log du nat
This commit is contained in:
Hugo Levy-Falk
root
parent
043173c742
commit
96ceae0b1d
2 changed files with 27 additions and 12 deletions
21
firewall.py
21
firewall.py
|
|
@ -231,7 +231,6 @@ class NetfilterSet:
|
||||||
"""Create the set, removing existing set if needed."""
|
"""Create the set, removing existing set if needed."""
|
||||||
# Delete set if it exists with wrong type
|
# Delete set if it exists with wrong type
|
||||||
current_set = self._get_raw_netfilter(parse_elements=False)
|
current_set = self._get_raw_netfilter(parse_elements=False)
|
||||||
logging.info(current_set)
|
|
||||||
if current_set is None:
|
if current_set is None:
|
||||||
self._create_new_set_in_kernel()
|
self._create_new_set_in_kernel()
|
||||||
elif not self.has_type(current_set['type']):
|
elif not self.has_type(current_set['type']):
|
||||||
|
|
@ -393,7 +392,7 @@ class NetfilterSet:
|
||||||
'name': values['name'],
|
'name': values['name'],
|
||||||
'type': values['type'].split(' . '),
|
'type': values['type'].split(' . '),
|
||||||
'raw_content': values['elements'],
|
'raw_content': values['elements'],
|
||||||
'flags': set(values['flags'].split(', ')),
|
'flags': set(values['flags'].split(', ')) if values['flags'] else None,
|
||||||
}
|
}
|
||||||
|
|
||||||
def get_netfilter_content(self):
|
def get_netfilter_content(self):
|
||||||
|
|
@ -673,15 +672,22 @@ class NAT:
|
||||||
ports = [
|
ports = [
|
||||||
set() for i in range(self.nb_private_by_public)
|
set() for i in range(self.nb_private_by_public)
|
||||||
]
|
]
|
||||||
|
port_range = lambda i : '-'.join([
|
||||||
|
str(int(self.first_port + i/self.nb_private_by_public * (self.last_port - self.first_port))),
|
||||||
|
str(int(self.first_port + (i+1)/self.nb_private_by_public * (self.last_port - self.first_port)-1))
|
||||||
|
])
|
||||||
|
nat_log = ""
|
||||||
for ip_out, ip in zip(
|
for ip_out, ip in zip(
|
||||||
self.range_out,
|
self.range_out,
|
||||||
range(self.range_in.first, self.range_in.last, self.nb_private_by_public)
|
range(self.range_in.first, self.range_in.last, self.nb_private_by_public)
|
||||||
):
|
):
|
||||||
range_size = self.nb_private_by_public if int(ip + self.nb_private_by_public) <= self.range_in.last else (self.range_in.last - ip)
|
range_size = self.nb_private_by_public if int(ip + self.nb_private_by_public) <= self.range_in.last else (self.range_in.last - ip)
|
||||||
ips[(netaddr.IPRange(ip, ip+range_size-1),)] = ip_out
|
ips[(netaddr.IPRange(ip, ip+range_size-1),)] = ip_out
|
||||||
|
|
||||||
for i in range(range_size):
|
for i in range(range_size):
|
||||||
ports[i].add((netaddr.IPAddress(ip+i),))
|
ip_in = netaddr.IPAddress(ip+i)
|
||||||
|
ports[i].add((ip_in,))
|
||||||
|
nat_log += '\t'.join((str(ip_out), port_range(i), str(ip_in), '\n'))
|
||||||
|
|
||||||
|
|
||||||
ip_map = NetfilterMap(
|
ip_map = NetfilterMap(
|
||||||
target_content=ips,
|
target_content=ips,
|
||||||
|
|
@ -694,10 +700,6 @@ class NAT:
|
||||||
)
|
)
|
||||||
ip_map.manage()
|
ip_map.manage()
|
||||||
|
|
||||||
port_range = lambda i : '-'.join([
|
|
||||||
str(int(self.first_port + i/self.nb_private_by_public * (self.last_port - self.first_port))),
|
|
||||||
str(int(self.first_port + (i+1)/self.nb_private_by_public * (self.last_port - self.first_port)-1))
|
|
||||||
])
|
|
||||||
|
|
||||||
for i, grp in enumerate(ports):
|
for i, grp in enumerate(ports):
|
||||||
grp_set = NetfilterSet(
|
grp_set = NetfilterSet(
|
||||||
|
|
@ -713,6 +715,9 @@ class NAT:
|
||||||
port_range(i)
|
port_range(i)
|
||||||
)
|
)
|
||||||
|
|
||||||
|
return nat_log
|
||||||
|
|
||||||
|
|
||||||
class Firewall:
|
class Firewall:
|
||||||
"""Manages the firewall using nftables."""
|
"""Manages the firewall using nftables."""
|
||||||
|
|
||||||
|
|
|
||||||
18
nat.py
18
nat.py
|
|
@ -20,6 +20,7 @@ Creates the nat set.
|
||||||
"""
|
"""
|
||||||
|
|
||||||
import logging
|
import logging
|
||||||
|
import time
|
||||||
from configparser import ConfigParser
|
from configparser import ConfigParser
|
||||||
|
|
||||||
import netaddr
|
import netaddr
|
||||||
|
|
@ -87,23 +88,32 @@ def create_nat_admin():
|
||||||
|
|
||||||
|
|
||||||
def main():
|
def main():
|
||||||
|
nat_log = time.ctime() + "\n"
|
||||||
logging.info("Creating adherent nat...")
|
logging.info("Creating adherent nat...")
|
||||||
nat_adherent = create_nat_adherent()
|
nat_adherent = create_nat_adherent()
|
||||||
nat_adherent.manage()
|
nat_log += "Adherents :\n"
|
||||||
|
nat_log += nat_adherent.manage()
|
||||||
logging.info("Done.")
|
logging.info("Done.")
|
||||||
logging.info("Creating federez nat...")
|
logging.info("Creating federez nat...")
|
||||||
nat_federez = create_nat_federez()
|
nat_federez = create_nat_federez()
|
||||||
nat_federez.manage()
|
nat_log += "Federez :\n"
|
||||||
|
nat_log += nat_federez.manage()
|
||||||
logging.info("Done.")
|
logging.info("Done.")
|
||||||
logging.info("Creating aloes nat...")
|
logging.info("Creating aloes nat...")
|
||||||
aloes_nat = create_nat_aloes()
|
aloes_nat = create_nat_aloes()
|
||||||
aloes_nat.manage()
|
nat_log += "Aloes :\n"
|
||||||
|
nat_log += aloes_nat.manage()
|
||||||
logging.info("Done.")
|
logging.info("Done.")
|
||||||
logging.info("Creating admin nat...")
|
logging.info("Creating admin nat...")
|
||||||
admin_nat = create_nat_admin()
|
admin_nat = create_nat_admin()
|
||||||
admin_nat.manage()
|
nat_log += "Admin :\n"
|
||||||
|
nat_log += admin_nat.manage()
|
||||||
logging.info("Done.")
|
logging.info("Done.")
|
||||||
|
|
||||||
|
logging.info("Saving nat table into /var/log/nat.log")
|
||||||
|
with open('/var/log/nat.log', 'a') as f:
|
||||||
|
f.write(nat_log)
|
||||||
|
|
||||||
|
|
||||||
if __name__=='__main__':
|
if __name__=='__main__':
|
||||||
logging.info('Updating the NAT table.')
|
logging.info('Updating the NAT table.')
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue