firewall/mac_ip.py
2019-04-30 00:12:38 +02:00

77 lines
2.1 KiB
Python

#! /usr/bin/python3
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
# Copyright © 2019 Hugo Levy-Falk <me@klafyvel.me>
"""
Creates the nat set.
"""
import logging
from configparser import ConfigParser
from re2oapi import Re2oAPIClient
from firewall import NetfilterSet
CONFIG = ConfigParser()
CONFIG.read('/usr/local/firewall/config.ini')
api_hostname = CONFIG.get('Re2o', 'hostname')
api_password = CONFIG.get('Re2o', 'password')
api_username = CONFIG.get('Re2o', 'username')
api_client = Re2oAPIClient(api_hostname, api_username, api_password, use_tls=False)
def gen_ip_mac_set():
"""Generates the ip_mac set in nftables.
Returns:
A NetfilterSet object with the allowed ip - mac pairs.
"""
hosts = api_client.list('dhcp/hostmacip')
content = [
(h['ipv4'], h['mac_address'])
for h in hosts
if h['ipv4'] and h['mac_address']
]
return NetfilterSet(
target_content=content,
type_=('IPv4', 'MAC'),
name='ip_mac',
table_name='firewall',
)
def update_macip():
log = logging.getLogger(__name__)
if not log.hasHandlers():
handler = logging.StreamHandler()
formatter = logging.Formatter(
"%(asctime)s %(levelname)s %(name)s %(message)s"
)
handler.setFormatter(formatter)
log.addHandler(handler)
log.setLevel(logging.INFO)
log.info('Updating the ip - mac set...')
ip_mac = gen_ip_mac_set()
log.info('Applying modifications...')
ip_mac.manage()
log.info('Done')
if __name__=='__main__':
update_macip()