Commit 4e1441d6 by Dányi Bence

Merge branch 'master' of ssh://giccero.cloud.ik.bme.hu/cloud

parents 33c3b2dd e83122c8
# -*- coding: utf8 -*-
from django.contrib import admin from django.contrib import admin
from firewall.models import * from firewall.models import *
from django import contrib from django import contrib
...@@ -6,38 +8,72 @@ from django import contrib ...@@ -6,38 +8,72 @@ from django import contrib
class AliasInline(contrib.admin.TabularInline): class AliasInline(contrib.admin.TabularInline):
model = Alias model = Alias
class RuleInline(contrib.admin.TabularInline):
model = Rule
class HostAdmin(admin.ModelAdmin): class HostAdmin(admin.ModelAdmin):
list_display = ('hostname', 'vlan', 'ipv4', 'ipv6', 'pub_ipv4', 'mac', 'shared_ip', 'owner', 'groups_l', 'rules_l', 'description', 'reverse') list_display = ('hostname', 'vlan', 'ipv4', 'ipv6', 'pub_ipv4', 'mac', 'shared_ip', 'owner', 'description', 'reverse')
ordering = ('hostname', ) ordering = ('hostname', )
list_filter = ('owner', 'vlan', 'groups') list_filter = ('owner', 'vlan', 'groups')
search_fields = ('hostname', 'description', 'ipv4', 'ipv6', 'mac') search_fields = ('hostname', 'description', 'ipv4', 'ipv6', 'mac')
filter_horizontal = ('groups', 'rules', ) filter_horizontal = ('groups', )
inlines = (AliasInline, ) inlines = (AliasInline, RuleInline)
class HostInline(contrib.admin.TabularInline): class HostInline(contrib.admin.TabularInline):
model = Host model = Host
fields = ('hostname', 'ipv4', 'ipv6', 'pub_ipv4', 'mac', 'shared_ip', 'owner', 'reverse') fields = ('hostname', 'ipv4', 'ipv6', 'pub_ipv4', 'mac', 'shared_ip', 'owner', 'reverse')
class VlanAdmin(admin.ModelAdmin): class VlanAdmin(admin.ModelAdmin):
list_display = ('vid', 'name', 'rules_l', 'ipv4', 'net_ipv4', 'ipv6', 'net_ipv6', 'description', 'domain', 'snat_ip', 'snat_to_l') list_display = ('vid', 'name', 'ipv4', 'net_ipv4', 'ipv6', 'net_ipv6', 'description', 'domain', 'snat_ip', )
ordering = ('vid', ) ordering = ('vid', )
inlines = (HostInline, ) inlines = (HostInline, RuleInline)
class RuleAdmin(admin.ModelAdmin): class RuleAdmin(admin.ModelAdmin):
list_display = ('r_type', 'color_desc', 'description', 'vlan_l', 'owner', 'extra', 'direction', 'accept', 'proto', 'sport', 'dport', 'nat', 'nat_dport') list_display = ('r_type', 'color_desc', 'owner', 'extra', 'direction', 'accept', 'proto', 'sport', 'dport', 'nat', 'nat_dport', 'used_in')
list_filter = ('r_type', 'vlan', 'owner', 'direction', 'accept', 'proto', 'nat') list_filter = ('r_type', 'vlan', 'owner', 'direction', 'accept', 'proto', 'nat')
def color_desc(self, instance):
para = '</span>'
if(instance.dport):
para = "dport=%s %s" % (instance.dport, para)
if(instance.sport):
para = "sport=%s %s" % (instance.sport, para)
if(instance.proto):
para = "proto=%s %s" % (instance.proto, para)
para= u'<span style="color: #00FF00;">' + para
return u'<span style="color: #FF0000;">[' + instance.r_type + u']</span> ' + (instance.foreign_network.name + u'<span style="color: #0000FF;"> ▸ </span>' + instance.r_type if instance.direction=='1' else instance.r_type + u'<span style="color: #0000FF;"> ▸ </span>' + instance.foreign_network.name) + ' ' + para + ' ' + instance.description
color_desc.allow_tags = True
def vlan_l(self, instance):
retval = []
for vl in instance.foreign_network.vlans.all():
retval.append(vl.name)
return u', '.join(retval)
def used_in(self, instance):
for field in [instance.vlan, instance.vlangroup, instance.host, instance.hostgroup, instance.firewall]:
if field is not None:
return unicode(field) + ' ' + field._meta.object_name
class AliasAdmin(admin.ModelAdmin): class AliasAdmin(admin.ModelAdmin):
list_display = ('alias', 'host') list_display = ('alias', 'host')
class SettingAdmin(admin.ModelAdmin): class SettingAdmin(admin.ModelAdmin):
list_display = ('key', 'value') list_display = ('key', 'value', 'description')
class GroupAdmin(admin.ModelAdmin):
list_display = ('name', 'owner', 'description')
inlines = (RuleInline, )
class FirewallAdmin(admin.ModelAdmin):
inlines = (RuleInline, )
admin.site.register(Host, HostAdmin) admin.site.register(Host, HostAdmin)
admin.site.register(Vlan, VlanAdmin) admin.site.register(Vlan, VlanAdmin)
admin.site.register(Rule, RuleAdmin) admin.site.register(Rule, RuleAdmin)
admin.site.register(Alias, AliasAdmin) admin.site.register(Alias, AliasAdmin)
admin.site.register(Setting, SettingAdmin) admin.site.register(Setting, SettingAdmin)
admin.site.register(Group) admin.site.register(Group, GroupAdmin)
admin.site.register(Firewall) admin.site.register(VlanGroup)
admin.site.register(Firewall, FirewallAdmin)
...@@ -38,6 +38,9 @@ class firewall: ...@@ -38,6 +38,9 @@ class firewall:
self.SZABALYOK_NAT.append(s) self.SZABALYOK_NAT.append(s)
def host2vlan(self, host, rule): def host2vlan(self, host, rule):
if rule.foreign_network is None:
return
if(self.IPV6 and host.ipv6): if(self.IPV6 and host.ipv6):
ipaddr = host.ipv6 + "/112" ipaddr = host.ipv6 + "/112"
else: else:
...@@ -45,7 +48,7 @@ class firewall: ...@@ -45,7 +48,7 @@ class firewall:
dport_sport = self.dportsport(rule) dport_sport = self.dportsport(rule)
for vlan in rule.vlan.all(): for vlan in rule.foreign_network.vlans.all():
if(rule.accept): if(rule.accept):
if(rule.direction == '0' and vlan.name == "PUB"): if(rule.direction == '0' and vlan.name == "PUB"):
if(rule.dport == 25): if(rule.dport == 25):
...@@ -64,18 +67,24 @@ class firewall: ...@@ -64,18 +67,24 @@ class firewall:
def fw2vlan(self, rule): def fw2vlan(self, rule):
if rule.foreign_network is None:
return
dport_sport = self.dportsport(rule) dport_sport = self.dportsport(rule)
for vlan in rule.vlan.all(): for vlan in rule.foreign_network.vlans.all():
if(rule.direction == '1'): # HOSTHOZ megy if(rule.direction == '1'): # HOSTHOZ megy
self.iptables("-A INPUT -i %s %s %s -g %s" % (vlan.interface, dport_sport, rule.extra, "LOG_ACC" if rule.accept else "LOG_DROP")) self.iptables("-A INPUT -i %s %s %s -g %s" % (vlan.interface, dport_sport, rule.extra, "LOG_ACC" if rule.accept else "LOG_DROP"))
else: else:
self.iptables("-A OUTPUT -o %s %s %s -g %s" % (vlan.interface, dport_sport, rule.extra, "LOG_ACC" if rule.accept else "LOG_DROP")) self.iptables("-A OUTPUT -o %s %s %s -g %s" % (vlan.interface, dport_sport, rule.extra, "LOG_ACC" if rule.accept else "LOG_DROP"))
def vlan2vlan(self, l_vlan, rule): def vlan2vlan(self, l_vlan, rule):
if rule.foreign_network is None:
return
dport_sport = self.dportsport(rule) dport_sport = self.dportsport(rule)
for vlan in rule.vlan.all(): for vlan in rule.foreign_network.vlans.all():
if(rule.accept): if(rule.accept):
if((rule.direction == '0') and vlan.name == "PUB"): if((rule.direction == '0') and vlan.name == "PUB"):
action = "PUB_OUT" action = "PUB_OUT"
......
...@@ -12,6 +12,7 @@ from modeldict import ModelDict ...@@ -12,6 +12,7 @@ from modeldict import ModelDict
class Setting(models.Model): class Setting(models.Model):
key = models.CharField(max_length=32) key = models.CharField(max_length=32)
value = models.CharField(max_length=200) value = models.CharField(max_length=200)
description = models.TextField(blank=True)
settings = ModelDict(Setting, key='key', value='value', instances=False) settings = ModelDict(Setting, key='key', value='value', instances=False)
...@@ -19,9 +20,10 @@ class Rule(models.Model): ...@@ -19,9 +20,10 @@ class Rule(models.Model):
CHOICES_type = (('host', 'host'), ('firewall', 'firewall'), ('vlan', 'vlan')) CHOICES_type = (('host', 'host'), ('firewall', 'firewall'), ('vlan', 'vlan'))
CHOICES_proto = (('tcp', 'tcp'), ('udp', 'udp'), ('icmp', 'icmp')) CHOICES_proto = (('tcp', 'tcp'), ('udp', 'udp'), ('icmp', 'icmp'))
CHOICES_dir = (('0', 'out'), ('1', 'in')) CHOICES_dir = (('0', 'out'), ('1', 'in'))
direction = models.CharField(max_length=1, choices=CHOICES_dir, blank=False) direction = models.CharField(max_length=1, choices=CHOICES_dir, blank=False)
description = models.TextField(blank=True) description = models.TextField(blank=True)
vlan = models.ManyToManyField('Vlan', symmetrical=False, blank=True, null=True) foreign_network = models.ForeignKey('VlanGroup', related_name="ForeignRules")
dport = models.IntegerField(blank=True, null=True, validators=[MinValueValidator(1), MaxValueValidator(65535)]) dport = models.IntegerField(blank=True, null=True, validators=[MinValueValidator(1), MaxValueValidator(65535)])
sport = models.IntegerField(blank=True, null=True, validators=[MinValueValidator(1), MaxValueValidator(65535)]) sport = models.IntegerField(blank=True, null=True, validators=[MinValueValidator(1), MaxValueValidator(65535)])
proto = models.CharField(max_length=10, choices=CHOICES_proto, blank=True, null=True) proto = models.CharField(max_length=10, choices=CHOICES_proto, blank=True, null=True)
...@@ -34,20 +36,22 @@ class Rule(models.Model): ...@@ -34,20 +36,22 @@ class Rule(models.Model):
created_at = models.DateTimeField(auto_now_add=True) created_at = models.DateTimeField(auto_now_add=True)
modified_at = models.DateTimeField(auto_now=True) modified_at = models.DateTimeField(auto_now=True)
vlan = models.ForeignKey('Vlan', related_name="rules", blank=True, null=True)
vlangroup = models.ForeignKey('VlanGroup', related_name="rules", blank=True, null=True)
host = models.ForeignKey('Host', related_name="rules", blank=True, null=True)
hostgroup = models.ForeignKey('Group', related_name="rules", blank=True, null=True)
firewall = models.ForeignKey('Firewall', related_name="rules", blank=True, null=True)
def __unicode__(self): def __unicode__(self):
return self.desc() return self.desc()
def color_desc(self): def clean(self):
para = '</span>' count = 0
if(self.dport): for field in [self.vlan, self.vlangroup, self.host, self.hostgroup, self.firewall]:
para = "dport=%s %s" % (self.dport, para) if field is None:
if(self.sport): count = count + 1
para = "sport=%s %s" % (self.sport, para) if count != 4:
if(self.proto): raise ValidationError('jaj')
para = "proto=%s %s" % (self.proto, para)
para= u'<span style="color: #00FF00;">' + para
return u'<span style="color: #FF0000;">[' + self.r_type + u']</span> ' + (self.vlan_l() + u'<span style="color: #0000FF;"> ▸ </span>' + self.r_type if self.direction=='1' else self.r_type + u'<span style="color: #0000FF;"> ▸ </span>' + self.vlan_l()) + ' ' + para + ' ' +self.description
color_desc.allow_tags = True
def desc(self): def desc(self):
para = u"" para = u""
...@@ -57,12 +61,7 @@ class Rule(models.Model): ...@@ -57,12 +61,7 @@ class Rule(models.Model):
para = "sport=%s %s" % (self.sport, para) para = "sport=%s %s" % (self.sport, para)
if(self.proto): if(self.proto):
para = "proto=%s %s" % (self.proto, para) para = "proto=%s %s" % (self.proto, para)
return u'[' + self.r_type + u'] ' + (self.vlan_l() + u' ▸ ' + self.r_type if self.direction=='1' else self.r_type + u' ▸ ' + self.vlan_l()) + u' ' + para + u' ' +self.description return u'[' + self.r_type + u'] ' + (unicode(self.foreign_network) + u' ▸ ' + self.r_type if self.direction=='1' else self.r_type + u' ▸ ' + unicode(self.foreign_network)) + u' ' + para + u' ' +self.description
def vlan_l(self):
retval = []
for vl in self.vlan.all():
retval.append(vl.name)
return u', '.join(retval)
class Vlan(models.Model): class Vlan(models.Model):
vid = models.IntegerField(unique=True) vid = models.IntegerField(unique=True)
...@@ -76,34 +75,38 @@ class Vlan(models.Model): ...@@ -76,34 +75,38 @@ class Vlan(models.Model):
ipv6 = models.GenericIPAddressField(protocol='ipv6', unique=True) ipv6 = models.GenericIPAddressField(protocol='ipv6', unique=True)
snat_ip = models.GenericIPAddressField(protocol='ipv4', blank=True, null=True) snat_ip = models.GenericIPAddressField(protocol='ipv4', blank=True, null=True)
snat_to = models.ManyToManyField('self', symmetrical=False, blank=True, null=True) snat_to = models.ManyToManyField('self', symmetrical=False, blank=True, null=True)
rules = models.ManyToManyField('Rule', related_name="%(app_label)s_%(class)s_related", symmetrical=False, blank=True, null=True)
description = models.TextField(blank=True) description = models.TextField(blank=True)
comment = models.TextField(blank=True) comment = models.TextField(blank=True)
domain = models.TextField(blank=True, validators=[val_domain]) domain = models.TextField(blank=True, validators=[val_domain])
dhcp_pool = models.TextField(blank=True) dhcp_pool = models.TextField(blank=True)
created_at = models.DateTimeField(auto_now_add=True) created_at = models.DateTimeField(auto_now_add=True)
owner = models.ForeignKey(User, blank=True, null=True)
modified_at = models.DateTimeField(auto_now=True) modified_at = models.DateTimeField(auto_now=True)
def __unicode__(self): def __unicode__(self):
return self.name return self.name
def net_ipv6(self): def net_ipv6(self):
return self.net6 + "/" + unicode(self.prefix6) return self.net6 + "/" + unicode(self.prefix6)
def net_ipv4(self): def net_ipv4(self):
return self.net4 + "/" + unicode(self.prefix4) return self.net4 + "/" + unicode(self.prefix4)
def rules_l(self):
retval = [] class VlanGroup(models.Model):
for rl in self.rules.all(): name = models.CharField(max_length=20, unique=True)
retval.append(unicode(rl)) vlans = models.ManyToManyField('Vlan', symmetrical=False, blank=True, null=True)
return ', '.join(retval) description = models.TextField(blank=True)
def snat_to_l(self): owner = models.ForeignKey(User, blank=True, null=True)
retval = [] created_at = models.DateTimeField(auto_now_add=True)
for rl in self.snat_to.all(): modified_at = models.DateTimeField(auto_now=True)
retval.append(unicode(rl))
return ', '.join(retval) def __unicode__(self):
return self.name
class Group(models.Model): class Group(models.Model):
name = models.CharField(max_length=20, unique=True) name = models.CharField(max_length=20, unique=True)
rules = models.ManyToManyField('Rule', symmetrical=False, blank=True, null=True) description = models.TextField(blank=True)
owner = models.ForeignKey(User, blank=True, null=True)
created_at = models.DateTimeField(auto_now_add=True) created_at = models.DateTimeField(auto_now_add=True)
modified_at = models.DateTimeField(auto_now=True) modified_at = models.DateTimeField(auto_now=True)
...@@ -116,6 +119,7 @@ class Alias(models.Model): ...@@ -116,6 +119,7 @@ class Alias(models.Model):
owner = models.ForeignKey(User, null=True, blank=True) owner = models.ForeignKey(User, null=True, blank=True)
created_at = models.DateTimeField(auto_now_add=True) created_at = models.DateTimeField(auto_now_add=True)
modified_at = models.DateTimeField(auto_now=True) modified_at = models.DateTimeField(auto_now=True)
class Meta: class Meta:
verbose_name_plural = 'aliases' verbose_name_plural = 'aliases'
...@@ -133,12 +137,12 @@ class Host(models.Model): ...@@ -133,12 +137,12 @@ class Host(models.Model):
vlan = models.ForeignKey('Vlan') vlan = models.ForeignKey('Vlan')
owner = models.ForeignKey(User) owner = models.ForeignKey(User)
groups = models.ManyToManyField('Group', symmetrical=False, blank=True, null=True) groups = models.ManyToManyField('Group', symmetrical=False, blank=True, null=True)
rules = models.ManyToManyField('Rule', symmetrical=False, blank=True, null=True)
created_at = models.DateTimeField(auto_now_add=True) created_at = models.DateTimeField(auto_now_add=True)
modified_at = models.DateTimeField(auto_now=True) modified_at = models.DateTimeField(auto_now=True)
def __unicode__(self): def __unicode__(self):
return self.hostname return self.hostname
def save(self, *args, **kwargs): def save(self, *args, **kwargs):
if not self.id and self.ipv6 == "auto": if not self.id and self.ipv6 == "auto":
self.ipv6 = ipv4_2_ipv6(self.ipv4) self.ipv6 = ipv4_2_ipv6(self.ipv4)
...@@ -146,18 +150,9 @@ class Host(models.Model): ...@@ -146,18 +150,9 @@ class Host(models.Model):
raise ValidationError("Ha a shared_ip be van pipalva, akkor egyedinek kell lennie a pub_ipv4-nek!") raise ValidationError("Ha a shared_ip be van pipalva, akkor egyedinek kell lennie a pub_ipv4-nek!")
if Host.objects.exclude(id=self.id).filter(pub_ipv4=self.ipv4): if Host.objects.exclude(id=self.id).filter(pub_ipv4=self.ipv4):
raise ValidationError("Egy masik host natolt cimet nem hasznalhatod sajat ipv4-nek") raise ValidationError("Egy masik host natolt cimet nem hasznalhatod sajat ipv4-nek")
self.full_clean()
super(Host, self).save(*args, **kwargs) super(Host, self).save(*args, **kwargs)
def groups_l(self):
retval = []
for grp in self.groups.all():
retval.append(grp.name)
return ', '.join(retval)
def rules_l(self):
retval = []
for rl in self.rules.all():
retval.append(unicode(rl.color_desc()))
return '<br>'.join(retval)
rules_l.allow_tags = True
def enable_net(self): def enable_net(self):
self.groups.add(Group.objects.get(name="netezhet")) self.groups.add(Group.objects.get(name="netezhet"))
...@@ -168,17 +163,9 @@ class Host(models.Model): ...@@ -168,17 +163,9 @@ class Host(models.Model):
for host in Host.objects.filter(pub_ipv4=self.pub_ipv4): for host in Host.objects.filter(pub_ipv4=self.pub_ipv4):
if host.rules.filter(nat=True, proto=proto, dport=public): if host.rules.filter(nat=True, proto=proto, dport=public):
raise ValidationError("A %s %s port mar hasznalva" % (proto, public)) raise ValidationError("A %s %s port mar hasznalva" % (proto, public))
rule = Rule(direction='1', owner=self.owner, description=u"%s %s %s ▸ %s" % (self.hostname, proto, public, private), dport=public, proto=proto, nat=True, accept=True, r_type="host", nat_dport=private) rule = Rule(direction='1', owner=self.owner, dport=public, proto=proto, nat=True, accept=True, r_type="host", nat_dport=private, host=host, foreign_network=VlanGroup.objects.get(name=settings["default_vlangroup"]))
rule.full_clean() rule.full_clean()
rule.save() rule.save()
rule.vlan.add(Vlan.objects.get(name="PUB"))
rule.vlan.add(Vlan.objects.get(name="HOT"))
rule.vlan.add(Vlan.objects.get(name="LAB"))
rule.vlan.add(Vlan.objects.get(name="DMZ"))
rule.vlan.add(Vlan.objects.get(name="VM-NET"))
rule.vlan.add(Vlan.objects.get(name="WAR"))
rule.vlan.add(Vlan.objects.get(name="OFF2"))
self.rules.add(rule)
def del_port(self, proto, public): def del_port(self, proto, public):
self.rules.filter(owner=self.owner, proto=proto, nat=True, dport=public).delete() self.rules.filter(owner=self.owner, proto=proto, nat=True, dport=public).delete()
...@@ -194,7 +181,6 @@ class Host(models.Model): ...@@ -194,7 +181,6 @@ class Host(models.Model):
class Firewall(models.Model): class Firewall(models.Model):
name = models.CharField(max_length=20, unique=True) name = models.CharField(max_length=20, unique=True)
rules = models.ManyToManyField('Rule', symmetrical=False, blank=True, null=True)
def __unicode__(self): def __unicode__(self):
return self.name return self.name
......
...@@ -17,6 +17,8 @@ import sys ...@@ -17,6 +17,8 @@ import sys
def reload_firewall(request): def reload_firewall(request):
if request.user.is_authenticated(): if request.user.is_authenticated():
if(request.user.is_superuser): if(request.user.is_superuser):
ipv4 = firewall()
return HttpResponse(ipv4.show())
html = u"Be vagy jelentkezve es admin is vagy, kedves %s!" % request.user.username html = u"Be vagy jelentkezve es admin is vagy, kedves %s!" % request.user.username
html += "<br> 10 masodperc mulva ujratoltodik" html += "<br> 10 masodperc mulva ujratoltodik"
ReloadTask.delay() ReloadTask.delay()
......
...@@ -392,8 +392,7 @@ class Instance(models.Model): ...@@ -392,8 +392,7 @@ class Instance(models.Model):
host.hostname = u"id-%d_user-%s" % (inst.id, owner.username) host.hostname = u"id-%d_user-%s" % (inst.id, owner.username)
host.mac = x.getElementsByTagName("MAC")[0].childNodes[0].nodeValue host.mac = x.getElementsByTagName("MAC")[0].childNodes[0].nodeValue
host.ipv4 = inst.ip host.ipv4 = inst.ip
host.pub_ipv4 = "152.66.243.62" host.pub_ipv4 = Vlan.objects.get(name=template.network.name).snat_ip
host.full_clean()
host.save() host.save()
host.enable_net() host.enable_net()
host.add_port("tcp", inst.get_port(), {"rdp": 3389, "nx": 22, "ssh": 22}[inst.template.access_type]) host.add_port("tcp", inst.get_port(), {"rdp": 3389, "nx": 22, "ssh": 22}[inst.template.access_type])
...@@ -409,7 +408,6 @@ class Instance(models.Model): ...@@ -409,7 +408,6 @@ class Instance(models.Model):
proc = subprocess.Popen(["/opt/occi.sh", "compute", proc = subprocess.Popen(["/opt/occi.sh", "compute",
"delete", "%d"%self.one_id], stdout=subprocess.PIPE) "delete", "%d"%self.one_id], stdout=subprocess.PIPE)
(out, err) = proc.communicate() (out, err) = proc.communicate()
self.firewall_host.del_rules()
self.firewall_host.delete() self.firewall_host.delete()
reload_firewall_lock() reload_firewall_lock()
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or sign in to comment