rezometz
/
firewall
9
0
Fork 0
Code Issues Pull Requests 1 Releases Wiki Activity
Browse Source

log du nat

lazouz/latoilescoute-snmp
Hugo Levy-Falk 7 years ago
committed by root
parent
043173c742
commit
96ceae0b1d
2 changed files with 27 additions and 12 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 21
      firewall.py
  2. 18
      nat.py

21
firewall.py
View File

@ -231,7 +231,6 @@ class NetfilterSet:
"""Create the set, removing existing set if needed.""" """Create the set, removing existing set if needed."""
# Delete set if it exists with wrong type # Delete set if it exists with wrong type
current_set = self._get_raw_netfilter(parse_elements=False) current_set = self._get_raw_netfilter(parse_elements=False)
logging.info(current_set)
if current_set is None: if current_set is None:
self._create_new_set_in_kernel() self._create_new_set_in_kernel()
elif not self.has_type(current_set['type']): elif not self.has_type(current_set['type']):
@ -393,7 +392,7 @@ class NetfilterSet:
'name': values['name'], 'name': values['name'],
'type': values['type'].split(' . '), 'type': values['type'].split(' . '),
'raw_content': values['elements'], 'raw_content': values['elements'],
'flags': set(values['flags'].split(', ')), 'flags': set(values['flags'].split(', ')) if values['flags'] else None,
} }
def get_netfilter_content(self): def get_netfilter_content(self):
@ -673,15 +672,22 @@ class NAT:
ports = [ ports = [
set() for i in range(self.nb_private_by_public) set() for i in range(self.nb_private_by_public)
] ]
port_range = lambda i : '-'.join([
str(int(self.first_port + i/self.nb_private_by_public * (self.last_port - self.first_port))),
str(int(self.first_port + (i+1)/self.nb_private_by_public * (self.last_port - self.first_port)-1))
])
nat_log = ""
for ip_out, ip in zip( for ip_out, ip in zip(
self.range_out, self.range_out,
range(self.range_in.first, self.range_in.last, self.nb_private_by_public) range(self.range_in.first, self.range_in.last, self.nb_private_by_public)
): ):
range_size = self.nb_private_by_public if int(ip + self.nb_private_by_public) <= self.range_in.last else (self.range_in.last - ip) range_size = self.nb_private_by_public if int(ip + self.nb_private_by_public) <= self.range_in.last else (self.range_in.last - ip)
ips[(netaddr.IPRange(ip, ip+range_size-1),)] = ip_out ips[(netaddr.IPRange(ip, ip+range_size-1),)] = ip_out
for i in range(range_size): for i in range(range_size):
ports[i].add((netaddr.IPAddress(ip+i),)) ip_in = netaddr.IPAddress(ip+i)
ports[i].add((ip_in,))
nat_log += '\t'.join((str(ip_out), port_range(i), str(ip_in), '\n'))
ip_map = NetfilterMap( ip_map = NetfilterMap(
target_content=ips, target_content=ips,
@ -694,10 +700,6 @@ class NAT:
) )
ip_map.manage() ip_map.manage()
port_range = lambda i : '-'.join([
str(int(self.first_port + i/self.nb_private_by_public * (self.last_port - self.first_port))),
str(int(self.first_port + (i+1)/self.nb_private_by_public * (self.last_port - self.first_port)-1))
])
for i, grp in enumerate(ports): for i, grp in enumerate(ports):
grp_set = NetfilterSet( grp_set = NetfilterSet(
@ -713,6 +715,9 @@ class NAT:
port_range(i) port_range(i)
) )
return nat_log
class Firewall: class Firewall:
"""Manages the firewall using nftables.""" """Manages the firewall using nftables."""

18
nat.py
View File

@ -20,6 +20,7 @@ Creates the nat set.
""" """
import logging import logging
import time
from configparser import ConfigParser from configparser import ConfigParser
import netaddr import netaddr
@ -87,23 +88,32 @@ def create_nat_admin():
def main(): def main():
nat_log = time.ctime() + "\n"
logging.info("Creating adherent nat...") logging.info("Creating adherent nat...")
nat_adherent = create_nat_adherent() nat_adherent = create_nat_adherent()
nat_adherent.manage() nat_log += "Adherents :\n"
nat_log += nat_adherent.manage()
logging.info("Done.") logging.info("Done.")
logging.info("Creating federez nat...") logging.info("Creating federez nat...")
nat_federez = create_nat_federez() nat_federez = create_nat_federez()
nat_federez.manage() nat_log += "Federez :\n"
nat_log += nat_federez.manage()
logging.info("Done.") logging.info("Done.")
logging.info("Creating aloes nat...") logging.info("Creating aloes nat...")
aloes_nat = create_nat_aloes() aloes_nat = create_nat_aloes()
aloes_nat.manage() nat_log += "Aloes :\n"
nat_log += aloes_nat.manage()
logging.info("Done.") logging.info("Done.")
logging.info("Creating admin nat...") logging.info("Creating admin nat...")
admin_nat = create_nat_admin() admin_nat = create_nat_admin()
admin_nat.manage() nat_log += "Admin :\n"
nat_log += admin_nat.manage()
logging.info("Done.") logging.info("Done.")
logging.info("Saving nat table into /var/log/nat.log")
with open('/var/log/nat.log', 'a') as f:
f.write(nat_log)
if __name__=='__main__': if __name__=='__main__':
logging.info('Updating the NAT table.') logging.info('Updating the NAT table.')

Write Preview
Loading…
Cancel
Save