From ef6b62439b01f9ed939d16736027e2f0fe5a9d09 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ma=C3=ABl=20Kervella?= Date: Sat, 17 Mar 2018 18:16:26 +0000 Subject: [PATCH] API: Add support for firewall --- api/urls.py | 3 +++ api/views.py | 58 +++++++++++++++++++++++++++++++++++++++++++++++++++- 2 files changed, 60 insertions(+), 1 deletion(-) diff --git a/api/urls.py b/api/urls.py index ab8a5bed..9b9eaedd 100644 --- a/api/urls.py +++ b/api/urls.py @@ -35,6 +35,9 @@ urlpatterns = [ url(r'^services/(?P\w+)/(?P\w+)/regen/$', views.services_server_service_regen), url(r'^services/(?P\w+)/$', views.services_server), + # Firewall + url(r'^firewall/ouverture_ports/$', views.firewall_ouverture_ports), + # DHCP url(r'^dhcp/mac-ip/$', views.dhcp_mac_ip), diff --git a/api/views.py b/api/views.py index 97c60824..ce373d05 100644 --- a/api/views.py +++ b/api/views.py @@ -30,7 +30,8 @@ from django.views.decorators.csrf import csrf_exempt from re2o.utils import all_has_access, all_active_assigned_interfaces from users.models import Club -from machines.models import Service_link, Service, Interface, Domain +from machines.models import (Service_link, Service, Interface, Domain, + OuverturePortList) from .serializers import * from .utils import JSONError, JSONSuccess, accept_method @@ -114,6 +115,61 @@ def services_server(request, server_name): return JSONSuccess(seria.data) +@csrf_exempt +@login_required +@permission_required('machines.serveur') +@accept_method(['GET']) +def firewall_ouverture_ports(request): + """The list of the ports authorized to be openned by the firewall + + Returns: + GET: + A JSONSuccess response with a `data` field containing: + * a field `ipv4` containing: + * a field `tcp_in` containing: + * a list of port number where ipv4 tcp in should be ok + * a field `tcp_out` containing: + * a list of port number where ipv4 tcp ou should be ok + * a field `udp_in` containing: + * a list of port number where ipv4 udp in should be ok + * a field `udp_out` containing: + * a list of port number where ipv4 udp out should be ok + * a field `ipv6` containing: + * a field `tcp_in` containing: + * a list of port number where ipv6 tcp in should be ok + * a field `tcp_out` containing: + * a list of port number where ipv6 tcp ou should be ok + * a field `udp_in` containing: + * a list of port number where ipv6 udp in should be ok + * a field `udp_out` containing: + * a list of port number where ipv6 udp out should be ok + """ + r = {'ipv4':{}, 'ipv6':{}} + for o in OuverturePortList.objects.all().prefetch_related('ouvertureport_set').prefetch_related('interface_set', 'interface_set__ipv4'): + pl = { + "tcp_in":set(map(str,o.ouvertureport_set.filter(protocole=OuverturePort.TCP, io=OuverturePort.IN))), + "tcp_out":set(map(str,o.ouvertureport_set.filter(protocole=OuverturePort.TCP, io=OuverturePort.OUT))), + "udp_in":set(map(str,o.ouvertureport_set.filter(protocole=OuverturePort.UDP, io=OuverturePort.IN))), + "udp_out":set(map(str,o.ouvertureport_set.filter(protocole=OuverturePort.UDP, io=OuverturePort.OUT))), + } + for i in filter_active_interfaces(o.interface_set): + if i.may_have_port_open(): + d = r['ipv4'].get(i.ipv4.ipv4, {}) + d["tcp_in"] = d.get("tcp_in",set()).union(pl["tcp_in"]) + d["tcp_out"] = d.get("tcp_out",set()).union(pl["tcp_out"]) + d["udp_in"] = d.get("udp_in",set()).union(pl["udp_in"]) + d["udp_out"] = d.get("udp_out",set()).union(pl["udp_out"]) + r['ipv4'][i.ipv4.ipv4] = d + if i.ipv6(): + for ipv6 in i.ipv6(): + d = r['ipv6'].get(ipv6.ipv6, {}) + d["tcp_in"] = d.get("tcp_in",set()).union(pl["tcp_in"]) + d["tcp_out"] = d.get("tcp_out",set()).union(pl["tcp_out"]) + d["udp_in"] = d.get("udp_in",set()).union(pl["udp_in"]) + d["udp_out"] = d.get("udp_out",set()).union(pl["udp_out"]) + r['ipv6'][ipv6.ipv6] = d + return JSONSuccess(r) + @csrf_exempt @login_required @permission_required('machines.serveur')