From 5262c642448e33d08a5265ee2de8a52bee4f5b46 Mon Sep 17 00:00:00 2001 From: Timotej Lazar Date: Thu, 6 Jul 2023 17:18:10 +0200 Subject: [PATCH] Add form for editing NAT addresses --- web/__init__.py | 3 +++ web/nat.py | 34 ++++++++++++++++++++++++++++++++++ web/system.py | 5 +++-- web/templates/index.html | 2 +- web/templates/nat/index.html | 19 +++++++++++++++++++ 5 files changed, 60 insertions(+), 3 deletions(-) create mode 100644 web/nat.py create mode 100644 web/templates/nat/index.html diff --git a/web/__init__.py b/web/__init__.py index a22637d..b0582bd 100644 --- a/web/__init__.py +++ b/web/__init__.py @@ -51,6 +51,9 @@ def create_app(test_config=None): from . import config app.register_blueprint(config.blueprint) + from . import nat + app.register_blueprint(nat.blueprint) + from . import rules app.register_blueprint(rules.blueprint) diff --git a/web/nat.py b/web/nat.py new file mode 100644 index 0000000..9d11807 --- /dev/null +++ b/web/nat.py @@ -0,0 +1,34 @@ +import flask +import flask_login + +from . import db +from . import system + +blueprint = flask.Blueprint('nat', __name__, url_prefix='/nat') + +@blueprint.route('/', methods=('GET', 'POST')) +@flask_login.login_required +def index(): + try: + if not flask_login.current_user.is_admin: + return flask.Response('forbidden', status=403, mimetype='text/plain') + + with db.locked(): + nat = { office: "" for office in db.read('networks') } + nat |= db.read('nat') + + if flask.request.method == 'POST': + form = flask.request.form + for office, address in form.items(): + if office in nat: + nat[office] = address + db.write('nat', nat) + system.run(system.save_config) + return flask.redirect(flask.url_for('nat.index')) + + return flask.render_template('nat/index.html', nat=nat) + + except Exception as e: + return flask.Response(f'something went catastrophically wrong: {e}', + status=400, mimetype='text/plain') + diff --git a/web/system.py b/web/system.py index 4cea045..de4840f 100644 --- a/web/system.py +++ b/web/system.py @@ -68,7 +68,7 @@ def save_config(): settings = db.read('settings') version = settings['version'] = int(settings.get('version', 0)) + 1 - # Populate IP sets and translation maps for NAT. + # Populate IP sets. ipsets = collections.defaultdict(set) for name, network in db.read('ipsets').items(): ipsets[name].update(network.get('ip', ())) @@ -123,7 +123,8 @@ map {name} {{ with open(f'{output}/etc/nftables.d/nat.nft', 'w', encoding='utf-8') as f: nat = db.read('nat') # { network name: public range… } for network, address in nat.items(): - print(f'iif @inside oif @outside ip saddr @{network} snat to {address}', file=f) + if address: + print(f'iif @inside oif @outside ip saddr @{network} snat to {address}', file=f) # Print forwarding rules. with open(f'{output}/etc/nftables.d/forward.nft', 'w', encoding='utf-8') as f: diff --git a/web/templates/index.html b/web/templates/index.html index 7d188ff..031cc7b 100644 --- a/web/templates/index.html +++ b/web/templates/index.html @@ -10,7 +10,7 @@
definicije obsegov IP
Urejanje pravil
pravila za posredovanje prometa -
NAT +
NAT
javni naslovi za pisarniška omrežja
Netmap
statične 1:1 preslikave naslovov za strežniška omrežja diff --git a/web/templates/nat/index.html b/web/templates/nat/index.html new file mode 100644 index 0000000..1c2244d --- /dev/null +++ b/web/templates/nat/index.html @@ -0,0 +1,19 @@ +{% extends 'base.html' %} + +{% block content %} +

+Urejate naslove NAT za pisarniška omrežja. + +

+ + +{% for office, address in nat.items() %} + +
+ +{% endfor %} +
+

+

+ +{% endblock %}