Files
@ 87d2821ecdfd
Branch filter:
Location: conntrackt/conntrackt/utils.py - annotation
87d2821ecdfd
1.6 KiB
text/x-python
CONNT-9: Reworked the entity details view to be more consistent with the other views. Move implicit queries from template to view.
90fac7c6abb9 90fac7c6abb9 90fac7c6abb9 f397b9db8183 90fac7c6abb9 90fac7c6abb9 2b2462d3175a 2b2462d3175a 2b2462d3175a 90fac7c6abb9 90fac7c6abb9 90fac7c6abb9 90fac7c6abb9 90fac7c6abb9 90fac7c6abb9 90fac7c6abb9 90fac7c6abb9 90fac7c6abb9 90fac7c6abb9 90fac7c6abb9 90fac7c6abb9 90fac7c6abb9 90fac7c6abb9 90fac7c6abb9 90fac7c6abb9 2b2462d3175a 2b2462d3175a 2b2462d3175a 2b2462d3175a 2b2462d3175a 2b2462d3175a 2b2462d3175a 2b2462d3175a 2b2462d3175a 2b2462d3175a 2b2462d3175a 90fac7c6abb9 f4bb5c3c3539 f4bb5c3c3539 f4bb5c3c3539 2b2462d3175a 2b2462d3175a 2b2462d3175a 2b2462d3175a 2b2462d3175a 2b2462d3175a 2b2462d3175a 2b2462d3175a 2b2462d3175a 2b2462d3175a 2b2462d3175a 2b2462d3175a 90fac7c6abb9 90fac7c6abb9 | # Standard library imports.
import re
# Django imports.
from django.template import Context, loader
# Application imports.
import iptables
def generate_entity_iptables(entity):
"""
Generates full iptables rules for the supplied entity. The generated rules
can be fed directly to the iptables-restore utility.
Arguments:
entity - An Entity instance for which the iptables rules should be
generated.
Returns:
String containing the iptables rules for entity.
"""
# Fetch list of incoming communications.
incoming = entity.incoming_communications()
# Set-up the nat table.
nat = iptables.Table("nat")
for chain in ("PREROUTING", "INPUT", "OUTPUT", "POSTROUTING"):
nat.add_chain(iptables.Chain(chain, "ACCEPT"))
# Set-up the filter table INPUT chain.
filter = iptables.Table("filter")
input = iptables.Chain("INPUT", "DROP")
input.add_rule(iptables.LoopbackRule())
input.add_rule(iptables.RelatedRule())
for communication in incoming:
source = "%s/%s" % (communication.source.address, communication.source.netmask)
destination = "%s/%s" % (communication.destination.address, communication.destination.netmask)
input.add_rule(iptables.Rule(source, destination, communication.protocol, communication.port, communication.description))
filter.add_chain(input)
# Set-up empty chains.
filter.add_chain(iptables.Chain("OUTPUT", "ACCEPT"))
filter.add_chain(iptables.Chain("FORWARD", "DROP"))
# Construct the iptables file using the two tables.
content = "%s%s" % (filter, nat)
return content
|