Skip to content

Gutyán Gábor / circlestack

Go to a project
Commit aa12028e by Czémán Arnold
Options

firewall: add add_rule command

parent 3b71aa29
Showing with 122 additions and 0 deletions
circle/firewall/management/commands/add_rule.py 0 → 100644
#
# CIRCLE is free software: you can redistribute it and/or modify it under
# the terms of the GNU General Public License as published by the Free
# Software Foundation, either version 3 of the License, or (at your option)
# any later version.
#
# CIRCLE is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
# details.
#
# You should have received a copy of the GNU General Public License along
# with CIRCLE. If not, see <http://www.gnu.org/licenses/>.
from __future__ import unicode_literals, absolute_import
from django.core.management.base import BaseCommand, CommandError
from firewall.models import Vlan, VlanGroup, Rule
from django.contrib.auth.models import User
class Command(BaseCommand):
def add_arguments(self, parser):
parser.add_argument('--port',
action='store',
dest='port',
type=int,
required=True,
help='port which will open (0-65535)')
parser.add_argument('--protocol',
action='store',
dest='proto',
default=False,
choices=('tcp', 'udp', 'icmp'),
help='protocol name')
parser.add_argument('--action',
action='store',
dest='action',
default='accept',
choices=('accept', 'drop', 'ignore'),
help='action of the rule')
parser.add_argument('--dir',
action='store',
dest='dir',
default='in',
choices=('in', 'out'),
help='direction of the rule')
parser.add_argument('--vlan',
action='store',
dest='vlan',
required=True,
help='vlan name where the port will open')
parser.add_argument('--vlan-group',
action='store',
dest='vlan_group',
required=True,
help='vlan group name where the port will open')
parser.add_argument('--owner',
action='store',
dest='owner',
required=True,
help='name of user who owns the rule')
def handle(self, *args, **options):
port = options['port']
proto = options['proto']
action = options['action']
dir = options['dir']
owner = options['owner']
vlan = options['vlan']
fnet = options['vlan_group']
if port < 0 or port > 65535:
raise CommandError("Port '%i' not in range [0-65535]" % port)
try:
owner = User.objects.get(username=owner)
vlan = Vlan.objects.get(name=vlan)
fnet = VlanGroup.objects.get(name=fnet)
except User.DoesNotExist:
raise CommandError("User '%s' does not exist" % owner)
except Vlan.DoesNotExist:
raise CommandError("Vlan '%s' does not exist" % vlan)
except VlanGroup.DoesNotExist:
raise CommandError("VlanGroup '%s' does not exist" % fnet)
if proto:
self.add_rule(port, proto, action, dir, owner, vlan, fnet)
else:
self.add_rule(port, 'tcp', action, dir, owner, vlan, fnet)
self.add_rule(port, 'udp', action, dir, owner, vlan, fnet)
def add_rule(self, port, proto, action, dir, owner, vlan, fnet):
if self.is_exist(port, proto, action, dir, owner, vlan, fnet):
raise CommandError('Rule does exist, yet')
rule = Rule(direction=dir, dport=port, proto=proto, action=action,
vlan=vlan, foreign_network=fnet, owner=owner)
rule.save()
def is_exist(self, port, proto, action, dir, owner, vlan, fnet):
try:
Rule.objects.get(direction=dir, dport=port, proto=proto,
action=action, vlan=vlan,
foreign_network=fnet, owner=owner)
except Rule.DoesNotExist:
return False
else:
return True
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or sign in to comment