rc/friwall
2
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

Add form for editing NAT addresses

Browse source
This commit is contained in:
Timotej Lazar 2023-07-06 17:18:10 +02:00
parent 8b8c675759
commit 5262c64244
5 changed files with 60 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
web/__init__.py
View file

@ -51,6 +51,9 @@ def create_app(test_config=None):
from . import config from . import config
app.register_blueprint(config.blueprint) app.register_blueprint(config.blueprint)
from . import nat
app.register_blueprint(nat.blueprint)
from . import rules from . import rules
app.register_blueprint(rules.blueprint) app.register_blueprint(rules.blueprint)

34
web/nat.py Normal file
View file

@ -0,0 +1,34 @@
import flask
import flask_login
from . import db
from . import system
blueprint = flask.Blueprint('nat', __name__, url_prefix='/nat')
@blueprint.route('/', methods=('GET', 'POST'))
@flask_login.login_required
def index():
try:
if not flask_login.current_user.is_admin:
return flask.Response('forbidden', status=403, mimetype='text/plain')
with db.locked():
nat = { office: "" for office in db.read('networks') }
nat |= db.read('nat')
if flask.request.method == 'POST':
form = flask.request.form
for office, address in form.items():
if office in nat:
nat[office] = address
db.write('nat', nat)
system.run(system.save_config)
return flask.redirect(flask.url_for('nat.index'))
return flask.render_template('nat/index.html', nat=nat)
except Exception as e:
return flask.Response(f'something went catastrophically wrong: {e}',
status=400, mimetype='text/plain')

3
web/system.py
View file

@ -68,7 +68,7 @@ def save_config():
settings = db.read('settings') settings = db.read('settings')
version = settings['version'] = int(settings.get('version', 0)) + 1 version = settings['version'] = int(settings.get('version', 0)) + 1
# Populate IP sets and translation maps for NAT. # Populate IP sets.
ipsets = collections.defaultdict(set) ipsets = collections.defaultdict(set)
for name, network in db.read('ipsets').items(): for name, network in db.read('ipsets').items():
ipsets[name].update(network.get('ip', ())) ipsets[name].update(network.get('ip', ()))
@ -123,6 +123,7 @@ map {name} {{
with open(f'{output}/etc/nftables.d/nat.nft', 'w', encoding='utf-8') as f: with open(f'{output}/etc/nftables.d/nat.nft', 'w', encoding='utf-8') as f:
nat = db.read('nat') # { network name: public range… } nat = db.read('nat') # { network name: public range… }
for network, address in nat.items(): for network, address in nat.items():
if address:
print(f'iif @inside oif @outside ip saddr @{network} snat to {address}', file=f) print(f'iif @inside oif @outside ip saddr @{network} snat to {address}', file=f)
# Print forwarding rules. # Print forwarding rules.

2
web/templates/index.html
View file

@ -10,7 +10,7 @@
<dd>definicije obsegov IP <dd>definicije obsegov IP
<dt><a href="{{ url_for('rules.index') }}">Urejanje pravil</a> <dt><a href="{{ url_for('rules.index') }}">Urejanje pravil</a>
<dd>pravila za posredovanje prometa <dd>pravila za posredovanje prometa
<dt><a href="{{ url_for('config.edit', name='nat') }}">NAT</a> <dt><a href="{{ url_for('nat.index') }}">NAT</a>
<dd>javni naslovi za pisarniška omrežja <dd>javni naslovi za pisarniška omrežja
<dt><a href="{{ url_for('config.edit', name='netmap') }}">Netmap</a> <dt><a href="{{ url_for('config.edit', name='netmap') }}">Netmap</a>
<dd>statične 1:1 preslikave naslovov za strežniška omrežja <dd>statične 1:1 preslikave naslovov za strežniška omrežja

19
web/templates/nat/index.html Normal file
View file

@ -0,0 +1,19 @@
{% extends 'base.html' %}
{% block content %}
<p>
Urejate naslove NAT za pisarniška omrežja.
<form id="request" method="POST">
<table>
<tbody>
{% for office, address in nat.items() %}
<tr>
<td><label for="{{ office }}">{{ office }}</label>
<td><input id="{{ office }}" name="{{ office }}" value="{{ address }}" />
{% endfor %}
</table>
<p><button id="submit" type="submit">Shrani</button>
</form>
{% endblock %}