mirror of
https://gitlab2.federez.net/re2o/re2o
synced 2024-11-23 11:53:12 +00:00
API: Add support for firewall
This commit is contained in:
parent
7028788cf2
commit
ef6b62439b
2 changed files with 60 additions and 1 deletions
|
@ -35,6 +35,9 @@ urlpatterns = [
|
||||||
url(r'^services/(?P<server_name>\w+)/(?P<service_name>\w+)/regen/$', views.services_server_service_regen),
|
url(r'^services/(?P<server_name>\w+)/(?P<service_name>\w+)/regen/$', views.services_server_service_regen),
|
||||||
url(r'^services/(?P<server_name>\w+)/$', views.services_server),
|
url(r'^services/(?P<server_name>\w+)/$', views.services_server),
|
||||||
|
|
||||||
|
# Firewall
|
||||||
|
url(r'^firewall/ouverture_ports/$', views.firewall_ouverture_ports),
|
||||||
|
|
||||||
# DHCP
|
# DHCP
|
||||||
url(r'^dhcp/mac-ip/$', views.dhcp_mac_ip),
|
url(r'^dhcp/mac-ip/$', views.dhcp_mac_ip),
|
||||||
|
|
||||||
|
|
58
api/views.py
58
api/views.py
|
@ -30,7 +30,8 @@ from django.views.decorators.csrf import csrf_exempt
|
||||||
from re2o.utils import all_has_access, all_active_assigned_interfaces
|
from re2o.utils import all_has_access, all_active_assigned_interfaces
|
||||||
|
|
||||||
from users.models import Club
|
from users.models import Club
|
||||||
from machines.models import Service_link, Service, Interface, Domain
|
from machines.models import (Service_link, Service, Interface, Domain,
|
||||||
|
OuverturePortList)
|
||||||
|
|
||||||
from .serializers import *
|
from .serializers import *
|
||||||
from .utils import JSONError, JSONSuccess, accept_method
|
from .utils import JSONError, JSONSuccess, accept_method
|
||||||
|
@ -114,6 +115,61 @@ def services_server(request, server_name):
|
||||||
return JSONSuccess(seria.data)
|
return JSONSuccess(seria.data)
|
||||||
|
|
||||||
|
|
||||||
|
@csrf_exempt
|
||||||
|
@login_required
|
||||||
|
@permission_required('machines.serveur')
|
||||||
|
@accept_method(['GET'])
|
||||||
|
def firewall_ouverture_ports(request):
|
||||||
|
"""The list of the ports authorized to be openned by the firewall
|
||||||
|
|
||||||
|
Returns:
|
||||||
|
GET:
|
||||||
|
A JSONSuccess response with a `data` field containing:
|
||||||
|
* a field `ipv4` containing:
|
||||||
|
* a field `tcp_in` containing:
|
||||||
|
* a list of port number where ipv4 tcp in should be ok
|
||||||
|
* a field `tcp_out` containing:
|
||||||
|
* a list of port number where ipv4 tcp ou should be ok
|
||||||
|
* a field `udp_in` containing:
|
||||||
|
* a list of port number where ipv4 udp in should be ok
|
||||||
|
* a field `udp_out` containing:
|
||||||
|
* a list of port number where ipv4 udp out should be ok
|
||||||
|
* a field `ipv6` containing:
|
||||||
|
* a field `tcp_in` containing:
|
||||||
|
* a list of port number where ipv6 tcp in should be ok
|
||||||
|
* a field `tcp_out` containing:
|
||||||
|
* a list of port number where ipv6 tcp ou should be ok
|
||||||
|
* a field `udp_in` containing:
|
||||||
|
* a list of port number where ipv6 udp in should be ok
|
||||||
|
* a field `udp_out` containing:
|
||||||
|
* a list of port number where ipv6 udp out should be ok
|
||||||
|
"""
|
||||||
|
r = {'ipv4':{}, 'ipv6':{}}
|
||||||
|
for o in OuverturePortList.objects.all().prefetch_related('ouvertureport_set').prefetch_related('interface_set', 'interface_set__ipv4'):
|
||||||
|
pl = {
|
||||||
|
"tcp_in":set(map(str,o.ouvertureport_set.filter(protocole=OuverturePort.TCP, io=OuverturePort.IN))),
|
||||||
|
"tcp_out":set(map(str,o.ouvertureport_set.filter(protocole=OuverturePort.TCP, io=OuverturePort.OUT))),
|
||||||
|
"udp_in":set(map(str,o.ouvertureport_set.filter(protocole=OuverturePort.UDP, io=OuverturePort.IN))),
|
||||||
|
"udp_out":set(map(str,o.ouvertureport_set.filter(protocole=OuverturePort.UDP, io=OuverturePort.OUT))),
|
||||||
|
}
|
||||||
|
for i in filter_active_interfaces(o.interface_set):
|
||||||
|
if i.may_have_port_open():
|
||||||
|
d = r['ipv4'].get(i.ipv4.ipv4, {})
|
||||||
|
d["tcp_in"] = d.get("tcp_in",set()).union(pl["tcp_in"])
|
||||||
|
d["tcp_out"] = d.get("tcp_out",set()).union(pl["tcp_out"])
|
||||||
|
d["udp_in"] = d.get("udp_in",set()).union(pl["udp_in"])
|
||||||
|
d["udp_out"] = d.get("udp_out",set()).union(pl["udp_out"])
|
||||||
|
r['ipv4'][i.ipv4.ipv4] = d
|
||||||
|
if i.ipv6():
|
||||||
|
for ipv6 in i.ipv6():
|
||||||
|
d = r['ipv6'].get(ipv6.ipv6, {})
|
||||||
|
d["tcp_in"] = d.get("tcp_in",set()).union(pl["tcp_in"])
|
||||||
|
d["tcp_out"] = d.get("tcp_out",set()).union(pl["tcp_out"])
|
||||||
|
d["udp_in"] = d.get("udp_in",set()).union(pl["udp_in"])
|
||||||
|
d["udp_out"] = d.get("udp_out",set()).union(pl["udp_out"])
|
||||||
|
r['ipv6'][ipv6.ipv6] = d
|
||||||
|
return JSONSuccess(r)
|
||||||
|
|
||||||
@csrf_exempt
|
@csrf_exempt
|
||||||
@login_required
|
@login_required
|
||||||
@permission_required('machines.serveur')
|
@permission_required('machines.serveur')
|
||||||
|
|
Loading…
Reference in a new issue