rezometz
/
firewall
9
0
Fork 0
Code Issues Pull Requests 1 Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
61 Commits
3 Branches
0 Tags
107 KiB
 
Branch: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
firewall/mac_ip.py

82 lines
2.3 KiB
Raw Permalink Blame History

#! /usr/bin/python3
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
# Copyright © 2018-2019 Hugo Levy-Falk <hugo@klafyvel.me>
"""
Creates the nat set.
"""
import os
import logging
from configparser import ConfigParser
from re2oapi import Re2oAPIClient
from firewall import NetfilterSet
BASE_DIR = os.path.dirname(os.path.abspath(__file__))
CONFIG = ConfigParser()
CONFIG.read(os.path.join(BASE_DIR, 'config.ini'))
api_hostname = CONFIG.get('Re2o', 'hostname')
api_password = CONFIG.get('Re2o', 'password')
api_username = CONFIG.get('Re2o', 'username')
def gen_ip_mac_set():
"""Generates the ip_mac set in nftables.
Returns:
A NetfilterSet object with the allowed ip - mac pairs.
"""
api_client = Re2oAPIClient(api_hostname, api_username, api_password)
hosts = api_client.list('dhcp/hostmacip')
for h in hosts:
print(h)
content = [
(h['ipv4'], h['mac_address'])
for h in hosts
if 'ipv4' in h and h['ipv4'] and h['mac_address']
]
return NetfilterSet(
target_content=content,
type_=('IPv4', 'MAC'),
name='ip_mac',
table_name='firewall',
)
def update_macip():
log = logging.getLogger(__name__)
if not log.hasHandlers():
handler = logging.StreamHandler()
formatter = logging.Formatter(
"%(asctime)s %(levelname)s %(name)s %(message)s"
)
handler.setFormatter(formatter)
log.addHandler(handler)
log.setLevel(logging.INFO)
log.info('Updating the ip - mac set...')
ip_mac = gen_ip_mac_set()
log.info('Applying modifications...')
ip_mac.manage()
log.info('Done')
if __name__=='__main__':
update_macip()