diff --git a/firewall/fw.py b/firewall/fw.py
index d13a7ba..7648d62 100644
--- a/firewall/fw.py
+++ b/firewall/fw.py
@@ -139,7 +139,7 @@ class Firewall:
self.iptables('-N PUB_OUT')
self.iptables('-A FORWARD -m set --match-set blacklist src,dst -j DROP')
- self.iptables('-A FORWARD -m state --state INVALID -g LOG_DROP')
+# self.iptables('-A FORWARD -m state --state INVALID -g LOG_DROP')
self.iptables('-A FORWARD -m state --state ESTABLISHED,RELATED '
'-j ACCEPT')
self.iptables('-A FORWARD -p icmp --icmp-type echo-request '
@@ -181,6 +181,8 @@ class Firewall:
self.iptablesnat(':INPUT ACCEPT [0:0]')
self.iptablesnat(':OUTPUT ACCEPT [1:708]')
self.iptablesnat(':POSTROUTING ACCEPT [1:708]')
+ self.iptablesnat('-A POSTROUTING -o pub -s 10.12.2.128/25 -j SNAT '
+ '--to-source 152.66.243.130')
# portforward
for host in self.hosts.exclude(pub_ipv4=None):
@@ -212,10 +214,16 @@ class Firewall:
# hard-wired rules
self.iptablesnat('-A POSTROUTING -s 10.5.0.0/16 -o vlan0003 -j SNAT '
'--to-source 10.3.255.254') # man elerheto legyen
- self.iptablesnat('-A POSTROUTING -o vlan0008 -j SNAT '
- '--to-source 10.0.0.247') # wolf network for printing
+# self.iptablesnat('-A POSTROUTING -o vlan0008 -j SNAT '
+# '--to-source 10.0.0.247') # wolf network for printing
self.iptablesnat('-A POSTROUTING -s 10.3.0.0/16 -p udp --dport 53 -o vlan0002 -j SNAT '
'--to-source %s' % self.pub.ipv4) # kulonben nem megy a dns man-ban
+ self.iptablesnat('-A PREROUTING -d 192.168.243.1/32 -j DNAT --to-destination 152.66.243.1')
+ self.iptablesnat('-A PREROUTING -d 152.66.243.4/32 -j DNAT --to-destination 152.66.243.102')
+ self.iptablesnat('-A PREROUTING -d 152.66.243.1/32 -p tcp --dport smtp -j DNAT --to-destination 152.66.243.102')
+ self.iptablesnat('-A PREROUTING -d 152.66.243.1/32 -p tcp --dport smtps -j DNAT --to-destination 152.66.243.102')
+ self.iptablesnat('-A PREROUTING -d 152.66.243.130/32 -p udp --dport 1194 -j DNAT --to-destination 10.12.255.253')
+
self.iptablesnat('COMMIT')
@@ -346,6 +354,8 @@ def ipv6_to_arpa(ipv6):
octets.insert(0, int(part[3], 16))
return '.'.join(['%1x' % x for x in octets]) + '.ip6.arpa'
+def txt_to_octal(txt):
+ return '\\' + '\\'.join(['%03o' % ord(x) for x in txt])
# =fqdn:ip:ttl A, PTR
# &fqdn:ip:x:ttl NS
@@ -354,6 +364,7 @@ def ipv6_to_arpa(ipv6):
# ^ PTR
# C CNAME
# : generic
+# 'fqdn:s:ttl TXT
def dns():
vlans = models.Vlan.objects.all()
@@ -405,6 +416,8 @@ def dns():
'ttl': d['ttl']})
elif d['type'] == 'PTR':
DNS.append("^%s:%s:%s" % (d['name'], d['address'], d['ttl']))
+ elif d['type'] == 'TXT':
+ DNS.append("'%s:%s:%s" % (d['name'], txt_to_octal(d['description']), d['ttl']))
return DNS
process = subprocess.Popen(['/usr/bin/ssh', 'tinydns@%s' %
diff --git a/firewall/models.py b/firewall/models.py
index 349f83e..6f1cb71 100644
--- a/firewall/models.py
+++ b/firewall/models.py
@@ -393,6 +393,7 @@ class Record(models.Model):
return {'name': name,
'type': self.type,
'ttl': self.ttl,
+ 'description': self.description,
'address': address}
class Blacklist(models.Model):
diff --git a/firewall/tasks.py b/firewall/tasks.py
index 7735cbf..368c9c0 100644
--- a/firewall/tasks.py
+++ b/firewall/tasks.py
@@ -34,6 +34,7 @@ class Periodic(PeriodicTask):
if cache.get('dhcp_lock'):
cache.delete("dhcp_lock")
reload_dhcp_task.delay(dhcp())
+ reload_dhcp_task.apply_async((dhcp(), ), queue='dhcp2')
print "dhcp ujratoltese kesz"
if cache.get('firewall_lock'):
@@ -41,6 +42,7 @@ class Periodic(PeriodicTask):
ipv4 = Firewall().get()
ipv6 = Firewall(True).get()
reload_firewall_task.delay(ipv4, ipv6)
+ reload_firewall_task.apply_async((ipv4, ipv6), queue='firewall2')
print "firewall ujratoltese kesz"
if cache.get('blacklist_lock'):