Commit 8dd2391b by Czémán Arnold

firewall: Add --port-range option for add_rule command

parent 30b9fcd7
...@@ -24,17 +24,26 @@ class Command(BaseCommand): ...@@ -24,17 +24,26 @@ class Command(BaseCommand):
def add_arguments(self, parser): def add_arguments(self, parser):
parser.add_argument('--port', group = parser.add_mutually_exclusive_group(required=True)
group.add_argument('--port',
action='store', action='store',
dest='port', dest='port',
type=int, type=int,
required=True,
help='port which will open (0-65535)') help='port which will open (0-65535)')
group.add_argument('--port-range',
action='store',
dest='range',
type=int,
nargs=2,
help='closed port range which will open (0-65535)',
metavar=('LOWER', 'HIGHER'))
parser.add_argument('--protocol', parser.add_argument('--protocol',
action='store', action='store',
dest='proto', dest='proto',
default=False, required=True,
choices=('tcp', 'udp', 'icmp'), choices=('tcp', 'udp', 'icmp'),
help='protocol name') help='protocol name')
...@@ -73,6 +82,7 @@ class Command(BaseCommand): ...@@ -73,6 +82,7 @@ class Command(BaseCommand):
def handle(self, *args, **options): def handle(self, *args, **options):
port = options['port'] port = options['port']
range = options['range']
proto = options['proto'] proto = options['proto']
action = options['action'] action = options['action']
dir = options['dir'] dir = options['dir']
...@@ -80,9 +90,6 @@ class Command(BaseCommand): ...@@ -80,9 +90,6 @@ class Command(BaseCommand):
vlan = options['vlan'] vlan = options['vlan']
fnet = options['vlan_group'] fnet = options['vlan_group']
if port < 0 or port > 65535:
raise CommandError("Port '%i' not in range [0-65535]" % port)
try: try:
owner = User.objects.get(username=owner) owner = User.objects.get(username=owner)
vlan = Vlan.objects.get(name=vlan) vlan = Vlan.objects.get(name=vlan)
...@@ -94,21 +101,36 @@ class Command(BaseCommand): ...@@ -94,21 +101,36 @@ class Command(BaseCommand):
except VlanGroup.DoesNotExist: except VlanGroup.DoesNotExist:
raise CommandError("VlanGroup '%s' does not exist" % fnet) raise CommandError("VlanGroup '%s' does not exist" % fnet)
if proto: if port:
self.add_rule(port, proto, action, dir, owner, vlan, fnet) self.validate_port(port)
rule = self.make_rule(port, proto, action, dir, owner, vlan, fnet)
rule.save()
else: else:
self.add_rule(port, 'tcp', action, dir, owner, vlan, fnet) lower = min(range)
self.add_rule(port, 'udp', action, dir, owner, vlan, fnet) higher = max(range)
self.validate_port(lower)
self.validate_port(higher)
def add_rule(self, port, proto, action, dir, owner, vlan, fnet): rules = []
if self.is_exist(port, proto, action, dir, owner, vlan, fnet): for port in xrange(lower, higher+1):
raise CommandError('Rule does exist, yet') rule = self.make_rule(port, proto, action, dir,
owner, vlan, fnet)
rules.append(rule)
Rule.objects.bulk_create(rules)
def make_rule(self, port, proto, action, dir, owner, vlan, fnet):
rule = Rule(direction=dir, dport=port, proto=proto, action=action, rule = Rule(direction=dir, dport=port, proto=proto, action=action,
vlan=vlan, foreign_network=fnet, owner=owner) vlan=vlan, foreign_network=fnet, owner=owner)
if self.is_exist(port, proto, action, dir, owner, vlan, fnet):
raise CommandError('Rule does exist, yet: %s' % unicode(rule))
rule.full_clean() rule.full_clean()
rule.save()
return rule
def is_exist(self, port, proto, action, dir, owner, vlan, fnet): def is_exist(self, port, proto, action, dir, owner, vlan, fnet):
...@@ -120,3 +142,7 @@ class Command(BaseCommand): ...@@ -120,3 +142,7 @@ class Command(BaseCommand):
foreign_network=fnet, foreign_network=fnet,
owner=owner) owner=owner)
return rules.exists() return rules.exists()
def validate_port(self, port):
if port < 0 or port > 65535:
raise CommandError("Port '%i' not in range [0-65535]" % port)
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or sign in to comment