Skip to content
Toggle navigation
P
Projects
G
Groups
S
Snippets
Help
Gutyán Gábor
/
circlestack
This project
Loading...
Sign in
Toggle navigation
Go to a project
Project
Repository
Issues
0
Merge Requests
0
Pipelines
Wiki
Snippets
Members
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Commit
5b10ba8a
authored
Aug 07, 2014
by
Bach Dániel
Committed by
Bach Dániel
Aug 12, 2014
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
firewall: trivial fixes
parent
9042d40f
Show whitespace changes
Inline
Side-by-side
Showing
4 changed files
with
13 additions
and
6 deletions
+13
-6
circle/firewall/fw.py
+3
-3
circle/firewall/iptables.py
+1
-1
circle/firewall/models.py
+3
-1
circle/firewall/templates/firewall/iptables.conf
+6
-1
No files found.
circle/firewall/fw.py
View file @
5b10ba8a
...
@@ -194,7 +194,7 @@ def generate_ptr_records():
...
@@ -194,7 +194,7 @@ def generate_ptr_records():
# ipv6
# ipv6
if
host
.
ipv6
:
if
host
.
ipv6
:
DNS
.
append
(
"^
%
s:
%
s:
%
s"
%
(
host
.
ipv6
.
reverse_dns
,
DNS
.
append
(
"^
%
s:
%
s:
%
s"
%
(
host
.
ipv6
.
reverse_dns
.
rstrip
(
'.'
)
,
reverse
,
settings
[
'dns_ttl'
]))
reverse
,
settings
[
'dns_ttl'
]))
return
DNS
return
DNS
...
@@ -211,14 +211,14 @@ def generate_records():
...
@@ -211,14 +211,14 @@ def generate_records():
'CNAME'
:
'C
%(fqdn)
s:
%(address)
s:
%(ttl)
s'
,
'CNAME'
:
'C
%(fqdn)
s:
%(address)
s:
%(ttl)
s'
,
'MX'
:
'@
%(fqdn)
s::
%(address)
s:
%(dist)
s:
%(ttl)
s'
,
'MX'
:
'@
%(fqdn)
s::
%(address)
s:
%(dist)
s:
%(ttl)
s'
,
'PTR'
:
'^
%(fqdn)
s:
%(address)
s:
%(ttl)
s'
,
'PTR'
:
'^
%(fqdn)
s:
%(address)
s:
%(ttl)
s'
,
'TXT'
:
'
%(fqdn)
s:
%(octal)
s:
%(ttl)
s'
}
'TXT'
:
"'
%(fqdn)
s:
%(octal)
s:
%(ttl)
s"
}
retval
=
[]
retval
=
[]
for
r
in
Record
.
objects
.
all
():
for
r
in
Record
.
objects
.
all
():
params
=
{
'fqdn'
:
r
.
fqdn
,
'address'
:
r
.
address
,
'ttl'
:
r
.
ttl
}
params
=
{
'fqdn'
:
r
.
fqdn
,
'address'
:
r
.
address
,
'ttl'
:
r
.
ttl
}
if
r
.
type
==
'MX'
:
if
r
.
type
==
'MX'
:
params
[
'
address'
],
params
[
'dist
'
]
=
r
.
address
.
split
(
':'
,
2
)
params
[
'
dist'
],
params
[
'address
'
]
=
r
.
address
.
split
(
':'
,
2
)
if
r
.
type
==
'AAAA'
:
if
r
.
type
==
'AAAA'
:
try
:
try
:
params
[
'octal'
]
=
ipv6_to_octal
(
r
.
address
)
params
[
'octal'
]
=
ipv6_to_octal
(
r
.
address
)
...
...
circle/firewall/iptables.py
View file @
5b10ba8a
...
@@ -22,7 +22,7 @@ from collections import OrderedDict
...
@@ -22,7 +22,7 @@ from collections import OrderedDict
logger
=
logging
.
getLogger
()
logger
=
logging
.
getLogger
()
ipv4_re
=
re
.
compile
(
ipv4_re
=
re
.
compile
(
r'
^
(25[0-5]|2[0-4]\d|[0-1]?\d?\d)(\.(25[0-5]|2[0-4]\d|[0-1]?\d?\d)){3}'
)
r'(25[0-5]|2[0-4]\d|[0-1]?\d?\d)(\.(25[0-5]|2[0-4]\d|[0-1]?\d?\d)){3}'
)
class
InvalidRuleExcepion
(
Exception
):
class
InvalidRuleExcepion
(
Exception
):
...
...
circle/firewall/models.py
View file @
5b10ba8a
...
@@ -578,7 +578,7 @@ class Host(models.Model):
...
@@ -578,7 +578,7 @@ class Host(models.Model):
# update existing records
# update existing records
affected_records
=
Record
.
objects
.
filter
(
affected_records
=
Record
.
objects
.
filter
(
host
=
self
,
name
=
self
.
hostname
,
host
=
self
,
name
=
self
.
hostname
,
type
=
'A'
)
.
update
(
address
=
self
.
ipv4
)
type
=
'A'
)
.
update
(
address
=
ipv4
)
# create new record
# create new record
if
affected_records
==
0
:
if
affected_records
==
0
:
Record
(
host
=
self
,
Record
(
host
=
self
,
...
@@ -714,6 +714,8 @@ class Host(models.Model):
...
@@ -714,6 +714,8 @@ class Host(models.Model):
:type proto: str.
:type proto: str.
"""
"""
assert
proto
in
(
'ipv6'
,
'ipv4'
,
)
assert
proto
in
(
'ipv6'
,
'ipv4'
,
)
if
self
.
reverse
:
return
self
.
reverse
try
:
try
:
if
proto
==
'ipv6'
:
if
proto
==
'ipv6'
:
res
=
self
.
record_set
.
filter
(
type
=
'AAAA'
,
res
=
self
.
record_set
.
filter
(
type
=
'AAAA'
,
...
...
circle/firewall/templates/firewall/iptables.conf
View file @
5b10ba8a
...
@@ -35,7 +35,7 @@ COMMIT
...
@@ -35,7 +35,7 @@ COMMIT
{%
if
proto
==
"ipv4"
%}
{%
if
proto
==
"ipv4"
%}
-
A
FORWARD
-
p
icmp
--
icmp
-
type
echo
-
request
-
g
LOG_ACC
-
A
FORWARD
-
p
icmp
--
icmp
-
type
echo
-
request
-
g
LOG_ACC
{%
else
%}
{%
else
%}
-
A
FORWARD
-
p
icmpv6
-
-
icmpv6
-
type
echo
-
request
-
g
LOG_ACC
-
A
FORWARD
-
p
icmpv6
-
g
LOG_ACC
{%
endif
%}
{%
endif
%}
# initialize INPUT chain
# initialize INPUT chain
...
@@ -45,6 +45,11 @@ COMMIT
...
@@ -45,6 +45,11 @@ COMMIT
-
A
INPUT
-
m
state
--
state
INVALID
-
g
LOG_DROP
-
A
INPUT
-
m
state
--
state
INVALID
-
g
LOG_DROP
-
A
INPUT
-
i
lo
-
j
ACCEPT
-
A
INPUT
-
i
lo
-
j
ACCEPT
-
A
INPUT
-
m
state
--
state
ESTABLISHED
,
RELATED
-
j
ACCEPT
-
A
INPUT
-
m
state
--
state
ESTABLISHED
,
RELATED
-
j
ACCEPT
{%
if
proto
==
"ipv4"
%}
-
A
INPUT
-
p
icmp
--
icmp
-
type
echo
-
request
-
g
LOG_ACC
{%
else
%}
-
A
INPUT
-
p
icmpv6
-
g
LOG_ACC
{%
endif
%}
# initialize OUTPUT chain
# initialize OUTPUT chain
-
A
OUTPUT
-
m
state
--
state
INVALID
-
g
LOG_DROP
-
A
OUTPUT
-
m
state
--
state
INVALID
-
g
LOG_DROP
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment