# -*- coding: utf-8 -*-
from __future__ import unicode_literals

from django.db import models, migrations
import firewall.fields
from django.conf import settings
import common.models
import django.core.validators


class Migration(migrations.Migration):

    dependencies = [
        migrations.swappable_dependency(settings.AUTH_USER_MODEL),
    ]

    operations = [
        migrations.CreateModel(
            name='BlacklistItem',
            fields=[
                ('id', models.AutoField(verbose_name='ID', serialize=False, auto_created=True, primary_key=True)),
                ('ipv4', models.GenericIPAddressField(unique=True, protocol=b'ipv4')),
                ('reason', models.TextField(verbose_name='reason', blank=True)),
                ('snort_message', models.TextField(verbose_name='short message', blank=True)),
                ('type', models.CharField(default=b'tempban', max_length=10, verbose_name='type', choices=[(b'permban', b'permanent ban'), (b'tempban', b'temporary ban'), (b'whitelist', b'whitelist'), (b'tempwhite', b'tempwhite')])),
                ('created_at', models.DateTimeField(auto_now_add=True, verbose_name='created_at')),
                ('modified_at', models.DateTimeField(auto_now=True, verbose_name='modified_at')),
            ],
            options={
                'verbose_name': 'blacklist item',
                'verbose_name_plural': 'blacklist',
            },
            bases=(models.Model,),
        ),
        migrations.CreateModel(
            name='Domain',
            fields=[
                ('id', models.AutoField(verbose_name='ID', serialize=False, auto_created=True, primary_key=True)),
                ('name', models.CharField(max_length=40, verbose_name='name', validators=[firewall.fields.val_domain])),
                ('created_at', models.DateTimeField(auto_now_add=True, verbose_name='created_at')),
                ('modified_at', models.DateTimeField(auto_now=True, verbose_name='modified_at')),
                ('ttl', models.IntegerField(default=600, verbose_name='ttl')),
                ('description', models.TextField(verbose_name='description', blank=True)),
                ('owner', models.ForeignKey(verbose_name='owner', to=settings.AUTH_USER_MODEL)),
            ],
            options={
            },
            bases=(models.Model,),
        ),
        migrations.CreateModel(
            name='EthernetDevice',
            fields=[
                ('id', models.AutoField(verbose_name='ID', serialize=False, auto_created=True, primary_key=True)),
                ('name', models.CharField(help_text='The name of network interface the gateway should serve this network on. For example eth2.', unique=True, max_length=20, verbose_name='interface')),
                ('created_at', models.DateTimeField(auto_now_add=True, verbose_name='created_at')),
                ('modified_at', models.DateTimeField(auto_now=True, verbose_name='modified_at')),
            ],
            options={
            },
            bases=(models.Model,),
        ),
        migrations.CreateModel(
            name='Firewall',
            fields=[
                ('id', models.AutoField(verbose_name='ID', serialize=False, auto_created=True, primary_key=True)),
                ('name', models.CharField(unique=True, max_length=20, verbose_name='name')),
            ],
            options={
            },
            bases=(models.Model,),
        ),
        migrations.CreateModel(
            name='Group',
            fields=[
                ('id', models.AutoField(verbose_name='ID', serialize=False, auto_created=True, primary_key=True)),
                ('name', models.CharField(help_text='The name of the group.', unique=True, max_length=20, verbose_name='name')),
                ('description', models.TextField(help_text='Description of the group.', verbose_name='description', blank=True)),
                ('created_at', models.DateTimeField(auto_now_add=True, verbose_name='created at')),
                ('modified_at', models.DateTimeField(auto_now=True, verbose_name='modified at')),
                ('owner', models.ForeignKey(verbose_name='owner', blank=True, to=settings.AUTH_USER_MODEL, null=True)),
            ],
            options={
            },
            bases=(models.Model,),
        ),
        migrations.CreateModel(
            name='Host',
            fields=[
                ('id', models.AutoField(verbose_name='ID', serialize=False, auto_created=True, primary_key=True)),
                ('hostname', models.CharField(help_text='The alphanumeric hostname of the host, the first part of the FQDN.', max_length=40, verbose_name='hostname', validators=[firewall.fields.val_alfanum])),
                ('normalized_hostname', common.models.HumanSortField(default=b'', max_length=80, monitor=b'hostname', blank=True)),
                ('reverse', models.CharField(validators=[firewall.fields.val_domain], max_length=40, blank=True, help_text='The fully qualified reverse hostname of the host, if different than hostname.domain.', null=True, verbose_name='reverse')),
                ('mac', firewall.fields.MACAddressField(help_text='The MAC (Ethernet) address of the network interface. For example: 99:AA:BB:CC:DD:EE.', unique=True, max_length=17, verbose_name='MAC address')),
                ('ipv4', firewall.fields.IPAddressField(help_text='The real IPv4 address of the host, for example 10.5.1.34.', unique=True, max_length=100, verbose_name='IPv4 address')),
                ('external_ipv4', firewall.fields.IPAddressField(help_text='The public IPv4 address of the host on the wide area network, if different.', max_length=100, null=True, verbose_name='WAN IPv4 address', blank=True)),
                ('ipv6', firewall.fields.IPAddressField(null=True, max_length=100, blank=True, help_text='The global IPv6 address of the host, for example 2001:db:88:200::10.', unique=True, verbose_name='IPv6 address')),
                ('shared_ip', models.BooleanField(default=False, help_text='If the given WAN IPv4 address is used by multiple hosts.', verbose_name='shared IP')),
                ('description', models.TextField(help_text='What is this host for, what kind of machine is it.', verbose_name='description', blank=True)),
                ('comment', models.TextField(verbose_name='Notes', blank=True)),
                ('location', models.TextField(help_text='The physical location of the machine.', verbose_name='location', blank=True)),
                ('created_at', models.DateTimeField(auto_now_add=True, verbose_name='created at')),
                ('modified_at', models.DateTimeField(auto_now=True, verbose_name='modified at')),
                ('groups', models.ManyToManyField(help_text='Host groups the machine is part of.', to='firewall.Group', null=True, verbose_name='groups', blank=True)),
                ('owner', models.ForeignKey(verbose_name='owner', to=settings.AUTH_USER_MODEL, help_text='The person responsible for this host.')),
            ],
            options={
                'ordering': ('normalized_hostname', 'vlan'),
            },
            bases=(models.Model,),
        ),
        migrations.CreateModel(
            name='Record',
            fields=[
                ('id', models.AutoField(verbose_name='ID', serialize=False, auto_created=True, primary_key=True)),
                ('name', models.CharField(blank=True, max_length=40, null=True, verbose_name='name', validators=[firewall.fields.val_domain_wildcard])),
                ('type', models.CharField(max_length=6, verbose_name='type', choices=[(b'A', b'A'), (b'CNAME', b'CNAME'), (b'AAAA', b'AAAA'), (b'MX', b'MX'), (b'NS', b'NS'), (b'PTR', b'PTR'), (b'TXT', b'TXT')])),
                ('address', models.CharField(max_length=400, verbose_name='address')),
                ('ttl', models.IntegerField(default=600, verbose_name='ttl')),
                ('description', models.TextField(verbose_name='description', blank=True)),
                ('created_at', models.DateTimeField(auto_now_add=True, verbose_name='created_at')),
                ('modified_at', models.DateTimeField(auto_now=True, verbose_name='modified_at')),
                ('domain', models.ForeignKey(verbose_name='domain', to='firewall.Domain')),
                ('host', models.ForeignKey(verbose_name='host', blank=True, to='firewall.Host', null=True)),
                ('owner', models.ForeignKey(verbose_name='owner', to=settings.AUTH_USER_MODEL)),
            ],
            options={
                'ordering': ('domain', 'name'),
            },
            bases=(models.Model,),
        ),
        migrations.CreateModel(
            name='Rule',
            fields=[
                ('id', models.AutoField(verbose_name='ID', serialize=False, auto_created=True, primary_key=True)),
                ('direction', models.CharField(help_text='If the rule matches egress or ingress packets.', max_length=3, verbose_name='direction', choices=[(b'out', 'out'), (b'in', 'in')])),
                ('description', models.TextField(help_text='Why is the rule needed, or how does it work.', verbose_name='description', blank=True)),
                ('dport', models.IntegerField(blank=True, help_text='Destination port number of packets that match.', null=True, verbose_name='dest. port', validators=[django.core.validators.MinValueValidator(1), django.core.validators.MaxValueValidator(65535)])),
                ('sport', models.IntegerField(blank=True, help_text='Source port number of packets that match.', null=True, verbose_name='source port', validators=[django.core.validators.MinValueValidator(1), django.core.validators.MaxValueValidator(65535)])),
                ('weight', models.IntegerField(default=30000, help_text='Rule weight', verbose_name='weight', validators=[django.core.validators.MinValueValidator(1), django.core.validators.MaxValueValidator(65535)])),
                ('proto', models.CharField(choices=[(b'tcp', b'tcp'), (b'udp', b'udp'), (b'icmp', b'icmp')], max_length=10, blank=True, help_text='Protocol of packets that match.', null=True, verbose_name='protocol')),
                ('extra', models.TextField(help_text='Additional arguments passed literally to the iptables-rule.', verbose_name='extra arguments', blank=True)),
                ('action', models.CharField(default=b'drop', help_text='Accept, drop or ignore the matching packets.', max_length=10, verbose_name='action', choices=[(b'accept', 'accept'), (b'drop', 'drop'), (b'ignore', 'ignore')])),
                ('nat', models.BooleanField(default=False, help_text='If network address translation should be done.', verbose_name='NAT')),
                ('nat_external_port', models.IntegerField(blank=True, help_text='Rewrite destination port number to this if NAT is needed.', null=True, validators=[django.core.validators.MinValueValidator(1), django.core.validators.MaxValueValidator(65535)])),
                ('nat_external_ipv4', firewall.fields.IPAddressField(max_length=100, null=True, verbose_name='external IPv4 address', blank=True)),
                ('created_at', models.DateTimeField(auto_now_add=True, verbose_name='created at')),
                ('modified_at', models.DateTimeField(auto_now=True, verbose_name='modified at')),
                ('firewall', models.ForeignKey(related_name='rules', blank=True, to='firewall.Firewall', help_text='Firewall the rule applies to (if type is firewall).', null=True, verbose_name='firewall')),
            ],
            options={
                'ordering': ('direction', 'proto', 'sport', 'dport', 'nat_external_port', 'host'),
                'verbose_name': 'rule',
                'verbose_name_plural': 'rules',
            },
            bases=(models.Model,),
        ),
        migrations.CreateModel(
            name='SwitchPort',
            fields=[
                ('id', models.AutoField(verbose_name='ID', serialize=False, auto_created=True, primary_key=True)),
                ('description', models.TextField(verbose_name='description', blank=True)),
                ('created_at', models.DateTimeField(auto_now_add=True, verbose_name='created_at')),
                ('modified_at', models.DateTimeField(auto_now=True, verbose_name='modified_at')),
            ],
            options={
            },
            bases=(models.Model,),
        ),
        migrations.CreateModel(
            name='Vlan',
            fields=[
                ('id', models.AutoField(verbose_name='ID', serialize=False, auto_created=True, primary_key=True)),
                ('vid', models.IntegerField(help_text='The vlan ID of the subnet.', unique=True, verbose_name='VID', validators=[django.core.validators.MinValueValidator(1), django.core.validators.MaxValueValidator(4095)])),
                ('name', models.CharField(help_text='The short name of the subnet.', unique=True, max_length=20, verbose_name='Name', validators=[firewall.fields.val_alfanum])),
                ('network4', firewall.fields.IPNetworkField(help_text='The IPv4 address and the prefix length of the gateway. Recommended value is the last valid address of the subnet, for example 10.4.255.254/16 for 10.4.0.0/16.', max_length=100, verbose_name='IPv4 address/prefix')),
                ('host_ipv6_prefixlen', models.IntegerField(default=112, help_text='The prefix length of the subnet assigned to a host. For example /112 = 65536 addresses/host.', verbose_name='IPv6 prefixlen/host', validators=[django.core.validators.MinValueValidator(1), django.core.validators.MaxValueValidator(128)])),
                ('network6', firewall.fields.IPNetworkField(help_text='The IPv6 address and the prefix length of the gateway.', max_length=100, null=True, verbose_name='IPv6 address/prefix', blank=True)),
                ('snat_ip', models.GenericIPAddressField(protocol=b'ipv4', blank=True, help_text='Common IPv4 address used for address translation of connections to the networks selected below (typically to the internet).', null=True, verbose_name='NAT IP address')),
                ('network_type', models.CharField(default=b'portforward', max_length=20, verbose_name='network type', choices=[(b'public', 'public'), (b'portforward', 'portforward')])),
                ('managed', models.BooleanField(default=True, verbose_name='managed')),
                ('description', models.TextField(help_text='Description of the goals and elements of the vlan network.', verbose_name='description', blank=True)),
                ('comment', models.TextField(help_text='Notes, comments about the network', verbose_name='comment', blank=True)),
                ('reverse_domain', models.TextField(default=b'%(d)d.%(c)d.%(b)d.%(a)d.in-addr.arpa', help_text='Template of the IPv4 reverse domain name that should be generated for each host. The template should contain four tokens: "%(a)d", "%(b)d", "%(c)d", and "%(d)d", representing the four bytes of the address, respectively, in decimal notation. For example, the template for the standard reverse address is: "%(d)d.%(c)d.%(b)d.%(a)d.in-addr.arpa".', verbose_name='reverse domain', validators=[firewall.fields.val_reverse_domain])),
                ('ipv6_template', models.TextField(default=b'2001:738:2001:4031:%(b)d:%(c)d:%(d)d:0', verbose_name='ipv6 template', validators=[firewall.fields.val_ipv6_template])),
                ('dhcp_pool', models.TextField(help_text='The address range of the DHCP pool: empty for no DHCP service, "manual" for no DHCP pool, or the first and last address of the range separated by a space.', verbose_name='DHCP pool', blank=True)),
                ('created_at', models.DateTimeField(auto_now_add=True, verbose_name='created at')),
                ('modified_at', models.DateTimeField(auto_now=True, verbose_name='modified at')),
                ('domain', models.ForeignKey(verbose_name='domain name', to='firewall.Domain', help_text='Domain name of the members of this network.')),
                ('owner', models.ForeignKey(verbose_name='owner', blank=True, to=settings.AUTH_USER_MODEL, null=True)),
                ('snat_to', models.ManyToManyField(help_text='Connections to these networks should be network address translated, i.e. their source address is rewritten to the value of NAT IP address.', to='firewall.Vlan', null=True, verbose_name='NAT to', blank=True)),
            ],
            options={
                'abstract': False,
            },
            bases=(models.Model,),
        ),
        migrations.CreateModel(
            name='VlanGroup',
            fields=[
                ('id', models.AutoField(verbose_name='ID', serialize=False, auto_created=True, primary_key=True)),
                ('name', models.CharField(help_text='The name of the group.', unique=True, max_length=20, verbose_name='name')),
                ('description', models.TextField(help_text='Description of the group.', verbose_name='description', blank=True)),
                ('created_at', models.DateTimeField(auto_now_add=True, verbose_name='created at')),
                ('modified_at', models.DateTimeField(auto_now=True, verbose_name='modified at')),
                ('owner', models.ForeignKey(verbose_name='owner', blank=True, to=settings.AUTH_USER_MODEL, null=True)),
                ('vlans', models.ManyToManyField(help_text='The vlans which are members of the group.', to='firewall.Vlan', null=True, verbose_name='vlans', blank=True)),
            ],
            options={
            },
            bases=(models.Model,),
        ),
        migrations.AddField(
            model_name='switchport',
            name='tagged_vlans',
            field=models.ForeignKey(related_name='tagged_ports', verbose_name='tagged vlans', blank=True, to='firewall.VlanGroup', null=True),
            preserve_default=True,
        ),
        migrations.AddField(
            model_name='switchport',
            name='untagged_vlan',
            field=models.ForeignKey(related_name='untagged_ports', verbose_name='untagged vlan', to='firewall.Vlan'),
            preserve_default=True,
        ),
        migrations.AddField(
            model_name='rule',
            name='foreign_network',
            field=models.ForeignKey(related_name='ForeignRules', verbose_name='foreign network', to='firewall.VlanGroup', help_text='The group of vlans the matching packet goes to (direction out) or from (in).'),
            preserve_default=True,
        ),
        migrations.AddField(
            model_name='rule',
            name='host',
            field=models.ForeignKey(related_name='rules', blank=True, to='firewall.Host', help_text='Host the rule applies to (if type is host).', null=True, verbose_name='host'),
            preserve_default=True,
        ),
        migrations.AddField(
            model_name='rule',
            name='hostgroup',
            field=models.ForeignKey(related_name='rules', blank=True, to='firewall.Group', help_text='Group of hosts the rule applies to (if type is host).', null=True, verbose_name='host group'),
            preserve_default=True,
        ),
        migrations.AddField(
            model_name='rule',
            name='owner',
            field=models.ForeignKey(blank=True, to=settings.AUTH_USER_MODEL, help_text='The user responsible for this rule.', null=True, verbose_name='owner'),
            preserve_default=True,
        ),
        migrations.AddField(
            model_name='rule',
            name='vlan',
            field=models.ForeignKey(related_name='rules', blank=True, to='firewall.Vlan', help_text='Vlan the rule applies to (if type is vlan).', null=True, verbose_name='vlan'),
            preserve_default=True,
        ),
        migrations.AddField(
            model_name='rule',
            name='vlangroup',
            field=models.ForeignKey(related_name='rules', blank=True, to='firewall.VlanGroup', help_text='Group of vlans the rule applies to (if type is vlan).', null=True, verbose_name='vlan group'),
            preserve_default=True,
        ),
        migrations.AddField(
            model_name='host',
            name='vlan',
            field=models.ForeignKey(verbose_name='vlan', to='firewall.Vlan', help_text='Vlan network that the host is part of.'),
            preserve_default=True,
        ),
        migrations.AlterUniqueTogether(
            name='host',
            unique_together=set([('hostname', 'vlan')]),
        ),
        migrations.AddField(
            model_name='ethernetdevice',
            name='switch_port',
            field=models.ForeignKey(related_name='ethernet_devices', verbose_name='switch port', to='firewall.SwitchPort'),
            preserve_default=True,
        ),
        migrations.AddField(
            model_name='blacklistitem',
            name='host',
            field=models.ForeignKey(verbose_name='host', blank=True, to='firewall.Host', null=True),
            preserve_default=True,
        ),
    ]