log du nat
This commit is contained in:
Hugo Levy-Falk
root
parent
043173c742
commit
96ceae0b1d
2 changed files with 27 additions and 12 deletions
21
firewall.py
21
firewall.py
|
|
@ -231,7 +231,6 @@ class NetfilterSet:
|
|||
"""Create the set, removing existing set if needed."""
|
||||
# Delete set if it exists with wrong type
|
||||
current_set = self._get_raw_netfilter(parse_elements=False)
|
||||
logging.info(current_set)
|
||||
if current_set is None:
|
||||
self._create_new_set_in_kernel()
|
||||
elif not self.has_type(current_set['type']):
|
||||
|
|
@ -393,7 +392,7 @@ class NetfilterSet:
|
|||
'name': values['name'],
|
||||
'type': values['type'].split(' . '),
|
||||
'raw_content': values['elements'],
|
||||
'flags': set(values['flags'].split(', ')),
|
||||
'flags': set(values['flags'].split(', ')) if values['flags'] else None,
|
||||
}
|
||||
|
||||
def get_netfilter_content(self):
|
||||
|
|
@ -673,15 +672,22 @@ class NAT:
|
|||
ports = [
|
||||
set() for i in range(self.nb_private_by_public)
|
||||
]
|
||||
port_range = lambda i : '-'.join([
|
||||
str(int(self.first_port + i/self.nb_private_by_public * (self.last_port - self.first_port))),
|
||||
str(int(self.first_port + (i+1)/self.nb_private_by_public * (self.last_port - self.first_port)-1))
|
||||
])
|
||||
nat_log = ""
|
||||
for ip_out, ip in zip(
|
||||
self.range_out,
|
||||
range(self.range_in.first, self.range_in.last, self.nb_private_by_public)
|
||||
):
|
||||
range_size = self.nb_private_by_public if int(ip + self.nb_private_by_public) <= self.range_in.last else (self.range_in.last - ip)
|
||||
ips[(netaddr.IPRange(ip, ip+range_size-1),)] = ip_out
|
||||
|
||||
for i in range(range_size):
|
||||
ports[i].add((netaddr.IPAddress(ip+i),))
|
||||
ip_in = netaddr.IPAddress(ip+i)
|
||||
ports[i].add((ip_in,))
|
||||
nat_log += '\t'.join((str(ip_out), port_range(i), str(ip_in), '\n'))
|
||||
|
||||
|
||||
ip_map = NetfilterMap(
|
||||
target_content=ips,
|
||||
|
|
@ -694,10 +700,6 @@ class NAT:
|
|||
)
|
||||
ip_map.manage()
|
||||
|
||||
port_range = lambda i : '-'.join([
|
||||
str(int(self.first_port + i/self.nb_private_by_public * (self.last_port - self.first_port))),
|
||||
str(int(self.first_port + (i+1)/self.nb_private_by_public * (self.last_port - self.first_port)-1))
|
||||
])
|
||||
|
||||
for i, grp in enumerate(ports):
|
||||
grp_set = NetfilterSet(
|
||||
|
|
@ -713,6 +715,9 @@ class NAT:
|
|||
port_range(i)
|
||||
)
|
||||
|
||||
return nat_log
|
||||
|
||||
|
||||
class Firewall:
|
||||
"""Manages the firewall using nftables."""
|
||||
|
||||
|
|
|
|||
18
nat.py
18
nat.py
|
|
@ -20,6 +20,7 @@ Creates the nat set.
|
|||
"""
|
||||
|
||||
import logging
|
||||
import time
|
||||
from configparser import ConfigParser
|
||||
|
||||
import netaddr
|
||||
|
|
@ -87,23 +88,32 @@ def create_nat_admin():
|
|||
|
||||
|
||||
def main():
|
||||
nat_log = time.ctime() + "\n"
|
||||
logging.info("Creating adherent nat...")
|
||||
nat_adherent = create_nat_adherent()
|
||||
nat_adherent.manage()
|
||||
nat_log += "Adherents :\n"
|
||||
nat_log += nat_adherent.manage()
|
||||
logging.info("Done.")
|
||||
logging.info("Creating federez nat...")
|
||||
nat_federez = create_nat_federez()
|
||||
nat_federez.manage()
|
||||
nat_log += "Federez :\n"
|
||||
nat_log += nat_federez.manage()
|
||||
logging.info("Done.")
|
||||
logging.info("Creating aloes nat...")
|
||||
aloes_nat = create_nat_aloes()
|
||||
aloes_nat.manage()
|
||||
nat_log += "Aloes :\n"
|
||||
nat_log += aloes_nat.manage()
|
||||
logging.info("Done.")
|
||||
logging.info("Creating admin nat...")
|
||||
admin_nat = create_nat_admin()
|
||||
admin_nat.manage()
|
||||
nat_log += "Admin :\n"
|
||||
nat_log += admin_nat.manage()
|
||||
logging.info("Done.")
|
||||
|
||||
logging.info("Saving nat table into /var/log/nat.log")
|
||||
with open('/var/log/nat.log', 'a') as f:
|
||||
f.write(nat_log)
|
||||
|
||||
|
||||
if __name__=='__main__':
|
||||
logging.info('Updating the NAT table.')
|
||||
|
|
|
|||
Loading…
Reference in a new issue