afonso/core-extra
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

#199 small tweaks to be consistent with rest of code

Browse source
This commit is contained in:
bharnden 2018-10-10 14:49:51 -07:00
parent 366f63fb96
commit ca107a3207
1 changed files with 22 additions and 17 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

39
daemon/core/services/security.py
View file

@ -11,8 +11,8 @@ from core.service import CoreService
class VPNClient(CoreService): class VPNClient(CoreService):
name = "VPNClient" name = "VPNClient"
group = "Security" group = "Security"
configs = ('vpnclient.sh',) configs = ("vpnclient.sh",)
startup = ('sh vpnclient.sh',) startup = ("sh vpnclient.sh",)
shutdown = ("killall openvpn",) shutdown = ("killall openvpn",)
validate = ("pidof openvpn",) validate = ("pidof openvpn",)
custom_needed = True custom_needed = True
@ -37,8 +37,8 @@ class VPNClient(CoreService):
class VPNServer(CoreService): class VPNServer(CoreService):
name = "VPNServer" name = "VPNServer"
group = "Security" group = "Security"
configs = ('vpnserver.sh',) configs = ("vpnserver.sh",)
startup = ('sh vpnserver.sh',) startup = ("sh vpnserver.sh",)
shutdown = ("killall openvpn",) shutdown = ("killall openvpn",)
validate = ("pidof openvpn",) validate = ("pidof openvpn",)
custom_needed = True custom_needed = True
@ -64,8 +64,8 @@ class VPNServer(CoreService):
class IPsec(CoreService): class IPsec(CoreService):
name = "IPsec" name = "IPsec"
group = "Security" group = "Security"
configs = ('ipsec.sh',) configs = ("ipsec.sh",)
startup = ('sh ipsec.sh',) startup = ("sh ipsec.sh",)
shutdown = ("killall racoon",) shutdown = ("killall racoon",)
custom_needed = True custom_needed = True
@ -91,8 +91,8 @@ class IPsec(CoreService):
class Firewall(CoreService): class Firewall(CoreService):
name = "Firewall" name = "Firewall"
group = "Security" group = "Security"
configs = ('firewall.sh',) configs = ("firewall.sh",)
startup = ('sh firewall.sh',) startup = ("sh firewall.sh",)
custom_needed = True custom_needed = True
@classmethod @classmethod
@ -111,19 +111,23 @@ class Firewall(CoreService):
return cfg return cfg
class Nat(CoreService): class Nat(CoreService):
''' IPv4 source NAT service """
''' IPv4 source NAT service.
"""
name = "NAT" name = "NAT"
executables = ("iptables",)
group = "Security" group = "Security"
configs = ('nat.sh', ) configs = ("nat.sh", )
startup = ('sh nat.sh',) startup = ("sh nat.sh",)
custom_needed = False custom_needed = False
@classmethod @classmethod
def generateifcnatrule(cls, ifc, line_prefix=""): def generateifcnatrule(cls, ifc, line_prefix=""):
''' Generate a NAT line for one interface. """
''' Generate a NAT line for one interface.
"""
cfg = line_prefix + "iptables -t nat -A POSTROUTING -o " cfg = line_prefix + "iptables -t nat -A POSTROUTING -o "
cfg +=ifc.name + " -j MASQUERADE\n" cfg +=ifc.name + " -j MASQUERADE\n"
@ -136,8 +140,9 @@ class Nat(CoreService):
@classmethod @classmethod
def generate_config(cls, node, filename): def generate_config(cls, node, filename):
''' NAT out the first interface """
''' NAT out the first interface
"""
cfg = "#!/bin/sh\n" cfg = "#!/bin/sh\n"
cfg += "# generated by security.py\n" cfg += "# generated by security.py\n"
cfg += "# NAT out the first interface by default\n" cfg += "# NAT out the first interface by default\n"
@ -146,7 +151,7 @@ class Nat(CoreService):
if hasattr(ifc, 'control') and ifc.control == True: if hasattr(ifc, 'control') and ifc.control == True:
continue continue
if have_nat: if have_nat:
cfg += cls.generateifcnatrule(ifc, line_prefix='#') cfg += cls.generateifcnatrule(ifc, line_prefix="#")
else: else:
have_nat = True have_nat = True
cfg += "# NAT out the " + ifc.name + " interface\n" cfg += "# NAT out the " + ifc.name + " interface\n"