Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[WIP] Openwrt firewall #162

Draft
wants to merge 45 commits into
base: master
Choose a base branch
from
Draft
Show file tree
Hide file tree
Changes from 5 commits
Commits
Show all changes
45 commits
Select commit Hold shift + click to select a range
a89c7e9
[openwrt] Add firewall settings
okraits Aug 7, 2018
8b7493e
Merge branch 'master' into openwrt-firewall
jonathanunderwood Jul 24, 2020
e49605e
Format /backends/openwrt/converters/__init__.py
jonathanunderwood Jul 24, 2020
5cfddcc
Reformat openwrt/schema.py (openwisp-qa-format)
jonathanunderwood Jul 28, 2020
29957e3
Establish OpenWRT firewall rule parser
jonathanunderwood Jul 28, 2020
495b22a
Make firewall rule proto parameter a list
jonathanunderwood Jul 28, 2020
f792d6a
Add another firewall rule test
jonathanunderwood Jul 28, 2020
6d09ae8
Add firewall zone handling and tests
jonathanunderwood Jul 28, 2020
9c08c8c
Add parser and tests for firewall forwardings
jonathanunderwood Jul 29, 2020
a9cb284
Add OpenWRT firewall redirect handling
jonathanunderwood Jul 29, 2020
b9cf322
Fix redirect weekdays and monthdays handling
jonathanunderwood Aug 1, 2020
3dd9f67
Enable negation when parsing monthdays and weekdays
jonathanunderwood Aug 1, 2020
9aff7a1
Enhance and test redirect parser
jonathanunderwood Aug 1, 2020
b21ac81
Refactor __netjson_redirect() to reduce complexity
jonathanunderwood Aug 1, 2020
986a49f
Refactor handling of proto parameter
jonathanunderwood Aug 1, 2020
c5a79ce
Refactor mac_address_regex usage in schema
jonathanunderwood Aug 1, 2020
51a254f
Refactor firewall bool handling
jonathanunderwood Aug 2, 2020
f0aac95
Refactor the OpenWRT schema for ease of reading
jonathanunderwood Aug 2, 2020
976ecea
Add more OpenWRT firewall zone parameters
jonathanunderwood Aug 16, 2020
ec27da2
Merge branch 'master' into openwrt-firewall
jonathanunderwood Oct 16, 2020
0d82e0e
[openwrt] Fix formatting error
jonathanunderwood Oct 16, 2020
5b3438c
[openwrt] Fix unnecessary quotation changes
jonathanunderwood Oct 16, 2020
9f6c0fc
[openwrt] Remove debugging print statements
jonathanunderwood Oct 16, 2020
4c134bc
[openwrt] Add firewall rules tests
jonathanunderwood Jan 30, 2021
4aa5e9e
Merge branch 'master' into openwrt-firewall
jonathanunderwood Jan 30, 2021
e65f06c
[openwrt] Add firewall rule test
jonathanunderwood Jan 30, 2021
84787b2
[openwrt] Enhance firewall uci rule parser
jonathanunderwood Jan 30, 2021
89d80b0
[openwrt] Add firewall rule uci parsing test
jonathanunderwood Jan 30, 2021
2bd9f08
[openwrt] Refactor firewall defaults schema
jonathanunderwood Feb 7, 2021
cd7186f
[openwrt] Add firewall defaults parser and renderer
jonathanunderwood Feb 7, 2021
3413b94
[openwrt] Add firewall defaults tests
jonathanunderwood Feb 7, 2021
b4f18cf
[openwrt] Fix formatting in firewall.py
jonathanunderwood Feb 7, 2021
657f03b
[openwrt] Fix formatting in test_firewall.py
jonathanunderwood Feb 7, 2021
fe2404a
[openwrt] Add more parameters to firewall defaults schema
jonathanunderwood Feb 9, 2021
bc7dc88
[openwrt] Fix title and description of firewall defaults
jonathanunderwood Feb 9, 2021
f15cf3c
[openwrt] Fix firewall defaults parser
jonathanunderwood Feb 9, 2021
47e5530
Merge branch 'master' into openwrt-firewall
jonathanunderwood Feb 9, 2021
006b196
[openwrt] Make name parameter required for firewall objects
jonathanunderwood Feb 21, 2021
89a4bed
[openwrt] Test enabled parameter for firewall forwarding
jonathanunderwood Feb 21, 2021
775707c
Merge branch 'master' into openwrt-firewall
jonathanunderwood Feb 21, 2021
81b17a0
[openwrt] Fix test_default.py tests
jonathanunderwood Feb 21, 2021
07305f6
[openwrt] Add firewall includes to schema
jonathanunderwood Mar 14, 2021
b2536dd
[openwrt] Add firewall includes parser and renderer
jonathanunderwood Mar 20, 2021
3b51afe
[openwrt] Add firewall includes tests
jonathanunderwood Mar 20, 2021
8c6ac92
[openwrt] Remove config_name handling in firewall
jonathanunderwood Mar 20, 2021
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
24 changes: 13 additions & 11 deletions netjsonconfig/backends/openwrt/converters/__init__.py
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
from .default import Default
from .firewall import Firewall
from .general import General
from .interfaces import Interfaces
from .led import Led
Expand All @@ -11,15 +12,16 @@
from .wireless import Wireless

__all__ = [
'Default',
'Interfaces',
'General',
'Led',
'Ntp',
'OpenVpn',
'Radios',
'Routes',
'Rules',
'Switch',
'Wireless',
"Default",
jonathanunderwood marked this conversation as resolved.
Show resolved Hide resolved
"Interfaces",
"General",
"Led",
"Ntp",
"OpenVpn",
"Radios",
"Routes",
"Rules",
"Switch",
"Wireless",
"Firewall",
]
103 changes: 103 additions & 0 deletions netjsonconfig/backends/openwrt/converters/firewall.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,103 @@
from collections import OrderedDict

from ..schema import schema
from .base import OpenWrtConverter


class Firewall(OpenWrtConverter):
netjson_key = "firewall"
intermediate_key = "firewall"
_uci_types = ["defaults", "forwarding", "zone", "rule"]
_schema = schema["properties"]["firewall"]

def to_intermediate_loop(self, block, result, index=None):
forwardings = self.__intermediate_forwardings(block.pop("forwardings", {}))
zones = self.__intermediate_zones(block.pop("zones", {}))
rules = self.__intermediate_rules(block.pop("rules", {}))
block.update({".type": "defaults", ".name": block.pop("id", "defaults")})
result.setdefault("firewall", [])
result["firewall"] = [self.sorted_dict(block)] + forwardings + zones + rules
return result

def __intermediate_forwardings(self, forwardings):
atb00ker marked this conversation as resolved.
Show resolved Hide resolved
"""
converts NetJSON forwarding to
UCI intermediate data structure
"""
result = []
for forwarding in forwardings:
resultdict = OrderedDict(
(
(".name", self.__get_auto_name_forwarding(forwarding)),
(".type", "forwarding"),
)
)
resultdict.update(forwarding)
result.append(resultdict)
return result

def __get_auto_name_forwarding(self, forwarding):
atb00ker marked this conversation as resolved.
Show resolved Hide resolved
if "family" in forwarding.keys():
uci_name = self._get_uci_name(
"_".join([forwarding["src"], forwarding["dest"], forwarding["family"]])
)
else:
uci_name = self._get_uci_name(
"_".join([forwarding["src"], forwarding["dest"]])
)
return "forwarding_{0}".format(uci_name)

def __intermediate_zones(self, zones):
"""
converts NetJSON zone to
UCI intermediate data structure
"""
result = []
for zone in zones:
resultdict = OrderedDict(
((".name", self.__get_auto_name_zone(zone)), (".type", "zone"))
)
resultdict.update(zone)
result.append(resultdict)
return result

def __get_auto_name_zone(self, zone):
return "zone_{0}".format(self._get_uci_name(zone["name"]))

def __intermediate_rules(self, rules):
"""
converts NetJSON rule to
UCI intermediate data structure
"""
result = []
for rule in rules:
if "config_name" in rule:
del rule["config_name"]
resultdict = OrderedDict(
((".name", self.__get_auto_name_rule(rule)), (".type", "rule"))
)
resultdict.update(rule)
result.append(resultdict)
return result

def __get_auto_name_rule(self, rule):
return "rule_{0}".format(self._get_uci_name(rule["name"]))

def to_netjson_loop(self, block, result, index):
result.setdefault("firewall", {})

block.pop(".name")
_type = block.pop(".type")

if _type == "rule":
rule = self.__netjson_rule(block)
result["firewall"].setdefault("rules", [])
jonathanunderwood marked this conversation as resolved.
Show resolved Hide resolved
result["firewall"]["rules"].append(rule)

return self.type_cast(result)

def __netjson_rule(self, rule):
if "enabled" in rule:
rule["enabled"] = rule.pop("enabled") == "1"

return self.type_cast(rule)
1 change: 1 addition & 0 deletions netjsonconfig/backends/openwrt/openwrt.py
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@ class OpenWrt(BaseBackend):
converters.Radios,
converters.Wireless,
converters.OpenVpn,
converters.Firewall,
converters.Default,
]
parser = OpenWrtParser
Expand Down
Loading