Commit | Line | Data |
---|---|---|
11cbb815 PD |
1 | # The software in this package is distributed under the GNU General |
2 | # Public License version 2 (with a special exception described below). | |
3 | # | |
4 | # A copy of GNU General Public License (GPL) is included in this distribution, | |
5 | # in the file COPYING.GPL. | |
6 | # | |
7 | # As a special exception, if other files instantiate templates or use macros | |
8 | # or inline functions from this file, or you compile this file and link it | |
9 | # with other works to produce a work based on this file, this file | |
10 | # does not by itself cause the resulting work to be covered | |
11 | # by the GNU General Public License. | |
12 | # | |
13 | # However the source code for this file must still be made available | |
14 | # in accordance with section (3) of the GNU General Public License. | |
15 | # | |
16 | # This exception does not invalidate any other reasons why a work based | |
17 | # on this file might be covered by the GNU General Public License. | |
18 | # | |
19 | # Copyright (c) 2016-2018 Intra2net AG <info@intra2net.com> | |
20 | ||
f49f6323 PD |
21 | """ |
22 | ||
23 | SUMMARY | |
24 | ------------------------------------------------------ | |
25 | Utility for one-step dynamic cnfvar configuration. | |
26 | ||
27 | Copyright: Intra2net AG | |
28 | ||
29 | ||
30 | CONTENTS | |
31 | ------------------------------------------------------ | |
32 | Contains general as well as specialized versions of some of the main | |
33 | configurations performed by our tests. | |
34 | ||
35 | INTERFACE | |
36 | ------------------------------------------------------ | |
37 | ||
38 | """ | |
39 | ||
40 | import time | |
41 | import logging | |
f49f6323 PD |
42 | |
43 | # custom imports | |
30521dad PD |
44 | from . import arnied_wrapper as aw |
45 | from .arnied_wrapper import Delete, Update, Add, Child, batch_update_cnf, build_cnf | |
46 | from .cnfline import build_cnfvar, build_group, build_intraclient | |
47 | from .cnfline import build_nic, build_provider, build_user | |
f49f6323 | 48 | |
7628bc48 | 49 | log = logging.getLogger('pyi2ncommon.mk_config') |
f49f6323 PD |
50 | |
51 | ############################################################################### | |
52 | # MINOR CONFIGURATION | |
53 | ############################################################################### | |
54 | ||
7628bc48 | 55 | |
f49f6323 PD |
56 | def simple(varname, data, filename): |
57 | """ | |
58 | Generate and save a single-variable configuration file. | |
59 | ||
60 | :param str varname: cnf variable name | |
61 | :param str data: cnf variable data | |
62 | :param str filename: config name | |
63 | :returns: generated config filename | |
64 | :rtype: str | |
65 | """ | |
66 | log.info("Create single-variable configuration file") | |
67 | tmp = build_cnfvar.BuildCnfVar(name=varname, data=data) | |
68 | [filename] = aw.prep_config_paths([filename], aw.DUMP_CONFIG_DIR) | |
69 | logging.info("Saving simple configuration to %s", filename) | |
70 | tmp.save(filename) | |
71 | return filename | |
72 | ||
73 | ||
74 | def user(username="admin", instance=1, suffix="host"): | |
75 | """ | |
76 | Generate and save a user configuration file. | |
77 | ||
78 | :param str username: username for the user variable | |
79 | :param int instance: instance number (for multiple users, -1 for next available) | |
80 | :param str suffix: optional suffix to use for config identification | |
81 | :returns: generated config filename | |
82 | :rtype: str | |
83 | """ | |
84 | log.info("Create arnied user configuration") | |
7628bc48 | 85 | user_obj = batch_update_cnf( |
f49f6323 PD |
86 | build_user.BuildUser(data=username, instance=instance, line_no=1), |
87 | [(Update, ("USER_FULLNAME", 0, username)), | |
88 | (Update, ("USER_GROUP_MEMBER_REF", 0, "1")), | |
89 | (Add, ("USER_GROUP_MEMBER_REF", 1, "2")), | |
90 | (Delete, "USER_WEBMAIL_MESSAGES_PER_PAGE"), | |
91 | (Delete, "USER_LOCALE"), | |
92 | (Delete, "USER_TRASH_DELETEDAYS"), | |
93 | (Delete, "USER_WEBMAIL_SIGNATURE")]) | |
94 | user_cnf = "user-%d-%s.cnf" % (time.time(), suffix) | |
95 | [user_cnf] = aw.prep_config_paths([user_cnf], aw.DUMP_CONFIG_DIR) | |
96 | logging.info("Saving user configuration to %s", user_cnf) | |
7628bc48 | 97 | user_obj.save(user_cnf) |
f49f6323 PD |
98 | return user_cnf |
99 | ||
100 | ||
93b19891 | 101 | def group_admins(proxy_profile="1", activesync_enable=False, xauth_enable=False, suffix="host"): |
f49f6323 PD |
102 | """ |
103 | Generate and save an Administrators group configuration file. | |
104 | ||
93b19891 | 105 | :param str proxy_profile: proxy profile instance reference |
f49f6323 PD |
106 | :param bool activesync_enable: whether to enable ActiveSync for the group |
107 | :param bool xauth_enable: whether to enable XAUTH for the group | |
108 | :param str suffix: optional suffix to use for config identification | |
109 | :returns: generated config filename | |
110 | :rtype: str | |
111 | """ | |
112 | log.info("Create arnied admin group configuration") | |
113 | group = batch_update_cnf(build_group.BuildGroup(data="Administratoren", | |
114 | instance=1), | |
115 | [(Update, ("GROUP_ACCESS_REMOTE_ADMINISTRATION_ALLOWED", 0, "1")), | |
116 | (Update, ("GROUP_EMAILFILTER_BAN_FILTERLIST_REF", 0, "-1")), | |
93b19891 | 117 | (Update, ("GROUP_PROXY_PROFILE_REF", 0, proxy_profile)), |
f49f6323 PD |
118 | (Update, ("GROUP_ACCESS_GO_ONLINE_ALLOWED", 0, "1")), |
119 | (Update, ("GROUP_EMAIL_RELAY_RIGHTS", 0, "RELAY_FROM_INTRANET")), | |
120 | (Update, ("GROUP_ACTIVESYNC_ENABLE", 0, "1" if activesync_enable else "0")), | |
121 | (Update, ("GROUP_XAUTH_ENABLE", 0, "1" if xauth_enable else "0")), | |
7628bc48 | 122 | (Delete, ("GROUP_COMMENT",))]) |
f49f6323 PD |
123 | group_cnf = "group-%d-%s.cnf" % (time.time(), suffix) |
124 | [group_cnf] = aw.prep_config_paths([group_cnf], aw.DUMP_CONFIG_DIR) | |
125 | logging.info("Saving group configuration to %s", group_cnf) | |
126 | group.save(group_cnf) | |
127 | return group_cnf | |
128 | ||
129 | ||
130 | def group_all(proxy_profile="1", suffix="host"): | |
131 | """ | |
7628bc48 | 132 | Generate and save an "All" group configuration file. |
f49f6323 PD |
133 | |
134 | :param str proxy_profile: proxy profile instance reference | |
135 | :param str suffix: optional suffix to use for config identification | |
136 | :returns: generated config filename | |
137 | :rtype: str | |
138 | """ | |
139 | log.info("Create arnied all group configuration") | |
140 | group = batch_update_cnf(build_group.BuildGroup(data="Alle", | |
141 | instance=2), | |
142 | [(Update, ("GROUP_ACCESS_GO_ONLINE_ALLOWED", 0, "1")), | |
143 | (Update, ("GROUP_ACCESS_INFORMATION_VERSION_ALLOWED", 0, "1")), | |
144 | (Update, ("GROUP_ACCESS_MAINPAGE_ALLOWED", 0, "1")), | |
145 | (Update, ("GROUP_ACCESS_USERMANAGER_OWN_PROFILE_FORWARDING_ALLOWED", 0, "1")), | |
146 | (Update, ("GROUP_ACCESS_USERMANAGER_OWN_PROFILE_GROUPWARE_ALLOWED", 0, "1")), | |
147 | (Update, ("GROUP_ACCESS_USERMANAGER_OWN_PROFILE_SETTINGS_ALLOWED", 0, "1")), | |
148 | (Update, ("GROUP_ACCESS_USERMANAGER_OWN_PROFILE_SORTING_ALLOWED", 0, "1")), | |
149 | (Update, ("GROUP_ACCESS_USERMANAGER_OWN_PROFILE_SPAMFILTER_ALLOWED", 0, "1")), | |
150 | (Update, ("GROUP_ACCESS_USERMANAGER_OWN_PROFILE_VACATION_ALLOWED", 0, "1")), | |
151 | (Update, ("GROUP_ACCESS_GROUPWARE_ALLOWED", 0, "1")), | |
152 | (Update, ("GROUP_EMAILFILTER_BAN_FILTERLIST_REF", 0, "-1")), | |
153 | (Update, ("GROUP_EMAIL_RELAY_RIGHTS", 0, "RELAY_FROM_EVERYWHERE")), | |
154 | (Update, ("GROUP_PROXY_PROFILE_REF", 0, proxy_profile)), | |
7628bc48 | 155 | (Delete, ("GROUP_COMMENT",))]) |
f49f6323 PD |
156 | |
157 | group_cnf = "group-%d-%s.cnf" % (time.time(), suffix) | |
158 | [group_cnf] = aw.prep_config_paths([group_cnf], aw.DUMP_CONFIG_DIR) | |
159 | logging.info("Saving group configuration to %s", group_cnf) | |
160 | group.save(group_cnf) | |
161 | return group_cnf | |
162 | ||
163 | ||
93b19891 PD |
164 | def nic(instance=0, nictype="NATLAN", |
165 | ip="1.2.3.4", netmask="255.255.0.0", mac="00:00:00:00:00:00", | |
166 | suffix="host"): | |
f49f6323 PD |
167 | """ |
168 | Generate and save a nic configuration file. | |
169 | ||
93b19891 PD |
170 | :param int instance: instance number (for multiple nics, -1 for next available) |
171 | :param str nictype: type of the nic | |
f49f6323 PD |
172 | :param str ip: IP address of the nic |
173 | :param str netmask: network mask of the nic | |
174 | :param str mac: MAC address of the nic | |
175 | :param str suffix: optional suffix to use for config identification | |
176 | :returns: generated config filename | |
177 | :rtype: str | |
178 | """ | |
179 | log.info("Create arnied nic configuration") | |
7628bc48 | 180 | nic_obj = batch_update_cnf( |
93b19891 PD |
181 | build_nic.BuildNIC(data="", instance=instance, line_no=1), |
182 | [(Update, ("NIC_TYPE", 0, nictype)), | |
f49f6323 PD |
183 | (Update, ("NIC_LAN_IP", 0, ip)), |
184 | (Update, ("NIC_LAN_NETMASK", 0, netmask)), | |
185 | (Update, ("NIC_MAC", 0, mac))]) | |
186 | nic_cnf = "nic-%d-%s.cnf" % (time.time(), suffix) | |
187 | [nic_cnf] = aw.prep_config_paths([nic_cnf], aw.DUMP_CONFIG_DIR) | |
188 | logging.info("Saving nic configuration to %s", nic_cnf) | |
7628bc48 | 189 | nic_obj.save(nic_cnf) |
f49f6323 PD |
190 | return nic_cnf |
191 | ||
192 | ||
93b19891 PD |
193 | def intraclient(name="intraclient", instance=1, |
194 | ip="1.2.3.4", mac="00:00:00:00:00:00", | |
195 | fwrules=5, suffix="host"): | |
f49f6323 PD |
196 | """ |
197 | Generate and save an intraclient configuration file. | |
198 | ||
93b19891 PD |
199 | :param str name: name of the intraclient |
200 | :param int instance: instance number (for multiple clients, -1 for next available) | |
f49f6323 PD |
201 | :param str ip: IP address of the intraclient |
202 | :param str mac: MAC address of the intraclient | |
203 | :param int fwrules: instance of the firewall rules to use | |
204 | :param str suffix: optional suffix to use for config identification | |
205 | :returns: generated config filename | |
206 | :rtype: str | |
207 | """ | |
208 | log.info("Create arnied intraclient configuration") | |
7628bc48 CH |
209 | intraclient_obj = batch_update_cnf( |
210 | build_intraclient.BuildIntraclient(data=name, instance=instance), | |
211 | [(Update, ("INTRACLIENT_IP", 0, ip)), | |
212 | (Update, ("INTRACLIENT_MAC", 0, mac)), | |
213 | (Update, ("INTRACLIENT_FIREWALL_RULESET_REF", 0, fwrules))]) | |
f49f6323 PD |
214 | |
215 | intraclient_cnf = "intraclient-%d-%s.cnf" % (time.time(), suffix) | |
216 | [intraclient_cnf] = aw.prep_config_paths([intraclient_cnf], aw.DUMP_CONFIG_DIR) | |
217 | logging.info("Saving intraclient configuration to %s", intraclient_cnf) | |
7628bc48 | 218 | intraclient_obj.save(intraclient_cnf) |
f49f6323 PD |
219 | return intraclient_cnf |
220 | ||
221 | ||
93b19891 | 222 | def provider(name="provider", instance=1, mode="ROUTER", ip="1.2.3.4", localip=None, |
f49f6323 | 223 | netmask="255.255.0.0", dnsmode="IP", dns="1.2.3.4", fwrules=5, |
93b19891 | 224 | dialretry=None, timeout="", mtumode="AUTO", |
f49f6323 PD |
225 | vlanid=None, mtusize=None, login=None, password=None, |
226 | modemip=None, providerid=None, localdhcp=None, | |
227 | suffix="host"): | |
228 | """ | |
229 | Generate and save a provider configuration file. | |
230 | ||
93b19891 PD |
231 | :param str name: name of the provider |
232 | :param int instance: instance number (for multiple clients, -1 for next available) | |
f49f6323 PD |
233 | :param str mode: provider mode |
234 | :param str ip: IP address of the provider | |
235 | :param localip: IP address of the configured machine (valid for some configurations) | |
236 | :type localip: str or None | |
93b19891 PD |
237 | :param str netmask: netmask of the provider |
238 | :param str dnsmode: dnsmode of the provider | |
f49f6323 PD |
239 | :param str dns: IP address of the DNS server |
240 | :param int fwrules: instance of the firewall rules to use | |
93b19891 | 241 | :param any args: lots of detailed configuration |
f49f6323 PD |
242 | :param str suffix: optional suffix to use for config identification |
243 | :returns: generated config filename | |
244 | :rtype: str | |
245 | """ | |
246 | log.info("Create arnied provider configuration") | |
7628bc48 | 247 | |
f49f6323 PD |
248 | def add_or_del(var, field): |
249 | if var is not None: | |
7628bc48 CH |
250 | return Add, (field, 0, str(var)) |
251 | return Delete, field | |
252 | provider_obj = batch_update_cnf( | |
253 | build_provider.BuildProvider(data=name, instance=instance), | |
254 | [(Update, ("PROVIDER_MODE", 0, mode)), | |
255 | ip and (Update, ("PROVIDER_IP", 0, ip)) | |
256 | or (Delete, "PROVIDER_IP"), | |
257 | localip | |
258 | and (Update, ("PROVIDER_LOCALIP", 0, localip)) | |
259 | or (Delete, "PROVIDER_LOCALIP"), | |
260 | netmask and (Update, ("PROVIDER_NETMASK", 0, | |
261 | netmask)) | |
262 | or (Delete, "PROVIDER_NETMASK"), | |
263 | (Update, ("PROVIDER_TIMEOUT", 0, timeout)), | |
264 | (Update, ("PROVIDER_DNS_MODE", 0, dnsmode)), | |
265 | (Update, ("PROVIDER_DNS", 0, | |
266 | dns if dnsmode == "IP" else "")), | |
267 | (Update, ("PROVIDER_MTU_MODE", 0, mtumode)), | |
268 | (Update, ("PROVIDER_MTU_SIZE", 0, | |
269 | mtusize if mtumode != "AUTO" else "")), | |
270 | (Update, ("PROVIDER_FIREWALL_RULESET_REF", 0, str(fwrules))), | |
271 | add_or_del(vlanid, "PROVIDER_VLAN_ID"), | |
272 | add_or_del(dialretry, "PROVIDER_DIAL_RETRY"), | |
273 | add_or_del(login, "PROVIDER_LOGIN"), | |
274 | add_or_del(password, "PROVIDER_PASSWORD"), | |
275 | add_or_del(modemip, "PROVIDER_MODEM_IP"), | |
276 | add_or_del(providerid, "PROVIDER_PROVIDERID"), | |
277 | add_or_del(localdhcp, "PROVIDER_LOCAL_DHCP")]) | |
f49f6323 PD |
278 | provider_cnf = "provider-%d-%s.cnf" % (time.time(), suffix) |
279 | [provider_cnf] = aw.prep_config_paths([provider_cnf], aw.DUMP_CONFIG_DIR) | |
280 | logging.info("Saving provider configuration to %s", provider_cnf) | |
7628bc48 | 281 | provider_obj.save(provider_cnf) |
f49f6323 PD |
282 | return provider_cnf |
283 | ||
284 | ||
285 | def provider_proxy(mode="ROUTER", ip="1.2.3.4", localip=None, proxy_port=3128, fwrules=7, suffix="host"): | |
286 | """ | |
287 | Generate and save a provider configuration file for proxy. | |
288 | ||
289 | :param str mode: provider mode | |
290 | :param str ip: IP address of the provider (and DNS server) | |
291 | :param localip: IP address of the configured machine (valid for some configurations) | |
292 | :type localip: str or None | |
293 | :param int proxy_port: port for the provider proxy | |
294 | :param int fwrules: instance of the firewall rules to use | |
295 | :param str suffix: optional suffix to use for config identification | |
296 | :returns: generated config filename | |
297 | :rtype: str | |
298 | """ | |
299 | log.info("Create arnied provider configuration.") | |
7628bc48 CH |
300 | provider_obj = batch_update_cnf( |
301 | build_provider.BuildProvider(), | |
302 | [(Update, ("PROVIDER_MODE", 0, mode)), | |
303 | (Update, ("PROVIDER_DNS", 0, ip)), | |
304 | (Update, ("PROVIDER_DYNDNS_ENABLE", 0, "0")), | |
305 | (Update, ("PROVIDER_IP", 0, ip)), | |
306 | (Update, ("PROVIDER_PROXY_SERVER", 0, ip)), | |
307 | (Update, ("PROVIDER_PROXY_PORT", 0, str(proxy_port))), | |
308 | localip | |
309 | and (Update, ("PROVIDER_LOCALIP", 0, localip)) | |
310 | or (Delete, "PROVIDER_LOCALIP"), | |
311 | (Update, ("PROVIDER_DNS_MODE", 0, "IP")), | |
312 | (Update, ("PROVIDER_FIREWALL_RULESET_REF", 0, str(fwrules)))]) | |
f49f6323 PD |
313 | provider_cnf = "provider-%d-%s.cnf" % (time.time(), suffix) |
314 | [provider_cnf] = aw.prep_config_paths([provider_cnf], aw.DUMP_CONFIG_DIR) | |
315 | logging.info("Saving provider configuration to %s", provider_cnf) | |
7628bc48 | 316 | provider_obj.save(provider_cnf) |
f49f6323 PD |
317 | return provider_cnf |
318 | ||
319 | ||
2d4e0297 PD |
320 | def port_forwarding(src_port="1234", src_port_end="", |
321 | dst_port="1234", dst_port_end="", | |
93b19891 PD |
322 | dst_ip_ref="1", protocol_type="TCP", |
323 | suffix="host"): | |
f49f6323 PD |
324 | """ |
325 | Generate and save a port forwarding configuration file. | |
326 | ||
2d4e0297 PD |
327 | :param str src_port: forwarded source port |
328 | :param str src_port_end: forwarded source port end for a port range | |
329 | :param str dst_port: forwarded destination port | |
330 | :param str dst_port_end: forwarded destination port end for a port range | |
93b19891 | 331 | :param str dst_ip_ref: destination nic instance for a port range |
f49f6323 | 332 | :param str protocol_type: port forwarding protocol type |
f49f6323 PD |
333 | :param str suffix: optional suffix to use for config identification |
334 | :returns: generated config filename | |
335 | :rtype: str | |
336 | """ | |
337 | log.info("Create port forwarding configuration") | |
338 | value_id = "test" | |
339 | portforward_client_cnf = "portforward-%d-%s.cnf" % (time.time(), suffix) | |
340 | return build_cnf("PORT_FORWARDING", | |
341 | data=value_id, | |
342 | filename=portforward_client_cnf, | |
93b19891 | 343 | vals=[(Child, ("PORT_FORWARDING_DST_IP_REF", 0, dst_ip_ref)), |
2d4e0297 | 344 | (Child, ("PORT_FORWARDING_DST_PORT", 0, dst_port)), |
f49f6323 PD |
345 | (Child, ("PORT_FORWARDING_DST_PORT_END", 0, dst_port_end)), |
346 | (Child, ("PORT_FORWARDING_PROTOCOL_TYPE", 0, protocol_type)), | |
2d4e0297 | 347 | (Child, ("PORT_FORWARDING_SRC_PORT", 0, src_port)), |
f49f6323 PD |
348 | (Child, ("PORT_FORWARDING_SRC_PORT_END", 0, src_port_end))]) |
349 | ||
350 | ||
351 | def firewall_ruleset_simple(suffix="host"): | |
352 | """ | |
353 | Generate and save a simple firewall ruleset configuration file. | |
354 | ||
355 | :param str suffix: optional suffix to use for config identification | |
356 | :returns: generated config filename | |
357 | :rtype: str | |
358 | """ | |
359 | log.info("Create firewall ruleset") | |
360 | fw_cnf = "fw-%d-%s.cnf" % (time.time(), suffix) | |
361 | return build_cnf("FIREWALL_RULESET", | |
362 | instance=101, | |
363 | data="Port Forwarding libfirewall test", | |
364 | filename=fw_cnf, | |
365 | vals=[(Update, ("FIREWALL_RULESET_PROFILE_TYPE", 0, "SIMPLE_PROVIDER")), | |
366 | (Update, ("FIREWALL_RULESET_PROVIDER_HTTPS_OPEN", 0, "0")), | |
367 | (Update, ("FIREWALL_RULESET_PROVIDER_POP3SIMAPS_OPEN", 0, "0")), | |
368 | (Update, ("FIREWALL_RULESET_PROVIDER_PORT_FORWARDING_ENABLE", 0, "1")), | |
369 | (Update, ("FIREWALL_RULESET_PROVIDER_SMTP_OPEN", 0, "0")), | |
3156d622 | 370 | (Update, ("FIREWALL_RULESET_PROVIDER_HTTP_OPEN", 0, "0")), |
f49f6323 PD |
371 | (Update, ("FIREWALL_RULESET_PROVIDER_VPN_OPEN", 0, "0"))]) |
372 | ||
373 | ||
374 | def firewall_ruleset_port(suffix="host"): | |
375 | """ | |
376 | Generate and save a firewall ruleset configuration file for port forwarding. | |
377 | ||
378 | :param str suffix: optional suffix to use for config identification | |
379 | :returns: generated config filename | |
380 | :rtype: str | |
381 | """ | |
382 | log.info("Create firewall ruleset") | |
383 | fw_portforward_cnf = "fw-portforward-%d-%s.cnf" % (time.time(), suffix) | |
384 | return build_cnf("FIREWALL_RULESET", | |
385 | instance=100, | |
386 | data="Port forwarding only", | |
387 | filename=fw_portforward_cnf, | |
388 | vals=[(Update, ("FIREWALL_RULESET_AUTOMATIC_ANSWER_RULE", 0, "1")), | |
389 | (Update, ("FIREWALL_RULESET_PROFILE_TYPE", 0, "FULL")), | |
390 | (Add, ("FIREWALL_RULESET_RULE", 1, "")), | |
391 | (Child, ("FIREWALL_RULESET_RULE_ACTION", 0, "ACCEPT")), | |
392 | (Child, ("FIREWALL_RULESET_RULE_CHECK_CONNECTION_STATUS", 0, "PORTFORWARDING")), | |
393 | (Child, ("FIREWALL_RULESET_RULE_CHECK_TCP_FLAGS", 0, "DISABLED")), | |
394 | (Child, ("FIREWALL_RULESET_RULE_LIMIT_FOR_ACTION_ENABLE", 0, "0")), | |
395 | (Child, ("FIREWALL_RULESET_RULE_LIMIT_FOR_LOG_ENABLE", 0, "0")), | |
396 | (Child, ("FIREWALL_RULESET_RULE_LIMIT_PACKETS_AVERAGE_COUNT", 0, "")), | |
397 | (Child, ("FIREWALL_RULESET_RULE_LIMIT_PACKETS_AVERAGE_PERIOD", 0, "SEC")), | |
398 | (Child, ("FIREWALL_RULESET_RULE_LIMIT_PACKETS_PEAK_COUNT", 0, "")), | |
399 | (Child, ("FIREWALL_RULESET_RULE_LOG_ENABLE", 0, "0")), | |
400 | (Child, ("FIREWALL_RULESET_RULE_LOG_MESSAGE", 0, "")), | |
401 | (Child, ("FIREWALL_RULESET_RULE_TIME_INCLUDE_TIME_REF", 0, "-1")), | |
402 | (Update, ("FIREWALL_RULESET_USAGE", 0, "PROVIDER"))]) | |
403 | ||
404 | ||
405 | def firewall_ruleset_dmz(suffix="host"): | |
406 | """ | |
407 | Generate and save a firewall ruleset configuration file for DMZ. | |
408 | ||
409 | :param str suffix: optional suffix to use for config identification | |
410 | :returns: generated config filename | |
411 | :rtype: str | |
412 | """ | |
413 | log.info("Create firewall ruleset") | |
414 | fw_dmz_cnf = "fw-dmz-%d-%s.cnf" % (time.time(), suffix) | |
415 | return build_cnf("FIREWALL_RULESET", | |
416 | instance=100, | |
417 | data="DMZ firewall rules", | |
418 | filename=fw_dmz_cnf, | |
419 | vals=[(Update, ("FIREWALL_RULESET_AUTOMATIC_ANSWER_RULE", 0, "1")), | |
420 | (Update, ("FIREWALL_RULESET_PROFILE_TYPE", 0, "FULL")), | |
421 | (Add, ("FIREWALL_RULESET_RULE", 1, "")), | |
422 | (Child, ("FIREWALL_RULESET_RULE_ACTION", 0, "ACCEPT")), | |
423 | (Child, ("FIREWALL_RULESET_RULE_LIMIT_FOR_ACTION_ENABLE", 0, "0")), | |
424 | (Child, ("FIREWALL_RULESET_RULE_LIMIT_FOR_LOG_ENABLE", 0, "0")), | |
425 | (Child, ("FIREWALL_RULESET_RULE_LIMIT_PACKETS_AVERAGE_COUNT", 0, "")), | |
426 | (Child, ("FIREWALL_RULESET_RULE_LIMIT_PACKETS_PEAK_COUNT", 0, "")), | |
427 | (Child, ("FIREWALL_RULESET_RULE_LOG_ENABLE", 0, "0")), | |
428 | (Child, ("FIREWALL_RULESET_RULE_LOG_MESSAGE", 0, "")), | |
429 | (Child, ("FIREWALL_RULESET_RULE_SERVICE_INCLUDE_SERVICEGROUP_REF", 0, "6")), | |
430 | (Child, ("FIREWALL_RULESET_RULE_DST_INCLUDE_CLIENT_REF", 0, "2")), | |
431 | (Update, ("FIREWALL_RULESET_USAGE", 0, "LANVPN"))]) |