Skip to content

Gelencsér Szabolcs / cloud

Go to a project
Commit 30a50ad7 by Dudás Ádám
Options

erőltetem a szabályokat

parent 61dac5d1
Showing with 83 additions and 39 deletions
firewall/fw.py
......@@ -261,7 +261,8 @@ class firewall:
for s_vlan in self.vlans:
for d_vlan in self.vlans:
self.iptables('-N %s_%s' % (s_vlan, d_vlan))
self.iptables('-A FORWARD -i %s -o %s -g %s_%s' % (s_vlan.interface, d_vlan.interface, s_vlan, d_vlan))
self.iptables('-A FORWARD -i %s -o %s -g %s_%s' %
(s_vlan.interface, d_vlan.interface, s_vlan, d_vlan))
# hosts' rules
for i_vlan in self.vlans:
......
firewall/models.py
......@@ -13,37 +13,50 @@ from django.db.models.signals import post_save
import re
class Rule(models.Model):
CHOICES_type = (('host', 'host'), ('firewall', 'firewall'), ('vlan', 'vlan'))
CHOICES_type = (('host', 'host'), ('firewall', 'firewall'),
('vlan', 'vlan'))
CHOICES_proto = (('tcp', 'tcp'), ('udp', 'udp'), ('icmp', 'icmp'))
CHOICES_dir = (('0', 'out'), ('1', 'in'))
direction = models.CharField(max_length=1, choices=CHOICES_dir, blank=False)
direction = models.CharField(max_length=1, choices=CHOICES_dir,
blank=False)
description = models.TextField(blank=True)
foreign_network = models.ForeignKey('VlanGroup', related_name="ForeignRules")
dport = models.IntegerField(blank=True, null=True, validators=[MinValueValidator(1), MaxValueValidator(65535)])
sport = models.IntegerField(blank=True, null=True, validators=[MinValueValidator(1), MaxValueValidator(65535)])
proto = models.CharField(max_length=10, choices=CHOICES_proto, blank=True, null=True)
foreign_network = models.ForeignKey('VlanGroup',
related_name="ForeignRules")
dport = models.IntegerField(blank=True, null=True,
validators=[MinValueValidator(1), MaxValueValidator(65535)])
sport = models.IntegerField(blank=True, null=True,
validators=[MinValueValidator(1), MaxValueValidator(65535)])
proto = models.CharField(max_length=10, choices=CHOICES_proto,
blank=True, null=True)
extra = models.TextField(blank=True)
accept = models.BooleanField(default=False)
owner = models.ForeignKey(User, blank=True, null=True)
r_type = models.CharField(max_length=10, choices=CHOICES_type)
nat = models.BooleanField(default=False)
nat_dport = models.IntegerField(blank=True, null=True, validators=[MinValueValidator(1), MaxValueValidator(65535)])
nat_dport = models.IntegerField(blank=True, null=True,
validators=[MinValueValidator(1), MaxValueValidator(65535)])
created_at = models.DateTimeField(auto_now_add=True)
modified_at = models.DateTimeField(auto_now=True)
vlan = models.ForeignKey('Vlan', related_name="rules", blank=True, null=True)
vlangroup = models.ForeignKey('VlanGroup', related_name="rules", blank=True, null=True)
host = models.ForeignKey('Host', related_name="rules", blank=True, null=True)
hostgroup = models.ForeignKey('Group', related_name="rules", blank=True, null=True)
firewall = models.ForeignKey('Firewall', related_name="rules", blank=True, null=True)
vlan = models.ForeignKey('Vlan', related_name="rules", blank=True,
null=True)
vlangroup = models.ForeignKey('VlanGroup', related_name="rules",
blank=True, null=True)
host = models.ForeignKey('Host', related_name="rules", blank=True,
null=True)
hostgroup = models.ForeignKey('Group', related_name="rules",
blank=True, null=True)
firewall = models.ForeignKey('Firewall', related_name="rules",
blank=True, null=True)
def __unicode__(self):
return self.desc()
def clean(self):
count = 0
for field in [self.vlan, self.vlangroup, self.host, self.hostgroup, self.firewall]:
for field in [self.vlan, self.vlangroup, self.host, self.hostgroup,
self.firewall]:
if field is None:
count = count + 1
if count != 4:
......@@ -57,11 +70,16 @@ class Rule(models.Model):
para = "sport=%s %s" % (self.sport, para)
if(self.proto):
para = "proto=%s %s" % (self.proto, para)
return u'[' + self.r_type + u'] ' + (unicode(self.foreign_network) + u' ▸ ' + self.r_type if self.direction=='1' else self.r_type + u' ▸ ' + unicode(self.foreign_network)) + u' ' + para + u' ' +self.description
return (u'[' + self.r_type + u'] ' +
(unicode(self.foreign_network) + u' ▸ ' + self.r_type
if self.direction == '1' else self.r_type + u' ▸ ' +
unicode(self.foreign_network)) + u' ' + para + u' ' +
self.description)
class Vlan(models.Model):
vid = models.IntegerField(unique=True)
name = models.CharField(max_length=20, unique=True, validators=[val_alfanum])
name = models.CharField(max_length=20, unique=True,
validators=[val_alfanum])
prefix4 = models.IntegerField(default=16)
prefix6 = models.IntegerField(default=80)
interface = models.CharField(max_length=20, unique=True)
......@@ -69,8 +87,10 @@ class Vlan(models.Model):
net6 = models.GenericIPAddressField(protocol='ipv6', unique=True)
ipv4 = models.GenericIPAddressField(protocol='ipv4', unique=True)
ipv6 = models.GenericIPAddressField(protocol='ipv6', unique=True)
snat_ip = models.GenericIPAddressField(protocol='ipv4', blank=True, null=True)
snat_to = models.ManyToManyField('self', symmetrical=False, blank=True, null=True)
snat_ip = models.GenericIPAddressField(protocol='ipv4', blank=True,
null=True)
snat_to = models.ManyToManyField('self', symmetrical=False, blank=True,
null=True)
description = models.TextField(blank=True)
comment = models.TextField(blank=True)
domain = models.ForeignKey('Domain')
......@@ -91,7 +111,8 @@ class Vlan(models.Model):
class VlanGroup(models.Model):
name = models.CharField(max_length=20, unique=True)
vlans = models.ManyToManyField('Vlan', symmetrical=False, blank=True, null=True)
vlans = models.ManyToManyField('Vlan', symmetrical=False, blank=True,
null=True)
description = models.TextField(blank=True)
owner = models.ForeignKey(User, blank=True, null=True)
created_at = models.DateTimeField(auto_now_add=True)
......@@ -111,19 +132,24 @@ class Group(models.Model):
return self.name
class Host(models.Model):
hostname = models.CharField(max_length=40, unique=True, validators=[val_alfanum])
reverse = models.CharField(max_length=40, validators=[val_domain], blank=True, null=True)
hostname = models.CharField(max_length=40, unique=True,
validators=[val_alfanum])
reverse = models.CharField(max_length=40, validators=[val_domain],
blank=True, null=True)
mac = MACAddressField(unique=True)
ipv4 = models.GenericIPAddressField(protocol='ipv4', unique=True)
pub_ipv4 = models.GenericIPAddressField(protocol='ipv4', blank=True, null=True)
ipv6 = models.GenericIPAddressField(protocol='ipv6', unique=True, blank=True, null=True)
pub_ipv4 = models.GenericIPAddressField(protocol='ipv4', blank=True,
null=True)
ipv6 = models.GenericIPAddressField(protocol='ipv6', unique=True,
blank=True, null=True)
shared_ip = models.BooleanField(default=False)
description = models.TextField(blank=True)
comment = models.TextField(blank=True)
location = models.TextField(blank=True)
vlan = models.ForeignKey('Vlan')
owner = models.ForeignKey(User)
groups = models.ManyToManyField('Group', symmetrical=False, blank=True, null=True)
groups = models.ManyToManyField('Group', symmetrical=False, blank=True,
null=True)
created_at = models.DateTimeField(auto_now_add=True)
modified_at = models.DateTimeField(auto_now=True)
......@@ -134,16 +160,19 @@ class Host(models.Model):
id = self.id
if not self.id and self.ipv6 == "auto":
self.ipv6 = ipv4_2_ipv6(self.ipv4)
if not self.shared_ip and self.pub_ipv4 and Host.objects.exclude(id=self.id).filter(pub_ipv4=self.pub_ipv4):
if (not self.shared_ip and self.pub_ipv4 and Host.objects.
exclude(id=self.id).filter(pub_ipv4=self.pub_ipv4)):
raise ValidationError("Ha a shared_ip be van pipalva, akkor egyedinek kell lennie a pub_ipv4-nek!")
if Host.objects.exclude(id=self.id).filter(pub_ipv4=self.ipv4):
raise ValidationError("Egy masik host natolt cimet nem hasznalhatod sajat ipv4-nek")
self.full_clean()
super(Host, self).save(*args, **kwargs)
if(id is None):
Record(domain=self.vlan.domain, host=self, type='A', owner=self.owner).save()
if id is None:
Record(domain=self.vlan.domain, host=self, type='A',
owner=self.owner).save()
if self.ipv6:
Record(domain=self.vlan.domain, host=self, type='AAAA', owner=self.owner).save()
Record(domain=self.vlan.domain, host=self, type='AAAA',
owner=self.owner).save()
def enable_net(self):
self.groups.add(Group.objects.get(name="netezhet"))
......@@ -154,18 +183,24 @@ class Host(models.Model):
raise ValidationError("Csak az 1024 feletti portok hasznalhatok")
for host in Host.objects.filter(pub_ipv4=self.pub_ipv4):
if host.rules.filter(nat=True, proto=proto, dport=public):
raise ValidationError("A %s %s port mar hasznalva" % (proto, public))
rule = Rule(direction='1', owner=self.owner, dport=public, proto=proto, nat=True, accept=True, r_type="host", nat_dport=private, host=self, foreign_network=VlanGroup.objects.get(name=settings["default_vlangroup"]))
raise ValidationError("A %s %s port mar hasznalva" %
(proto, public))
rule = Rule(direction='1', owner=self.owner, dport=public,
proto=proto, nat=True, accept=True, r_type="host",
nat_dport=private, host=self, foreign_network=VlanGroup.
objects.get(name=settings["default_vlangroup"]))
rule.full_clean()
rule.save()
def del_port(self, proto, public):
self.rules.filter(owner=self.owner, proto=proto, nat=True, dport=public).delete()
self.rules.filter(owner=self.owner, proto=proto, nat=True,
dport=public).delete()
def list_ports(self):
retval = []
for rule in self.rules.filter(owner=self.owner, nat=True):
retval.append({'proto': rule.proto, 'public': rule.dport, 'private': rule.nat_dport})
retval.append({'proto': rule.proto, 'public': rule.dport,
'private': rule.nat_dport})
return retval
def del_rules(self):
......@@ -193,8 +228,10 @@ class Domain(models.Model):
return self.name
class Record(models.Model):
CHOICES_type = (('A', 'A'), ('CNAME', 'CNAME'), ('AAAA', 'AAAA'), ('MX', 'MX'), ('NS', 'NS'), ('PTR', 'PTR'), ('TXT', 'TXT'))
name = models.CharField(max_length=40, validators=[val_domain], blank=True, null=True)
CHOICES_type = (('A', 'A'), ('CNAME', 'CNAME'), ('AAAA', 'AAAA'),
('MX', 'MX'), ('NS', 'NS'), ('PTR', 'PTR'), ('TXT', 'TXT'))
name = models.CharField(max_length=40, validators=[val_domain],
blank=True, null=True)
domain = models.ForeignKey('Domain')
host = models.ForeignKey('Host', blank=True, null=True)
type = models.CharField(max_length=6, choices=CHOICES_type)
......@@ -225,9 +262,11 @@ class Record(models.Model):
if self.host and self.type in ['CNAME', 'A', 'AAAA']:
if self.type == 'CNAME':
if not self.name or self.address:
raise ValidationError(u'CNAME rekordnal csak a name legyen kitoltve, ha van host beallitva')
raise ValidationError(u'CNAME rekordnal csak a name '
'legyen kitoltve, ha van host beallitva')
elif self.name or self.address:
raise ValidationError(u'A, AAAA rekord eseten nem szabad megadni name-t, address-t, ha tarsitva van host')
raise ValidationError(u'A, AAAA rekord eseten nem szabad '
'megadni name-t, address-t, ha tarsitva van host')
else:
if not self.address:
raise ValidationError(u'address hianyzik')
......@@ -243,16 +282,20 @@ class Record(models.Model):
raise ValidationError(u'ez nem ipv6cim, ez nudli!')
elif self.type == 'MX':
mx = self.address.split(':', 1)
if not (len(mx) == 2 and mx[0].isdigit() and domain_re.match(mx[1])):
if not (len(mx) == 2 and mx[0].isdigit() and
domain_re.match(mx[1])):
raise ValidationError(u'prioritas:hostname')
else:
raise ValidationError(u'ez ismeretlen rekord, ez nudli!')
def get_data(self):
retval = { 'name': self.name, 'type': self.type, 'ttl': self.ttl, 'address': self.address }
retval = { 'name': self.name, 'type': self.type, 'ttl': self.ttl,
'address': self.address }
if self.host and self.type in ['CNAME', 'A', 'AAAA']:
if self.type == 'A':
retval['address'] = self.host.pub_ipv4 if self.host.pub_ipv4 and not self.host.shared_ip else self.host.ipv4
retval['address'] = (self.host.pub_ipv4
if self.host.pub_ipv4 and not self.host.shared_ip
else self.host.ipv4)
retval['name'] = self.host.get_fqdn()
elif self.type == 'AAAA':
if not self.host.ipv6:
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or sign in to comment