From 96ceae0b1d50d0dd4e4491197f5303b303633af5 Mon Sep 17 00:00:00 2001 From: Hugo Levy-Falk Date: Sat, 30 Mar 2019 18:33:06 +0100 Subject: [PATCH] log du nat --- firewall.py | 21 +++++++++++++-------- nat.py | 18 ++++++++++++++---- 2 files changed, 27 insertions(+), 12 deletions(-) diff --git a/firewall.py b/firewall.py index 7e007a9..8313140 100755 --- a/firewall.py +++ b/firewall.py @@ -231,7 +231,6 @@ class NetfilterSet: """Create the set, removing existing set if needed.""" # Delete set if it exists with wrong type current_set = self._get_raw_netfilter(parse_elements=False) - logging.info(current_set) if current_set is None: self._create_new_set_in_kernel() elif not self.has_type(current_set['type']): @@ -393,7 +392,7 @@ class NetfilterSet: 'name': values['name'], 'type': values['type'].split(' . '), 'raw_content': values['elements'], - 'flags': set(values['flags'].split(', ')), + 'flags': set(values['flags'].split(', ')) if values['flags'] else None, } def get_netfilter_content(self): @@ -673,15 +672,22 @@ class NAT: ports = [ set() for i in range(self.nb_private_by_public) ] + port_range = lambda i : '-'.join([ + str(int(self.first_port + i/self.nb_private_by_public * (self.last_port - self.first_port))), + str(int(self.first_port + (i+1)/self.nb_private_by_public * (self.last_port - self.first_port)-1)) + ]) + nat_log = "" for ip_out, ip in zip( self.range_out, range(self.range_in.first, self.range_in.last, self.nb_private_by_public) ): range_size = self.nb_private_by_public if int(ip + self.nb_private_by_public) <= self.range_in.last else (self.range_in.last - ip) ips[(netaddr.IPRange(ip, ip+range_size-1),)] = ip_out - for i in range(range_size): - ports[i].add((netaddr.IPAddress(ip+i),)) + ip_in = netaddr.IPAddress(ip+i) + ports[i].add((ip_in,)) + nat_log += '\t'.join((str(ip_out), port_range(i), str(ip_in), '\n')) + ip_map = NetfilterMap( target_content=ips, @@ -694,10 +700,6 @@ class NAT: ) ip_map.manage() - port_range = lambda i : '-'.join([ - str(int(self.first_port + i/self.nb_private_by_public * (self.last_port - self.first_port))), - str(int(self.first_port + (i+1)/self.nb_private_by_public * (self.last_port - self.first_port)-1)) - ]) for i, grp in enumerate(ports): grp_set = NetfilterSet( @@ -713,6 +715,9 @@ class NAT: port_range(i) ) + return nat_log + + class Firewall: """Manages the firewall using nftables.""" diff --git a/nat.py b/nat.py index 9347dca..125c794 100644 --- a/nat.py +++ b/nat.py @@ -20,6 +20,7 @@ Creates the nat set. """ import logging +import time from configparser import ConfigParser import netaddr @@ -87,23 +88,32 @@ def create_nat_admin(): def main(): + nat_log = time.ctime() + "\n" logging.info("Creating adherent nat...") nat_adherent = create_nat_adherent() - nat_adherent.manage() + nat_log += "Adherents :\n" + nat_log += nat_adherent.manage() logging.info("Done.") logging.info("Creating federez nat...") nat_federez = create_nat_federez() - nat_federez.manage() + nat_log += "Federez :\n" + nat_log += nat_federez.manage() logging.info("Done.") logging.info("Creating aloes nat...") aloes_nat = create_nat_aloes() - aloes_nat.manage() + nat_log += "Aloes :\n" + nat_log += aloes_nat.manage() logging.info("Done.") logging.info("Creating admin nat...") admin_nat = create_nat_admin() - admin_nat.manage() + nat_log += "Admin :\n" + nat_log += admin_nat.manage() logging.info("Done.") + logging.info("Saving nat table into /var/log/nat.log") + with open('/var/log/nat.log', 'a') as f: + f.write(nat_log) + if __name__=='__main__': logging.info('Updating the NAT table.')