mirror of
https://gitlab2.federez.net/re2o/re2o
synced 2025-01-11 10:44:29 +00:00
Merge branch 'firewall' into crans
This commit is contained in:
commit
48e83266b6
9 changed files with 115 additions and 16 deletions
|
@ -746,6 +746,30 @@ class SwitchPortSerializer(serializers.ModelSerializer):
|
||||||
'interfaces_subnet', 'interfaces6_subnet', 'automatic_provision', 'rest_enabled',
|
'interfaces_subnet', 'interfaces6_subnet', 'automatic_provision', 'rest_enabled',
|
||||||
'web_management_enabled', 'get_radius_key_value', 'get_management_cred_value')
|
'web_management_enabled', 'get_radius_key_value', 'get_management_cred_value')
|
||||||
|
|
||||||
|
#Firewall
|
||||||
|
|
||||||
|
class FirewallPortListSerializer(serializers.ModelSerializer):
|
||||||
|
class Meta:
|
||||||
|
model = machines.OuverturePort
|
||||||
|
fields = ('begin', 'end', 'protocole', 'io')
|
||||||
|
|
||||||
|
class FirewallOuverturePortListSerializer(serializers.ModelSerializer):
|
||||||
|
tcp_ports_in = FirewallPortListSerializer(many=True, read_only=True)
|
||||||
|
udp_ports_in = FirewallPortListSerializer(many=True, read_only=True)
|
||||||
|
tcp_ports_out = FirewallPortListSerializer(many=True, read_only=True)
|
||||||
|
udp_ports_out = FirewallPortListSerializer(many=True, read_only=True)
|
||||||
|
|
||||||
|
class Meta:
|
||||||
|
model = machines.OuverturePortList
|
||||||
|
fields = ('tcp_ports_in', 'udp_ports_in', 'tcp_ports_out', 'udp_ports_out')
|
||||||
|
|
||||||
|
class SubnetPortsOpenSerializer(serializers.ModelSerializer):
|
||||||
|
ouverture_ports = FirewallOuverturePortListSerializer(read_only=True)
|
||||||
|
|
||||||
|
class Meta:
|
||||||
|
model = machines.IpType
|
||||||
|
fields = ('type', 'domaine_ip_start', 'domaine_ip_stop', 'prefix_v6', 'ouverture_ports')
|
||||||
|
|
||||||
# DHCP
|
# DHCP
|
||||||
|
|
||||||
|
|
||||||
|
@ -878,6 +902,27 @@ class DNSZonesSerializer(serializers.ModelSerializer):
|
||||||
'mx_records', 'txt_records', 'srv_records', 'a_records',
|
'mx_records', 'txt_records', 'srv_records', 'a_records',
|
||||||
'aaaa_records', 'cname_records')
|
'aaaa_records', 'cname_records')
|
||||||
|
|
||||||
|
|
||||||
|
class DNSReverseZonesSerializer(serializers.ModelSerializer):
|
||||||
|
"""Serialize the data about DNS Zones.
|
||||||
|
"""
|
||||||
|
soa = SOARecordSerializer(source='extension.soa')
|
||||||
|
extension = serializers.CharField(source='extension.name', read_only=True)
|
||||||
|
cidrs = serializers.ListField(child=serializers.CharField(), source='ip_set_cidrs_as_str', read_only=True)
|
||||||
|
ns_records = NSRecordSerializer(many=True, source='extension.ns_set')
|
||||||
|
mx_records = MXRecordSerializer(many=True, source='extension.mx_set')
|
||||||
|
txt_records = TXTRecordSerializer(many=True, source='extension.txt_set')
|
||||||
|
ptr_records = ARecordSerializer(many=True, source='get_associated_ptr_records')
|
||||||
|
ptr_v6_records = AAAARecordSerializer(many=True, source='get_associated_ptr_v6_records')
|
||||||
|
|
||||||
|
|
||||||
|
class Meta:
|
||||||
|
model = machines.IpType
|
||||||
|
fields = ('type', 'extension', 'soa', 'ns_records', 'mx_records',
|
||||||
|
'txt_records', 'ptr_records', 'ptr_v6_records', 'cidrs',
|
||||||
|
'prefix_v6')
|
||||||
|
|
||||||
|
|
||||||
#REMINDER
|
#REMINDER
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -106,8 +106,11 @@ router.register_view(r'switchs/role', views.RoleView),
|
||||||
router.register_view(r'mail/alias', views.UserMailAliasView),
|
router.register_view(r'mail/alias', views.UserMailAliasView),
|
||||||
# Reminder
|
# Reminder
|
||||||
router.register_view(r'reminder/get-users', views.ReminderView),
|
router.register_view(r'reminder/get-users', views.ReminderView),
|
||||||
|
# Firewall
|
||||||
|
router.register_view(r'firewall/subnet-ports', views.SubnetPortsOpenView),
|
||||||
# DNS
|
# DNS
|
||||||
router.register_view(r'dns/zones', views.DNSZonesView),
|
router.register_view(r'dns/zones', views.DNSZonesView),
|
||||||
|
router.register_view(r'dns/reverse-zones', views.DNSReverseZonesView),
|
||||||
# MAILING
|
# MAILING
|
||||||
router.register_view(r'mailing/standard', views.StandardMailingView),
|
router.register_view(r'mailing/standard', views.StandardMailingView),
|
||||||
router.register_view(r'mailing/club', views.ClubMailingView),
|
router.register_view(r'mailing/club', views.ClubMailingView),
|
||||||
|
|
15
api/views.py
15
api/views.py
|
@ -552,6 +552,12 @@ class HostMacIpView(generics.ListAPIView):
|
||||||
serializer_class = serializers.HostMacIpSerializer
|
serializer_class = serializers.HostMacIpSerializer
|
||||||
|
|
||||||
|
|
||||||
|
#Firewall
|
||||||
|
|
||||||
|
class SubnetPortsOpenView(generics.ListAPIView):
|
||||||
|
queryset = machines.IpType.objects.all()
|
||||||
|
serializer_class = serializers.SubnetPortsOpenSerializer
|
||||||
|
|
||||||
# DNS
|
# DNS
|
||||||
|
|
||||||
class DNSZonesView(generics.ListAPIView):
|
class DNSZonesView(generics.ListAPIView):
|
||||||
|
@ -568,6 +574,15 @@ class DNSZonesView(generics.ListAPIView):
|
||||||
.all())
|
.all())
|
||||||
serializer_class = serializers.DNSZonesSerializer
|
serializer_class = serializers.DNSZonesSerializer
|
||||||
|
|
||||||
|
class DNSReverseZonesView(generics.ListAPIView):
|
||||||
|
"""Exposes the detailed information about each extension (hostnames,
|
||||||
|
IPs, DNS records, etc.) in order to build the DNS zone files.
|
||||||
|
"""
|
||||||
|
queryset = (machines.IpType.objects.all())
|
||||||
|
serializer_class = serializers.DNSReverseZonesSerializer
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
# MAILING
|
# MAILING
|
||||||
|
|
||||||
|
|
|
@ -219,7 +219,8 @@ class IpTypeForm(FormRevMixin, ModelForm):
|
||||||
model = IpType
|
model = IpType
|
||||||
fields = ['type', 'extension', 'need_infra', 'domaine_ip_start',
|
fields = ['type', 'extension', 'need_infra', 'domaine_ip_start',
|
||||||
'domaine_ip_stop', 'dnssec_reverse_v4', 'prefix_v6',
|
'domaine_ip_stop', 'dnssec_reverse_v4', 'prefix_v6',
|
||||||
'dnssec_reverse_v6', 'vlan', 'ouverture_ports']
|
'prefix_v6_length','dnssec_reverse_v6', 'vlan',
|
||||||
|
'ouverture_ports']
|
||||||
|
|
||||||
def __init__(self, *args, **kwargs):
|
def __init__(self, *args, **kwargs):
|
||||||
prefix = kwargs.pop('prefix', self.Meta.model.__name__)
|
prefix = kwargs.pop('prefix', self.Meta.model.__name__)
|
||||||
|
@ -231,8 +232,8 @@ class EditIpTypeForm(IpTypeForm):
|
||||||
"""Edition d'un iptype. Pas d'edition du rangev4 possible, car il faudrait
|
"""Edition d'un iptype. Pas d'edition du rangev4 possible, car il faudrait
|
||||||
synchroniser les objets iplist"""
|
synchroniser les objets iplist"""
|
||||||
class Meta(IpTypeForm.Meta):
|
class Meta(IpTypeForm.Meta):
|
||||||
fields = ['extension', 'type', 'need_infra', 'prefix_v6', 'vlan',
|
fields = ['extension', 'type', 'need_infra', 'prefix_v6', 'prefix_v6_length',
|
||||||
'dnssec_reverse_v4', 'dnssec_reverse_v6',
|
'vlan', 'dnssec_reverse_v4', 'dnssec_reverse_v6',
|
||||||
'ouverture_ports']
|
'ouverture_ports']
|
||||||
|
|
||||||
|
|
||||||
|
|
21
machines/migrations/0095_iptype_prefix_v6_length.py
Normal file
21
machines/migrations/0095_iptype_prefix_v6_length.py
Normal file
|
@ -0,0 +1,21 @@
|
||||||
|
# -*- coding: utf-8 -*-
|
||||||
|
# Generated by Django 1.10.7 on 2018-07-16 18:46
|
||||||
|
from __future__ import unicode_literals
|
||||||
|
|
||||||
|
import django.core.validators
|
||||||
|
from django.db import migrations, models
|
||||||
|
|
||||||
|
|
||||||
|
class Migration(migrations.Migration):
|
||||||
|
|
||||||
|
dependencies = [
|
||||||
|
('machines', '0094_role_specific_role'),
|
||||||
|
]
|
||||||
|
|
||||||
|
operations = [
|
||||||
|
migrations.AddField(
|
||||||
|
model_name='iptype',
|
||||||
|
name='prefix_v6_length',
|
||||||
|
field=models.IntegerField(default=64, validators=[django.core.validators.MaxValueValidator(128), django.core.validators.MinValueValidator(0)]),
|
||||||
|
),
|
||||||
|
]
|
|
@ -39,7 +39,7 @@ from django.dispatch import receiver
|
||||||
from django.forms import ValidationError
|
from django.forms import ValidationError
|
||||||
from django.utils.functional import cached_property
|
from django.utils.functional import cached_property
|
||||||
from django.utils import timezone
|
from django.utils import timezone
|
||||||
from django.core.validators import MaxValueValidator
|
from django.core.validators import MaxValueValidator, MinValueValidator
|
||||||
|
|
||||||
from macaddress.fields import MACAddressField
|
from macaddress.fields import MACAddressField
|
||||||
|
|
||||||
|
@ -343,6 +343,13 @@ class IpType(RevMixin, AclMixin, models.Model):
|
||||||
null=True,
|
null=True,
|
||||||
blank=True
|
blank=True
|
||||||
)
|
)
|
||||||
|
prefix_v6_length = models.IntegerField(
|
||||||
|
default=64,
|
||||||
|
validators=[
|
||||||
|
MaxValueValidator(128),
|
||||||
|
MinValueValidator(0)
|
||||||
|
]
|
||||||
|
)
|
||||||
dnssec_reverse_v6 = models.BooleanField(
|
dnssec_reverse_v6 = models.BooleanField(
|
||||||
default=False,
|
default=False,
|
||||||
help_text="Activer DNSSEC sur le reverse DNS IPv6",
|
help_text="Activer DNSSEC sur le reverse DNS IPv6",
|
||||||
|
@ -405,7 +412,7 @@ class IpType(RevMixin, AclMixin, models.Model):
|
||||||
return {
|
return {
|
||||||
'network' : str(self.prefix_v6),
|
'network' : str(self.prefix_v6),
|
||||||
'netmask' : 'ffff:ffff:ffff:ffff::',
|
'netmask' : 'ffff:ffff:ffff:ffff::',
|
||||||
'netmask_cidr' : '64',
|
'netmask_cidr' : str(self.prefix_v6_length),
|
||||||
'vlan': str(self.vlan),
|
'vlan': str(self.vlan),
|
||||||
'vlan_id': self.vlan.vlan_id
|
'vlan_id': self.vlan.vlan_id
|
||||||
}
|
}
|
||||||
|
@ -460,6 +467,17 @@ class IpType(RevMixin, AclMixin, models.Model):
|
||||||
):
|
):
|
||||||
ipv6.check_and_replace_prefix(prefix=self.prefix_v6)
|
ipv6.check_and_replace_prefix(prefix=self.prefix_v6)
|
||||||
|
|
||||||
|
def get_associated_ptr_records(self):
|
||||||
|
from re2o.utils import all_active_assigned_interfaces
|
||||||
|
return (all_active_assigned_interfaces()
|
||||||
|
.filter(type__ip_type=self)
|
||||||
|
.filter(ipv4__isnull=False))
|
||||||
|
|
||||||
|
def get_associated_ptr_v6_records(self):
|
||||||
|
from re2o.utils import all_active_interfaces
|
||||||
|
return (all_active_interfaces(full=True)
|
||||||
|
.filter(type__ip_type=self))
|
||||||
|
|
||||||
def clean(self):
|
def clean(self):
|
||||||
""" Nettoyage. Vérifie :
|
""" Nettoyage. Vérifie :
|
||||||
- Que ip_stop est après ip_start
|
- Que ip_stop est après ip_start
|
||||||
|
|
|
@ -45,7 +45,7 @@ with this program; if not, write to the Free Software Foundation, Inc.,
|
||||||
<td>{{ type.extension }}</td>
|
<td>{{ type.extension }}</td>
|
||||||
<td>{{ type.need_infra }}</td>
|
<td>{{ type.need_infra }}</td>
|
||||||
<td>{{ type.domaine_ip_start }}-{{ type.domaine_ip_stop }}</td>
|
<td>{{ type.domaine_ip_start }}-{{ type.domaine_ip_stop }}</td>
|
||||||
<td>{{ type.prefix_v6 }}</td>
|
<td>{{ type.prefix_v6 }}/{{ type.prefix_v6_length }}</td>
|
||||||
<td>{{ type.dnssec_reverse_v4 }}/{{ type.dnssec_reverse_v6 }}</td>
|
<td>{{ type.dnssec_reverse_v4 }}/{{ type.dnssec_reverse_v6 }}</td>
|
||||||
<td>{{ type.vlan }}</td>
|
<td>{{ type.vlan }}</td>
|
||||||
<td>{{ type.ouverture_ports }}</td>
|
<td>{{ type.ouverture_ports }}</td>
|
||||||
|
|
|
@ -89,15 +89,7 @@ class EditPortForm(FormRevMixin, ModelForm):
|
||||||
self.fields['machine_interface'].queryset = (
|
self.fields['machine_interface'].queryset = (
|
||||||
Interface.objects.all().select_related('domain__extension')
|
Interface.objects.all().select_related('domain__extension')
|
||||||
)
|
)
|
||||||
self.fields['related'].queryset = (
|
self.fields['related'].queryset = Port.objects.all().prefetch_related('switch__machine_ptr__interface_set__domain__extension')
|
||||||
Port.objects.all()
|
|
||||||
.prefetch_related(Prefetch(
|
|
||||||
'switch__interface_set',
|
|
||||||
queryset=(Interface.objects
|
|
||||||
.select_related('ipv4__ip_type__extension')
|
|
||||||
.select_related('domain__extension'))
|
|
||||||
))
|
|
||||||
)
|
|
||||||
|
|
||||||
|
|
||||||
class AddPortForm(FormRevMixin, ModelForm):
|
class AddPortForm(FormRevMixin, ModelForm):
|
||||||
|
|
|
@ -359,8 +359,12 @@ class Switch(AclMixin, Machine):
|
||||||
"""Return dict ip6:subnet for all ipv6 of the switch"""
|
"""Return dict ip6:subnet for all ipv6 of the switch"""
|
||||||
return dict((str(interface.ipv6().first()), interface.type.ip_type.ip6_set_full_info) for interface in self.interface_set.all())
|
return dict((str(interface.ipv6().first()), interface.type.ip_type.ip6_set_full_info) for interface in self.interface_set.all())
|
||||||
|
|
||||||
|
@cached_property
|
||||||
|
def get_name(self):
|
||||||
|
return self.name or self.main_interface().domain.name
|
||||||
|
|
||||||
def __str__(self):
|
def __str__(self):
|
||||||
return str(self.main_interface())
|
return str(self.get_name)
|
||||||
|
|
||||||
|
|
||||||
class ModelSwitch(AclMixin, RevMixin, models.Model):
|
class ModelSwitch(AclMixin, RevMixin, models.Model):
|
||||||
|
|
Loading…
Reference in a new issue