Skip to content
Toggle navigation
P
Projects
G
Groups
S
Snippets
Help
Gyuricska Milán
/
cloud
This project
Loading...
Sign in
Toggle navigation
Go to a project
Project
Repository
Issues
0
Merge Requests
0
Pipelines
Wiki
Snippets
Members
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Commit
e7e4b3d0
authored
Feb 13, 2013
by
Dudás Ádám
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
firewall: translations, some doc comments
parent
b73c91c6
Hide whitespace changes
Inline
Side-by-side
Showing
5 changed files
with
74 additions
and
72 deletions
+74
-72
firewall/admin.py
+2
-2
firewall/fields.py
+1
-0
firewall/fw.py
+2
-2
firewall/models.py
+21
-16
firewall/views.py
+48
-52
No files found.
firewall/admin.py
View file @
e7e4b3d0
...
...
@@ -95,12 +95,12 @@ class RecordAdmin(admin.ModelAdmin):
def
address_
(
self
,
instance
):
a
=
instance
.
get_data
()
if
(
a
)
:
if
a
:
return
a
[
'address'
]
def
name_
(
self
,
instance
):
a
=
instance
.
get_data
()
if
(
a
)
:
if
a
:
return
a
[
'name'
]
admin
.
site
.
register
(
Host
,
HostAdmin
)
...
...
firewall/fields.py
View file @
e7e4b3d0
...
...
@@ -47,6 +47,7 @@ def val_domain(value):
raise
ValidationError
(
_
(
u'
%
s - invalid domain'
)
%
value
)
def
val_reverse_domain
(
value
):
"""Check whether the parameter is a valid reverse domain."""
if
not
reverse_domain_re
.
search
(
value
):
raise
ValidationError
(
u'
%
s - reverse domain'
%
value
)
...
...
firewall/fw.py
View file @
e7e4b3d0
...
...
@@ -118,7 +118,7 @@ class firewall:
self
.
iptables
(
':FORWARD DROP [0:0]'
)
self
.
iptables
(
':OUTPUT DROP [50:6936]'
)
# ini
c
ialize logging
# ini
t
ialize logging
self
.
iptables
(
'-N LOG_DROP'
)
# windows port scan are silently dropped
self
.
iptables
(
'-A LOG_DROP -p tcp --dport 445 -j DROP'
)
...
...
@@ -475,7 +475,7 @@ def dhcp():
'ntp'
:
i_vlan
.
ipv4
,
'dnsserver'
:
settings
[
'rdns_ip'
],
'extra'
:
"range
%
s"
%
(
i_vlan
.
dhcp_pool
if
m
else
"deny unknown
-
clients"
),
if
m
else
"deny unknown
clients"
),
'interface'
:
i_vlan
.
interface
,
'name'
:
i_vlan
.
name
,
'tftp'
:
i_vlan
.
ipv4
...
...
firewall/models.py
View file @
e7e4b3d0
...
...
@@ -162,9 +162,11 @@ class Host(models.Model):
self
.
ipv6
=
ipv4_2_ipv6
(
self
.
ipv4
)
if
(
not
self
.
shared_ip
and
self
.
pub_ipv4
and
Host
.
objects
.
exclude
(
id
=
self
.
id
)
.
filter
(
pub_ipv4
=
self
.
pub_ipv4
)):
raise
ValidationError
(
"Ha a shared_ip be van pipalva, akkor egyedinek kell lennie a pub_ipv4-nek!"
)
raise
ValidationError
(
_
(
"If shared_ip has been checked, "
"pub_ipv4 has to be unique."
))
if
Host
.
objects
.
exclude
(
id
=
self
.
id
)
.
filter
(
pub_ipv4
=
self
.
ipv4
):
raise
ValidationError
(
"Egy masik host natolt cimet nem hasznalhatod sajat ipv4-nek"
)
raise
ValidationError
(
_
(
"You can't use another host's NAT'd "
"address as your own IPv4."
))
self
.
full_clean
()
super
(
Host
,
self
)
.
save
(
*
args
,
**
kwargs
)
if
id
is
None
:
...
...
@@ -180,10 +182,10 @@ class Host(models.Model):
def
add_port
(
self
,
proto
,
public
,
private
):
proto
=
"tcp"
if
(
proto
==
"tcp"
)
else
"udp"
if
public
<
1024
:
raise
ValidationError
(
"Csak az 1024 feletti portok hasznalhatok"
)
raise
ValidationError
(
_
(
"Only ports above 1024 can be used."
)
)
for
host
in
Host
.
objects
.
filter
(
pub_ipv4
=
self
.
pub_ipv4
):
if
host
.
rules
.
filter
(
nat
=
True
,
proto
=
proto
,
dport
=
public
):
raise
ValidationError
(
"A
%
s
%
s port mar hasznalva"
%
raise
ValidationError
(
_
(
"Port
%
s
%
s is already in use."
)
%
(
proto
,
public
))
rule
=
Rule
(
direction
=
'1'
,
owner
=
self
.
owner
,
dport
=
public
,
proto
=
proto
,
nat
=
True
,
accept
=
True
,
r_type
=
"host"
,
...
...
@@ -249,7 +251,7 @@ class Record(models.Model):
a
=
self
.
get_data
()
if
a
:
return
a
[
'name'
]
+
u' '
+
a
[
'type'
]
+
u' '
+
a
[
'address'
]
return
'(
nincs
)'
return
'(
empty
)'
def
save
(
self
,
*
args
,
**
kwargs
):
self
.
full_clean
()
...
...
@@ -257,36 +259,39 @@ class Record(models.Model):
def
clean
(
self
):
if
self
.
name
and
self
.
name
.
endswith
(
u'.'
):
raise
ValidationError
(
u'a domain nem végződhet pontra'
)
raise
ValidationError
(
_
(
"Domain can't be terminated with a dot."
)
)
if
self
.
host
and
self
.
type
in
[
'CNAME'
,
'A'
,
'AAAA'
]:
if
self
.
type
==
'CNAME'
:
if
not
self
.
name
or
self
.
address
:
raise
ValidationError
(
u'CNAME rekordnal csak a name '
'legyen kitoltve, ha van host beallitva'
)
raise
ValidationError
(
_
(
"Only the 'name' field should "
"be filled with a CNAME record if a host is "
"set."
))
elif
self
.
name
or
self
.
address
:
raise
ValidationError
(
u'A, AAAA rekord eseten nem szabad '
'megadni name-t, address-t, ha tarsitva van host'
)
raise
ValidationError
(
_
(
"'name' and 'address' can't be "
"specified with an A or AAAA record if a host is "
"set."
))
else
:
if
not
self
.
address
:
raise
ValidationError
(
u'address hianyzik'
)
raise
ValidationError
(
_
(
"'address' field must be filled."
)
)
if
self
.
type
==
'A'
:
if
not
ipv4_re
.
match
(
self
.
address
):
raise
ValidationError
(
u'ez nem ipcim, ez nudli!'
)
raise
ValidationError
(
_
(
"Not a valid IPv4 address."
)
)
elif
self
.
type
in
[
'CNAME'
,
'NS'
,
'PTR'
,
'TXT'
]:
if
not
domain_re
.
match
(
self
.
address
):
raise
ValidationError
(
u'ez nem domain, ez nudli!'
)
raise
ValidationError
(
_
(
"Not a valid domain."
)
)
elif
self
.
type
==
'AAAA'
:
if
not
is_valid_ipv6_address
(
self
.
address
):
raise
ValidationError
(
u'ez nem ipv6cim, ez nudli!'
)
raise
ValidationError
(
_
(
"Not a valid IPv6 address."
)
)
elif
self
.
type
==
'MX'
:
mx
=
self
.
address
.
split
(
':'
,
1
)
if
not
(
len
(
mx
)
==
2
and
mx
[
0
]
.
isdigit
()
and
domain_re
.
match
(
mx
[
1
])):
raise
ValidationError
(
u'prioritas:hostname'
)
raise
ValidationError
(
_
(
"Invalid address. "
"Valid format: <priority>:<hostname>"
))
else
:
raise
ValidationError
(
u'ez ismeretlen rekord, ez nudli!'
)
raise
ValidationError
(
_
(
"Unknown record."
)
)
def
get_data
(
self
):
retval
=
{
'name'
:
self
.
name
,
'type'
:
self
.
type
,
'ttl'
:
self
.
ttl
,
...
...
firewall/views.py
View file @
e7e4b3d0
...
...
@@ -7,6 +7,7 @@ from django.views.decorators.csrf import csrf_exempt
from
django.db
import
IntegrityError
from
tasks
import
*
from
celery.task.control
import
inspect
from
django.utils.translation
import
ugettext_lazy
as
_
import
re
import
base64
...
...
@@ -17,71 +18,66 @@ import sys
def
reload_firewall
(
request
):
if
request
.
user
.
is_authenticated
():
if
request
.
user
.
is_superuser
:
html
=
(
u"Be vagy jelentkezve es admin is vagy, kedves
%
s!"
%
request
.
user
.
username
)
html
+=
"<br> 10 masodperc mulva ujratoltodik"
html
=
(
(
_
(
"Dear
%
s, you've signed in as administrator!"
)
%
request
.
user
.
username
)
+
"<br>"
+
_
(
"Reloading in 10 seconds..."
))
ReloadTask
.
delay
()
else
:
html
=
(
u"Be vagy jelentkezve, csak nem vagy admin, kedves
%
s!"
html
=
(
_
(
"Dear
%
s, you've signed in!"
)
%
request
.
user
.
username
)
else
:
html
=
u"Nem vagy bejelentkezve, kedves ismeretlen!"
html
=
_
(
"Dear anonymous, you've not signed in yet!"
)
return
HttpResponse
(
html
)
@csrf_exempt
@require_post
def
firewall_api
(
request
):
if
request
.
method
==
'POST'
:
try
:
data
=
json
.
loads
(
base64
.
b64decode
(
request
.
POST
[
"data"
]))
command
=
request
.
POST
[
"command"
]
if
data
[
"password"
]
!=
"bdmegintelrontottaanetet"
:
raise
Exception
(
"rossz jelszo"
)
try
:
data
=
json
.
loads
(
base64
.
b64decode
(
request
.
POST
[
"data"
]))
command
=
request
.
POST
[
"command"
]
if
data
[
"password"
]
!=
"bdmegintelrontottaanetet"
:
raise
Exception
(
_
(
"Wrong password."
))
if
not
(
data
[
"vlan"
]
==
"vm-net"
or
data
[
"vlan"
]
==
"war"
):
raise
Exception
(
"csak vm-net es war-re mukodik"
)
if
not
(
data
[
"vlan"
]
==
"vm-net"
or
data
[
"vlan"
]
==
"war"
):
raise
Exception
(
_
(
"Only vm-net and war can be used."
)
)
data
[
"hostname"
]
=
re
.
sub
(
r' '
,
'_'
,
data
[
"hostname"
])
data
[
"hostname"
]
=
re
.
sub
(
r' '
,
'_'
,
data
[
"hostname"
])
if
command
==
"create"
:
data
[
"owner"
]
=
"opennebula"
owner
=
auth
.
models
.
User
.
objects
.
get
(
username
=
data
[
"owner"
])
host
=
models
.
Host
(
hostname
=
data
[
"hostname"
],
vlan
=
models
.
Vlan
.
objects
.
get
(
name
=
data
[
"vlan"
]),
mac
=
data
[
"mac"
],
ipv4
=
data
[
"ip"
],
owner
=
owner
,
description
=
data
[
"description"
],
pub_ipv4
=
models
.
Vlan
.
objects
.
get
(
name
=
data
[
"vlan"
])
.
snat_ip
,
shared_ip
=
True
)
host
.
full_clean
()
host
.
save
()
if
command
==
"create"
:
data
[
"owner"
]
=
"opennebula"
owner
=
auth
.
models
.
User
.
objects
.
get
(
username
=
data
[
"owner"
])
host
=
models
.
Host
(
hostname
=
data
[
"hostname"
],
vlan
=
models
.
Vlan
.
objects
.
get
(
name
=
data
[
"vlan"
]),
mac
=
data
[
"mac"
],
ipv4
=
data
[
"ip"
],
owner
=
owner
,
description
=
data
[
"description"
],
pub_ipv4
=
models
.
Vlan
.
objects
.
get
(
name
=
data
[
"vlan"
])
.
snat_ip
,
shared_ip
=
True
)
host
.
full_clean
()
host
.
save
()
host
.
enable_net
()
host
.
enable_net
()
for
p
in
data
[
"portforward"
]:
host
.
add_port
(
proto
=
p
[
"proto"
],
public
=
int
(
p
[
"public_port"
]),
private
=
int
(
p
[
"private_port"
]))
for
p
in
data
[
"portforward"
]:
host
.
add_port
(
proto
=
p
[
"proto"
],
public
=
int
(
p
[
"public_port"
]),
private
=
int
(
p
[
"private_port"
]))
elif
command
==
"destroy"
:
data
[
"owner"
]
=
"opennebula"
print
data
[
"hostname"
]
owner
=
auth
.
models
.
User
.
objects
.
get
(
username
=
data
[
"owner"
])
host
=
models
.
Host
.
objects
.
get
(
hostname
=
data
[
"hostname"
],
owner
=
owner
)
host
.
del_rules
()
host
.
delete
()
else
:
raise
Exception
(
"rossz parancs"
)
reload_firewall_lock
()
except
(
ValidationError
,
IntegrityError
,
AttributeError
,
Exception
)
as
e
:
return
HttpResponse
(
u"rosszul hasznalod! :(
\n
%
s
\n
"
%
e
);
except
:
# raise
return
HttpResponse
(
u"rosszul hasznalod! :(
\n
"
);
return
HttpResponse
(
u"ok"
);
return
HttpResponse
(
u"ez kerlek egy api lesz!
\n
"
);
elif
command
==
"destroy"
:
data
[
"owner"
]
=
"opennebula"
print
data
[
"hostname"
]
owner
=
auth
.
models
.
User
.
objects
.
get
(
username
=
data
[
"owner"
])
host
=
models
.
Host
.
objects
.
get
(
hostname
=
data
[
"hostname"
],
owner
=
owner
)
host
.
del_rules
()
host
.
delete
()
else
:
raise
Exception
(
_
(
"Unknown command."
))
reload_firewall_lock
()
except
(
ValidationError
,
IntegrityError
,
AttributeError
,
Exception
)
as
e
:
return
HttpResponse
(
_
(
"Something went wrong!
\n
%
s
\n
"
)
%
e
);
except
:
return
HttpResponse
(
_
(
"Something went wrong!
\n
"
));
return
HttpResponse
(
_
(
"OK"
));
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment