Skip to content
Toggle navigation
P
Projects
G
Groups
S
Snippets
Help
Gelencsér Szabolcs
/
cloud
This project
Loading...
Sign in
Toggle navigation
Go to a project
Project
Repository
Issues
0
Merge Requests
0
Pipelines
Wiki
Members
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Commit
e7e4b3d0
authored
Feb 13, 2013
by
Dudás Ádám
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
firewall: translations, some doc comments
parent
b73c91c6
Hide whitespace changes
Inline
Side-by-side
Showing
5 changed files
with
74 additions
and
72 deletions
+74
-72
firewall/admin.py
+2
-2
firewall/fields.py
+1
-0
firewall/fw.py
+2
-2
firewall/models.py
+21
-16
firewall/views.py
+48
-52
No files found.
firewall/admin.py
View file @
e7e4b3d0
...
@@ -95,12 +95,12 @@ class RecordAdmin(admin.ModelAdmin):
...
@@ -95,12 +95,12 @@ class RecordAdmin(admin.ModelAdmin):
def
address_
(
self
,
instance
):
def
address_
(
self
,
instance
):
a
=
instance
.
get_data
()
a
=
instance
.
get_data
()
if
(
a
)
:
if
a
:
return
a
[
'address'
]
return
a
[
'address'
]
def
name_
(
self
,
instance
):
def
name_
(
self
,
instance
):
a
=
instance
.
get_data
()
a
=
instance
.
get_data
()
if
(
a
)
:
if
a
:
return
a
[
'name'
]
return
a
[
'name'
]
admin
.
site
.
register
(
Host
,
HostAdmin
)
admin
.
site
.
register
(
Host
,
HostAdmin
)
...
...
firewall/fields.py
View file @
e7e4b3d0
...
@@ -47,6 +47,7 @@ def val_domain(value):
...
@@ -47,6 +47,7 @@ def val_domain(value):
raise
ValidationError
(
_
(
u'
%
s - invalid domain'
)
%
value
)
raise
ValidationError
(
_
(
u'
%
s - invalid domain'
)
%
value
)
def
val_reverse_domain
(
value
):
def
val_reverse_domain
(
value
):
"""Check whether the parameter is a valid reverse domain."""
if
not
reverse_domain_re
.
search
(
value
):
if
not
reverse_domain_re
.
search
(
value
):
raise
ValidationError
(
u'
%
s - reverse domain'
%
value
)
raise
ValidationError
(
u'
%
s - reverse domain'
%
value
)
...
...
firewall/fw.py
View file @
e7e4b3d0
...
@@ -118,7 +118,7 @@ class firewall:
...
@@ -118,7 +118,7 @@ class firewall:
self
.
iptables
(
':FORWARD DROP [0:0]'
)
self
.
iptables
(
':FORWARD DROP [0:0]'
)
self
.
iptables
(
':OUTPUT DROP [50:6936]'
)
self
.
iptables
(
':OUTPUT DROP [50:6936]'
)
# ini
c
ialize logging
# ini
t
ialize logging
self
.
iptables
(
'-N LOG_DROP'
)
self
.
iptables
(
'-N LOG_DROP'
)
# windows port scan are silently dropped
# windows port scan are silently dropped
self
.
iptables
(
'-A LOG_DROP -p tcp --dport 445 -j DROP'
)
self
.
iptables
(
'-A LOG_DROP -p tcp --dport 445 -j DROP'
)
...
@@ -475,7 +475,7 @@ def dhcp():
...
@@ -475,7 +475,7 @@ def dhcp():
'ntp'
:
i_vlan
.
ipv4
,
'ntp'
:
i_vlan
.
ipv4
,
'dnsserver'
:
settings
[
'rdns_ip'
],
'dnsserver'
:
settings
[
'rdns_ip'
],
'extra'
:
"range
%
s"
%
(
i_vlan
.
dhcp_pool
'extra'
:
"range
%
s"
%
(
i_vlan
.
dhcp_pool
if
m
else
"deny unknown
-
clients"
),
if
m
else
"deny unknown
clients"
),
'interface'
:
i_vlan
.
interface
,
'interface'
:
i_vlan
.
interface
,
'name'
:
i_vlan
.
name
,
'name'
:
i_vlan
.
name
,
'tftp'
:
i_vlan
.
ipv4
'tftp'
:
i_vlan
.
ipv4
...
...
firewall/models.py
View file @
e7e4b3d0
...
@@ -162,9 +162,11 @@ class Host(models.Model):
...
@@ -162,9 +162,11 @@ class Host(models.Model):
self
.
ipv6
=
ipv4_2_ipv6
(
self
.
ipv4
)
self
.
ipv6
=
ipv4_2_ipv6
(
self
.
ipv4
)
if
(
not
self
.
shared_ip
and
self
.
pub_ipv4
and
Host
.
objects
.
if
(
not
self
.
shared_ip
and
self
.
pub_ipv4
and
Host
.
objects
.
exclude
(
id
=
self
.
id
)
.
filter
(
pub_ipv4
=
self
.
pub_ipv4
)):
exclude
(
id
=
self
.
id
)
.
filter
(
pub_ipv4
=
self
.
pub_ipv4
)):
raise
ValidationError
(
"Ha a shared_ip be van pipalva, akkor egyedinek kell lennie a pub_ipv4-nek!"
)
raise
ValidationError
(
_
(
"If shared_ip has been checked, "
"pub_ipv4 has to be unique."
))
if
Host
.
objects
.
exclude
(
id
=
self
.
id
)
.
filter
(
pub_ipv4
=
self
.
ipv4
):
if
Host
.
objects
.
exclude
(
id
=
self
.
id
)
.
filter
(
pub_ipv4
=
self
.
ipv4
):
raise
ValidationError
(
"Egy masik host natolt cimet nem hasznalhatod sajat ipv4-nek"
)
raise
ValidationError
(
_
(
"You can't use another host's NAT'd "
"address as your own IPv4."
))
self
.
full_clean
()
self
.
full_clean
()
super
(
Host
,
self
)
.
save
(
*
args
,
**
kwargs
)
super
(
Host
,
self
)
.
save
(
*
args
,
**
kwargs
)
if
id
is
None
:
if
id
is
None
:
...
@@ -180,10 +182,10 @@ class Host(models.Model):
...
@@ -180,10 +182,10 @@ class Host(models.Model):
def
add_port
(
self
,
proto
,
public
,
private
):
def
add_port
(
self
,
proto
,
public
,
private
):
proto
=
"tcp"
if
(
proto
==
"tcp"
)
else
"udp"
proto
=
"tcp"
if
(
proto
==
"tcp"
)
else
"udp"
if
public
<
1024
:
if
public
<
1024
:
raise
ValidationError
(
"Csak az 1024 feletti portok hasznalhatok"
)
raise
ValidationError
(
_
(
"Only ports above 1024 can be used."
)
)
for
host
in
Host
.
objects
.
filter
(
pub_ipv4
=
self
.
pub_ipv4
):
for
host
in
Host
.
objects
.
filter
(
pub_ipv4
=
self
.
pub_ipv4
):
if
host
.
rules
.
filter
(
nat
=
True
,
proto
=
proto
,
dport
=
public
):
if
host
.
rules
.
filter
(
nat
=
True
,
proto
=
proto
,
dport
=
public
):
raise
ValidationError
(
"A
%
s
%
s port mar hasznalva"
%
raise
ValidationError
(
_
(
"Port
%
s
%
s is already in use."
)
%
(
proto
,
public
))
(
proto
,
public
))
rule
=
Rule
(
direction
=
'1'
,
owner
=
self
.
owner
,
dport
=
public
,
rule
=
Rule
(
direction
=
'1'
,
owner
=
self
.
owner
,
dport
=
public
,
proto
=
proto
,
nat
=
True
,
accept
=
True
,
r_type
=
"host"
,
proto
=
proto
,
nat
=
True
,
accept
=
True
,
r_type
=
"host"
,
...
@@ -249,7 +251,7 @@ class Record(models.Model):
...
@@ -249,7 +251,7 @@ class Record(models.Model):
a
=
self
.
get_data
()
a
=
self
.
get_data
()
if
a
:
if
a
:
return
a
[
'name'
]
+
u' '
+
a
[
'type'
]
+
u' '
+
a
[
'address'
]
return
a
[
'name'
]
+
u' '
+
a
[
'type'
]
+
u' '
+
a
[
'address'
]
return
'(
nincs
)'
return
'(
empty
)'
def
save
(
self
,
*
args
,
**
kwargs
):
def
save
(
self
,
*
args
,
**
kwargs
):
self
.
full_clean
()
self
.
full_clean
()
...
@@ -257,36 +259,39 @@ class Record(models.Model):
...
@@ -257,36 +259,39 @@ class Record(models.Model):
def
clean
(
self
):
def
clean
(
self
):
if
self
.
name
and
self
.
name
.
endswith
(
u'.'
):
if
self
.
name
and
self
.
name
.
endswith
(
u'.'
):
raise
ValidationError
(
u'a domain nem végződhet pontra'
)
raise
ValidationError
(
_
(
"Domain can't be terminated with a dot."
)
)
if
self
.
host
and
self
.
type
in
[
'CNAME'
,
'A'
,
'AAAA'
]:
if
self
.
host
and
self
.
type
in
[
'CNAME'
,
'A'
,
'AAAA'
]:
if
self
.
type
==
'CNAME'
:
if
self
.
type
==
'CNAME'
:
if
not
self
.
name
or
self
.
address
:
if
not
self
.
name
or
self
.
address
:
raise
ValidationError
(
u'CNAME rekordnal csak a name '
raise
ValidationError
(
_
(
"Only the 'name' field should "
'legyen kitoltve, ha van host beallitva'
)
"be filled with a CNAME record if a host is "
"set."
))
elif
self
.
name
or
self
.
address
:
elif
self
.
name
or
self
.
address
:
raise
ValidationError
(
u'A, AAAA rekord eseten nem szabad '
raise
ValidationError
(
_
(
"'name' and 'address' can't be "
'megadni name-t, address-t, ha tarsitva van host'
)
"specified with an A or AAAA record if a host is "
"set."
))
else
:
else
:
if
not
self
.
address
:
if
not
self
.
address
:
raise
ValidationError
(
u'address hianyzik'
)
raise
ValidationError
(
_
(
"'address' field must be filled."
)
)
if
self
.
type
==
'A'
:
if
self
.
type
==
'A'
:
if
not
ipv4_re
.
match
(
self
.
address
):
if
not
ipv4_re
.
match
(
self
.
address
):
raise
ValidationError
(
u'ez nem ipcim, ez nudli!'
)
raise
ValidationError
(
_
(
"Not a valid IPv4 address."
)
)
elif
self
.
type
in
[
'CNAME'
,
'NS'
,
'PTR'
,
'TXT'
]:
elif
self
.
type
in
[
'CNAME'
,
'NS'
,
'PTR'
,
'TXT'
]:
if
not
domain_re
.
match
(
self
.
address
):
if
not
domain_re
.
match
(
self
.
address
):
raise
ValidationError
(
u'ez nem domain, ez nudli!'
)
raise
ValidationError
(
_
(
"Not a valid domain."
)
)
elif
self
.
type
==
'AAAA'
:
elif
self
.
type
==
'AAAA'
:
if
not
is_valid_ipv6_address
(
self
.
address
):
if
not
is_valid_ipv6_address
(
self
.
address
):
raise
ValidationError
(
u'ez nem ipv6cim, ez nudli!'
)
raise
ValidationError
(
_
(
"Not a valid IPv6 address."
)
)
elif
self
.
type
==
'MX'
:
elif
self
.
type
==
'MX'
:
mx
=
self
.
address
.
split
(
':'
,
1
)
mx
=
self
.
address
.
split
(
':'
,
1
)
if
not
(
len
(
mx
)
==
2
and
mx
[
0
]
.
isdigit
()
and
if
not
(
len
(
mx
)
==
2
and
mx
[
0
]
.
isdigit
()
and
domain_re
.
match
(
mx
[
1
])):
domain_re
.
match
(
mx
[
1
])):
raise
ValidationError
(
u'prioritas:hostname'
)
raise
ValidationError
(
_
(
"Invalid address. "
"Valid format: <priority>:<hostname>"
))
else
:
else
:
raise
ValidationError
(
u'ez ismeretlen rekord, ez nudli!'
)
raise
ValidationError
(
_
(
"Unknown record."
)
)
def
get_data
(
self
):
def
get_data
(
self
):
retval
=
{
'name'
:
self
.
name
,
'type'
:
self
.
type
,
'ttl'
:
self
.
ttl
,
retval
=
{
'name'
:
self
.
name
,
'type'
:
self
.
type
,
'ttl'
:
self
.
ttl
,
...
...
firewall/views.py
View file @
e7e4b3d0
...
@@ -7,6 +7,7 @@ from django.views.decorators.csrf import csrf_exempt
...
@@ -7,6 +7,7 @@ from django.views.decorators.csrf import csrf_exempt
from
django.db
import
IntegrityError
from
django.db
import
IntegrityError
from
tasks
import
*
from
tasks
import
*
from
celery.task.control
import
inspect
from
celery.task.control
import
inspect
from
django.utils.translation
import
ugettext_lazy
as
_
import
re
import
re
import
base64
import
base64
...
@@ -17,71 +18,66 @@ import sys
...
@@ -17,71 +18,66 @@ import sys
def
reload_firewall
(
request
):
def
reload_firewall
(
request
):
if
request
.
user
.
is_authenticated
():
if
request
.
user
.
is_authenticated
():
if
request
.
user
.
is_superuser
:
if
request
.
user
.
is_superuser
:
html
=
(
u"Be vagy jelentkezve es admin is vagy, kedves
%
s!"
%
html
=
(
(
_
(
"Dear
%
s, you've signed in as administrator!"
)
%
request
.
user
.
username
)
request
.
user
.
username
)
+
"<br>"
+
html
+=
"<br> 10 masodperc mulva ujratoltodik"
_
(
"Reloading in 10 seconds..."
))
ReloadTask
.
delay
()
ReloadTask
.
delay
()
else
:
else
:
html
=
(
u"Be vagy jelentkezve, csak nem vagy admin, kedves
%
s!"
html
=
(
_
(
"Dear
%
s, you've signed in!"
)
%
request
.
user
.
username
)
%
request
.
user
.
username
)
else
:
else
:
html
=
u"Nem vagy bejelentkezve, kedves ismeretlen!"
html
=
_
(
"Dear anonymous, you've not signed in yet!"
)
return
HttpResponse
(
html
)
return
HttpResponse
(
html
)
@csrf_exempt
@csrf_exempt
@require_post
def
firewall_api
(
request
):
def
firewall_api
(
request
):
if
request
.
method
==
'POST'
:
try
:
try
:
data
=
json
.
loads
(
base64
.
b64decode
(
request
.
POST
[
"data"
]))
data
=
json
.
loads
(
base64
.
b64decode
(
request
.
POST
[
"data"
]))
command
=
request
.
POST
[
"command"
]
command
=
request
.
POST
[
"command"
]
if
data
[
"password"
]
!=
"bdmegintelrontottaanetet"
:
if
data
[
"password"
]
!=
"bdmegintelrontottaanetet"
:
raise
Exception
(
_
(
"Wrong password."
))
raise
Exception
(
"rossz jelszo"
)
if
not
(
data
[
"vlan"
]
==
"vm-net"
or
data
[
"vlan"
]
==
"war"
):
if
not
(
data
[
"vlan"
]
==
"vm-net"
or
data
[
"vlan"
]
==
"war"
):
raise
Exception
(
"csak vm-net es war-re mukodik"
)
raise
Exception
(
_
(
"Only vm-net and war can be used."
)
)
data
[
"hostname"
]
=
re
.
sub
(
r' '
,
'_'
,
data
[
"hostname"
])
data
[
"hostname"
]
=
re
.
sub
(
r' '
,
'_'
,
data
[
"hostname"
])
if
command
==
"create"
:
if
command
==
"create"
:
data
[
"owner"
]
=
"opennebula"
data
[
"owner"
]
=
"opennebula"
owner
=
auth
.
models
.
User
.
objects
.
get
(
username
=
data
[
"owner"
])
owner
=
auth
.
models
.
User
.
objects
.
get
(
username
=
data
[
"owner"
])
host
=
models
.
Host
(
hostname
=
data
[
"hostname"
],
host
=
models
.
Host
(
hostname
=
data
[
"hostname"
],
vlan
=
models
.
Vlan
.
objects
.
get
(
name
=
data
[
"vlan"
]),
vlan
=
models
.
Vlan
.
objects
.
get
(
name
=
data
[
"vlan"
]),
mac
=
data
[
"mac"
],
ipv4
=
data
[
"ip"
],
owner
=
owner
,
mac
=
data
[
"mac"
],
ipv4
=
data
[
"ip"
],
owner
=
owner
,
description
=
data
[
"description"
],
pub_ipv4
=
models
.
description
=
data
[
"description"
],
pub_ipv4
=
models
.
Vlan
.
objects
.
get
(
name
=
data
[
"vlan"
])
.
snat_ip
,
Vlan
.
objects
.
get
(
name
=
data
[
"vlan"
])
.
snat_ip
,
shared_ip
=
True
)
shared_ip
=
True
)
host
.
full_clean
()
host
.
full_clean
()
host
.
save
()
host
.
save
()
host
.
enable_net
()
host
.
enable_net
()
for
p
in
data
[
"portforward"
]:
for
p
in
data
[
"portforward"
]:
host
.
add_port
(
proto
=
p
[
"proto"
],
host
.
add_port
(
proto
=
p
[
"proto"
],
public
=
int
(
p
[
"public_port"
]),
public
=
int
(
p
[
"public_port"
]),
private
=
int
(
p
[
"private_port"
]))
private
=
int
(
p
[
"private_port"
]))
elif
command
==
"destroy"
:
elif
command
==
"destroy"
:
data
[
"owner"
]
=
"opennebula"
data
[
"owner"
]
=
"opennebula"
print
data
[
"hostname"
]
print
data
[
"hostname"
]
owner
=
auth
.
models
.
User
.
objects
.
get
(
username
=
data
[
"owner"
])
owner
=
auth
.
models
.
User
.
objects
.
get
(
username
=
data
[
"owner"
])
host
=
models
.
Host
.
objects
.
get
(
hostname
=
data
[
"hostname"
],
host
=
models
.
Host
.
objects
.
get
(
hostname
=
data
[
"hostname"
],
owner
=
owner
)
owner
=
owner
)
host
.
del_rules
()
host
.
delete
()
else
:
raise
Exception
(
"rossz parancs"
)
reload_firewall_lock
()
except
(
ValidationError
,
IntegrityError
,
AttributeError
,
Exception
)
as
e
:
return
HttpResponse
(
u"rosszul hasznalod! :(
\n
%
s
\n
"
%
e
);
except
:
# raise
return
HttpResponse
(
u"rosszul hasznalod! :(
\n
"
);
return
HttpResponse
(
u"ok"
);
return
HttpResponse
(
u"ez kerlek egy api lesz!
\n
"
);
host
.
del_rules
()
host
.
delete
()
else
:
raise
Exception
(
_
(
"Unknown command."
))
reload_firewall_lock
()
except
(
ValidationError
,
IntegrityError
,
AttributeError
,
Exception
)
as
e
:
return
HttpResponse
(
_
(
"Something went wrong!
\n
%
s
\n
"
)
%
e
);
except
:
return
HttpResponse
(
_
(
"Something went wrong!
\n
"
));
return
HttpResponse
(
_
(
"OK"
));
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment