Commit 1b7d6142 by Bach Dániel

firewall: reload_blacklist_task() added

parent 7da388f8
...@@ -185,6 +185,7 @@ CELERY_ROUTES = { ...@@ -185,6 +185,7 @@ CELERY_ROUTES = {
'firewall.tasks.reload_dns_task': {'queue': 'dns'}, 'firewall.tasks.reload_dns_task': {'queue': 'dns'},
'firewall.tasks.reload_firewall_task': {'queue': 'firewall'}, 'firewall.tasks.reload_firewall_task': {'queue': 'firewall'},
'firewall.tasks.reload_dhcp_task': {'queue': 'dhcp'}, 'firewall.tasks.reload_dhcp_task': {'queue': 'dhcp'},
'firewall.tasks.reload_blacklist_task': {'queue': 'firewall'},
} }
store_settings = { store_settings = {
......
...@@ -18,7 +18,6 @@ class firewall: ...@@ -18,7 +18,6 @@ class firewall:
pub = None pub = None
hosts = None hosts = None
fw = None fw = None
ipset = None
def dportsport(self, rule, repl=True): def dportsport(self, rule, repl=True):
retval = ' ' retval = ' '
...@@ -263,7 +262,6 @@ class firewall: ...@@ -263,7 +262,6 @@ class firewall:
def __init__(self, IPV6=False): def __init__(self, IPV6=False):
self.RULES=[] self.RULES=[]
self.RULES_NAT=[] self.RULES_NAT=[]
self.IPSET = []
self.IPV6 = IPV6 self.IPV6 = IPV6
self.vlans = models.Vlan.objects.all() self.vlans = models.Vlan.objects.all()
self.hosts = models.Host.objects.all() self.hosts = models.Host.objects.all()
...@@ -273,7 +271,6 @@ class firewall: ...@@ -273,7 +271,6 @@ class firewall:
self.ipt_filter() self.ipt_filter()
if not self.IPV6: if not self.IPV6:
self.ipt_nat() self.ipt_nat()
self.IPSET=self.ipset()
def reload(self): def reload(self):
if self.IPV6: if self.IPV6:
...@@ -292,7 +289,7 @@ class firewall: ...@@ -292,7 +289,7 @@ class firewall:
if self.IPV6: if self.IPV6:
return { 'filter': self.RULES, } return { 'filter': self.RULES, }
else: else:
return { 'filter': self.RULES, 'nat': self.RULES_NAT, 'ipset': self.IPSET } return { 'filter': self.RULES, 'nat': self.RULES_NAT }
def show(self): def show(self):
if self.IPV6: if self.IPV6:
...@@ -301,7 +298,7 @@ class firewall: ...@@ -301,7 +298,7 @@ class firewall:
return ('\n'.join(self.RULES) + '\n' + return ('\n'.join(self.RULES) + '\n' +
'\n'.join(self.RULES_NAT) + '\n') '\n'.join(self.RULES_NAT) + '\n')
def ipset(self): def ipset(self):
week = datetime.now()-timedelta(days=7) week = datetime.now()-timedelta(days=7)
return models.Blacklist.objects.filter(modified_at__gte=week).values_list('ipv4', flat=True) return models.Blacklist.objects.filter(modified_at__gte=week).values_list('ipv4', flat=True)
......
...@@ -319,8 +319,11 @@ class Record(models.Model): ...@@ -319,8 +319,11 @@ class Record(models.Model):
return retval return retval
class Blacklist(models.Model): class Blacklist(models.Model):
CHOICES_type = (('permban', 'permanent ban'), ('tempban', 'temporary ban'), ('whitelist', 'whitelist'))
ipv4 = models.GenericIPAddressField(protocol='ipv4', unique=True) ipv4 = models.GenericIPAddressField(protocol='ipv4', unique=True)
reason = models.TextField(blank=True) reason = models.TextField(blank=True)
snort_message = models.TextField(blank=True)
type = models.CharField(max_length=10, choices=CHOICES_type, default='tempban')
created_at = models.DateTimeField(auto_now_add=True) created_at = models.DateTimeField(auto_now_add=True)
modified_at = models.DateTimeField(auto_now=True) modified_at = models.DateTimeField(auto_now=True)
......
...@@ -15,6 +15,9 @@ def reload_firewall_task(data4, data6): ...@@ -15,6 +15,9 @@ def reload_firewall_task(data4, data6):
@celery.task @celery.task
def reload_dhcp_task(data): def reload_dhcp_task(data):
pass pass
@celery.task
def reload_blacklist_task(data):
pass
class ReloadTask(Task): class ReloadTask(Task):
def run(self, type='Host'): def run(self, type='Host'):
...@@ -47,5 +50,13 @@ class ReloadTask(Task): ...@@ -47,5 +50,13 @@ class ReloadTask(Task):
ipv6 = firewall(True).get() ipv6 = firewall(True).get()
reload_firewall_task.delay(ipv4, ipv6) reload_firewall_task.delay(ipv4, ipv6)
if type == "Blacklist":
lock = lambda: cache.add("blacklist_lock", "true", 9)
if lock():
if not sleep:
sleep = True
time.sleep(10)
reload_blacklist_task(ipset())
print type print type
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or sign in to comment