def generateRules(self, rule_number): if self.acl.source_platforms or self.acl.destination_platforms: if self.acl.source_platforms: platforms = self.acl.source_platforms else: platforms = self.acl.destination_platforms for platform in platforms: for item in platform.items: protocols = list(flattenObject(item.protocol)) protocols.sort(key=lambda protocol: protocol.sortKey()) networks = self.formatPlatformSrcDst(flattenObject(item.network)) for rule in self.aclRule(networks, protocols, rule_number): yield rule rule_number += 1 else: protocols = list(flattenObjectList(self.acl.protocols)) protocols.sort(key=lambda protocol: protocol.sortKey()) networks = self.formatSrcDst() for rule in self.aclRule(networks, protocols, rule_number): yield rule rule_number += 1
def aclRules(self, acl, acl_index): flags = 0 if not acl.log: flags |= ACL_FLAGS_NOLOG # TODO: if acl.transparent_proxy: # TODO: flags |= ACL_FLAGS_SYNC | ACL_FLAGS_STRICT decision = DECISIONS[acl.decision] common_attr = { 'AclFlags': flags, 'Decision': decision, 'objectClass': (u'top', u'NuAccessControlList'), 'AclWeight': acl_index, } if not acl.input.name.endswith('+'): common_attr['InDev'] = acl.input.name if not acl.output.name.endswith('+'): common_attr['OutDev'] = acl.output.name common_attr['description'] = acl.logPrefix(ldap=True) # TODO: PhysInDev PhysOutDev timeranges = set(acl.durations) timeranges.update(acl.periodicities) # if acl.source_platforms: # destinations = self.addressList(acl.destinations, acl.address_type) # for destination in destinations: # for platform in acl.source_platforms: # for item in platform.items: # sources = self.addressList(flattenObject(item.network), acl.address_type) # protocols = flattenObject(item.protocol) # for rule in self.aclRule(acl, common_attr, sources, [destination], protocols, timeranges): # yield rule # elif acl.destination_platforms: # sources = self.addressList(acl.sources, acl.address_type) # for source in sources: # for platform in acl.destination_platforms: # for item in platform.items: # destinations = self.addressList(flattenObject(item.network), acl.address_type) # protocols = flattenObject(item.protocol) # for rule in self.aclRule(acl, common_attr, [source], destinations, protocols, timeranges): # yield rule if not acl.source_platforms and not acl.destination_platforms: # Create source and destination addresses protocols = list(flattenObjectList(acl.protocols)) protocols.sort(key=lambda protocol: protocol.sortKey()) for rule in self.aclRule(acl, common_attr, acl.sources, acl.destinations, protocols, timeranges): yield rule else: if acl.source_platforms: platforms = acl.source_platforms networks = acl.destinations else: platforms = acl.destination_platforms networks = acl.sources for network in networks: for platform in platforms: for item in platform.items: platform_networks = flattenObject(item.network) protocols = flattenObject(item.protocol) if acl.source_platforms: for rule in self.aclRule(acl, common_attr, platform_networks, [network], protocols, timeranges): yield rule else: for rule in self.aclRule(acl, common_attr, [network], platform_networks, protocols, timeranges): yield rule