {
+            'Meta': {'unique_together': "(('content_type', 'codename'),)", 'object_name': 'Level'},
+            'codename': ('django.db.models.fields.CharField', [], {'max_length': '100'}),
+            'content_type': ('django.db.models.fields.related.ForeignKey', [], {'to': u"orm['contenttypes.ContentType']"}),
+            u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+            'name': ('django.db.models.fields.CharField', [], {'max_length': '50'}),
+            'weight': ('django.db.models.fields.IntegerField', [], {'null': 'True'})
+        },
+        u'acl.objectlevel': {
+            'Meta': {'unique_together': "(('content_type', 'object_id', 'level'),)", 'object_name': 'ObjectLevel'},
+            'content_type': ('django.db.models.fields.related.ForeignKey', [], {'to': u"orm['contenttypes.ContentType']"}),
+            'groups': ('django.db.models.fields.related.ManyToManyField', [], {'to': u"orm['auth.Group']", 'symmetrical': 'False'}),
+            u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+            'level': ('django.db.models.fields.related.ForeignKey', [], {'to': u"orm['acl.Level']"}),
+            'object_id': ('django.db.models.fields.IntegerField', [], {}),
+            'users': ('django.db.models.fields.related.ManyToManyField', [], {'to': u"orm['auth.User']", 'symmetrical': 'False'})
+        },
+        u'auth.group': {
+            'Meta': {'object_name': 'Group'},
+            u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+            'name': ('django.db.models.fields.CharField', [], {'unique': 'True', 'max_length': '80'}),
+            'permissions': ('django.db.models.fields.related.ManyToManyField', [], {'to': u"orm['auth.Permission']", 'symmetrical': 'False', 'blank': 'True'})
+        },
+        u'auth.permission': {
+            'Meta': {'ordering': "(u'content_type__app_label', u'content_type__model', u'codename')", 'unique_together': "((u'content_type', u'codename'),)", 'object_name': 'Permission'},
+            'codename': ('django.db.models.fields.CharField', [], {'max_length': '100'}),
+            'content_type': ('django.db.models.fields.related.ForeignKey', [], {'to': u"orm['contenttypes.ContentType']"}),
+            u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+            'name': ('django.db.models.fields.CharField', [], {'max_length': '50'})
+        },
+        u'auth.user': {
+            'Meta': {'object_name': 'User'},
+            'date_joined': ('django.db.models.fields.DateTimeField', [], {'default': 'datetime.datetime.now'}),
+            'email': ('django.db.models.fields.EmailField', [], {'max_length': '75', 'blank': 'True'}),
+            'first_name': ('django.db.models.fields.CharField', [], {'max_length': '30', 'blank': 'True'}),
+            'groups': ('django.db.models.fields.related.ManyToManyField', [], {'to': u"orm['auth.Group']", 'symmetrical': 'False', 'blank': 'True'}),
+            u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+            'is_active': ('django.db.models.fields.BooleanField', [], {'default': 'True'}),
+            'is_staff': ('django.db.models.fields.BooleanField', [], {'default': 'False'}),
+            'is_superuser': ('django.db.models.fields.BooleanField', [], {'default': 'False'}),
+            'last_login': ('django.db.models.fields.DateTimeField', [], {'default': 'datetime.datetime.now'}),
+            'last_name': ('django.db.models.fields.CharField', [], {'max_length': '30', 'blank': 'True'}),
+            'password': ('django.db.models.fields.CharField', [], {'max_length': '128'}),
+            'user_permissions': ('django.db.models.fields.related.ManyToManyField', [], {'to': u"orm['auth.Permission']", 'symmetrical': 'False', 'blank': 'True'}),
+            'username': ('django.db.models.fields.CharField', [], {'unique': 'True', 'max_length': '30'})
+        },
+        u'contenttypes.contenttype': {
+            'Meta': {'ordering': "('name',)", 'unique_together': "(('app_label', 'model'),)", 'object_name': 'ContentType', 'db_table': "'django_content_type'"},
+            'app_label': ('django.db.models.fields.CharField', [], {'max_length': '100'}),
+            u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+            'model': ('django.db.models.fields.CharField', [], {'max_length': '100'}),
+            'name': ('django.db.models.fields.CharField', [], {'max_length': '100'})
+        },
+        u'firewall.blacklist': {
+            'Meta': {'object_name': 'Blacklist'},
+            'created_at': ('django.db.models.fields.DateTimeField', [], {'auto_now_add': 'True', 'blank': 'True'}),
+            'host': ('django.db.models.fields.related.ForeignKey', [], {'to': u"orm['firewall.Host']", 'null': 'True', 'blank': 'True'}),
+            u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+            'ipv4': ('django.db.models.fields.GenericIPAddressField', [], {'unique': 'True', 'max_length': '39'}),
+            'modified_at': ('django.db.models.fields.DateTimeField', [], {'auto_now': 'True', 'blank': 'True'}),
+            'reason': ('django.db.models.fields.TextField', [], {'blank': 'True'}),
+            'snort_message': ('django.db.models.fields.TextField', [], {'blank': 'True'}),
+            'type': ('django.db.models.fields.CharField', [], {'default': "'tempban'", 'max_length': '10'})
+        },
+        u'firewall.domain': {
+            'Meta': {'object_name': 'Domain'},
+            'created_at': ('django.db.models.fields.DateTimeField', [], {'auto_now_add': 'True', 'blank': 'True'}),
+            'description': ('django.db.models.fields.TextField', [], {'blank': 'True'}),
+            u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+            'modified_at': ('django.db.models.fields.DateTimeField', [], {'auto_now': 'True', 'blank': 'True'}),
+            'name': ('django.db.models.fields.CharField', [], {'max_length': '40'}),
+            'owner': ('django.db.models.fields.related.ForeignKey', [], {'to': u"orm['auth.User']"}),
+            'ttl': ('django.db.models.fields.IntegerField', [], {'default': '600'})
+        },
+        u'firewall.ethernetdevice': {
+            'Meta': {'object_name': 'EthernetDevice'},
+            'created_at': ('django.db.models.fields.DateTimeField', [], {'auto_now_add': 'True', 'blank': 'True'}),
+            u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+            'modified_at': ('django.db.models.fields.DateTimeField', [], {'auto_now': 'True', 'blank': 'True'}),
+            'name': ('django.db.models.fields.CharField', [], {'unique': 'True', 'max_length': '20'}),
+            'switch_port': ('django.db.models.fields.related.ForeignKey', [], {'related_name': "'ethernet_devices'", 'to': u"orm['firewall.SwitchPort']"})
+        },
+        u'firewall.firewall': {
+            'Meta': {'object_name': 'Firewall'},
+            u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+            'name': ('django.db.models.fields.CharField', [], {'unique': 'True', 'max_length': '20'})
+        },
+        u'firewall.group': {
+            'Meta': {'object_name': 'Group'},
+            'created_at': ('django.db.models.fields.DateTimeField', [], {'auto_now_add': 'True', 'blank': 'True'}),
+            'description': ('django.db.models.fields.TextField', [], {'blank': 'True'}),
+            u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+            'modified_at': ('django.db.models.fields.DateTimeField', [], {'auto_now': 'True', 'blank': 'True'}),
+            'name': ('django.db.models.fields.CharField', [], {'unique': 'True', 'max_length': '20'}),
+            'owner': ('django.db.models.fields.related.ForeignKey', [], {'to': u"orm['auth.User']", 'null': 'True', 'blank': 'True'})
+        },
+        u'firewall.host': {
+            'Meta': {'ordering': "('normalized_hostname', 'vlan')", 'unique_together': "(('hostname', 'vlan'),)", 'object_name': 'Host'},
+            'comment': ('django.db.models.fields.TextField', [], {'blank': 'True'}),
+            'created_at': ('django.db.models.fields.DateTimeField', [], {'auto_now_add': 'True', 'blank': 'True'}),
+            'description': ('django.db.models.fields.TextField', [], {'blank': 'True'}),
+            'external_ipv4': ('firewall.fields.IPAddressField', [], {'max_length': '100', 'null': 'True', 'blank': 'True'}),
+            'groups': ('django.db.models.fields.related.ManyToManyField', [], {'symmetrical': 'False', 'to': u"orm['firewall.Group']", 'null': 'True', 'blank': 'True'}),
+            'hostname': ('django.db.models.fields.CharField', [], {'max_length': '40'}),
+            u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+            'ipv4': ('firewall.fields.IPAddressField', [], {'unique': 'True', 'max_length': '100'}),
+            'ipv6': ('firewall.fields.IPAddressField', [], {'max_length': '100', 'unique': 'True', 'null': 'True', 'blank': 'True'}),
+            'location': ('django.db.models.fields.TextField', [], {'blank': 'True'}),
+            'mac': ('firewall.fields.MACAddressField', [], {'unique': 'True', 'max_length': '17'}),
+            'modified_at': ('django.db.models.fields.DateTimeField', [], {'auto_now': 'True', 'blank': 'True'}),
+            'normalized_hostname': ('common.models.HumanSortField', [], {'default': "''", 'maximum_number_length': '4', 'max_length': '80', 'monitor': "'hostname'", 'blank': 'True'}),
+            'owner': ('django.db.models.fields.related.ForeignKey', [], {'to': u"orm['auth.User']"}),
+            'reverse': ('django.db.models.fields.CharField', [], {'max_length': '40', 'null': 'True', 'blank': 'True'}),
+            'shared_ip': ('django.db.models.fields.BooleanField', [], {'default': 'False'}),
+            'vlan': ('django.db.models.fields.related.ForeignKey', [], {'to': u"orm['firewall.Vlan']"})
+        },
+        u'firewall.record': {
+            'Meta': {'ordering': "('domain', 'name')", 'object_name': 'Record'},
+            'address': ('django.db.models.fields.CharField', [], {'max_length': '200'}),
+            'created_at': ('django.db.models.fields.DateTimeField', [], {'auto_now_add': 'True', 'blank': 'True'}),
+            'description': ('django.db.models.fields.TextField', [], {'blank': 'True'}),
+            'domain': ('django.db.models.fields.related.ForeignKey', [], {'to': u"orm['firewall.Domain']"}),
+            'host': ('django.db.models.fields.related.ForeignKey', [], {'to': u"orm['firewall.Host']", 'null': 'True', 'blank': 'True'}),
+            u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+            'modified_at': ('django.db.models.fields.DateTimeField', [], {'auto_now': 'True', 'blank': 'True'}),
+            'name': ('django.db.models.fields.CharField', [], {'max_length': '40', 'null': 'True', 'blank': 'True'}),
+            'owner': ('django.db.models.fields.related.ForeignKey', [], {'to': u"orm['auth.User']"}),
+            'ttl': ('django.db.models.fields.IntegerField', [], {'default': '600'}),
+            'type': ('django.db.models.fields.CharField', [], {'max_length': '6'})
+        },
+        u'firewall.rule': {
+            'Meta': {'ordering': "('direction', 'proto', 'sport', 'dport', 'nat_external_port', 'host')", 'object_name': 'Rule'},
+            'accept': ('django.db.models.fields.BooleanField', [], {'default': 'False'}),
+            'created_at': ('django.db.models.fields.DateTimeField', [], {'auto_now_add': 'True', 'blank': 'True'}),
+            'description': ('django.db.models.fields.TextField', [], {'blank': 'True'}),
+            'direction': ('django.db.models.fields.CharField', [], {'max_length': '3'}),
+            'dport': ('django.db.models.fields.IntegerField', [], {'null': 'True', 'blank': 'True'}),
+            'extra': ('django.db.models.fields.TextField', [], {'blank': 'True'}),
+            'firewall': ('django.db.models.fields.related.ForeignKey', [], {'blank': 'True', 'related_name': "'rules'", 'null': 'True', 'to': u"orm['firewall.Firewall']"}),
+            'foreign_network': ('django.db.models.fields.related.ForeignKey', [], {'related_name': "'ForeignRules'", 'to': u"orm['firewall.VlanGroup']"}),
+            'host': ('django.db.models.fields.related.ForeignKey', [], {'blank': 'True', 'related_name': "'rules'", 'null': 'True', 'to': u"orm['firewall.Host']"}),
+            'hostgroup': ('django.db.models.fields.related.ForeignKey', [], {'blank': 'True', 'related_name': "'rules'", 'null': 'True', 'to': u"orm['firewall.Group']"}),
+            u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+            'modified_at': ('django.db.models.fields.DateTimeField', [], {'auto_now': 'True', 'blank': 'True'}),
+            'nat': ('django.db.models.fields.BooleanField', [], {'default': 'False'}),
+            'nat_external_ipv4': ('firewall.fields.IPAddressField', [], {'max_length': '100', 'null': 'True', 'blank': 'True'}),
+            'nat_external_port': ('django.db.models.fields.IntegerField', [], {'null': 'True', 'blank': 'True'}),
+            'owner': ('django.db.models.fields.related.ForeignKey', [], {'to': u"orm['auth.User']", 'null': 'True', 'blank': 'True'}),
+            'priority': ('django.db.models.fields.IntegerField', [], {'default': '1000', 'null': 'True', 'blank': 'True'}),
+            'proto': ('django.db.models.fields.CharField', [], {'max_length': '10', 'null': 'True', 'blank': 'True'}),
+            'sport': ('django.db.models.fields.IntegerField', [], {'null': 'True', 'blank': 'True'}),
+            'vlan': ('django.db.models.fields.related.ForeignKey', [], {'blank': 'True', 'related_name': "'rules'", 'null': 'True', 'to': u"orm['firewall.Vlan']"}),
+            'vlangroup': ('django.db.models.fields.related.ForeignKey', [], {'blank': 'True', 'related_name': "'rules'", 'null': 'True', 'to': u"orm['firewall.VlanGroup']"})
+        },
+        u'firewall.switchport': {
+            'Meta': {'object_name': 'SwitchPort'},
+            'created_at': ('django.db.models.fields.DateTimeField', [], {'auto_now_add': 'True', 'blank': 'True'}),
+            'description': ('django.db.models.fields.TextField', [], {'blank': 'True'}),
+            u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+            'modified_at': ('django.db.models.fields.DateTimeField', [], {'auto_now': 'True', 'blank': 'True'}),
+            'tagged_vlans': ('django.db.models.fields.related.ForeignKey', [], {'blank': 'True', 'related_name': "'tagged_ports'", 'null': 'True', 'to': u"orm['firewall.VlanGroup']"}),
+            'untagged_vlan': ('django.db.models.fields.related.ForeignKey', [], {'related_name': "'untagged_ports'", 'to': u"orm['firewall.Vlan']"})
+        },
+        u'firewall.vlan': {
+            'Meta': {'object_name': 'Vlan'},
+            'comment': ('django.db.models.fields.TextField', [], {'blank': 'True'}),
+            'created_at': ('django.db.models.fields.DateTimeField', [], {'auto_now_add': 'True', 'blank': 'True'}),
+            'description': ('django.db.models.fields.TextField', [], {'blank': 'True'}),
+            'dhcp_pool': ('django.db.models.fields.TextField', [], {'blank': 'True'}),
+            'domain': ('django.db.models.fields.related.ForeignKey', [], {'to': u"orm['firewall.Domain']"}),
+            u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+            'ipv6_template': ('django.db.models.fields.TextField', [], {'default': "'2001:738:2001:4031:%(b)d:%(c)d:%(d)d:0'"}),
+            'managed': ('django.db.models.fields.BooleanField', [], {'default': 'True'}),
+            'modified_at': ('django.db.models.fields.DateTimeField', [], {'auto_now': 'True', 'blank': 'True'}),
+            'name': ('django.db.models.fields.CharField', [], {'unique': 'True', 'max_length': '20'}),
+            'network4': ('firewall.fields.IPNetworkField', [], {'max_length': '100'}),
+            'network6': ('firewall.fields.IPNetworkField', [], {'max_length': '100', 'null': 'True', 'blank': 'True'}),
+            'network_type': ('django.db.models.fields.CharField', [], {'max_length': '20'}),
+            'owner': ('django.db.models.fields.related.ForeignKey', [], {'to': u"orm['auth.User']", 'null': 'True', 'blank': 'True'}),
+            'reverse_domain': ('django.db.models.fields.TextField', [], {'default': "'%(d)d.%(c)d.%(b)d.%(a)d.in-addr.arpa'"}),
+            'snat_ip': ('django.db.models.fields.GenericIPAddressField', [], {'max_length': '39', 'null': 'True', 'blank': 'True'}),
+            'snat_to': ('django.db.models.fields.related.ManyToManyField', [], {'symmetrical': 'False', 'to': u"orm['firewall.Vlan']", 'null': 'True', 'blank': 'True'}),
+            'vid': ('django.db.models.fields.IntegerField', [], {'unique': 'True'})
+        },
+        u'firewall.vlangroup': {
+            'Meta': {'object_name': 'VlanGroup'},
+            'created_at': ('django.db.models.fields.DateTimeField', [], {'auto_now_add': 'True', 'blank': 'True'}),
+            'description': ('django.db.models.fields.TextField', [], {'blank': 'True'}),
+            u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+            'modified_at': ('django.db.models.fields.DateTimeField', [], {'auto_now': 'True', 'blank': 'True'}),
+            'name': ('django.db.models.fields.CharField', [], {'unique': 'True', 'max_length': '20'}),
+            'owner': ('django.db.models.fields.related.ForeignKey', [], {'to': u"orm['auth.User']", 'null': 'True', 'blank': 'True'}),
+            'vlans': ('django.db.models.fields.related.ManyToManyField', [], {'symmetrical': 'False', 'to': u"orm['firewall.Vlan']", 'null': 'True', 'blank': 'True'})
+        }
+    }
+
+    complete_apps = ['firewall']

circle/firewall/migrations/0046_auto__chg_field_rule_priority.py

+# -*- coding: utf-8 -*-
+import datetime
+from south.db import db
+from south.v2 import SchemaMigration
+from django.db import models
+
+
+class Migration(SchemaMigration):
+
+    def forwards(self, orm):
+
+        # Changing field 'Rule.priority'
+        db.alter_column(u'firewall_rule', 'priority', self.gf('django.db.models.fields.IntegerField')())
+
+    def backwards(self, orm):
+
+        # Changing field 'Rule.priority'
+        db.alter_column(u'firewall_rule', 'priority', self.gf('django.db.models.fields.IntegerField')(null=True))
+
+    models = {
+        u'acl.level': {
+            'Meta': {'unique_together': "(('content_type', 'codename'),)", 'object_name': 'Level'},
+            'codename': ('django.db.models.fields.CharField', [], {'max_length': '100'}),
+            'content_type': ('django.db.models.fields.related.ForeignKey', [], {'to': u"orm['contenttypes.ContentType']"}),
+            u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+            'name': ('django.db.models.fields.CharField', [], {'max_length': '50'}),
+            'weight': ('django.db.models.fields.IntegerField', [], {'null': 'True'})
+        },
+        u'acl.objectlevel': {
+            'Meta': {'unique_together': "(('content_type', 'object_id', 'level'),)", 'object_name': 'ObjectLevel'},
+            'content_type': ('django.db.models.fields.related.ForeignKey', [], {'to': u"orm['contenttypes.ContentType']"}),
+            'groups': ('django.db.models.fields.related.ManyToManyField', [], {'to': u"orm['auth.Group']", 'symmetrical': 'False'}),
+            u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+            'level': ('django.db.models.fields.related.ForeignKey', [], {'to': u"orm['acl.Level']"}),
+            'object_id': ('django.db.models.fields.IntegerField', [], {}),
+            'users': ('django.db.models.fields.related.ManyToManyField', [], {'to': u"orm['auth.User']", 'symmetrical': 'False'})
+        },
+        u'auth.group': {
+            'Meta': {'object_name': 'Group'},
+            u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+            'name': ('django.db.models.fields.CharField', [], {'unique': 'True', 'max_length': '80'}),
+            'permissions': ('django.db.models.fields.related.ManyToManyField', [], {'to': u"orm['auth.Permission']", 'symmetrical': 'False', 'blank': 'True'})
+        },
+        u'auth.permission': {
+            'Meta': {'ordering': "(u'content_type__app_label', u'content_type__model', u'codename')", 'unique_together': "((u'content_type', u'codename'),)", 'object_name': 'Permission'},
+            'codename': ('django.db.models.fields.CharField', [], {'max_length': '100'}),
+            'content_type': ('django.db.models.fields.related.ForeignKey', [], {'to': u"orm['contenttypes.ContentType']"}),
+            u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+            'name': ('django.db.models.fields.CharField', [], {'max_length': '50'})
+        },
+        u'auth.user': {
+            'Meta': {'object_name': 'User'},
+            'date_joined': ('django.db.models.fields.DateTimeField', [], {'default': 'datetime.datetime.now'}),
+            'email': ('django.db.models.fields.EmailField', [], {'max_length': '75', 'blank': 'True'}),
+            'first_name': ('django.db.models.fields.CharField', [], {'max_length': '30', 'blank': 'True'}),
+            'groups': ('django.db.models.fields.related.ManyToManyField', [], {'to': u"orm['auth.Group']", 'symmetrical': 'False', 'blank': 'True'}),
+            u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+            'is_active': ('django.db.models.fields.BooleanField', [], {'default': 'True'}),
+            'is_staff': ('django.db.models.fields.BooleanField', [], {'default': 'False'}),
+            'is_superuser': ('django.db.models.fields.BooleanField', [], {'default': 'False'}),
+            'last_login': ('django.db.models.fields.DateTimeField', [], {'default': 'datetime.datetime.now'}),
+            'last_name': ('django.db.models.fields.CharField', [], {'max_length': '30', 'blank': 'True'}),
+            'password': ('django.db.models.fields.CharField', [], {'max_length': '128'}),
+            'user_permissions': ('django.db.models.fields.related.ManyToManyField', [], {'to': u"orm['auth.Permission']", 'symmetrical': 'False', 'blank': 'True'}),
+            'username': ('django.db.models.fields.CharField', [], {'unique': 'True', 'max_length': '30'})
+        },
+        u'contenttypes.contenttype': {
+            'Meta': {'ordering': "('name',)", 'unique_together': "(('app_label', 'model'),)", 'object_name': 'ContentType', 'db_table': "'django_content_type'"},
+            'app_label': ('django.db.models.fields.CharField', [], {'max_length': '100'}),
+            u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+            'model': ('django.db.models.fields.CharField', [], {'max_length': '100'}),
+            'name': ('django.db.models.fields.CharField', [], {'max_length': '100'})
+        },
+        u'firewall.blacklist': {
+            'Meta': {'object_name': 'Blacklist'},
+            'created_at': ('django.db.models.fields.DateTimeField', [], {'auto_now_add': 'True', 'blank': 'True'}),
+            'host': ('django.db.models.fields.related.ForeignKey', [], {'to': u"orm['firewall.Host']", 'null': 'True', 'blank': 'True'}),
+            u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+            'ipv4': ('django.db.models.fields.GenericIPAddressField', [], {'unique': 'True', 'max_length': '39'}),
+            'modified_at': ('django.db.models.fields.DateTimeField', [], {'auto_now': 'True', 'blank': 'True'}),
+            'reason': ('django.db.models.fields.TextField', [], {'blank': 'True'}),
+            'snort_message': ('django.db.models.fields.TextField', [], {'blank': 'True'}),
+            'type': ('django.db.models.fields.CharField', [], {'default': "'tempban'", 'max_length': '10'})
+        },
+        u'firewall.domain': {
+            'Meta': {'object_name': 'Domain'},
+            'created_at': ('django.db.models.fields.DateTimeField', [], {'auto_now_add': 'True', 'blank': 'True'}),
+            'description': ('django.db.models.fields.TextField', [], {'blank': 'True'}),
+            u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+            'modified_at': ('django.db.models.fields.DateTimeField', [], {'auto_now': 'True', 'blank': 'True'}),
+            'name': ('django.db.models.fields.CharField', [], {'max_length': '40'}),
+            'owner': ('django.db.models.fields.related.ForeignKey', [], {'to': u"orm['auth.User']"}),
+            'ttl': ('django.db.models.fields.IntegerField', [], {'default': '600'})
+        },
+        u'firewall.ethernetdevice': {
+            'Meta': {'object_name': 'EthernetDevice'},
+            'created_at': ('django.db.models.fields.DateTimeField', [], {'auto_now_add': 'True', 'blank': 'True'}),
+            u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+            'modified_at': ('django.db.models.fields.DateTimeField', [], {'auto_now': 'True', 'blank': 'True'}),
+            'name': ('django.db.models.fields.CharField', [], {'unique': 'True', 'max_length': '20'}),
+            'switch_port': ('django.db.models.fields.related.ForeignKey', [], {'related_name': "'ethernet_devices'", 'to': u"orm['firewall.SwitchPort']"})
+        },
+        u'firewall.firewall': {
+            'Meta': {'object_name': 'Firewall'},
+            u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+            'name': ('django.db.models.fields.CharField', [], {'unique': 'True', 'max_length': '20'})
+        },
+        u'firewall.group': {
+            'Meta': {'object_name': 'Group'},
+            'created_at': ('django.db.models.fields.DateTimeField', [], {'auto_now_add': 'True', 'blank': 'True'}),
+            'description': ('django.db.models.fields.TextField', [], {'blank': 'True'}),
+            u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+            'modified_at': ('django.db.models.fields.DateTimeField', [], {'auto_now': 'True', 'blank': 'True'}),
+            'name': ('django.db.models.fields.CharField', [], {'unique': 'True', 'max_length': '20'}),
+            'owner': ('django.db.models.fields.related.ForeignKey', [], {'to': u"orm['auth.User']", 'null': 'True', 'blank': 'True'})
+        },
+        u'firewall.host': {
+            'Meta': {'ordering': "('normalized_hostname', 'vlan')", 'unique_together': "(('hostname', 'vlan'),)", 'object_name': 'Host'},
+            'comment': ('django.db.models.fields.TextField', [], {'blank': 'True'}),
+            'created_at': ('django.db.models.fields.DateTimeField', [], {'auto_now_add': 'True', 'blank': 'True'}),
+            'description': ('django.db.models.fields.TextField', [], {'blank': 'True'}),
+            'external_ipv4': ('firewall.fields.IPAddressField', [], {'max_length': '100', 'null': 'True', 'blank': 'True'}),
+            'groups': ('django.db.models.fields.related.ManyToManyField', [], {'symmetrical': 'False', 'to': u"orm['firewall.Group']", 'null': 'True', 'blank': 'True'}),
+            'hostname': ('django.db.models.fields.CharField', [], {'max_length': '40'}),
+            u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+            'ipv4': ('firewall.fields.IPAddressField', [], {'unique': 'True', 'max_length': '100'}),
+            'ipv6': ('firewall.fields.IPAddressField', [], {'max_length': '100', 'unique': 'True', 'null': 'True', 'blank': 'True'}),
+            'location': ('django.db.models.fields.TextField', [], {'blank': 'True'}),
+            'mac': ('firewall.fields.MACAddressField', [], {'unique': 'True', 'max_length': '17'}),
+            'modified_at': ('django.db.models.fields.DateTimeField', [], {'auto_now': 'True', 'blank': 'True'}),
+            'normalized_hostname': ('common.models.HumanSortField', [], {'default': "''", 'maximum_number_length': '4', 'max_length': '80', 'monitor': "'hostname'", 'blank': 'True'}),
+            'owner': ('django.db.models.fields.related.ForeignKey', [], {'to': u"orm['auth.User']"}),
+            'reverse': ('django.db.models.fields.CharField', [], {'max_length': '40', 'null': 'True', 'blank': 'True'}),
+            'shared_ip': ('django.db.models.fields.BooleanField', [], {'default': 'False'}),
+            'vlan': ('django.db.models.fields.related.ForeignKey', [], {'to': u"orm['firewall.Vlan']"})
+        },
+        u'firewall.record': {
+            'Meta': {'ordering': "('domain', 'name')", 'object_name': 'Record'},
+            'address': ('django.db.models.fields.CharField', [], {'max_length': '200'}),
+            'created_at': ('django.db.models.fields.DateTimeField', [], {'auto_now_add': 'True', 'blank': 'True'}),
+            'description': ('django.db.models.fields.TextField', [], {'blank': 'True'}),
+            'domain': ('django.db.models.fields.related.ForeignKey', [], {'to': u"orm['firewall.Domain']"}),
+            'host': ('django.db.models.fields.related.ForeignKey', [], {'to': u"orm['firewall.Host']", 'null': 'True', 'blank': 'True'}),
+            u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+            'modified_at': ('django.db.models.fields.DateTimeField', [], {'auto_now': 'True', 'blank': 'True'}),
+            'name': ('django.db.models.fields.CharField', [], {'max_length': '40', 'null': 'True', 'blank': 'True'}),
+            'owner': ('django.db.models.fields.related.ForeignKey', [], {'to': u"orm['auth.User']"}),
+            'ttl': ('django.db.models.fields.IntegerField', [], {'default': '600'}),
+            'type': ('django.db.models.fields.CharField', [], {'max_length': '6'})
+        },
+        u'firewall.rule': {
+            'Meta': {'ordering': "('direction', 'proto', 'sport', 'dport', 'nat_external_port', 'host')", 'object_name': 'Rule'},
+            'accept': ('django.db.models.fields.BooleanField', [], {'default': 'True'}),
+            'created_at': ('django.db.models.fields.DateTimeField', [], {'auto_now_add': 'True', 'blank': 'True'}),
+            'description': ('django.db.models.fields.TextField', [], {'blank': 'True'}),
+            'direction': ('django.db.models.fields.CharField', [], {'max_length': '3'}),
+            'dport': ('django.db.models.fields.IntegerField', [], {'null': 'True', 'blank': 'True'}),
+            'extra': ('django.db.models.fields.TextField', [], {'blank': 'True'}),
+            'firewall': ('django.db.models.fields.related.ForeignKey', [], {'blank': 'True', 'related_name': "'rules'", 'null': 'True', 'to': u"orm['firewall.Firewall']"}),
+            'foreign_network': ('django.db.models.fields.related.ForeignKey', [], {'related_name': "'ForeignRules'", 'to': u"orm['firewall.VlanGroup']"}),
+            'host': ('django.db.models.fields.related.ForeignKey', [], {'blank': 'True', 'related_name': "'rules'", 'null': 'True', 'to': u"orm['firewall.Host']"}),
+            'hostgroup': ('django.db.models.fields.related.ForeignKey', [], {'blank': 'True', 'related_name': "'rules'", 'null': 'True', 'to': u"orm['firewall.Group']"}),
+            u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+            'modified_at': ('django.db.models.fields.DateTimeField', [], {'auto_now': 'True', 'blank': 'True'}),
+            'nat': ('django.db.models.fields.BooleanField', [], {'default': 'False'}),
+            'nat_external_ipv4': ('firewall.fields.IPAddressField', [], {'max_length': '100', 'null': 'True', 'blank': 'True'}),
+            'nat_external_port': ('django.db.models.fields.IntegerField', [], {'null': 'True', 'blank': 'True'}),
+            'owner': ('django.db.models.fields.related.ForeignKey', [], {'to': u"orm['auth.User']", 'null': 'True', 'blank': 'True'}),
+            'priority': ('django.db.models.fields.IntegerField', [], {'default': '1000'}),
+            'proto': ('django.db.models.fields.CharField', [], {'max_length': '10', 'null': 'True', 'blank': 'True'}),
+            'sport': ('django.db.models.fields.IntegerField', [], {'null': 'True', 'blank': 'True'}),
+            'vlan': ('django.db.models.fields.related.ForeignKey', [], {'blank': 'True', 'related_name': "'rules'", 'null': 'True', 'to': u"orm['firewall.Vlan']"}),
+            'vlangroup': ('django.db.models.fields.related.ForeignKey', [], {'blank': 'True', 'related_name': "'rules'", 'null': 'True', 'to': u"orm['firewall.VlanGroup']"})
+        },
+        u'firewall.switchport': {
+            'Meta': {'object_name': 'SwitchPort'},
+            'created_at': ('django.db.models.fields.DateTimeField', [], {'auto_now_add': 'True', 'blank': 'True'}),
+            'description': ('django.db.models.fields.TextField', [], {'blank': 'True'}),
+            u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+            'modified_at': ('django.db.models.fields.DateTimeField', [], {'auto_now': 'True', 'blank': 'True'}),
+            'tagged_vlans': ('django.db.models.fields.related.ForeignKey', [], {'blank': 'True', 'related_name': "'tagged_ports'", 'null': 'True', 'to': u"orm['firewall.VlanGroup']"}),
+            'untagged_vlan': ('django.db.models.fields.related.ForeignKey', [], {'related_name': "'untagged_ports'", 'to': u"orm['firewall.Vlan']"})
+        },
+        u'firewall.vlan': {
+            'Meta': {'object_name': 'Vlan'},
+            'comment': ('django.db.models.fields.TextField', [], {'blank': 'True'}),
+            'created_at': ('django.db.models.fields.DateTimeField', [], {'auto_now_add': 'True', 'blank': 'True'}),
+            'description': ('django.db.models.fields.TextField', [], {'blank': 'True'}),
+            'dhcp_pool': ('django.db.models.fields.TextField', [], {'blank': 'True'}),
+            'domain': ('django.db.models.fields.related.ForeignKey', [], {'to': u"orm['firewall.Domain']"}),
+            u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+            'ipv6_template': ('django.db.models.fields.TextField', [], {'default': "'2001:738:2001:4031:%(b)d:%(c)d:%(d)d:0'"}),
+            'managed': ('django.db.models.fields.BooleanField', [], {'default': 'True'}),
+            'modified_at': ('django.db.models.fields.DateTimeField', [], {'auto_now': 'True', 'blank': 'True'}),
+            'name': ('django.db.models.fields.CharField', [], {'unique': 'True', 'max_length': '20'}),
+            'network4': ('firewall.fields.IPNetworkField', [], {'max_length': '100'}),
+            'network6': ('firewall.fields.IPNetworkField', [], {'max_length': '100', 'null': 'True', 'blank': 'True'}),
+            'network_type': ('django.db.models.fields.CharField', [], {'default': "'portforward'", 'max_length': '20'}),
+            'owner': ('django.db.models.fields.related.ForeignKey', [], {'to': u"orm['auth.User']", 'null': 'True', 'blank': 'True'}),
+            'reverse_domain': ('django.db.models.fields.TextField', [], {'default': "'%(d)d.%(c)d.%(b)d.%(a)d.in-addr.arpa'"}),
+            'snat_ip': ('django.db.models.fields.GenericIPAddressField', [], {'max_length': '39', 'null': 'True', 'blank': 'True'}),
+            'snat_to': ('django.db.models.fields.related.ManyToManyField', [], {'symmetrical': 'False', 'to': u"orm['firewall.Vlan']", 'null': 'True', 'blank': 'True'}),
+            'vid': ('django.db.models.fields.IntegerField', [], {'unique': 'True'})
+        },
+        u'firewall.vlangroup': {
+            'Meta': {'object_name': 'VlanGroup'},
+            'created_at': ('django.db.models.fields.DateTimeField', [], {'auto_now_add': 'True', 'blank': 'True'}),
+            'description': ('django.db.models.fields.TextField', [], {'blank': 'True'}),
+            u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+            'modified_at': ('django.db.models.fields.DateTimeField', [], {'auto_now': 'True', 'blank': 'True'}),
+            'name': ('django.db.models.fields.CharField', [], {'unique': 'True', 'max_length': '20'}),
+            'owner': ('django.db.models.fields.related.ForeignKey', [], {'to': u"orm['auth.User']", 'null': 'True', 'blank': 'True'}),
+            'vlans': ('django.db.models.fields.related.ManyToManyField', [], {'symmetrical': 'False', 'to': u"orm['firewall.Vlan']", 'null': 'True', 'blank': 'True'})
+        }
+    }
+
+    complete_apps = ['firewall']
\ No newline at end of file

circle/firewall/migrations/0047_auto__del_field_rule_priority__add_field_rule_weight.py

+# -*- coding: utf-8 -*-
+import datetime
+from south.db import db
+from south.v2 import SchemaMigration
+from django.db import models
+
+
+class Migration(SchemaMigration):
+
+    def forwards(self, orm):
+        db.rename_column(u'firewall_rule', 'priority', 'weight')
+
+        db.alter_column(u'firewall_rule', 'weight',
+                        self.gf('django.db.models.fields.IntegerField')(default=30000))
+
+
+    def backwards(self, orm):
+        db.rename_column(u'firewall_rule', 'priority', 'weight')
+
+        db.alter_column(u'firewall_rule', 'priority',
+                        self.gf('django.db.models.fields.IntegerField')(default=1000))
+
+
+    models = {
+        u'acl.level': {
+            'Meta': {'unique_together': "(('content_type', 'codename'),)", 'object_name': 'Level'},
+            'codename': ('django.db.models.fields.CharField', [], {'max_length': '100'}),
+            'content_type': ('django.db.models.fields.related.ForeignKey', [], {'to': u"orm['contenttypes.ContentType']"}),
+            u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+            'name': ('django.db.models.fields.CharField', [], {'max_length': '50'}),
+            'weight': ('django.db.models.fields.IntegerField', [], {'null': 'True'})
+        },
+        u'acl.objectlevel': {
+            'Meta': {'unique_together': "(('content_type', 'object_id', 'level'),)", 'object_name': 'ObjectLevel'},
+            'content_type': ('django.db.models.fields.related.ForeignKey', [], {'to': u"orm['contenttypes.ContentType']"}),
+            'groups': ('django.db.models.fields.related.ManyToManyField', [], {'to': u"orm['auth.Group']", 'symmetrical': 'False'}),
+            u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+            'level': ('django.db.models.fields.related.ForeignKey', [], {'to': u"orm['acl.Level']"}),
+            'object_id': ('django.db.models.fields.IntegerField', [], {}),
+            'users': ('django.db.models.fields.related.ManyToManyField', [], {'to': u"orm['auth.User']", 'symmetrical': 'False'})
+        },
+        u'auth.group': {
+            'Meta': {'object_name': 'Group'},
+            u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+            'name': ('django.db.models.fields.CharField', [], {'unique': 'True', 'max_length': '80'}),
+            'permissions': ('django.db.models.fields.related.ManyToManyField', [], {'to': u"orm['auth.Permission']", 'symmetrical': 'False', 'blank': 'True'})
+        },
+        u'auth.permission': {
+            'Meta': {'ordering': "(u'content_type__app_label', u'content_type__model', u'codename')", 'unique_together': "((u'content_type', u'codename'),)", 'object_name': 'Permission'},
+            'codename': ('django.db.models.fields.CharField', [], {'max_length': '100'}),
+            'content_type': ('django.db.models.fields.related.ForeignKey', [], {'to': u"orm['contenttypes.ContentType']"}),
+            u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+            'name': ('django.db.models.fields.CharField', [], {'max_length': '50'})
+        },
+        u'auth.user': {
+            'Meta': {'object_name': 'User'},
+            'date_joined': ('django.db.models.fields.DateTimeField', [], {'default': 'datetime.datetime.now'}),
+            'email': ('django.db.models.fields.EmailField', [], {'max_length': '75', 'blank': 'True'}),
+            'first_name': ('django.db.models.fields.CharField', [], {'max_length': '30', 'blank': 'True'}),
+            'groups': ('django.db.models.fields.related.ManyToManyField', [], {'to': u"orm['auth.Group']", 'symmetrical': 'False', 'blank': 'True'}),
+            u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+            'is_active': ('django.db.models.fields.BooleanField', [], {'default': 'True'}),
+            'is_staff': ('django.db.models.fields.BooleanField', [], {'default': 'False'}),
+            'is_superuser': ('django.db.models.fields.BooleanField', [], {'default': 'False'}),
+            'last_login': ('django.db.models.fields.DateTimeField', [], {'default': 'datetime.datetime.now'}),
+            'last_name': ('django.db.models.fields.CharField', [], {'max_length': '30', 'blank': 'True'}),
+            'password': ('django.db.models.fields.CharField', [], {'max_length': '128'}),
+            'user_permissions': ('django.db.models.fields.related.ManyToManyField', [], {'to': u"orm['auth.Permission']", 'symmetrical': 'False', 'blank': 'True'}),
+            'username': ('django.db.models.fields.CharField', [], {'unique': 'True', 'max_length': '30'})
+        },
+        u'contenttypes.contenttype': {
+            'Meta': {'ordering': "('name',)", 'unique_together': "(('app_label', 'model'),)", 'object_name': 'ContentType', 'db_table': "'django_content_type'"},
+            'app_label': ('django.db.models.fields.CharField', [], {'max_length': '100'}),
+            u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+            'model': ('django.db.models.fields.CharField', [], {'max_length': '100'}),
+            'name': ('django.db.models.fields.CharField', [], {'max_length': '100'})
+        },
+        u'firewall.blacklist': {
+            'Meta': {'object_name': 'Blacklist'},
+            'created_at': ('django.db.models.fields.DateTimeField', [], {'auto_now_add': 'True', 'blank': 'True'}),
+            'host': ('django.db.models.fields.related.ForeignKey', [], {'to': u"orm['firewall.Host']", 'null': 'True', 'blank': 'True'}),
+            u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+            'ipv4': ('django.db.models.fields.GenericIPAddressField', [], {'unique': 'True', 'max_length': '39'}),
+            'modified_at': ('django.db.models.fields.DateTimeField', [], {'auto_now': 'True', 'blank': 'True'}),
+            'reason': ('django.db.models.fields.TextField', [], {'blank': 'True'}),
+            'snort_message': ('django.db.models.fields.TextField', [], {'blank': 'True'}),
+            'type': ('django.db.models.fields.CharField', [], {'default': "'tempban'", 'max_length': '10'})
+        },
+        u'firewall.domain': {
+            'Meta': {'object_name': 'Domain'},
+            'created_at': ('django.db.models.fields.DateTimeField', [], {'auto_now_add': 'True', 'blank': 'True'}),
+            'description': ('django.db.models.fields.TextField', [], {'blank': 'True'}),
+            u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+            'modified_at': ('django.db.models.fields.DateTimeField', [], {'auto_now': 'True', 'blank': 'True'}),
+            'name': ('django.db.models.fields.CharField', [], {'max_length': '40'}),
+            'owner': ('django.db.models.fields.related.ForeignKey', [], {'to': u"orm['auth.User']"}),
+            'ttl': ('django.db.models.fields.IntegerField', [], {'default': '600'})
+        },
+        u'firewall.ethernetdevice': {
+            'Meta': {'object_name': 'EthernetDevice'},
+            'created_at': ('django.db.models.fields.DateTimeField', [], {'auto_now_add': 'True', 'blank': 'True'}),
+            u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+            'modified_at': ('django.db.models.fields.DateTimeField', [], {'auto_now': 'True', 'blank': 'True'}),
+            'name': ('django.db.models.fields.CharField', [], {'unique': 'True', 'max_length': '20'}),
+            'switch_port': ('django.db.models.fields.related.ForeignKey', [], {'related_name': "'ethernet_devices'", 'to': u"orm['firewall.SwitchPort']"})
+        },
+        u'firewall.firewall': {
+            'Meta': {'object_name': 'Firewall'},
+            u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+            'name': ('django.db.models.fields.CharField', [], {'unique': 'True', 'max_length': '20'})
+        },
+        u'firewall.group': {
+            'Meta': {'object_name': 'Group'},
+            'created_at': ('django.db.models.fields.DateTimeField', [], {'auto_now_add': 'True', 'blank': 'True'}),
+            'description': ('django.db.models.fields.TextField', [], {'blank': 'True'}),
+            u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+            'modified_at': ('django.db.models.fields.DateTimeField', [], {'auto_now': 'True', 'blank': 'True'}),
+            'name': ('django.db.models.fields.CharField', [], {'unique': 'True', 'max_length': '20'}),
+            'owner': ('django.db.models.fields.related.ForeignKey', [], {'to': u"orm['auth.User']", 'null': 'True', 'blank': 'True'})
+        },
+        u'firewall.host': {
+            'Meta': {'ordering': "('normalized_hostname', 'vlan')", 'unique_together': "(('hostname', 'vlan'),)", 'object_name': 'Host'},
+            'comment': ('django.db.models.fields.TextField', [], {'blank': 'True'}),
+            'created_at': ('django.db.models.fields.DateTimeField', [], {'auto_now_add': 'True', 'blank': 'True'}),
+            'description': ('django.db.models.fields.TextField', [], {'blank': 'True'}),
+            'external_ipv4': ('firewall.fields.IPAddressField', [], {'max_length': '100', 'null': 'True', 'blank': 'True'}),
+            'groups': ('django.db.models.fields.related.ManyToManyField', [], {'symmetrical': 'False', 'to': u"orm['firewall.Group']", 'null': 'True', 'blank': 'True'}),
+            'hostname': ('django.db.models.fields.CharField', [], {'max_length': '40'}),
+            u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+            'ipv4': ('firewall.fields.IPAddressField', [], {'unique': 'True', 'max_length': '100'}),
+            'ipv6': ('firewall.fields.IPAddressField', [], {'max_length': '100', 'unique': 'True', 'null': 'True', 'blank': 'True'}),
+            'location': ('django.db.models.fields.TextField', [], {'blank': 'True'}),
+            'mac': ('firewall.fields.MACAddressField', [], {'unique': 'True', 'max_length': '17'}),
+            'modified_at': ('django.db.models.fields.DateTimeField', [], {'auto_now': 'True', 'blank': 'True'}),
+            'normalized_hostname': ('common.models.HumanSortField', [], {'default': "''", 'maximum_number_length': '4', 'max_length': '80', 'monitor': "'hostname'", 'blank': 'True'}),
+            'owner': ('django.db.models.fields.related.ForeignKey', [], {'to': u"orm['auth.User']"}),
+            'reverse': ('django.db.models.fields.CharField', [], {'max_length': '40', 'null': 'True', 'blank': 'True'}),
+            'shared_ip': ('django.db.models.fields.BooleanField', [], {'default': 'False'}),
+            'vlan': ('django.db.models.fields.related.ForeignKey', [], {'to': u"orm['firewall.Vlan']"})
+        },
+        u'firewall.record': {
+            'Meta': {'ordering': "('domain', 'name')", 'object_name': 'Record'},
+            'address': ('django.db.models.fields.CharField', [], {'max_length': '200'}),
+            'created_at': ('django.db.models.fields.DateTimeField', [], {'auto_now_add': 'True', 'blank': 'True'}),
+            'description': ('django.db.models.fields.TextField', [], {'blank': 'True'}),
+            'domain': ('django.db.models.fields.related.ForeignKey', [], {'to': u"orm['firewall.Domain']"}),
+            'host': ('django.db.models.fields.related.ForeignKey', [], {'to': u"orm['firewall.Host']", 'null': 'True', 'blank': 'True'}),
+            u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+            'modified_at': ('django.db.models.fields.DateTimeField', [], {'auto_now': 'True', 'blank': 'True'}),
+            'name': ('django.db.models.fields.CharField', [], {'max_length': '40', 'null': 'True', 'blank': 'True'}),
+            'owner': ('django.db.models.fields.related.ForeignKey', [], {'to': u"orm['auth.User']"}),
+            'ttl': ('django.db.models.fields.IntegerField', [], {'default': '600'}),
+            'type': ('django.db.models.fields.CharField', [], {'max_length': '6'})
+        },
+        u'firewall.rule': {
+            'Meta': {'ordering': "('direction', 'proto', 'sport', 'dport', 'nat_external_port', 'host')", 'object_name': 'Rule'},
+            'accept': ('django.db.models.fields.BooleanField', [], {'default': 'True'}),
+            'created_at': ('django.db.models.fields.DateTimeField', [], {'auto_now_add': 'True', 'blank': 'True'}),
+            'description': ('django.db.models.fields.TextField', [], {'blank': 'True'}),
+            'direction': ('django.db.models.fields.CharField', [], {'max_length': '3'}),
+            'dport': ('django.db.models.fields.IntegerField', [], {'null': 'True', 'blank': 'True'}),
+            'extra': ('django.db.models.fields.TextField', [], {'blank': 'True'}),
+            'firewall': ('django.db.models.fields.related.ForeignKey', [], {'blank': 'True', 'related_name': "'rules'", 'null': 'True', 'to': u"orm['firewall.Firewall']"}),
+            'foreign_network': ('django.db.models.fields.related.ForeignKey', [], {'related_name': "'ForeignRules'", 'to': u"orm['firewall.VlanGroup']"}),
+            'host': ('django.db.models.fields.related.ForeignKey', [], {'blank': 'True', 'related_name': "'rules'", 'null': 'True', 'to': u"orm['firewall.Host']"}),
+            'hostgroup': ('django.db.models.fields.related.ForeignKey', [], {'blank': 'True', 'related_name': "'rules'", 'null': 'True', 'to': u"orm['firewall.Group']"}),
+            u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+            'modified_at': ('django.db.models.fields.DateTimeField', [], {'auto_now': 'True', 'blank': 'True'}),
+            'nat': ('django.db.models.fields.BooleanField', [], {'default': 'False'}),
+            'nat_external_ipv4': ('firewall.fields.IPAddressField', [], {'max_length': '100', 'null': 'True', 'blank': 'True'}),
+            'nat_external_port': ('django.db.models.fields.IntegerField', [], {'null': 'True', 'blank': 'True'}),
+            'owner': ('django.db.models.fields.related.ForeignKey', [], {'to': u"orm['auth.User']", 'null': 'True', 'blank': 'True'}),
+            'proto': ('django.db.models.fields.CharField', [], {'max_length': '10', 'null': 'True', 'blank': 'True'}),
+            'sport': ('django.db.models.fields.IntegerField', [], {'null': 'True', 'blank': 'True'}),
+            'vlan': ('django.db.models.fields.related.ForeignKey', [], {'blank': 'True', 'related_name': "'rules'", 'null': 'True', 'to': u"orm['firewall.Vlan']"}),
+            'vlangroup': ('django.db.models.fields.related.ForeignKey', [], {'blank': 'True', 'related_name': "'rules'", 'null': 'True', 'to': u"orm['firewall.VlanGroup']"}),
+            'weight': ('django.db.models.fields.IntegerField', [], {'default': '30000'})
+        },
+        u'firewall.switchport': {
+            'Meta': {'object_name': 'SwitchPort'},
+            'created_at': ('django.db.models.fields.DateTimeField', [], {'auto_now_add': 'True', 'blank': 'True'}),
+            'description': ('django.db.models.fields.TextField', [], {'blank': 'True'}),
+            u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+            'modified_at': ('django.db.models.fields.DateTimeField', [], {'auto_now': 'True', 'blank': 'True'}),
+            'tagged_vlans': ('django.db.models.fields.related.ForeignKey', [], {'blank': 'True', 'related_name': "'tagged_ports'", 'null': 'True', 'to': u"orm['firewall.VlanGroup']"}),
+            'untagged_vlan': ('django.db.models.fields.related.ForeignKey', [], {'related_name': "'untagged_ports'", 'to': u"orm['firewall.Vlan']"})
+        },
+        u'firewall.vlan': {
+            'Meta': {'object_name': 'Vlan'},
+            'comment': ('django.db.models.fields.TextField', [], {'blank': 'True'}),
+            'created_at': ('django.db.models.fields.DateTimeField', [], {'auto_now_add': 'True', 'blank': 'True'}),
+            'description': ('django.db.models.fields.TextField', [], {'blank': 'True'}),
+            'dhcp_pool': ('django.db.models.fields.TextField', [], {'blank': 'True'}),
+            'domain': ('django.db.models.fields.related.ForeignKey', [], {'to': u"orm['firewall.Domain']"}),
+            u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+            'ipv6_template': ('django.db.models.fields.TextField', [], {'default': "'2001:738:2001:4031:%(b)d:%(c)d:%(d)d:0'"}),
+            'managed': ('django.db.models.fields.BooleanField', [], {'default': 'True'}),
+            'modified_at': ('django.db.models.fields.DateTimeField', [], {'auto_now': 'True', 'blank': 'True'}),
+            'name': ('django.db.models.fields.CharField', [], {'unique': 'True', 'max_length': '20'}),
+            'network4': ('firewall.fields.IPNetworkField', [], {'max_length': '100'}),
+            'network6': ('firewall.fields.IPNetworkField', [], {'max_length': '100', 'null': 'True', 'blank': 'True'}),
+            'network_type': ('django.db.models.fields.CharField', [], {'default': "'portforward'", 'max_length': '20'}),
+            'owner': ('django.db.models.fields.related.ForeignKey', [], {'to': u"orm['auth.User']", 'null': 'True', 'blank': 'True'}),
+            'reverse_domain': ('django.db.models.fields.TextField', [], {'default': "'%(d)d.%(c)d.%(b)d.%(a)d.in-addr.arpa'"}),
+            'snat_ip': ('django.db.models.fields.GenericIPAddressField', [], {'max_length': '39', 'null': 'True', 'blank': 'True'}),
+            'snat_to': ('django.db.models.fields.related.ManyToManyField', [], {'symmetrical': 'False', 'to': u"orm['firewall.Vlan']", 'null': 'True', 'blank': 'True'}),
+            'vid': ('django.db.models.fields.IntegerField', [], {'unique': 'True'})
+        },
+        u'firewall.vlangroup': {
+            'Meta': {'object_name': 'VlanGroup'},
+            'created_at': ('django.db.models.fields.DateTimeField', [], {'auto_now_add': 'True', 'blank': 'True'}),
+            'description': ('django.db.models.fields.TextField', [], {'blank': 'True'}),
+            u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+            'modified_at': ('django.db.models.fields.DateTimeField', [], {'auto_now': 'True', 'blank': 'True'}),
+            'name': ('django.db.models.fields.CharField', [], {'unique': 'True', 'max_length': '20'}),
+            'owner': ('django.db.models.fields.related.ForeignKey', [], {'to': u"orm['auth.User']", 'null': 'True', 'blank': 'True'}),
+            'vlans': ('django.db.models.fields.related.ManyToManyField', [], {'symmetrical': 'False', 'to': u"orm['firewall.Vlan']", 'null': 'True', 'blank': 'True'})
+        }
+    }
+
+    complete_apps = ['firewall']

circle/firewall/migrations/0048_auto__add_field_rule_action.py

+# -*- coding: utf-8 -*-
+import datetime
+from south.db import db
+from south.v2 import SchemaMigration
+from django.db import models
+
+
+class Migration(SchemaMigration):
+
+    def forwards(self, orm):
+        # Adding field 'Rule.action'
+        db.add_column(u'firewall_rule', 'action',
+                      self.gf('django.db.models.fields.CharField')(default='drop', max_length=10),
+                      keep_default=False)
+
+        # Migrating data
+        for rule in orm.Rule.objects.all():
+            rule.action = 'accept' if rule.accept else 'drop'
+            rule.save()
+
+    def backwards(self, orm):
+        # Deleting field 'Rule.action'
+        db.delete_column(u'firewall_rule', 'action')
+
+
+    models = {
+        u'acl.level': {
+            'Meta': {'unique_together': "(('content_type', 'codename'),)", 'object_name': 'Level'},
+            'codename': ('django.db.models.fields.CharField', [], {'max_length': '100'}),
+            'content_type': ('django.db.models.fields.related.ForeignKey', [], {'to': u"orm['contenttypes.ContentType']"}),
+            u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+            'name': ('django.db.models.fields.CharField', [], {'max_length': '50'}),
+            'weight': ('django.db.models.fields.IntegerField', [], {'null': 'True'})
+        },
+        u'acl.objectlevel': {
+            'Meta': {'unique_together': "(('content_type', 'object_id', 'level'),)", 'object_name': 'ObjectLevel'},
+            'content_type': ('django.db.models.fields.related.ForeignKey', [], {'to': u"orm['contenttypes.ContentType']"}),
+            'groups': ('django.db.models.fields.related.ManyToManyField', [], {'to': u"orm['auth.Group']", 'symmetrical': 'False'}),
+            u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+            'level': ('django.db.models.fields.related.ForeignKey', [], {'to': u"orm['acl.Level']"}),
+            'object_id': ('django.db.models.fields.IntegerField', [], {}),
+            'users': ('django.db.models.fields.related.ManyToManyField', [], {'to': u"orm['auth.User']", 'symmetrical': 'False'})
+        },
+        u'auth.group': {
+            'Meta': {'object_name': 'Group'},
+            u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+            'name': ('django.db.models.fields.CharField', [], {'unique': 'True', 'max_length': '80'}),
+            'permissions': ('django.db.models.fields.related.ManyToManyField', [], {'to': u"orm['auth.Permission']", 'symmetrical': 'False', 'blank': 'True'})
+        },
+        u'auth.permission': {
+            'Meta': {'ordering': "(u'content_type__app_label', u'content_type__model', u'codename')", 'unique_together': "((u'content_type', u'codename'),)", 'object_name': 'Permission'},
+            'codename': ('django.db.models.fields.CharField', [], {'max_length': '100'}),
+            'content_type': ('django.db.models.fields.related.ForeignKey', [], {'to': u"orm['contenttypes.ContentType']"}),
+            u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+            'name': ('django.db.models.fields.CharField', [], {'max_length': '50'})
+        },
+        u'auth.user': {
+            'Meta': {'object_name': 'User'},
+            'date_joined': ('django.db.models.fields.DateTimeField', [], {'default': 'datetime.datetime.now'}),
+            'email': ('django.db.models.fields.EmailField', [], {'max_length': '75', 'blank': 'True'}),
+            'first_name': ('django.db.models.fields.CharField', [], {'max_length': '30', 'blank': 'True'}),
+            'groups': ('django.db.models.fields.related.ManyToManyField', [], {'to': u"orm['auth.Group']", 'symmetrical': 'False', 'blank': 'True'}),
+            u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+            'is_active': ('django.db.models.fields.BooleanField', [], {'default': 'True'}),
+            'is_staff': ('django.db.models.fields.BooleanField', [], {'default': 'False'}),
+            'is_superuser': ('django.db.models.fields.BooleanField', [], {'default': 'False'}),
+            'last_login': ('django.db.models.fields.DateTimeField', [], {'default': 'datetime.datetime.now'}),
+            'last_name': ('django.db.models.fields.CharField', [], {'max_length': '30', 'blank': 'True'}),
+            'password': ('django.db.models.fields.CharField', [], {'max_length': '128'}),
+            'user_permissions': ('django.db.models.fields.related.ManyToManyField', [], {'to': u"orm['auth.Permission']", 'symmetrical': 'False', 'blank': 'True'}),
+            'username': ('django.db.models.fields.CharField', [], {'unique': 'True', 'max_length': '30'})
+        },
+        u'contenttypes.contenttype': {
+            'Meta': {'ordering': "('name',)", 'unique_together': "(('app_label', 'model'),)", 'object_name': 'ContentType', 'db_table': "'django_content_type'"},
+            'app_label': ('django.db.models.fields.CharField', [], {'max_length': '100'}),
+            u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+            'model': ('django.db.models.fields.CharField', [], {'max_length': '100'}),
+            'name': ('django.db.models.fields.CharField', [], {'max_length': '100'})
+        },
+        u'firewall.blacklist': {
+            'Meta': {'object_name': 'Blacklist'},
+            'created_at': ('django.db.models.fields.DateTimeField', [], {'auto_now_add': 'True', 'blank': 'True'}),
+            'host': ('django.db.models.fields.related.ForeignKey', [], {'to': u"orm['firewall.Host']", 'null': 'True', 'blank': 'True'}),
+            u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+            'ipv4': ('django.db.models.fields.GenericIPAddressField', [], {'unique': 'True', 'max_length': '39'}),
+            'modified_at': ('django.db.models.fields.DateTimeField', [], {'auto_now': 'True', 'blank': 'True'}),
+            'reason': ('django.db.models.fields.TextField', [], {'blank': 'True'}),
+            'snort_message': ('django.db.models.fields.TextField', [], {'blank': 'True'}),
+            'type': ('django.db.models.fields.CharField', [], {'default': "'tempban'", 'max_length': '10'})
+        },
+        u'firewall.domain': {
+            'Meta': {'object_name': 'Domain'},
+            'created_at': ('django.db.models.fields.DateTimeField', [], {'auto_now_add': 'True', 'blank': 'True'}),
+            'description': ('django.db.models.fields.TextField', [], {'blank': 'True'}),
+            u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+            'modified_at': ('django.db.models.fields.DateTimeField', [], {'auto_now': 'True', 'blank': 'True'}),
+            'name': ('django.db.models.fields.CharField', [], {'max_length': '40'}),
+            'owner': ('django.db.models.fields.related.ForeignKey', [], {'to': u"orm['auth.User']"}),
+            'ttl': ('django.db.models.fields.IntegerField', [], {'default': '600'})
+        },
+        u'firewall.ethernetdevice': {
+            'Meta': {'object_name': 'EthernetDevice'},
+            'created_at': ('django.db.models.fields.DateTimeField', [], {'auto_now_add': 'True', 'blank': 'True'}),
+            u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+            'modified_at': ('django.db.models.fields.DateTimeField', [], {'auto_now': 'True', 'blank': 'True'}),
+            'name': ('django.db.models.fields.CharField', [], {'unique': 'True', 'max_length': '20'}),
+            'switch_port': ('django.db.models.fields.related.ForeignKey', [], {'related_name': "'ethernet_devices'", 'to': u"orm['firewall.SwitchPort']"})
+        },
+        u'firewall.firewall': {
+            'Meta': {'object_name': 'Firewall'},
+            u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+            'name': ('django.db.models.fields.CharField', [], {'unique': 'True', 'max_length': '20'})
+        },
+        u'firewall.group': {
+            'Meta': {'object_name': 'Group'},
+            'created_at': ('django.db.models.fields.DateTimeField', [], {'auto_now_add': 'True', 'blank': 'True'}),
+            'description': ('django.db.models.fields.TextField', [], {'blank': 'True'}),
+            u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+            'modified_at': ('django.db.models.fields.DateTimeField', [], {'auto_now': 'True', 'blank': 'True'}),
+            'name': ('django.db.models.fields.CharField', [], {'unique': 'True', 'max_length': '20'}),
+            'owner': ('django.db.models.fields.related.ForeignKey', [], {'to': u"orm['auth.User']", 'null': 'True', 'blank': 'True'})
+        },
+        u'firewall.host': {
+            'Meta': {'ordering': "('normalized_hostname', 'vlan')", 'unique_together': "(('hostname', 'vlan'),)", 'object_name': 'Host'},
+            'comment': ('django.db.models.fields.TextField', [], {'blank': 'True'}),
+            'created_at': ('django.db.models.fields.DateTimeField', [], {'auto_now_add': 'True', 'blank': 'True'}),
+            'description': ('django.db.models.fields.TextField', [], {'blank': 'True'}),
+            'external_ipv4': ('firewall.fields.IPAddressField', [], {'max_length': '100', 'null': 'True', 'blank': 'True'}),
+            'groups': ('django.db.models.fields.related.ManyToManyField', [], {'symmetrical': 'False', 'to': u"orm['firewall.Group']", 'null': 'True', 'blank': 'True'}),
+            'hostname': ('django.db.models.fields.CharField', [], {'max_length': '40'}),
+            u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+            'ipv4': ('firewall.fields.IPAddressField', [], {'unique': 'True', 'max_length': '100'}),
+            'ipv6': ('firewall.fields.IPAddressField', [], {'max_length': '100', 'unique': 'True', 'null': 'True', 'blank': 'True'}),
+            'location': ('django.db.models.fields.TextField', [], {'blank': 'True'}),
+            'mac': ('firewall.fields.MACAddressField', [], {'unique': 'True', 'max_length': '17'}),
+            'modified_at': ('django.db.models.fields.DateTimeField', [], {'auto_now': 'True', 'blank': 'True'}),
+            'normalized_hostname': ('common.models.HumanSortField', [], {'default': "''", 'maximum_number_length': '4', 'max_length': '80', 'monitor': "'hostname'", 'blank': 'True'}),
+            'owner': ('django.db.models.fields.related.ForeignKey', [], {'to': u"orm['auth.User']"}),
+            'reverse': ('django.db.models.fields.CharField', [], {'max_length': '40', 'null': 'True', 'blank': 'True'}),
+            'shared_ip': ('django.db.models.fields.BooleanField', [], {'default': 'False'}),
+            'vlan': ('django.db.models.fields.related.ForeignKey', [], {'to': u"orm['firewall.Vlan']"})
+        },
+        u'firewall.record': {
+            'Meta': {'ordering': "('domain', 'name')", 'object_name': 'Record'},
+            'address': ('django.db.models.fields.CharField', [], {'max_length': '200'}),
+            'created_at': ('django.db.models.fields.DateTimeField', [], {'auto_now_add': 'True', 'blank': 'True'}),
+            'description': ('django.db.models.fields.TextField', [], {'blank': 'True'}),
+            'domain': ('django.db.models.fields.related.ForeignKey', [], {'to': u"orm['firewall.Domain']"}),
+            'host': ('django.db.models.fields.related.ForeignKey', [], {'to': u"orm['firewall.Host']", 'null': 'True', 'blank': 'True'}),
+            u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+            'modified_at': ('django.db.models.fields.DateTimeField', [], {'auto_now': 'True', 'blank': 'True'}),
+            'name': ('django.db.models.fields.CharField', [], {'max_length': '40', 'null': 'True', 'blank': 'True'}),
+            'owner': ('django.db.models.fields.related.ForeignKey', [], {'to': u"orm['auth.User']"}),
+            'ttl': ('django.db.models.fields.IntegerField', [], {'default': '600'}),
+            'type': ('django.db.models.fields.CharField', [], {'max_length': '6'})
+        },
+        u'firewall.rule': {
+            'Meta': {'ordering': "('direction', 'proto', 'sport', 'dport', 'nat_external_port', 'host')", 'object_name': 'Rule'},
+            'action': ('django.db.models.fields.CharField', [], {'default': "'drop'", 'max_length': '10'}),
+            'accept': ('django.db.models.fields.BooleanField', [], {'default': 'True'}),
+            'created_at': ('django.db.models.fields.DateTimeField', [], {'auto_now_add': 'True', 'blank': 'True'}),
+            'description': ('django.db.models.fields.TextField', [], {'blank': 'True'}),
+            'direction': ('django.db.models.fields.CharField', [], {'max_length': '3'}),
+            'dport': ('django.db.models.fields.IntegerField', [], {'null': 'True', 'blank': 'True'}),
+            'extra': ('django.db.models.fields.TextField', [], {'blank': 'True'}),
+            'firewall': ('django.db.models.fields.related.ForeignKey', [], {'blank': 'True', 'related_name': "'rules'", 'null': 'True', 'to': u"orm['firewall.Firewall']"}),
+            'foreign_network': ('django.db.models.fields.related.ForeignKey', [], {'related_name': "'ForeignRules'", 'to': u"orm['firewall.VlanGroup']"}),
+            'host': ('django.db.models.fields.related.ForeignKey', [], {'blank': 'True', 'related_name': "'rules'", 'null': 'True', 'to': u"orm['firewall.Host']"}),
+            'hostgroup': ('django.db.models.fields.related.ForeignKey', [], {'blank': 'True', 'related_name': "'rules'", 'null': 'True', 'to': u"orm['firewall.Group']"}),
+            u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+            'modified_at': ('django.db.models.fields.DateTimeField', [], {'auto_now': 'True', 'blank': 'True'}),
+            'nat': ('django.db.models.fields.BooleanField', [], {'default': 'False'}),
+            'nat_external_ipv4': ('firewall.fields.IPAddressField', [], {'max_length': '100', 'null': 'True', 'blank': 'True'}),
+            'nat_external_port': ('django.db.models.fields.IntegerField', [], {'null': 'True', 'blank': 'True'}),
+            'owner': ('django.db.models.fields.related.ForeignKey', [], {'to': u"orm['auth.User']", 'null': 'True', 'blank': 'True'}),
+            'proto': ('django.db.models.fields.CharField', [], {'max_length': '10', 'null': 'True', 'blank': 'True'}),
+            'sport': ('django.db.models.fields.IntegerField', [], {'null': 'True', 'blank': 'True'}),
+            'vlan': ('django.db.models.fields.related.ForeignKey', [], {'blank': 'True', 'related_name': "'rules'", 'null': 'True', 'to': u"orm['firewall.Vlan']"}),
+            'vlangroup': ('django.db.models.fields.related.ForeignKey', [], {'blank': 'True', 'related_name': "'rules'", 'null': 'True', 'to': u"orm['firewall.VlanGroup']"}),
+            'weight': ('django.db.models.fields.IntegerField', [], {'default': '30000'})
+        },
+        u'firewall.switchport': {
+            'Meta': {'object_name': 'SwitchPort'},
+            'created_at': ('django.db.models.fields.DateTimeField', [], {'auto_now_add': 'True', 'blank': 'True'}),
+            'description': ('django.db.models.fields.TextField', [], {'blank': 'True'}),
+            u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+            'modified_at': ('django.db.models.fields.DateTimeField', [], {'auto_now': 'True', 'blank': 'True'}),
+            'tagged_vlans': ('django.db.models.fields.related.ForeignKey', [], {'blank': 'True', 'related_name': "'tagged_ports'", 'null': 'True', 'to': u"orm['firewall.VlanGroup']"}),
+            'untagged_vlan': ('django.db.models.fields.related.ForeignKey', [], {'related_name': "'untagged_ports'", 'to': u"orm['firewall.Vlan']"})
+        },
+        u'firewall.vlan': {
+            'Meta': {'object_name': 'Vlan'},
+            'comment': ('django.db.models.fields.TextField', [], {'blank': 'True'}),
+            'created_at': ('django.db.models.fields.DateTimeField', [], {'auto_now_add': 'True', 'blank': 'True'}),
+            'description': ('django.db.models.fields.TextField', [], {'blank': 'True'}),
+            'dhcp_pool': ('django.db.models.fields.TextField', [], {'blank': 'True'}),
+            'domain': ('django.db.models.fields.related.ForeignKey', [], {'to': u"orm['firewall.Domain']"}),
+            u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+            'ipv6_template': ('django.db.models.fields.TextField', [], {'default': "'2001:738:2001:4031:%(b)d:%(c)d:%(d)d:0'"}),
+            'managed': ('django.db.models.fields.BooleanField', [], {'default': 'True'}),
+            'modified_at': ('django.db.models.fields.DateTimeField', [], {'auto_now': 'True', 'blank': 'True'}),
+            'name': ('django.db.models.fields.CharField', [], {'unique': 'True', 'max_length': '20'}),
+            'network4': ('firewall.fields.IPNetworkField', [], {'max_length': '100'}),
+            'network6': ('firewall.fields.IPNetworkField', [], {'max_length': '100', 'null': 'True', 'blank': 'True'}),
+            'network_type': ('django.db.models.fields.CharField', [], {'default': "'portforward'", 'max_length': '20'}),
+            'owner': ('django.db.models.fields.related.ForeignKey', [], {'to': u"orm['auth.User']", 'null': 'True', 'blank': 'True'}),
+            'reverse_domain': ('django.db.models.fields.TextField', [], {'default': "'%(d)d.%(c)d.%(b)d.%(a)d.in-addr.arpa'"}),
+            'snat_ip': ('django.db.models.fields.GenericIPAddressField', [], {'max_length': '39', 'null': 'True', 'blank': 'True'}),
+            'snat_to': ('django.db.models.fields.related.ManyToManyField', [], {'symmetrical': 'False', 'to': u"orm['firewall.Vlan']", 'null': 'True', 'blank': 'True'}),
+            'vid': ('django.db.models.fields.IntegerField', [], {'unique': 'True'})
+        },
+        u'firewall.vlangroup': {
+            'Meta': {'object_name': 'VlanGroup'},
+            'created_at': ('django.db.models.fields.DateTimeField', [], {'auto_now_add': 'True', 'blank': 'True'}),
+            'description': ('django.db.models.fields.TextField', [], {'blank': 'True'}),
+            u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+            'modified_at': ('django.db.models.fields.DateTimeField', [], {'auto_now': 'True', 'blank': 'True'}),
+            'name': ('django.db.models.fields.CharField', [], {'unique': 'True', 'max_length': '20'}),
+            'owner': ('django.db.models.fields.related.ForeignKey', [], {'to': u"orm['auth.User']", 'null': 'True', 'blank': 'True'}),
+            'vlans': ('django.db.models.fields.related.ManyToManyField', [], {'symmetrical': 'False', 'to': u"orm['firewall.Vlan']", 'null': 'True', 'blank': 'True'})
+        }
+    }
+
+    complete_apps = ['firewall']

circle/firewall/migrations/0049_auto__del_field_rule_accept.py

+# -*- coding: utf-8 -*-
+import datetime
+from south.db import db
+from south.v2 import SchemaMigration
+from django.db import models
+
+
+class Migration(SchemaMigration):
+
+    def forwards(self, orm):
+        # Deleting field 'Rule.accept'
+        db.delete_column(u'firewall_rule', 'accept')
+
+    def backwards(self, orm):
+        # Adding field 'Rule.accept'
+        db.add_column(u'firewall_rule', 'accept',
+                      self.gf('django.db.models.fields.BooleanField')(default=True),
+                      keep_default=False)
+
+        # Migrating data
+        for rule in orm.Rule.objects.all():
+            rule.accept = rule.action == 'accept'
+            rule.save()
+
+
+
+    models = {
+        u'acl.level': {
+            'Meta': {'unique_together': "(('content_type', 'codename'),)", 'object_name': 'Level'},
+            'codename': ('django.db.models.fields.CharField', [], {'max_length': '100'}),
+            'content_type': ('django.db.models.fields.related.ForeignKey', [], {'to': u"orm['contenttypes.ContentType']"}),
+            u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+            'name': ('django.db.models.fields.CharField', [], {'max_length': '50'}),
+            'weight': ('django.db.models.fields.IntegerField', [], {'null': 'True'})
+        },
+        u'acl.objectlevel': {
+            'Meta': {'unique_together': "(('content_type', 'object_id', 'level'),)", 'object_name': 'ObjectLevel'},
+            'content_type': ('django.db.models.fields.related.ForeignKey', [], {'to': u"orm['contenttypes.ContentType']"}),
+            'groups': ('django.db.models.fields.related.ManyToManyField', [], {'to': u"orm['auth.Group']", 'symmetrical': 'False'}),
+            u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+            'level': ('django.db.models.fields.related.ForeignKey', [], {'to': u"orm['acl.Level']"}),
+            'object_id': ('django.db.models.fields.IntegerField', [], {}),
+            'users': ('django.db.models.fields.related.ManyToManyField', [], {'to': u"orm['auth.User']", 'symmetrical': 'False'})
+        },
+        u'auth.group': {
+            'Meta': {'object_name': 'Group'},
+            u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+            'name': ('django.db.models.fields.CharField', [], {'unique': 'True', 'max_length': '80'}),
+            'permissions': ('django.db.models.fields.related.ManyToManyField', [], {'to': u"orm['auth.Permission']", 'symmetrical': 'False', 'blank': 'True'})
+        },
+        u'auth.permission': {
+            'Meta': {'ordering': "(u'content_type__app_label', u'content_type__model', u'codename')", 'unique_together': "((u'content_type', u'codename'),)", 'object_name': 'Permission'},
+            'codename': ('django.db.models.fields.CharField', [], {'max_length': '100'}),
+            'content_type': ('django.db.models.fields.related.ForeignKey', [], {'to': u"orm['contenttypes.ContentType']"}),
+            u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+            'name': ('django.db.models.fields.CharField', [], {'max_length': '50'})
+        },
+        u'auth.user': {
+            'Meta': {'object_name': 'User'},
+            'date_joined': ('django.db.models.fields.DateTimeField', [], {'default': 'datetime.datetime.now'}),
+            'email': ('django.db.models.fields.EmailField', [], {'max_length': '75', 'blank': 'True'}),
+            'first_name': ('django.db.models.fields.CharField', [], {'max_length': '30', 'blank': 'True'}),
+            'groups': ('django.db.models.fields.related.ManyToManyField', [], {'to': u"orm['auth.Group']", 'symmetrical': 'False', 'blank': 'True'}),
+            u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+            'is_active': ('django.db.models.fields.BooleanField', [], {'default': 'True'}),
+            'is_staff': ('django.db.models.fields.BooleanField', [], {'default': 'False'}),
+            'is_superuser': ('django.db.models.fields.BooleanField', [], {'default': 'False'}),
+            'last_login': ('django.db.models.fields.DateTimeField', [], {'default': 'datetime.datetime.now'}),
+            'last_name': ('django.db.models.fields.CharField', [], {'max_length': '30', 'blank': 'True'}),
+            'password': ('django.db.models.fields.CharField', [], {'max_length': '128'}),
+            'user_permissions': ('django.db.models.fields.related.ManyToManyField', [], {'to': u"orm['auth.Permission']", 'symmetrical': 'False', 'blank': 'True'}),
+            'username': ('django.db.models.fields.CharField', [], {'unique': 'True', 'max_length': '30'})
+        },
+        u'contenttypes.contenttype': {
+            'Meta': {'ordering': "('name',)", 'unique_together': "(('app_label', 'model'),)", 'object_name': 'ContentType', 'db_table': "'django_content_type'"},
+            'app_label': ('django.db.models.fields.CharField', [], {'max_length': '100'}),
+            u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+            'model': ('django.db.models.fields.CharField', [], {'max_length': '100'}),
+            'name': ('django.db.models.fields.CharField', [], {'max_length': '100'})
+        },
+        u'firewall.blacklist': {
+            'Meta': {'object_name': 'Blacklist'},
+            'created_at': ('django.db.models.fields.DateTimeField', [], {'auto_now_add': 'True', 'blank': 'True'}),
+            'host': ('django.db.models.fields.related.ForeignKey', [], {'to': u"orm['firewall.Host']", 'null': 'True', 'blank': 'True'}),
+            u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+            'ipv4': ('django.db.models.fields.GenericIPAddressField', [], {'unique': 'True', 'max_length': '39'}),
+            'modified_at': ('django.db.models.fields.DateTimeField', [], {'auto_now': 'True', 'blank': 'True'}),
+            'reason': ('django.db.models.fields.TextField', [], {'blank': 'True'}),
+            'snort_message': ('django.db.models.fields.TextField', [], {'blank': 'True'}),
+            'type': ('django.db.models.fields.CharField', [], {'default': "'tempban'", 'max_length': '10'})
+        },
+        u'firewall.domain': {
+            'Meta': {'object_name': 'Domain'},
+            'created_at': ('django.db.models.fields.DateTimeField', [], {'auto_now_add': 'True', 'blank': 'True'}),
+            'description': ('django.db.models.fields.TextField', [], {'blank': 'True'}),
+            u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+            'modified_at': ('django.db.models.fields.DateTimeField', [], {'auto_now': 'True', 'blank': 'True'}),
+            'name': ('django.db.models.fields.CharField', [], {'max_length': '40'}),
+            'owner': ('django.db.models.fields.related.ForeignKey', [], {'to': u"orm['auth.User']"}),
+            'ttl': ('django.db.models.fields.IntegerField', [], {'default': '600'})
+        },
+        u'firewall.ethernetdevice': {
+            'Meta': {'object_name': 'EthernetDevice'},
+            'created_at': ('django.db.models.fields.DateTimeField', [], {'auto_now_add': 'True', 'blank': 'True'}),
+            u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+            'modified_at': ('django.db.models.fields.DateTimeField', [], {'auto_now': 'True', 'blank': 'True'}),
+            'name': ('django.db.models.fields.CharField', [], {'unique': 'True', 'max_length': '20'}),
+            'switch_port': ('django.db.models.fields.related.ForeignKey', [], {'related_name': "'ethernet_devices'", 'to': u"orm['firewall.SwitchPort']"})
+        },
+        u'firewall.firewall': {
+            'Meta': {'object_name': 'Firewall'},
+            u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+            'name': ('django.db.models.fields.CharField', [], {'unique': 'True', 'max_length': '20'})
+        },
+        u'firewall.group': {
+            'Meta': {'object_name': 'Group'},
+            'created_at': ('django.db.models.fields.DateTimeField', [], {'auto_now_add': 'True', 'blank': 'True'}),
+            'description': ('django.db.models.fields.TextField', [], {'blank': 'True'}),
+            u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+            'modified_at': ('django.db.models.fields.DateTimeField', [], {'auto_now': 'True', 'blank': 'True'}),
+            'name': ('django.db.models.fields.CharField', [], {'unique': 'True', 'max_length': '20'}),
+            'owner': ('django.db.models.fields.related.ForeignKey', [], {'to': u"orm['auth.User']", 'null': 'True', 'blank': 'True'})
+        },
+        u'firewall.host': {
+            'Meta': {'ordering': "('normalized_hostname', 'vlan')", 'unique_together': "(('hostname', 'vlan'),)", 'object_name': 'Host'},
+            'comment': ('django.db.models.fields.TextField', [], {'blank': 'True'}),
+            'created_at': ('django.db.models.fields.DateTimeField', [], {'auto_now_add': 'True', 'blank': 'True'}),
+            'description': ('django.db.models.fields.TextField', [], {'blank': 'True'}),
+            'external_ipv4': ('firewall.fields.IPAddressField', [], {'max_length': '100', 'null': 'True', 'blank': 'True'}),
+            'groups': ('django.db.models.fields.related.ManyToManyField', [], {'symmetrical': 'False', 'to': u"orm['firewall.Group']", 'null': 'True', 'blank': 'True'}),
+            'hostname': ('django.db.models.fields.CharField', [], {'max_length': '40'}),
+            u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+            'ipv4': ('firewall.fields.IPAddressField', [], {'unique': 'True', 'max_length': '100'}),
+            'ipv6': ('firewall.fields.IPAddressField', [], {'max_length': '100', 'unique': 'True', 'null': 'True', 'blank': 'True'}),
+            'location': ('django.db.models.fields.TextField', [], {'blank': 'True'}),
+            'mac': ('firewall.fields.MACAddressField', [], {'unique': 'True', 'max_length': '17'}),
+            'modified_at': ('django.db.models.fields.DateTimeField', [], {'auto_now': 'True', 'blank': 'True'}),
+            'normalized_hostname': ('common.models.HumanSortField', [], {'default': "''", 'maximum_number_length': '4', 'max_length': '80', 'monitor': "'hostname'", 'blank': 'True'}),
+            'owner': ('django.db.models.fields.related.ForeignKey', [], {'to': u"orm['auth.User']"}),
+            'reverse': ('django.db.models.fields.CharField', [], {'max_length': '40', 'null': 'True', 'blank': 'True'}),
+            'shared_ip': ('django.db.models.fields.BooleanField', [], {'default': 'False'}),
+            'vlan': ('django.db.models.fields.related.ForeignKey', [], {'to': u"orm['firewall.Vlan']"})
+        },
+        u'firewall.record': {
+            'Meta': {'ordering': "('domain', 'name')", 'object_name': 'Record'},
+            'address': ('django.db.models.fields.CharField', [], {'max_length': '200'}),
+            'created_at': ('django.db.models.fields.DateTimeField', [], {'auto_now_add': 'True', 'blank': 'True'}),
+            'description': ('django.db.models.fields.TextField', [], {'blank': 'True'}),
+            'domain': ('django.db.models.fields.related.ForeignKey', [], {'to': u"orm['firewall.Domain']"}),
+            'host': ('django.db.models.fields.related.ForeignKey', [], {'to': u"orm['firewall.Host']", 'null': 'True', 'blank': 'True'}),
+            u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+            'modified_at': ('django.db.models.fields.DateTimeField', [], {'auto_now': 'True', 'blank': 'True'}),
+            'name': ('django.db.models.fields.CharField', [], {'max_length': '40', 'null': 'True', 'blank': 'True'}),
+            'owner': ('django.db.models.fields.related.ForeignKey', [], {'to': u"orm['auth.User']"}),
+            'ttl': ('django.db.models.fields.IntegerField', [], {'default': '600'}),
+            'type': ('django.db.models.fields.CharField', [], {'max_length': '6'})
+        },
+        u'firewall.rule': {
+            'Meta': {'ordering': "('direction', 'proto', 'sport', 'dport', 'nat_external_port', 'host')", 'object_name': 'Rule'},
+            'action': ('django.db.models.fields.CharField', [], {'default': "'drop'", 'max_length': '10'}),
+            'created_at': ('django.db.models.fields.DateTimeField', [], {'auto_now_add': 'True', 'blank': 'True'}),
+            'description': ('django.db.models.fields.TextField', [], {'blank': 'True'}),
+            'direction': ('django.db.models.fields.CharField', [], {'max_length': '3'}),
+            'dport': ('django.db.models.fields.IntegerField', [], {'null': 'True', 'blank': 'True'}),
+            'extra': ('django.db.models.fields.TextField', [], {'blank': 'True'}),
+            'firewall': ('django.db.models.fields.related.ForeignKey', [], {'blank': 'True', 'related_name': "'rules'", 'null': 'True', 'to': u"orm['firewall.Firewall']"}),
+            'foreign_network': ('django.db.models.fields.related.ForeignKey', [], {'related_name': "'ForeignRules'", 'to': u"orm['firewall.VlanGroup']"}),
+            'host': ('django.db.models.fields.related.ForeignKey', [], {'blank': 'True', 'related_name': "'rules'", 'null': 'True', 'to': u"orm['firewall.Host']"}),
+            'hostgroup': ('django.db.models.fields.related.ForeignKey', [], {'blank': 'True', 'related_name': "'rules'", 'null': 'True', 'to': u"orm['firewall.Group']"}),
+            u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+            'modified_at': ('django.db.models.fields.DateTimeField', [], {'auto_now': 'True', 'blank': 'True'}),
+            'nat': ('django.db.models.fields.BooleanField', [], {'default': 'False'}),
+            'nat_external_ipv4': ('firewall.fields.IPAddressField', [], {'max_length': '100', 'null': 'True', 'blank': 'True'}),
+            'nat_external_port': ('django.db.models.fields.IntegerField', [], {'null': 'True', 'blank': 'True'}),
+            'owner': ('django.db.models.fields.related.ForeignKey', [], {'to': u"orm['auth.User']", 'null': 'True', 'blank': 'True'}),
+            'proto': ('django.db.models.fields.CharField', [], {'max_length': '10', 'null': 'True', 'blank': 'True'}),
+            'sport': ('django.db.models.fields.IntegerField', [], {'null': 'True', 'blank': 'True'}),
+            'vlan': ('django.db.models.fields.related.ForeignKey', [], {'blank': 'True', 'related_name': "'rules'", 'null': 'True', 'to': u"orm['firewall.Vlan']"}),
+            'vlangroup': ('django.db.models.fields.related.ForeignKey', [], {'blank': 'True', 'related_name': "'rules'", 'null': 'True', 'to': u"orm['firewall.VlanGroup']"}),
+            'weight': ('django.db.models.fields.IntegerField', [], {'default': '30000'})
+        },
+        u'firewall.switchport': {
+            'Meta': {'object_name': 'SwitchPort'},
+            'created_at': ('django.db.models.fields.DateTimeField', [], {'auto_now_add': 'True', 'blank': 'True'}),
+            'description': ('django.db.models.fields.TextField', [], {'blank': 'True'}),
+            u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+            'modified_at': ('django.db.models.fields.DateTimeField', [], {'auto_now': 'True', 'blank': 'True'}),
+            'tagged_vlans': ('django.db.models.fields.related.ForeignKey', [], {'blank': 'True', 'related_name': "'tagged_ports'", 'null': 'True', 'to': u"orm['firewall.VlanGroup']"}),
+            'untagged_vlan': ('django.db.models.fields.related.ForeignKey', [], {'related_name': "'untagged_ports'", 'to': u"orm['firewall.Vlan']"})
+        },
+        u'firewall.vlan': {
+            'Meta': {'object_name': 'Vlan'},
+            'comment': ('django.db.models.fields.TextField', [], {'blank': 'True'}),
+            'created_at': ('django.db.models.fields.DateTimeField', [], {'auto_now_add': 'True', 'blank': 'True'}),
+            'description': ('django.db.models.fields.TextField', [], {'blank': 'True'}),
+            'dhcp_pool': ('django.db.models.fields.TextField', [], {'blank': 'True'}),
+            'domain': ('django.db.models.fields.related.ForeignKey', [], {'to': u"orm['firewall.Domain']"}),
+            u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+            'ipv6_template': ('django.db.models.fields.TextField', [], {'default': "'2001:738:2001:4031:%(b)d:%(c)d:%(d)d:0'"}),
+            'managed': ('django.db.models.fields.BooleanField', [], {'default': 'True'}),
+            'modified_at': ('django.db.models.fields.DateTimeField', [], {'auto_now': 'True', 'blank': 'True'}),
+            'name': ('django.db.models.fields.CharField', [], {'unique': 'True', 'max_length': '20'}),
+            'network4': ('firewall.fields.IPNetworkField', [], {'max_length': '100'}),
+            'network6': ('firewall.fields.IPNetworkField', [], {'max_length': '100', 'null': 'True', 'blank': 'True'}),
+            'network_type': ('django.db.models.fields.CharField', [], {'default': "'portforward'", 'max_length': '20'}),
+            'owner': ('django.db.models.fields.related.ForeignKey', [], {'to': u"orm['auth.User']", 'null': 'True', 'blank': 'True'}),
+            'reverse_domain': ('django.db.models.fields.TextField', [], {'default': "'%(d)d.%(c)d.%(b)d.%(a)d.in-addr.arpa'"}),
+            'snat_ip': ('django.db.models.fields.GenericIPAddressField', [], {'max_length': '39', 'null': 'True', 'blank': 'True'}),
+            'snat_to': ('django.db.models.fields.related.ManyToManyField', [], {'symmetrical': 'False', 'to': u"orm['firewall.Vlan']", 'null': 'True', 'blank': 'True'}),
+            'vid': ('django.db.models.fields.IntegerField', [], {'unique': 'True'})
+        },
+        u'firewall.vlangroup': {
+            'Meta': {'object_name': 'VlanGroup'},
+            'created_at': ('django.db.models.fields.DateTimeField', [], {'auto_now_add': 'True', 'blank': 'True'}),
+            'description': ('django.db.models.fields.TextField', [], {'blank': 'True'}),
+            u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+            'modified_at': ('django.db.models.fields.DateTimeField', [], {'auto_now': 'True', 'blank': 'True'}),
+            'name': ('django.db.models.fields.CharField', [], {'unique': 'True', 'max_length': '20'}),
+            'owner': ('django.db.models.fields.related.ForeignKey', [], {'to': u"orm['auth.User']", 'null': 'True', 'blank': 'True'}),
+            'vlans': ('django.db.models.fields.related.ManyToManyField', [], {'symmetrical': 'False', 'to': u"orm['firewall.Vlan']", 'null': 'True', 'blank': 'True'})
+        }
+    }
+
+    complete_apps = ['firewall']

circle/firewall/migrations/0050_auto__add_field_vlan_host_ipv6_prefixlen.py

+# -*- coding: utf-8 -*-
+import datetime
+from south.db import db
+from south.v2 import SchemaMigration
+from django.db import models
+
+
+class Migration(SchemaMigration):
+
+    def forwards(self, orm):
+        # Adding field 'Vlan.host_ipv6_prefixlen'
+        db.add_column(u'firewall_vlan', 'host_ipv6_prefixlen',
+                      self.gf('django.db.models.fields.IntegerField')(default=112),
+                      keep_default=False)
+
+
+    def backwards(self, orm):
+        # Deleting field 'Vlan.host_ipv6_prefixlen'
+        db.delete_column(u'firewall_vlan', 'host_ipv6_prefixlen')
+
+
+    models = {
+        u'acl.level': {
+            'Meta': {'unique_together': "(('content_type', 'codename'),)", 'object_name': 'Level'},
+            'codename': ('django.db.models.fields.CharField', [], {'max_length': '100'}),
+            'content_type': ('django.db.models.fields.related.ForeignKey', [], {'to': u"orm['contenttypes.ContentType']"}),
+            u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+            'name': ('django.db.models.fields.CharField', [], {'max_length': '50'}),
+            'weight': ('django.db.models.fields.IntegerField', [], {'null': 'True'})
+        },
+        u'acl.objectlevel': {
+            'Meta': {'unique_together': "(('content_type', 'object_id', 'level'),)", 'object_name': 'ObjectLevel'},
+            'content_type': ('django.db.models.fields.related.ForeignKey', [], {'to': u"orm['contenttypes.ContentType']"}),
+            'groups': ('django.db.models.fields.related.ManyToManyField', [], {'to': u"orm['auth.Group']", 'symmetrical': 'False'}),
+            u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+            'level': ('django.db.models.fields.related.ForeignKey', [], {'to': u"orm['acl.Level']"}),
+            'object_id': ('django.db.models.fields.IntegerField', [], {}),
+            'users': ('django.db.models.fields.related.ManyToManyField', [], {'to': u"orm['auth.User']", 'symmetrical': 'False'})
+        },
+        u'auth.group': {
+            'Meta': {'object_name': 'Group'},
+            u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+            'name': ('django.db.models.fields.CharField', [], {'unique': 'True', 'max_length': '80'}),
+            'permissions': ('django.db.models.fields.related.ManyToManyField', [], {'to': u"orm['auth.Permission']", 'symmetrical': 'False', 'blank': 'True'})
+        },
+        u'auth.permission': {
+            'Meta': {'ordering': "(u'content_type__app_label', u'content_type__model', u'codename')", 'unique_together': "((u'content_type', u'codename'),)", 'object_name': 'Permission'},
+            'codename': ('django.db.models.fields.CharField', [], {'max_length': '100'}),
+            'content_type': ('django.db.models.fields.related.ForeignKey', [], {'to': u"orm['contenttypes.ContentType']"}),
+            u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+            'name': ('django.db.models.fields.CharField', [], {'max_length': '50'})
+        },
+        u'auth.user': {
+            'Meta': {'object_name': 'User'},
+            'date_joined': ('django.db.models.fields.DateTimeField', [], {'default': 'datetime.datetime.now'}),
+            'email': ('django.db.models.fields.EmailField', [], {'max_length': '75', 'blank': 'True'}),
+            'first_name': ('django.db.models.fields.CharField', [], {'max_length': '30', 'blank': 'True'}),
+            'groups': ('django.db.models.fields.related.ManyToManyField', [], {'to': u"orm['auth.Group']", 'symmetrical': 'False', 'blank': 'True'}),
+            u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+            'is_active': ('django.db.models.fields.BooleanField', [], {'default': 'True'}),
+            'is_staff': ('django.db.models.fields.BooleanField', [], {'default': 'False'}),
+            'is_superuser': ('django.db.models.fields.BooleanField', [], {'default': 'False'}),
+            'last_login': ('django.db.models.fields.DateTimeField', [], {'default': 'datetime.datetime.now'}),
+            'last_name': ('django.db.models.fields.CharField', [], {'max_length': '30', 'blank': 'True'}),
+            'password': ('django.db.models.fields.CharField', [], {'max_length': '128'}),
+            'user_permissions': ('django.db.models.fields.related.ManyToManyField', [], {'to': u"orm['auth.Permission']", 'symmetrical': 'False', 'blank': 'True'}),
+            'username': ('django.db.models.fields.CharField', [], {'unique': 'True', 'max_length': '30'})
+        },
+        u'contenttypes.contenttype': {
+            'Meta': {'ordering': "('name',)", 'unique_together': "(('app_label', 'model'),)", 'object_name': 'ContentType', 'db_table': "'django_content_type'"},
+            'app_label': ('django.db.models.fields.CharField', [], {'max_length': '100'}),
+            u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+            'model': ('django.db.models.fields.CharField', [], {'max_length': '100'}),
+            'name': ('django.db.models.fields.CharField', [], {'max_length': '100'})
+        },
+        u'firewall.blacklist': {
+            'Meta': {'object_name': 'Blacklist'},
+            'created_at': ('django.db.models.fields.DateTimeField', [], {'auto_now_add': 'True', 'blank': 'True'}),
+            'host': ('django.db.models.fields.related.ForeignKey', [], {'to': u"orm['firewall.Host']", 'null': 'True', 'blank': 'True'}),
+            u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+            'ipv4': ('django.db.models.fields.GenericIPAddressField', [], {'unique': 'True', 'max_length': '39'}),
+            'modified_at': ('django.db.models.fields.DateTimeField', [], {'auto_now': 'True', 'blank': 'True'}),
+            'reason': ('django.db.models.fields.TextField', [], {'blank': 'True'}),
+            'snort_message': ('django.db.models.fields.TextField', [], {'blank': 'True'}),
+            'type': ('django.db.models.fields.CharField', [], {'default': "'tempban'", 'max_length': '10'})
+        },
+        u'firewall.domain': {
+            'Meta': {'object_name': 'Domain'},
+            'created_at': ('django.db.models.fields.DateTimeField', [], {'auto_now_add': 'True', 'blank': 'True'}),
+            'description': ('django.db.models.fields.TextField', [], {'blank': 'True'}),
+            u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+            'modified_at': ('django.db.models.fields.DateTimeField', [], {'auto_now': 'True', 'blank': 'True'}),
+            'name': ('django.db.models.fields.CharField', [], {'max_length': '40'}),
+            'owner': ('django.db.models.fields.related.ForeignKey', [], {'to': u"orm['auth.User']"}),
+            'ttl': ('django.db.models.fields.IntegerField', [], {'default': '600'})
+        },
+        u'firewall.ethernetdevice': {
+            'Meta': {'object_name': 'EthernetDevice'},
+            'created_at': ('django.db.models.fields.DateTimeField', [], {'auto_now_add': 'True', 'blank': 'True'}),
+            u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+            'modified_at': ('django.db.models.fields.DateTimeField', [], {'auto_now': 'True', 'blank': 'True'}),
+            'name': ('django.db.models.fields.CharField', [], {'unique': 'True', 'max_length': '20'}),
+            'switch_port': ('django.db.models.fields.related.ForeignKey', [], {'related_name': "'ethernet_devices'", 'to': u"orm['firewall.SwitchPort']"})
+        },
+        u'firewall.firewall': {
+            'Meta': {'object_name': 'Firewall'},
+            u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+            'name': ('django.db.models.fields.CharField', [], {'unique': 'True', 'max_length': '20'})
+        },
+        u'firewall.group': {
+            'Meta': {'object_name': 'Group'},
+            'created_at': ('django.db.models.fields.DateTimeField', [], {'auto_now_add': 'True', 'blank': 'True'}),
+            'description': ('django.db.models.fields.TextField', [], {'blank': 'True'}),
+            u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+            'modified_at': ('django.db.models.fields.DateTimeField', [], {'auto_now': 'True', 'blank': 'True'}),
+            'name': ('django.db.models.fields.CharField', [], {'unique': 'True', 'max_length': '20'}),
+            'owner': ('django.db.models.fields.related.ForeignKey', [], {'to': u"orm['auth.User']", 'null': 'True', 'blank': 'True'})
+        },
+        u'firewall.host': {
+            'Meta': {'ordering': "('normalized_hostname', 'vlan')", 'unique_together': "(('hostname', 'vlan'),)", 'object_name': 'Host'},
+            'comment': ('django.db.models.fields.TextField', [], {'blank': 'True'}),
+            'created_at': ('django.db.models.fields.DateTimeField', [], {'auto_now_add': 'True', 'blank': 'True'}),
+            'description': ('django.db.models.fields.TextField', [], {'blank': 'True'}),
+            'external_ipv4': ('firewall.fields.IPAddressField', [], {'max_length': '100', 'null': 'True', 'blank': 'True'}),
+            'groups': ('django.db.models.fields.related.ManyToManyField', [], {'symmetrical': 'False', 'to': u"orm['firewall.Group']", 'null': 'True', 'blank': 'True'}),
+            'hostname': ('django.db.models.fields.CharField', [], {'max_length': '40'}),
+            u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+            'ipv4': ('firewall.fields.IPAddressField', [], {'unique': 'True', 'max_length': '100'}),
+            'ipv6': ('firewall.fields.IPAddressField', [], {'max_length': '100', 'unique': 'True', 'null': 'True', 'blank': 'True'}),
+            'location': ('django.db.models.fields.TextField', [], {'blank': 'True'}),
+            'mac': ('firewall.fields.MACAddressField', [], {'unique': 'True', 'max_length': '17'}),
+            'modified_at': ('django.db.models.fields.DateTimeField', [], {'auto_now': 'True', 'blank': 'True'}),
+            'normalized_hostname': ('common.models.HumanSortField', [], {'default': "''", 'maximum_number_length': '4', 'max_length': '80', 'monitor': "'hostname'", 'blank': 'True'}),
+            'owner': ('django.db.models.fields.related.ForeignKey', [], {'to': u"orm['auth.User']"}),
+            'reverse': ('django.db.models.fields.CharField', [], {'max_length': '40', 'null': 'True', 'blank': 'True'}),
+            'shared_ip': ('django.db.models.fields.BooleanField', [], {'default': 'False'}),
+            'vlan': ('django.db.models.fields.related.ForeignKey', [], {'to': u"orm['firewall.Vlan']"})
+        },
+        u'firewall.record': {
+            'Meta': {'ordering': "('domain', 'name')", 'object_name': 'Record'},
+            'address': ('django.db.models.fields.CharField', [], {'max_length': '200'}),
+            'created_at': ('django.db.models.fields.DateTimeField', [], {'auto_now_add': 'True', 'blank': 'True'}),
+            'description': ('django.db.models.fields.TextField', [], {'blank': 'True'}),
+            'domain': ('django.db.models.fields.related.ForeignKey', [], {'to': u"orm['firewall.Domain']"}),
+            'host': ('django.db.models.fields.related.ForeignKey', [], {'to': u"orm['firewall.Host']", 'null': 'True', 'blank': 'True'}),
+            u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+            'modified_at': ('django.db.models.fields.DateTimeField', [], {'auto_now': 'True', 'blank': 'True'}),
+            'name': ('django.db.models.fields.CharField', [], {'max_length': '40', 'null': 'True', 'blank': 'True'}),
+            'owner': ('django.db.models.fields.related.ForeignKey', [], {'to': u"orm['auth.User']"}),
+            'ttl': ('django.db.models.fields.IntegerField', [], {'default': '600'}),
+            'type': ('django.db.models.fields.CharField', [], {'max_length': '6'})
+        },
+        u'firewall.rule': {
+            'Meta': {'ordering': "('direction', 'proto', 'sport', 'dport', 'nat_external_port', 'host')", 'object_name': 'Rule'},
+            'action': ('django.db.models.fields.CharField', [], {'default': "'drop'", 'max_length': '10'}),
+            'created_at': ('django.db.models.fields.DateTimeField', [], {'auto_now_add': 'True', 'blank': 'True'}),
+            'description': ('django.db.models.fields.TextField', [], {'blank': 'True'}),
+            'direction': ('django.db.models.fields.CharField', [], {'max_length': '3'}),
+            'dport': ('django.db.models.fields.IntegerField', [], {'null': 'True', 'blank': 'True'}),
+            'extra': ('django.db.models.fields.TextField', [], {'blank': 'True'}),
+            'firewall': ('django.db.models.fields.related.ForeignKey', [], {'blank': 'True', 'related_name': "'rules'", 'null': 'True', 'to': u"orm['firewall.Firewall']"}),
+            'foreign_network': ('django.db.models.fields.related.ForeignKey', [], {'related_name': "'ForeignRules'", 'to': u"orm['firewall.VlanGroup']"}),
+            'host': ('django.db.models.fields.related.ForeignKey', [], {'blank': 'True', 'related_name': "'rules'", 'null': 'True', 'to': u"orm['firewall.Host']"}),
+            'hostgroup': ('django.db.models.fields.related.ForeignKey', [], {'blank': 'True', 'related_name': "'rules'", 'null': 'True', 'to': u"orm['firewall.Group']"}),
+            u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+            'modified_at': ('django.db.models.fields.DateTimeField', [], {'auto_now': 'True', 'blank': 'True'}),
+            'nat': ('django.db.models.fields.BooleanField', [], {'default': 'False'}),
+            'nat_external_ipv4': ('firewall.fields.IPAddressField', [], {'max_length': '100', 'null': 'True', 'blank': 'True'}),
+            'nat_external_port': ('django.db.models.fields.IntegerField', [], {'null': 'True', 'blank': 'True'}),
+            'owner': ('django.db.models.fields.related.ForeignKey', [], {'to': u"orm['auth.User']", 'null': 'True', 'blank': 'True'}),
+            'proto': ('django.db.models.fields.CharField', [], {'max_length': '10', 'null': 'True', 'blank': 'True'}),
+            'sport': ('django.db.models.fields.IntegerField', [], {'null': 'True', 'blank': 'True'}),
+            'vlan': ('django.db.models.fields.related.ForeignKey', [], {'blank': 'True', 'related_name': "'rules'", 'null': 'True', 'to': u"orm['firewall.Vlan']"}),
+            'vlangroup': ('django.db.models.fields.related.ForeignKey', [], {'blank': 'True', 'related_name': "'rules'", 'null': 'True', 'to': u"orm['firewall.VlanGroup']"}),
+            'weight': ('django.db.models.fields.IntegerField', [], {'default': '30000'})
+        },
+        u'firewall.switchport': {
+            'Meta': {'object_name': 'SwitchPort'},
+            'created_at': ('django.db.models.fields.DateTimeField', [], {'auto_now_add': 'True', 'blank': 'True'}),
+            'description': ('django.db.models.fields.TextField', [], {'blank': 'True'}),
+            u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+            'modified_at': ('django.db.models.fields.DateTimeField', [], {'auto_now': 'True', 'blank': 'True'}),
+            'tagged_vlans': ('django.db.models.fields.related.ForeignKey', [], {'blank': 'True', 'related_name': "'tagged_ports'", 'null': 'True', 'to': u"orm['firewall.VlanGroup']"}),
+            'untagged_vlan': ('django.db.models.fields.related.ForeignKey', [], {'related_name': "'untagged_ports'", 'to': u"orm['firewall.Vlan']"})
+        },
+        u'firewall.vlan': {
+            'Meta': {'object_name': 'Vlan'},
+            'comment': ('django.db.models.fields.TextField', [], {'blank': 'True'}),
+            'created_at': ('django.db.models.fields.DateTimeField', [], {'auto_now_add': 'True', 'blank': 'True'}),
+            'description': ('django.db.models.fields.TextField', [], {'blank': 'True'}),
+            'dhcp_pool': ('django.db.models.fields.TextField', [], {'blank': 'True'}),
+            'domain': ('django.db.models.fields.related.ForeignKey', [], {'to': u"orm['firewall.Domain']"}),
+            'host_ipv6_prefixlen': ('django.db.models.fields.IntegerField', [], {'default': '112'}),
+            u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+            'ipv6_template': ('django.db.models.fields.TextField', [], {'default': "'2001:738:2001:4031:%(b)d:%(c)d:%(d)d:0'"}),
+            'managed': ('django.db.models.fields.BooleanField', [], {'default': 'True'}),
+            'modified_at': ('django.db.models.fields.DateTimeField', [], {'auto_now': 'True', 'blank': 'True'}),
+            'name': ('django.db.models.fields.CharField', [], {'unique': 'True', 'max_length': '20'}),
+            'network4': ('firewall.fields.IPNetworkField', [], {'max_length': '100'}),
+            'network6': ('firewall.fields.IPNetworkField', [], {'max_length': '100', 'null': 'True', 'blank': 'True'}),
+            'network_type': ('django.db.models.fields.CharField', [], {'default': "'portforward'", 'max_length': '20'}),
+            'owner': ('django.db.models.fields.related.ForeignKey', [], {'to': u"orm['auth.User']", 'null': 'True', 'blank': 'True'}),
+            'reverse_domain': ('django.db.models.fields.TextField', [], {'default': "'%(d)d.%(c)d.%(b)d.%(a)d.in-addr.arpa'"}),
+            'snat_ip': ('django.db.models.fields.GenericIPAddressField', [], {'max_length': '39', 'null': 'True', 'blank': 'True'}),
+            'snat_to': ('django.db.models.fields.related.ManyToManyField', [], {'symmetrical': 'False', 'to': u"orm['firewall.Vlan']", 'null': 'True', 'blank': 'True'}),
+            'vid': ('django.db.models.fields.IntegerField', [], {'unique': 'True'})
+        },
+        u'firewall.vlangroup': {
+            'Meta': {'object_name': 'VlanGroup'},
+            'created_at': ('django.db.models.fields.DateTimeField', [], {'auto_now_add': 'True', 'blank': 'True'}),
+            'description': ('django.db.models.fields.TextField', [], {'blank': 'True'}),
+            u'id': ('django.db.models.fields.AutoField', [], {'primary_key': 'True'}),
+            'modified_at': ('django.db.models.fields.DateTimeField', [], {'auto_now': 'True', 'blank': 'True'}),
+            'name': ('django.db.models.fields.CharField', [], {'unique': 'True', 'max_length': '20'}),
+            'owner': ('django.db.models.fields.related.ForeignKey', [], {'to': u"orm['auth.User']", 'null': 'True', 'blank': 'True'}),
+            'vlans': ('django.db.models.fields.related.ManyToManyField', [], {'symmetrical': 'False', 'to': u"orm['firewall.Vlan']", 'null': 'True', 'blank': 'True'})
+        }
+    }
+
+    complete_apps = ['firewall']
\ No newline at end of file

circle/firewall/models.py

@@ -2,7 +2,7 @@
 
 from itertools import islice, ifilter
 import logging
-from netaddr import IPSet, EUI
+from netaddr import IPSet, EUI, IPNetwork
 
 from django.contrib.auth.models import User
 from django.db import models
@@ -19,6 +19,7 @@ import random
 
 from common.models import HumanSortField
 from firewall.tasks.local_tasks import reloadtask
+from .iptables import IptRule
 from acl.models import AclBase
 logger = logging.getLogger(__name__)
 settings = django.conf.settings.FIREWALL_SETTINGS
@@ -36,9 +37,11 @@ class Rule(models.Model):
     CHOICES_type = (('host', 'host'), ('firewall', 'firewall'),
                    ('vlan', 'vlan'))
     CHOICES_proto = (('tcp', 'tcp'), ('udp', 'udp'), ('icmp', 'icmp'))
-    CHOICES_dir = (('0', 'out'), ('1', 'in'))
+    CHOICES_dir = (('out', _('out')), ('in', _('in')))
+    CHOICES_action = (('accept', _('accept')), ('drop', _('drop')),
+                      ('ignore', _('ignore')))
 
-    direction = models.CharField(max_length=1, choices=CHOICES_dir,
+    direction = models.CharField(max_length=3, choices=CHOICES_dir,
                                  blank=False, verbose_name=_("direction"),
                                  help_text=_("If the rule matches egress "
                                              "or ingress packets."))
@@ -58,28 +61,38 @@ class Rule(models.Model):
         blank=True, null=True, verbose_name=_("source port"),
         validators=[MinValueValidator(1), MaxValueValidator(65535)],
         help_text=_("Source port number of packets that match."))
+    weight = models.IntegerField(
+        verbose_name=_("weight"),
+        validators=[MinValueValidator(1), MaxValueValidator(65535)],
+        help_text=_("Rule weight"),
+        default=30000)
     proto = models.CharField(max_length=10, choices=CHOICES_proto,
                              blank=True, null=True, verbose_name=_("protocol"),
                              help_text=_("Protocol of packets that match."))
     extra = models.TextField(blank=True, verbose_name=_("extra arguments"),
                              help_text=_("Additional arguments passed "
                                          "literally to the iptables-rule."))
-    accept = models.BooleanField(default=False, verbose_name=_("accept"),
-                                 help_text=_("Accept the matching packets "
-                                             "(or deny if not checked)."))
+    action = models.CharField(max_length=10, choices=CHOICES_action,
+                              default='drop', verbose_name=_('action'),
+                              help_text=_("Accept, drop or ignore the "
+                                          "matching packets."))
     owner = models.ForeignKey(User, blank=True, null=True,
                               verbose_name=_("owner"),
                               help_text=_("The user responsible for "
                                           "this rule."))
+
     nat = models.BooleanField(default=False, verbose_name=_("NAT"),
                               help_text=_("If network address translation "
                                           "should be done."))
-    nat_dport = models.IntegerField(blank=True, null=True,
-                                    help_text=_("Rewrite destination port "
-                                                "number to this if NAT is "
+    nat_external_port = models.IntegerField(
+        blank=True, null=True,
+        help_text=_("Rewrite destination port number to this if NAT is "
                     "needed."),
-                                    validators=[MinValueValidator(1),
-                                                MaxValueValidator(65535)])
+        validators=[MinValueValidator(1), MaxValueValidator(65535)])
+    nat_external_ipv4 = IPAddressField(
+        version=4, blank=True, null=True,
+        verbose_name=_('external IPv4 address'))
+
     created_at = models.DateTimeField(
         auto_now_add=True,
         verbose_name=_("created at"))
@@ -120,14 +133,25 @@ class Rule(models.Model):
         if len(selected_fields) > 1:
             raise ValidationError(_('Only one field can be selected.'))
 
+    def get_external_ipv4(self):
+        return (self.nat_external_ipv4
+                if self.nat_external_ipv4 else self.host.get_external_ipv4())
+
+    def get_external_port(self, proto='ipv4'):
+        assert proto in ('ipv4', 'ipv6')
+        if proto == 'ipv4' and self.nat_external_port:
+            return self.nat_external_port
+        else:
+            return self.dport
+
     def desc(self):
         """Return a short string representation of the current rule.
         """
         return u'[%(type)s] %(src)s ▸ %(dst)s %(para)s %(desc)s' % {
             'type': self.r_type,
-            'src': (unicode(self.foreign_network) if self.direction == '1'
+            'src': (unicode(self.foreign_network) if self.direction == 'in'
                     else self.r_type),
-            'dst': (self.r_type if self.direction == '1'
+            'dst': (self.r_type if self.direction == 'out'
                     else unicode(self.foreign_network)),
             'para': ((("proto=%s " % self.proto) if self.proto else '') +
                      (("sport=%s " % self.sport) if self.sport else '') +
@@ -147,6 +171,61 @@ class Rule(models.Model):
     def get_absolute_url(self):
         return ('network.rule', None, {'pk': self.pk})
 
+    @staticmethod
+    def get_chain_name(local, remote, direction):
+        if direction == 'in':
+            # remote -> local
+            return '%s_%s' % (remote, local)
+        else:
+            # local -> remote
+            return '%s_%s' % (local, remote)
+
+    def get_ipt_rules(self, host=None):
+        # action
+        action = 'LOG_ACC' if self.action == 'accept' else 'LOG_DROP'
+
+        # src and dst addresses
+        src = None
+        dst = None
+
+        if host:
+            ip = (host.ipv4, host.ipv6_with_prefixlen)
+            if self.direction == 'in':
+                dst = ip
+            else:
+                src = ip
+
+        # src and dst ports
+        if self.direction == 'in':
+            dport = self.dport
+            sport = self.sport
+        else:
+            dport = self.sport
+            sport = self.dport
+
+        # 'chain_name': rule dict
+        retval = {}
+
+        # process foreign vlans
+        for foreign_vlan in self.foreign_network.vlans.all():
+            r = IptRule(priority=self.weight, action=action,
+                        proto=self.proto, extra=self.extra,
+                        comment='Rule #%s' % self.pk,
+                        src=src, dst=dst, dport=dport, sport=sport)
+            # host, hostgroup or vlan rule
+            if host or self.vlan_id:
+                local_vlan = host.vlan.name if host else self.vlan.name
+                chain_name = Rule.get_chain_name(local=local_vlan,
+                                                 remote=foreign_vlan.name,
+                                                 direction=self.direction)
+            # firewall rule
+            elif self.firewall_id:
+                chain_name = 'INPUT' if self.direction == 'in' else 'OUTPUT'
+
+            retval[chain_name] = r
+
+        return retval
+
     class Meta:
         verbose_name = _("rule")
         verbose_name_plural = _("rules")
@@ -155,7 +234,7 @@ class Rule(models.Model):
             'proto',
             'sport',
             'dport',
-            'nat_dport',
+            'nat_external_port',
             'host',
         )
 
@@ -177,7 +256,7 @@ class Vlan(AclBase, models.Model):
         ('user', _('user')),
         ('operator', _('operator')),
     )
-    CHOICES_NETWORK_TYPE = (('public', _('public')), ('dmz', _('dmz')),
+    CHOICES_NETWORK_TYPE = (('public', _('public')),
                             ('portforward', _('portforward')))
     vid = models.IntegerField(unique=True,
                               verbose_name=_('VID'),
@@ -199,6 +278,12 @@ class Vlan(AclBase, models.Model):
                                   'valid address of the subnet, '
                                   'for example '
                                   '10.4.255.254/16 for 10.4.0.0/16.'))
+    host_ipv6_prefixlen = models.IntegerField(
+        verbose_name=_('IPv6 prefixlen/host'),
+        help_text=_('The prefix length of the subnet assigned to a host. '
+                    'For example /112 = 65536 addresses/host.'),
+        default=112,
+        validators=[MinValueValidator(1), MaxValueValidator(128)])
     network6 = IPNetworkField(unique=False,
                               version=6,
                               null=True,
@@ -226,6 +311,7 @@ class Vlan(AclBase, models.Model):
                                          'of NAT IP address.'))
     network_type = models.CharField(choices=CHOICES_NETWORK_TYPE,
                                     verbose_name=_('network type'),
+                                    default='portforward',
                                     max_length=20)
     managed = models.BooleanField(default=True, verbose_name=_('managed'))
     description = models.TextField(blank=True, verbose_name=_('description'),
@@ -275,30 +361,6 @@ class Vlan(AclBase, models.Model):
     def get_absolute_url(self):
         return ('network.vlan', None, {'vid': self.vid})
 
-    @property
-    def net4(self):
-        return self.network4.network
-
-    @property
-    def ipv4(self):
-        return self.network4.ip
-
-    @property
-    def prefix4(self):
-        return self.network4.prefixlen
-
-    @property
-    def net6(self):
-        return self.network6.network
-
-    @property
-    def ipv6(self):
-        return self.network6.ip
-
-    @property
-    def prefix6(self):
-        return self.network6.prefixlen
-
     def get_random_addresses(self, used_v4, buffer_size=100, max_hosts=10000):
         addresses = islice(self.network4.iter_hosts(), max_hosts)
         unused_addresses = list(islice(
@@ -403,7 +465,7 @@ class Host(models.Model):
                           verbose_name=_('IPv4 address'),
                           help_text=_('The real IPv4 address of the '
                                       'host, for example 10.5.1.34.'))
-    pub_ipv4 = IPAddressField(
+    external_ipv4 = IPAddressField(
         version=4, blank=True, null=True,
         verbose_name=_('WAN IPv4 address'),
         help_text=_('The public IPv4 address of the host on the wide '
@@ -449,18 +511,31 @@ class Host(models.Model):
 
     @property
     def incoming_rules(self):
-        return self.rules.filter(direction='1')
+        return self.rules.filter(direction='in')
 
     @property
-    def outgoing_rules(self):
-        return self.rules.filter(direction='0')
+    def ipv6_with_prefixlen(self):
+        try:
+            net = IPNetwork(self.ipv6)
+            net.prefixlen = self.vlan.host_ipv6_prefixlen
+            return net
+        except TypeError:
+            return None
+
+    def get_external_ipv4(self):
+        return self.external_ipv4 if self.external_ipv4 else self.ipv4
+
+    @property
+    def behind_nat(self):
+        return self.vlan.network_type != 'public'
 
     def clean(self):
-        if (not self.shared_ip and self.pub_ipv4 and Host.objects.
-                exclude(id=self.id).filter(pub_ipv4=self.pub_ipv4)):
+        if (self.external_ipv4 and not self.shared_ip and self.behind_nat
+                and Host.objects.exclude(id=self.id).filter(
+                    external_ipv4=self.external_ipv4)):
             raise ValidationError(_("If shared_ip has been checked, "
-                                    "pub_ipv4 has to be unique."))
-        if Host.objects.exclude(id=self.id).filter(pub_ipv4=self.ipv4):
+                                    "external_ipv4 has to be unique."))
+        if Host.objects.exclude(id=self.id).filter(external_ipv4=self.ipv4):
             raise ValidationError(_("You can't use another host's NAT'd "
                                     "address as your own IPv4."))
 
@@ -472,36 +547,36 @@ class Host(models.Model):
 
         super(Host, self).save(*args, **kwargs)
 
+        # IPv4
         if self.ipv4 is not None:
-            Record.objects.filter(host=self, name=self.hostname,
+            # update existing records
+            affected_records = Record.objects.filter(
+                host=self, name=self.hostname,
                 type='A').update(address=self.ipv4)
-            record_count = self.record_set.filter(host=self,
-                                                  name=self.hostname,
-                                                  address=self.ipv4,
-                                                  type='A').count()
-            if record_count == 0:
+            # create new record
+            if affected_records == 0:
                 Record(host=self,
                        name=self.hostname,
                        domain=self.vlan.domain,
                        address=self.ipv4,
                        owner=self.owner,
-                       description='host.save()',
+                       description='created by host.save()',
                        type='A').save()
 
-        if self.ipv6:
-            Record.objects.filter(host=self, name=self.hostname,
+        # IPv6
+        if self.ipv6 is not None:
+            # update existing records
+            affected_records = Record.objects.filter(
+                host=self, name=self.hostname,
                 type='AAAA').update(address=self.ipv6)
-            record_count = self.record_set.filter(host=self,
-                                                  name=self.hostname,
-                                                  address=self.ipv6,
-                                                  type='AAAA').count()
-            if record_count == 0:
+            # create new record
+            if affected_records == 0:
                 Record(host=self,
                        name=self.hostname,
                        domain=self.vlan.domain,
                        address=self.ipv6,
                        owner=self.owner,
-                       description='host.save()',
+                       description='created by host.save()',
                        type='AAAA').save()
 
     def enable_net(self):
@@ -517,12 +592,15 @@ class Host(models.Model):
         :type proto: str.
         :returns: list -- list of int port numbers used.
         """
-        if self.shared_ip:
-            ports = Rule.objects.filter(host__pub_ipv4=self.pub_ipv4,
-                                        nat=True, proto=proto)
+        if self.behind_nat:
+            ports = Rule.objects.filter(
+                host__external_ipv4=self.external_ipv4,
+                nat=True,
+                proto=proto).values_list('nat_external_port', flat=True)
         else:
-            ports = self.rules.filter(proto=proto, )
-        return set(ports.values_list('dport', flat=True))
+            ports = self.rules.filter(proto=proto).values_list(
+                'dport', flat=True)
+        return set(ports)
 
     def _get_random_port(self, proto, used_ports=None):
         """
@@ -577,17 +655,15 @@ class Host(models.Model):
             logger.error('Host.add_port: default_vlangroup %s missing. %s',
                          vgname, unicode(e))
         else:
-            if self.shared_ip:
+            rule = Rule(direction='in', owner=self.owner, dport=private,
+                        proto=proto, nat=False, action='accept',
+                        host=self, foreign_network=vg)
+            if self.behind_nat:
                 if public < 1024:
                     raise ValidationError(
                         _("Only ports above 1024 can be used."))
-                rule = Rule(direction='1', owner=self.owner, dport=public,
-                            proto=proto, nat=True, accept=True,
-                            nat_dport=private, host=self, foreign_network=vg)
-            else:
-                rule = Rule(direction='1', owner=self.owner, dport=private,
-                            proto=proto, nat=False, accept=True,
-                            host=self, foreign_network=vg)
+                rule.nat_external_port = public
+                rule.nat = True
             rule.full_clean()
             rule.save()
 
@@ -602,10 +678,6 @@ class Host(models.Model):
         :param private: Port number of host in subject.
         """
 
-        if self.shared_ip:
-            self.rules.filter(owner=self.owner, proto=proto, host=self,
-                              nat_dport=private).delete()
-        else:
         self.rules.filter(owner=self.owner, proto=proto, host=self,
                           dport=private).delete()
 
@@ -622,11 +694,11 @@ class Host(models.Model):
                 res = self.record_set.filter(type='AAAA',
                                              address=self.ipv6)
             elif proto == 'ipv4':
-                if self.shared_ip and public:
-                    res = Record.objects.filter(type='A',
-                                                address=self.pub_ipv4)
+                if self.behind_nat and public:
+                    res = Record.objects.filter(
+                        type='A', address=self.get_external_ipv4())
                     if res.count() < 1:
-                        return unicode(self.pub_ipv4)
+                        return unicode(self.get_external_ipv4())
                 else:
                     res = self.record_set.filter(type='A',
                                                  address=self.ipv4)
@@ -640,27 +712,21 @@ class Host(models.Model):
         """
         retval = []
         for rule in self.rules.filter(owner=self.owner):
-            private = rule.nat_dport if self.shared_ip else rule.dport
             forward = {
                 'proto': rule.proto,
-                'private': private,
+                'private': rule.dport,
             }
-            if self.shared_ip:
-                public4 = rule.dport
-                public6 = rule.nat_dport
-            else:
-                public4 = public6 = rule.dport
 
             if True:      # ipv4
                 forward['ipv4'] = {
                     'host': self.get_hostname(proto='ipv4'),
-                    'port': public4,
+                    'port': rule.get_external_port(proto='ipv4'),
                     'pk': rule.pk,
                 }
             if self.ipv6:  # ipv6
                 forward['ipv6'] = {
                     'host': self.get_hostname(proto='ipv6'),
-                    'port': public6,
+                    'port': rule.get_external_port(proto='ipv6'),
                     'pk': rule.pk,
                 }
             retval.append(forward)
@@ -679,22 +745,16 @@ class Host(models.Model):
         """
         endpoints = {}
         # IPv4
-        public_ipv4 = self.pub_ipv4 if self.pub_ipv4 else self.ipv4
-        # try get matching port(s) without NAT
-        ports = self.incoming_rules.filter(accept=True, dport=port,
-                                           nat=False, proto=protocol)
-        if ports.exists():
-            public_port = ports[0].dport
-        else:
-            # try get matching port(s) with NAT
-            ports = self.incoming_rules.filter(accept=True, nat_dport=port,
-                                               nat=True, proto=protocol)
-            public_port = ports[0].dport if ports.exists() else None
-        endpoints['ipv4'] = ((public_ipv4, public_port) if public_port else
+        ports = self.incoming_rules.filter(action='accept', dport=port,
+                                           proto=protocol)
+        public_port = (ports[0].get_external_port(proto='ipv4')
+                       if ports.exists() else None)
+        endpoints['ipv4'] = ((self.get_external_ipv4(), public_port)
+                             if public_port else
                              None)
         # IPv6
-        blocked = self.incoming_rules.filter(accept=False, dport=port,
-                                             proto=protocol).exists()
+        blocked = self.incoming_rules.exclude(
+            action='accept').filter(dport=port, proto=protocol).exists()
         endpoints['ipv6'] = (self.ipv6, port) if not blocked else None
         return endpoints
 

circle/firewall/tasks/local_tasks.py

@@ -26,7 +26,7 @@ def _apply_once(name, queues, task, data):
 
 @celery.task(ignore_result=True)
 def periodic_task():
-    from firewall.fw import Firewall, dhcp, dns, ipset, vlan
+    from firewall.fw import BuildFirewall, dhcp, dns, ipset, vlan
     from remote_tasks import (reload_dns, reload_dhcp, reload_firewall,
                               reload_firewall_vlan, reload_blacklist)
 
@@ -40,7 +40,7 @@ def periodic_task():
     _apply_once('dhcp', firewall_queues, reload_dhcp,
                 lambda: (dhcp(), ))
     _apply_once('firewall', firewall_queues, reload_firewall,
-                lambda: (Firewall(proto=4).get(), Firewall(proto=6).get()))
+                lambda: (BuildFirewall().build_ipt()))
     _apply_once('firewall_vlan', firewall_queues, reload_firewall_vlan,
                 lambda: (vlan(), ))
     _apply_once('blacklist', firewall_queues, reload_blacklist,
@@ -48,7 +48,7 @@ def periodic_task():
 
 
 @celery.task
-def reloadtask(type='Host'):
+def reloadtask(type='Host', timeout=15):
     reload = {
         'Host': ['dns', 'dhcp', 'firewall'],
         'Record': ['dns'],

circle/firewall/templates/firewall/iptables.conf

+{% if proto == "ipv4" %}
+*nat
+:PREROUTING ACCEPT [0:0]
+:INPUT ACCEPT [0:0]
+:OUTPUT ACCEPT [0:0]
+:POSTROUTING ACCEPT [0:0]
+{% for chain in nat %}
+{{ chain.compile|safe }}
+{% endfor %}
+COMMIT
+{% endif %}
+
+*filter
+:INPUT DROP [0:0]
+:FORWARD DROP [0:0]
+:OUTPUT DROP [0:0]
+
+# initialize logging
+-N LOG_DROP
+# windows port scan are silently dropped
+-A LOG_DROP -p tcp --dport 445 -j DROP
+-A LOG_DROP -p udp --dport 137 -j DROP
+-A LOG_DROP -j LOG --log-level 7 --log-prefix "[ipt][drop]"
+-A LOG_DROP -j DROP
+-N LOG_ACC
+-A LOG_ACC -j LOG --log-level 7 --log-prefix "[ipt][isok]"
+-A LOG_ACC -j ACCEPT
+
+# initialize FORWARD chain
+-A FORWARD -m set --match-set blacklist src,dst -j DROP
+-A FORWARD -m state --state INVALID -g LOG_DROP
+-A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
+-A FORWARD -p icmp --icmp-type echo-request -g LOG_ACC
+
+# initialize INPUT chain
+-A INPUT -m set --match-set blacklist src -j DROP
+-A INPUT -m state --state INVALID -g LOG_DROP
+-A INPUT -i lo -j ACCEPT
+-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
+
+# initialize OUTPUT chain
+-A OUTPUT -m state --state INVALID -g LOG_DROP
+-A OUTPUT -o lo -j ACCEPT
+-A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
+
+{% for chain in filter %}
+{% if chain.name not in chain.builtin_chains %}-N {{ chain.name }}{% endif %}
+{% if proto == "ipv4" %}
+{{ chain.compile|safe }}
+{% else %}
+{{ chain.compile_v6|safe }}
+{% endif %}
+{% endfor %}
+
+# close all chains
+-A FORWARD -g LOG_DROP
+-A INPUT -g LOG_DROP
+-A OUTPUT -g LOG_DROP
+COMMIT

circle/firewall/tests/test_firewall.py

-from netaddr import IPSet
+from netaddr import IPSet, AddrFormatError
 
 from django.test import TestCase
 from django.contrib.auth.models import User
 from ..admin import HostAdmin
-from firewall.models import Vlan, Domain, Record, Host
+from firewall.models import (Vlan, Domain, Record, Host, VlanGroup, Group,
+                             Rule, Firewall)
+from firewall.fw import dns, ipv6_to_octal
+from firewall.tasks.local_tasks import periodic_task, reloadtask
 from django.forms import ValidationError
+from ..iptables import IptRule, IptChain, InvalidRuleExcepion
+from mock import patch
+
+import django.conf
+settings = django.conf.settings.FIREWALL_SETTINGS
 
 
 class MockInstance:
@@ -96,12 +104,12 @@ class HostGetHostnameTestCase(TestCase):
         self.vlan.save()
         self.h = Host(hostname='h', mac='01:02:03:04:05:00', ipv4='10.0.0.1',
                       vlan=self.vlan, owner=self.u1, shared_ip=True,
-                      pub_ipv4=self.vlan.snat_ip)
+                      external_ipv4=self.vlan.snat_ip)
         self.h.save()
 
     def test_issue_93_wo_record(self):
         self.assertEqual(self.h.get_hostname(proto='ipv4', public=True),
-                         unicode(self.h.pub_ipv4))
+                         unicode(self.h.external_ipv4))
 
     def test_issue_93_w_record(self):
         self.r = Record(name='vm', type='A', domain=self.d, owner=self.u1,
@@ -109,3 +117,192 @@ class HostGetHostnameTestCase(TestCase):
         self.r.save()
         self.assertEqual(self.h.get_hostname(proto='ipv4', public=True),
                          self.r.fqdn)
+
+
+class IptablesTestCase(TestCase):
+    def setUp(self):
+        self.r = [IptRule(priority=4, action='ACCEPT',
+                          src=('127.0.0.4', None)),
+                  IptRule(priority=4, action='ACCEPT',
+                          src=('127.0.0.4', None)),
+                  IptRule(priority=2, action='ACCEPT',
+                          dst=('127.0.0.2', None),
+                          extra='-p icmp'),
+                  IptRule(priority=6, action='ACCEPT',
+                          dst=('127.0.0.6', None),
+                          proto='tcp', dport=80),
+                  IptRule(priority=1, action='ACCEPT',
+                          dst=('127.0.0.1', None),
+                          proto='udp', dport=53),
+                  IptRule(priority=5, action='ACCEPT',
+                          dst=('127.0.0.5', None),
+                          proto='tcp', dport=443),
+                  IptRule(priority=2, action='ACCEPT',
+                          dst=('127.0.0.2', None),
+                          proto='icmp'),
+                  IptRule(priority=6, action='ACCEPT',
+                          dst=('127.0.0.6', None),
+                          proto='tcp', dport='1337')]
+
+    def test_chain_add(self):
+        ch = IptChain(name='test')
+        ch.add(*self.r)
+        self.assertEqual(len(ch), len(self.r) - 1)
+
+    def test_rule_compile_ok(self):
+        assert unicode(self.r[5])
+        self.assertEqual(self.r[5].compile(),
+                         '-d 127.0.0.5 -p tcp --dport 443 -g ACCEPT')
+
+    def test_rule_compile_fail(self):
+        self.assertRaises(InvalidRuleExcepion,
+                          IptRule, **{'proto': 'test'})
+        self.assertRaises(InvalidRuleExcepion,
+                          IptRule, **{'priority': 5, 'action': 'ACCEPT',
+                                      'dst': '127.0.0.5',
+                                      'proto': 'icmp', 'dport': 443})
+
+    def test_chain_compile(self):
+        ch = IptChain(name='test')
+        ch.add(*self.r)
+        compiled = ch.compile()
+        compiled_v6 = ch.compile_v6()
+        assert unicode(ch)
+        self.assertEqual(len(compiled.splitlines()), len(ch))
+        self.assertEqual(len(compiled_v6.splitlines()), 0)
+
+
+class ReloadTestCase(TestCase):
+    def setUp(self):
+        self.u1 = User.objects.create(username='user1')
+        self.u1.save()
+        d = Domain.objects.create(name='example.org', owner=self.u1)
+        self.vlan = Vlan(vid=1, name='test', network4='10.0.0.0/29',
+                         snat_ip='152.66.243.99',
+                         network6='2001:738:2001:4031::/80', domain=d,
+                         owner=self.u1, network_type='portforward',
+                         dhcp_pool='manual')
+        self.vlan.save()
+        self.vlan2 = Vlan(vid=2, name='pub', network4='10.1.0.0/29',
+                          network6='2001:738:2001:4032::/80', domain=d,
+                          owner=self.u1, network_type='public')
+        self.vlan2.save()
+        self.vlan.snat_to.add(self.vlan2)
+
+        settings["default_vlangroup"] = 'public'
+        settings["default_host_groups"] = ['netezhet']
+        vlg = VlanGroup.objects.create(name='public')
+        vlg.vlans.add(self.vlan, self.vlan2)
+        self.hg = Group.objects.create(name='netezhet')
+        Rule.objects.create(action='accept', hostgroup=self.hg,
+                            foreign_network=vlg)
+
+        firewall = Firewall.objects.create(name='fw')
+        Rule.objects.create(action='accept', firewall=firewall,
+                            foreign_network=vlg)
+
+        for i in range(1, 6):
+            h = Host.objects.create(hostname='h-%d' % i, vlan=self.vlan,
+                                    mac='01:02:03:04:05:%02d' % i,
+                                    ipv4='10.0.0.%d' % i, owner=self.u1)
+            h.enable_net()
+            h.groups.add(self.hg)
+            if i == 5:
+                h.vlan = self.vlan2
+                h.save()
+                self.h5 = h
+            if i == 1:
+                self.h1 = h
+
+        self.r1 = Record(name='tst', type='A', address='127.0.0.1',
+                         domain=d, owner=self.u1)
+        self.rb = Record(name='tst', type='AAAA', address='1.0.0.1',
+                         domain=d, owner=self.u1)
+        self.r2 = Record(name='ts', type='AAAA', address='2001:123:45::6',
+                         domain=d, owner=self.u1)
+        self.rm = Record(name='asd', type='MX', address='10:teszthu',
+                         domain=d, owner=self.u1)
+        self.rt = Record(name='asd', type='TXT', address='ASD',
+                         domain=d, owner=self.u1)
+        self.r1.save()
+        self.r2.save()
+        with patch('firewall.models.Record.clean'):
+            self.rb.save()
+        self.rm.save()
+        self.rt.save()
+
+    def test_bad_aaaa_record(self):
+        self.assertRaises(AddrFormatError, ipv6_to_octal, self.rb.address)
+
+    def test_good_aaaa_record(self):
+        ipv6_to_octal(self.r2.address)
+
+    def test_dns_func(self):
+        records = dns()
+        self.assertEqual(Host.objects.count() * 2 +         # soa
+                         len((self.r1, self.r2, self.rm, self.rt)) + 1,
+                         len(records))
+
+    def test_host_add_port(self):
+        h = self.h1
+        h.ipv6 = '2001:2:3:4::0'
+        assert h.behind_nat
+        h.save()
+        old_rules = h.rules.count()
+        h.add_port('tcp', private=22)
+        new_rules = h.rules.count()
+        self.assertEqual(new_rules, old_rules + 1)
+        self.assertEqual(len(h.list_ports()), old_rules + 1)
+        endp = h.get_public_endpoints(22)
+        self.assertEqual(endp['ipv4'][0], h.ipv4)
+        assert int(endp['ipv4'][1])
+        self.assertEqual(endp['ipv6'][0], h.ipv6)
+        assert int(endp['ipv6'][1])
+
+    def test_host_add_port2(self):
+        h = self.h5
+        h.ipv6 = '2001:2:3:4::1'
+        h.save()
+        assert not h.behind_nat
+        old_rules = h.rules.count()
+        h.add_port('tcp', private=22)
+        new_rules = h.rules.count()
+        self.assertEqual(new_rules, old_rules + 1)
+        self.assertEqual(len(h.list_ports()), old_rules + 1)
+        endp = h.get_public_endpoints(22)
+        self.assertEqual(endp['ipv4'][0], h.ipv4)
+        assert int(endp['ipv4'][1])
+        self.assertEqual(endp['ipv6'][0], h.ipv6)
+        assert int(endp['ipv6'][1])
+
+    def test_host_del_port(self):
+        h = self.h1
+        h.ipv6 = '2001:2:3:4::0'
+        h.save()
+        h.add_port('tcp', private=22)
+        old_rules = h.rules.count()
+        h.del_port('tcp', private=22)
+        new_rules = h.rules.count()
+        self.assertEqual(new_rules, old_rules - 1)
+
+    def test_host_add_port_wo_vlangroup(self):
+        VlanGroup.objects.filter(name='public').delete()
+        h = self.h1
+        old_rules = h.rules.count()
+        h.add_port('tcp', private=22)
+        new_rules = h.rules.count()
+        self.assertEqual(new_rules, old_rules)
+
+    def test_host_add_port_w_validationerror(self):
+        h = self.h1
+        self.assertRaises(ValidationError, h.add_port,
+                          'tcp', public=1000, private=22)
+
+    def test_periodic_task(self):
+        #TODO
+        with patch('firewall.tasks.local_tasks.cache') as cache:
+            self.test_host_add_port()
+            self.test_host_add_port2()
+            periodic_task()
+            reloadtask()
+            assert cache.delete.called

circle/network/forms.py

@@ -106,7 +106,7 @@ class HostForm(ModelForm):
                 'ipv4',
                 'ipv6',
                 'shared_ip',
-                'pub_ipv4',
+                'external_ipv4',
             ),
             Fieldset(
                 'Information',
@@ -162,12 +162,14 @@ class RuleForm(ModelForm):
                 'foreign_network',
                 'dport',
                 'sport',
+                'weight',
                 'proto',
                 'extra',
-                'accept',
+                'action',
                 'owner',
                 'nat',
-                'nat_dport',
+                'nat_external_port',
+                'nat_external_ipv4',
             ),
             Fieldset(
                 'External',
@@ -232,6 +234,7 @@ class VlanForm(ModelForm):
                 'IPv6',
                 'network6',
                 'ipv6_template',
+                'host_ipv6_prefixlen',
             ),
             Fieldset(
                 'Domain name service',

circle/network/tables.py

@@ -44,7 +44,7 @@ class HostTable(Table):
         model = Host
         attrs = {'class': 'table table-striped table-condensed'}
         fields = ('hostname', 'vlan', 'mac', 'ipv4', 'ipv6',
-                  'pub_ipv4', 'created_at', 'owner', )
+                  'external_ipv4', 'created_at', 'owner', )
         order_by = ('vlan', 'hostname', )
 
 
@@ -128,7 +128,8 @@ class RuleTable(Table):
         model = Rule
         attrs = {'class': 'table table-striped table-hover table-condensed'}
         fields = ('r_type', 'color_desc', 'owner', 'extra', 'direction',
-                  'accept', 'proto', 'sport', 'dport', 'nat', 'nat_dport', )
+                  'action', 'proto', 'sport', 'dport', 'nat',
+                  'nat_external_port', )
         order_by = 'direction'
 
 

circle/network/templates/network/columns/host-rule.html

@@ -33,5 +33,6 @@
 
 {% if record.nat %}
     <span class="label label-success">NAT
-        [ {{ record.dport }} <i class="icon-arrow-right"></i> {{record.nat_dport}} ]</span>
+        [ {{ record.dport }} <i class="icon-arrow-right"></i>
+        {{record.nat_external_port}} ]</span>
 {% endif %}

circle/network/views.py

@@ -503,6 +503,11 @@ class RuleList(LoginRequiredMixin, SuperuserRequiredMixin, SingleTableView):
     template_name = "network/rule-list.html"
     table_pagination = False
 
+    def get_table_data(self):
+        return Rule.objects.select_related('host', 'hostgroup', 'vlan',
+                                           'vlangroup', 'firewall',
+                                           'foreign_network', 'owner')
+
 
 class RuleDetail(LoginRequiredMixin, SuperuserRequiredMixin,
                  SuccessMessageMixin, UpdateView):