Commit | Line | Data |
---|---|---|
11cbb815 PD |
1 | # The software in this package is distributed under the GNU General |
2 | # Public License version 2 (with a special exception described below). | |
3 | # | |
4 | # A copy of GNU General Public License (GPL) is included in this distribution, | |
5 | # in the file COPYING.GPL. | |
6 | # | |
7 | # As a special exception, if other files instantiate templates or use macros | |
8 | # or inline functions from this file, or you compile this file and link it | |
9 | # with other works to produce a work based on this file, this file | |
10 | # does not by itself cause the resulting work to be covered | |
11 | # by the GNU General Public License. | |
12 | # | |
13 | # However the source code for this file must still be made available | |
14 | # in accordance with section (3) of the GNU General Public License. | |
15 | # | |
16 | # This exception does not invalidate any other reasons why a work based | |
17 | # on this file might be covered by the GNU General Public License. | |
18 | # | |
19 | # Copyright (c) 2016-2018 Intra2net AG <info@intra2net.com> | |
20 | ||
f49f6323 PD |
21 | """ |
22 | ||
23 | SUMMARY | |
24 | ------------------------------------------------------ | |
25 | Utility for one-step dynamic cnfvar configuration. | |
26 | ||
b7e04a3e CH |
27 | .. note:: DEPRECATED! Please do not extend this or add new uses of this module, |
28 | use :py:mod:`pyi2ncommon.arnied_api` or :py:mod:`pyi2ncommon.cnfvar` | |
29 | instead! | |
30 | ||
f49f6323 PD |
31 | Copyright: Intra2net AG |
32 | ||
33 | ||
34 | CONTENTS | |
35 | ------------------------------------------------------ | |
36 | Contains general as well as specialized versions of some of the main | |
37 | configurations performed by our tests. | |
38 | ||
39 | INTERFACE | |
40 | ------------------------------------------------------ | |
41 | ||
42 | """ | |
43 | ||
44 | import time | |
45 | import logging | |
f49f6323 PD |
46 | |
47 | # custom imports | |
30521dad PD |
48 | from . import arnied_wrapper as aw |
49 | from .arnied_wrapper import Delete, Update, Add, Child, batch_update_cnf, build_cnf | |
50 | from .cnfline import build_cnfvar, build_group, build_intraclient | |
51 | from .cnfline import build_nic, build_provider, build_user | |
f49f6323 | 52 | |
7628bc48 | 53 | log = logging.getLogger('pyi2ncommon.mk_config') |
f49f6323 PD |
54 | |
55 | ############################################################################### | |
56 | # MINOR CONFIGURATION | |
57 | ############################################################################### | |
58 | ||
7628bc48 | 59 | |
f49f6323 PD |
60 | def simple(varname, data, filename): |
61 | """ | |
62 | Generate and save a single-variable configuration file. | |
63 | ||
64 | :param str varname: cnf variable name | |
65 | :param str data: cnf variable data | |
66 | :param str filename: config name | |
67 | :returns: generated config filename | |
68 | :rtype: str | |
69 | """ | |
70 | log.info("Create single-variable configuration file") | |
71 | tmp = build_cnfvar.BuildCnfVar(name=varname, data=data) | |
72 | [filename] = aw.prep_config_paths([filename], aw.DUMP_CONFIG_DIR) | |
73 | logging.info("Saving simple configuration to %s", filename) | |
74 | tmp.save(filename) | |
75 | return filename | |
76 | ||
77 | ||
78 | def user(username="admin", instance=1, suffix="host"): | |
79 | """ | |
80 | Generate and save a user configuration file. | |
81 | ||
82 | :param str username: username for the user variable | |
83 | :param int instance: instance number (for multiple users, -1 for next available) | |
84 | :param str suffix: optional suffix to use for config identification | |
85 | :returns: generated config filename | |
86 | :rtype: str | |
87 | """ | |
88 | log.info("Create arnied user configuration") | |
7628bc48 | 89 | user_obj = batch_update_cnf( |
f49f6323 PD |
90 | build_user.BuildUser(data=username, instance=instance, line_no=1), |
91 | [(Update, ("USER_FULLNAME", 0, username)), | |
92 | (Update, ("USER_GROUP_MEMBER_REF", 0, "1")), | |
93 | (Add, ("USER_GROUP_MEMBER_REF", 1, "2")), | |
94 | (Delete, "USER_WEBMAIL_MESSAGES_PER_PAGE"), | |
95 | (Delete, "USER_LOCALE"), | |
96 | (Delete, "USER_TRASH_DELETEDAYS"), | |
97 | (Delete, "USER_WEBMAIL_SIGNATURE")]) | |
98 | user_cnf = "user-%d-%s.cnf" % (time.time(), suffix) | |
99 | [user_cnf] = aw.prep_config_paths([user_cnf], aw.DUMP_CONFIG_DIR) | |
100 | logging.info("Saving user configuration to %s", user_cnf) | |
7628bc48 | 101 | user_obj.save(user_cnf) |
f49f6323 PD |
102 | return user_cnf |
103 | ||
104 | ||
93b19891 | 105 | def group_admins(proxy_profile="1", activesync_enable=False, xauth_enable=False, suffix="host"): |
f49f6323 PD |
106 | """ |
107 | Generate and save an Administrators group configuration file. | |
108 | ||
93b19891 | 109 | :param str proxy_profile: proxy profile instance reference |
f49f6323 PD |
110 | :param bool activesync_enable: whether to enable ActiveSync for the group |
111 | :param bool xauth_enable: whether to enable XAUTH for the group | |
112 | :param str suffix: optional suffix to use for config identification | |
113 | :returns: generated config filename | |
114 | :rtype: str | |
115 | """ | |
116 | log.info("Create arnied admin group configuration") | |
117 | group = batch_update_cnf(build_group.BuildGroup(data="Administratoren", | |
118 | instance=1), | |
119 | [(Update, ("GROUP_ACCESS_REMOTE_ADMINISTRATION_ALLOWED", 0, "1")), | |
120 | (Update, ("GROUP_EMAILFILTER_BAN_FILTERLIST_REF", 0, "-1")), | |
93b19891 | 121 | (Update, ("GROUP_PROXY_PROFILE_REF", 0, proxy_profile)), |
f49f6323 PD |
122 | (Update, ("GROUP_ACCESS_GO_ONLINE_ALLOWED", 0, "1")), |
123 | (Update, ("GROUP_EMAIL_RELAY_RIGHTS", 0, "RELAY_FROM_INTRANET")), | |
124 | (Update, ("GROUP_ACTIVESYNC_ENABLE", 0, "1" if activesync_enable else "0")), | |
125 | (Update, ("GROUP_XAUTH_ENABLE", 0, "1" if xauth_enable else "0")), | |
7628bc48 | 126 | (Delete, ("GROUP_COMMENT",))]) |
f49f6323 PD |
127 | group_cnf = "group-%d-%s.cnf" % (time.time(), suffix) |
128 | [group_cnf] = aw.prep_config_paths([group_cnf], aw.DUMP_CONFIG_DIR) | |
129 | logging.info("Saving group configuration to %s", group_cnf) | |
130 | group.save(group_cnf) | |
131 | return group_cnf | |
132 | ||
133 | ||
134 | def group_all(proxy_profile="1", suffix="host"): | |
135 | """ | |
7628bc48 | 136 | Generate and save an "All" group configuration file. |
f49f6323 PD |
137 | |
138 | :param str proxy_profile: proxy profile instance reference | |
139 | :param str suffix: optional suffix to use for config identification | |
140 | :returns: generated config filename | |
141 | :rtype: str | |
142 | """ | |
143 | log.info("Create arnied all group configuration") | |
144 | group = batch_update_cnf(build_group.BuildGroup(data="Alle", | |
145 | instance=2), | |
146 | [(Update, ("GROUP_ACCESS_GO_ONLINE_ALLOWED", 0, "1")), | |
147 | (Update, ("GROUP_ACCESS_INFORMATION_VERSION_ALLOWED", 0, "1")), | |
148 | (Update, ("GROUP_ACCESS_MAINPAGE_ALLOWED", 0, "1")), | |
149 | (Update, ("GROUP_ACCESS_USERMANAGER_OWN_PROFILE_FORWARDING_ALLOWED", 0, "1")), | |
150 | (Update, ("GROUP_ACCESS_USERMANAGER_OWN_PROFILE_GROUPWARE_ALLOWED", 0, "1")), | |
151 | (Update, ("GROUP_ACCESS_USERMANAGER_OWN_PROFILE_SETTINGS_ALLOWED", 0, "1")), | |
152 | (Update, ("GROUP_ACCESS_USERMANAGER_OWN_PROFILE_SORTING_ALLOWED", 0, "1")), | |
153 | (Update, ("GROUP_ACCESS_USERMANAGER_OWN_PROFILE_SPAMFILTER_ALLOWED", 0, "1")), | |
154 | (Update, ("GROUP_ACCESS_USERMANAGER_OWN_PROFILE_VACATION_ALLOWED", 0, "1")), | |
155 | (Update, ("GROUP_ACCESS_GROUPWARE_ALLOWED", 0, "1")), | |
156 | (Update, ("GROUP_EMAILFILTER_BAN_FILTERLIST_REF", 0, "-1")), | |
157 | (Update, ("GROUP_EMAIL_RELAY_RIGHTS", 0, "RELAY_FROM_EVERYWHERE")), | |
158 | (Update, ("GROUP_PROXY_PROFILE_REF", 0, proxy_profile)), | |
7628bc48 | 159 | (Delete, ("GROUP_COMMENT",))]) |
f49f6323 PD |
160 | |
161 | group_cnf = "group-%d-%s.cnf" % (time.time(), suffix) | |
162 | [group_cnf] = aw.prep_config_paths([group_cnf], aw.DUMP_CONFIG_DIR) | |
163 | logging.info("Saving group configuration to %s", group_cnf) | |
164 | group.save(group_cnf) | |
165 | return group_cnf | |
166 | ||
167 | ||
93b19891 PD |
168 | def nic(instance=0, nictype="NATLAN", |
169 | ip="1.2.3.4", netmask="255.255.0.0", mac="00:00:00:00:00:00", | |
170 | suffix="host"): | |
f49f6323 PD |
171 | """ |
172 | Generate and save a nic configuration file. | |
173 | ||
93b19891 PD |
174 | :param int instance: instance number (for multiple nics, -1 for next available) |
175 | :param str nictype: type of the nic | |
f49f6323 PD |
176 | :param str ip: IP address of the nic |
177 | :param str netmask: network mask of the nic | |
178 | :param str mac: MAC address of the nic | |
179 | :param str suffix: optional suffix to use for config identification | |
180 | :returns: generated config filename | |
181 | :rtype: str | |
182 | """ | |
183 | log.info("Create arnied nic configuration") | |
7628bc48 | 184 | nic_obj = batch_update_cnf( |
93b19891 PD |
185 | build_nic.BuildNIC(data="", instance=instance, line_no=1), |
186 | [(Update, ("NIC_TYPE", 0, nictype)), | |
f49f6323 PD |
187 | (Update, ("NIC_LAN_IP", 0, ip)), |
188 | (Update, ("NIC_LAN_NETMASK", 0, netmask)), | |
189 | (Update, ("NIC_MAC", 0, mac))]) | |
190 | nic_cnf = "nic-%d-%s.cnf" % (time.time(), suffix) | |
191 | [nic_cnf] = aw.prep_config_paths([nic_cnf], aw.DUMP_CONFIG_DIR) | |
192 | logging.info("Saving nic configuration to %s", nic_cnf) | |
7628bc48 | 193 | nic_obj.save(nic_cnf) |
f49f6323 PD |
194 | return nic_cnf |
195 | ||
196 | ||
93b19891 PD |
197 | def intraclient(name="intraclient", instance=1, |
198 | ip="1.2.3.4", mac="00:00:00:00:00:00", | |
199 | fwrules=5, suffix="host"): | |
f49f6323 PD |
200 | """ |
201 | Generate and save an intraclient configuration file. | |
202 | ||
93b19891 PD |
203 | :param str name: name of the intraclient |
204 | :param int instance: instance number (for multiple clients, -1 for next available) | |
f49f6323 PD |
205 | :param str ip: IP address of the intraclient |
206 | :param str mac: MAC address of the intraclient | |
207 | :param int fwrules: instance of the firewall rules to use | |
208 | :param str suffix: optional suffix to use for config identification | |
209 | :returns: generated config filename | |
210 | :rtype: str | |
211 | """ | |
212 | log.info("Create arnied intraclient configuration") | |
7628bc48 CH |
213 | intraclient_obj = batch_update_cnf( |
214 | build_intraclient.BuildIntraclient(data=name, instance=instance), | |
215 | [(Update, ("INTRACLIENT_IP", 0, ip)), | |
216 | (Update, ("INTRACLIENT_MAC", 0, mac)), | |
217 | (Update, ("INTRACLIENT_FIREWALL_RULESET_REF", 0, fwrules))]) | |
f49f6323 PD |
218 | |
219 | intraclient_cnf = "intraclient-%d-%s.cnf" % (time.time(), suffix) | |
220 | [intraclient_cnf] = aw.prep_config_paths([intraclient_cnf], aw.DUMP_CONFIG_DIR) | |
221 | logging.info("Saving intraclient configuration to %s", intraclient_cnf) | |
7628bc48 | 222 | intraclient_obj.save(intraclient_cnf) |
f49f6323 PD |
223 | return intraclient_cnf |
224 | ||
225 | ||
93b19891 | 226 | def provider(name="provider", instance=1, mode="ROUTER", ip="1.2.3.4", localip=None, |
f49f6323 | 227 | netmask="255.255.0.0", dnsmode="IP", dns="1.2.3.4", fwrules=5, |
93b19891 | 228 | dialretry=None, timeout="", mtumode="AUTO", |
f49f6323 PD |
229 | vlanid=None, mtusize=None, login=None, password=None, |
230 | modemip=None, providerid=None, localdhcp=None, | |
231 | suffix="host"): | |
232 | """ | |
233 | Generate and save a provider configuration file. | |
234 | ||
93b19891 PD |
235 | :param str name: name of the provider |
236 | :param int instance: instance number (for multiple clients, -1 for next available) | |
f49f6323 PD |
237 | :param str mode: provider mode |
238 | :param str ip: IP address of the provider | |
239 | :param localip: IP address of the configured machine (valid for some configurations) | |
240 | :type localip: str or None | |
93b19891 PD |
241 | :param str netmask: netmask of the provider |
242 | :param str dnsmode: dnsmode of the provider | |
f49f6323 PD |
243 | :param str dns: IP address of the DNS server |
244 | :param int fwrules: instance of the firewall rules to use | |
93b19891 | 245 | :param any args: lots of detailed configuration |
f49f6323 PD |
246 | :param str suffix: optional suffix to use for config identification |
247 | :returns: generated config filename | |
248 | :rtype: str | |
249 | """ | |
250 | log.info("Create arnied provider configuration") | |
7628bc48 | 251 | |
f49f6323 PD |
252 | def add_or_del(var, field): |
253 | if var is not None: | |
7628bc48 CH |
254 | return Add, (field, 0, str(var)) |
255 | return Delete, field | |
256 | provider_obj = batch_update_cnf( | |
257 | build_provider.BuildProvider(data=name, instance=instance), | |
258 | [(Update, ("PROVIDER_MODE", 0, mode)), | |
259 | ip and (Update, ("PROVIDER_IP", 0, ip)) | |
260 | or (Delete, "PROVIDER_IP"), | |
261 | localip | |
262 | and (Update, ("PROVIDER_LOCALIP", 0, localip)) | |
263 | or (Delete, "PROVIDER_LOCALIP"), | |
264 | netmask and (Update, ("PROVIDER_NETMASK", 0, | |
265 | netmask)) | |
266 | or (Delete, "PROVIDER_NETMASK"), | |
267 | (Update, ("PROVIDER_TIMEOUT", 0, timeout)), | |
268 | (Update, ("PROVIDER_DNS_MODE", 0, dnsmode)), | |
269 | (Update, ("PROVIDER_DNS", 0, | |
270 | dns if dnsmode == "IP" else "")), | |
271 | (Update, ("PROVIDER_MTU_MODE", 0, mtumode)), | |
272 | (Update, ("PROVIDER_MTU_SIZE", 0, | |
273 | mtusize if mtumode != "AUTO" else "")), | |
274 | (Update, ("PROVIDER_FIREWALL_RULESET_REF", 0, str(fwrules))), | |
275 | add_or_del(vlanid, "PROVIDER_VLAN_ID"), | |
276 | add_or_del(dialretry, "PROVIDER_DIAL_RETRY"), | |
277 | add_or_del(login, "PROVIDER_LOGIN"), | |
278 | add_or_del(password, "PROVIDER_PASSWORD"), | |
279 | add_or_del(modemip, "PROVIDER_MODEM_IP"), | |
280 | add_or_del(providerid, "PROVIDER_PROVIDERID"), | |
281 | add_or_del(localdhcp, "PROVIDER_LOCAL_DHCP")]) | |
f49f6323 PD |
282 | provider_cnf = "provider-%d-%s.cnf" % (time.time(), suffix) |
283 | [provider_cnf] = aw.prep_config_paths([provider_cnf], aw.DUMP_CONFIG_DIR) | |
284 | logging.info("Saving provider configuration to %s", provider_cnf) | |
7628bc48 | 285 | provider_obj.save(provider_cnf) |
f49f6323 PD |
286 | return provider_cnf |
287 | ||
288 | ||
289 | def provider_proxy(mode="ROUTER", ip="1.2.3.4", localip=None, proxy_port=3128, fwrules=7, suffix="host"): | |
290 | """ | |
291 | Generate and save a provider configuration file for proxy. | |
292 | ||
293 | :param str mode: provider mode | |
294 | :param str ip: IP address of the provider (and DNS server) | |
295 | :param localip: IP address of the configured machine (valid for some configurations) | |
296 | :type localip: str or None | |
297 | :param int proxy_port: port for the provider proxy | |
298 | :param int fwrules: instance of the firewall rules to use | |
299 | :param str suffix: optional suffix to use for config identification | |
300 | :returns: generated config filename | |
301 | :rtype: str | |
302 | """ | |
303 | log.info("Create arnied provider configuration.") | |
7628bc48 CH |
304 | provider_obj = batch_update_cnf( |
305 | build_provider.BuildProvider(), | |
306 | [(Update, ("PROVIDER_MODE", 0, mode)), | |
307 | (Update, ("PROVIDER_DNS", 0, ip)), | |
308 | (Update, ("PROVIDER_DYNDNS_ENABLE", 0, "0")), | |
309 | (Update, ("PROVIDER_IP", 0, ip)), | |
310 | (Update, ("PROVIDER_PROXY_SERVER", 0, ip)), | |
311 | (Update, ("PROVIDER_PROXY_PORT", 0, str(proxy_port))), | |
312 | localip | |
313 | and (Update, ("PROVIDER_LOCALIP", 0, localip)) | |
314 | or (Delete, "PROVIDER_LOCALIP"), | |
315 | (Update, ("PROVIDER_DNS_MODE", 0, "IP")), | |
316 | (Update, ("PROVIDER_FIREWALL_RULESET_REF", 0, str(fwrules)))]) | |
f49f6323 PD |
317 | provider_cnf = "provider-%d-%s.cnf" % (time.time(), suffix) |
318 | [provider_cnf] = aw.prep_config_paths([provider_cnf], aw.DUMP_CONFIG_DIR) | |
319 | logging.info("Saving provider configuration to %s", provider_cnf) | |
7628bc48 | 320 | provider_obj.save(provider_cnf) |
f49f6323 PD |
321 | return provider_cnf |
322 | ||
323 | ||
2d4e0297 PD |
324 | def port_forwarding(src_port="1234", src_port_end="", |
325 | dst_port="1234", dst_port_end="", | |
93b19891 PD |
326 | dst_ip_ref="1", protocol_type="TCP", |
327 | suffix="host"): | |
f49f6323 PD |
328 | """ |
329 | Generate and save a port forwarding configuration file. | |
330 | ||
2d4e0297 PD |
331 | :param str src_port: forwarded source port |
332 | :param str src_port_end: forwarded source port end for a port range | |
333 | :param str dst_port: forwarded destination port | |
334 | :param str dst_port_end: forwarded destination port end for a port range | |
93b19891 | 335 | :param str dst_ip_ref: destination nic instance for a port range |
f49f6323 | 336 | :param str protocol_type: port forwarding protocol type |
f49f6323 PD |
337 | :param str suffix: optional suffix to use for config identification |
338 | :returns: generated config filename | |
339 | :rtype: str | |
340 | """ | |
341 | log.info("Create port forwarding configuration") | |
342 | value_id = "test" | |
343 | portforward_client_cnf = "portforward-%d-%s.cnf" % (time.time(), suffix) | |
344 | return build_cnf("PORT_FORWARDING", | |
345 | data=value_id, | |
346 | filename=portforward_client_cnf, | |
93b19891 | 347 | vals=[(Child, ("PORT_FORWARDING_DST_IP_REF", 0, dst_ip_ref)), |
2d4e0297 | 348 | (Child, ("PORT_FORWARDING_DST_PORT", 0, dst_port)), |
f49f6323 PD |
349 | (Child, ("PORT_FORWARDING_DST_PORT_END", 0, dst_port_end)), |
350 | (Child, ("PORT_FORWARDING_PROTOCOL_TYPE", 0, protocol_type)), | |
2d4e0297 | 351 | (Child, ("PORT_FORWARDING_SRC_PORT", 0, src_port)), |
f49f6323 PD |
352 | (Child, ("PORT_FORWARDING_SRC_PORT_END", 0, src_port_end))]) |
353 | ||
354 | ||
355 | def firewall_ruleset_simple(suffix="host"): | |
356 | """ | |
357 | Generate and save a simple firewall ruleset configuration file. | |
358 | ||
359 | :param str suffix: optional suffix to use for config identification | |
360 | :returns: generated config filename | |
361 | :rtype: str | |
362 | """ | |
363 | log.info("Create firewall ruleset") | |
364 | fw_cnf = "fw-%d-%s.cnf" % (time.time(), suffix) | |
365 | return build_cnf("FIREWALL_RULESET", | |
366 | instance=101, | |
367 | data="Port Forwarding libfirewall test", | |
368 | filename=fw_cnf, | |
369 | vals=[(Update, ("FIREWALL_RULESET_PROFILE_TYPE", 0, "SIMPLE_PROVIDER")), | |
370 | (Update, ("FIREWALL_RULESET_PROVIDER_HTTPS_OPEN", 0, "0")), | |
371 | (Update, ("FIREWALL_RULESET_PROVIDER_POP3SIMAPS_OPEN", 0, "0")), | |
372 | (Update, ("FIREWALL_RULESET_PROVIDER_PORT_FORWARDING_ENABLE", 0, "1")), | |
373 | (Update, ("FIREWALL_RULESET_PROVIDER_SMTP_OPEN", 0, "0")), | |
3156d622 | 374 | (Update, ("FIREWALL_RULESET_PROVIDER_HTTP_OPEN", 0, "0")), |
f49f6323 PD |
375 | (Update, ("FIREWALL_RULESET_PROVIDER_VPN_OPEN", 0, "0"))]) |
376 | ||
377 | ||
378 | def firewall_ruleset_port(suffix="host"): | |
379 | """ | |
380 | Generate and save a firewall ruleset configuration file for port forwarding. | |
381 | ||
382 | :param str suffix: optional suffix to use for config identification | |
383 | :returns: generated config filename | |
384 | :rtype: str | |
385 | """ | |
386 | log.info("Create firewall ruleset") | |
387 | fw_portforward_cnf = "fw-portforward-%d-%s.cnf" % (time.time(), suffix) | |
388 | return build_cnf("FIREWALL_RULESET", | |
389 | instance=100, | |
390 | data="Port forwarding only", | |
391 | filename=fw_portforward_cnf, | |
392 | vals=[(Update, ("FIREWALL_RULESET_AUTOMATIC_ANSWER_RULE", 0, "1")), | |
393 | (Update, ("FIREWALL_RULESET_PROFILE_TYPE", 0, "FULL")), | |
394 | (Add, ("FIREWALL_RULESET_RULE", 1, "")), | |
395 | (Child, ("FIREWALL_RULESET_RULE_ACTION", 0, "ACCEPT")), | |
396 | (Child, ("FIREWALL_RULESET_RULE_CHECK_CONNECTION_STATUS", 0, "PORTFORWARDING")), | |
397 | (Child, ("FIREWALL_RULESET_RULE_CHECK_TCP_FLAGS", 0, "DISABLED")), | |
398 | (Child, ("FIREWALL_RULESET_RULE_LIMIT_FOR_ACTION_ENABLE", 0, "0")), | |
399 | (Child, ("FIREWALL_RULESET_RULE_LIMIT_FOR_LOG_ENABLE", 0, "0")), | |
400 | (Child, ("FIREWALL_RULESET_RULE_LIMIT_PACKETS_AVERAGE_COUNT", 0, "")), | |
401 | (Child, ("FIREWALL_RULESET_RULE_LIMIT_PACKETS_AVERAGE_PERIOD", 0, "SEC")), | |
402 | (Child, ("FIREWALL_RULESET_RULE_LIMIT_PACKETS_PEAK_COUNT", 0, "")), | |
403 | (Child, ("FIREWALL_RULESET_RULE_LOG_ENABLE", 0, "0")), | |
404 | (Child, ("FIREWALL_RULESET_RULE_LOG_MESSAGE", 0, "")), | |
405 | (Child, ("FIREWALL_RULESET_RULE_TIME_INCLUDE_TIME_REF", 0, "-1")), | |
406 | (Update, ("FIREWALL_RULESET_USAGE", 0, "PROVIDER"))]) | |
407 | ||
408 | ||
409 | def firewall_ruleset_dmz(suffix="host"): | |
410 | """ | |
411 | Generate and save a firewall ruleset configuration file for DMZ. | |
412 | ||
413 | :param str suffix: optional suffix to use for config identification | |
414 | :returns: generated config filename | |
415 | :rtype: str | |
416 | """ | |
417 | log.info("Create firewall ruleset") | |
418 | fw_dmz_cnf = "fw-dmz-%d-%s.cnf" % (time.time(), suffix) | |
419 | return build_cnf("FIREWALL_RULESET", | |
420 | instance=100, | |
421 | data="DMZ firewall rules", | |
422 | filename=fw_dmz_cnf, | |
423 | vals=[(Update, ("FIREWALL_RULESET_AUTOMATIC_ANSWER_RULE", 0, "1")), | |
424 | (Update, ("FIREWALL_RULESET_PROFILE_TYPE", 0, "FULL")), | |
425 | (Add, ("FIREWALL_RULESET_RULE", 1, "")), | |
426 | (Child, ("FIREWALL_RULESET_RULE_ACTION", 0, "ACCEPT")), | |
427 | (Child, ("FIREWALL_RULESET_RULE_LIMIT_FOR_ACTION_ENABLE", 0, "0")), | |
428 | (Child, ("FIREWALL_RULESET_RULE_LIMIT_FOR_LOG_ENABLE", 0, "0")), | |
429 | (Child, ("FIREWALL_RULESET_RULE_LIMIT_PACKETS_AVERAGE_COUNT", 0, "")), | |
430 | (Child, ("FIREWALL_RULESET_RULE_LIMIT_PACKETS_PEAK_COUNT", 0, "")), | |
431 | (Child, ("FIREWALL_RULESET_RULE_LOG_ENABLE", 0, "0")), | |
432 | (Child, ("FIREWALL_RULESET_RULE_LOG_MESSAGE", 0, "")), | |
433 | (Child, ("FIREWALL_RULESET_RULE_SERVICE_INCLUDE_SERVICEGROUP_REF", 0, "6")), | |
434 | (Child, ("FIREWALL_RULESET_RULE_DST_INCLUDE_CLIENT_REF", 0, "2")), | |
435 | (Update, ("FIREWALL_RULESET_USAGE", 0, "LANVPN"))]) |