def generateRules(self, rule_number):
if self.acl.source_platforms or self.acl.destination_platforms:
if self.acl.source_platforms:
platforms = self.acl.source_platforms
else:
platforms = self.acl.destination_platforms
for platform in platforms:
for item in platform.items:
protocols = list(flattenObject(item.protocol))
protocols.sort(key=lambda protocol: protocol.sortKey())
networks = self.formatPlatformSrcDst(flattenObject(item.network))
for rule in self.aclRule(networks, protocols, rule_number):
yield rule
rule_number += 1
else:
protocols = list(flattenObjectList(self.acl.protocols))
protocols.sort(key=lambda protocol: protocol.sortKey())
networks = self.formatSrcDst()
for rule in self.aclRule(networks, protocols, rule_number):
yield rule
rule_number += 1
def aclRules(self, acl, acl_index):
flags = 0
if not acl.log:
flags |= ACL_FLAGS_NOLOG
# TODO: if acl.transparent_proxy:
# TODO: flags |= ACL_FLAGS_SYNC | ACL_FLAGS_STRICT
decision = DECISIONS[acl.decision]
common_attr = {
'AclFlags': flags,
'Decision': decision,
'objectClass': (u'top', u'NuAccessControlList'),
'AclWeight': acl_index,
}
if not acl.input.name.endswith('+'):
common_attr['InDev'] = acl.input.name
if not acl.output.name.endswith('+'):
common_attr['OutDev'] = acl.output.name
common_attr['description'] = acl.logPrefix(ldap=True)
# TODO: PhysInDev PhysOutDev
timeranges = set(acl.durations)
timeranges.update(acl.periodicities)
# if acl.source_platforms:
# destinations = self.addressList(acl.destinations, acl.address_type)
# for destination in destinations:
# for platform in acl.source_platforms:
# for item in platform.items:
# sources = self.addressList(flattenObject(item.network), acl.address_type)
# protocols = flattenObject(item.protocol)
# for rule in self.aclRule(acl, common_attr, sources, [destination], protocols, timeranges):
# yield rule
# elif acl.destination_platforms:
# sources = self.addressList(acl.sources, acl.address_type)
# for source in sources:
# for platform in acl.destination_platforms:
# for item in platform.items:
# destinations = self.addressList(flattenObject(item.network), acl.address_type)
# protocols = flattenObject(item.protocol)
# for rule in self.aclRule(acl, common_attr, [source], destinations, protocols, timeranges):
# yield rule
if not acl.source_platforms and not acl.destination_platforms:
# Create source and destination addresses
protocols = list(flattenObjectList(acl.protocols))
protocols.sort(key=lambda protocol: protocol.sortKey())
for rule in self.aclRule(acl, common_attr, acl.sources, acl.destinations, protocols, timeranges):
yield rule
else:
if acl.source_platforms:
platforms = acl.source_platforms
networks = acl.destinations
else:
platforms = acl.destination_platforms
networks = acl.sources
for network in networks:
for platform in platforms:
for item in platform.items:
platform_networks = flattenObject(item.network)
protocols = flattenObject(item.protocol)
if acl.source_platforms:
for rule in self.aclRule(acl, common_attr, platform_networks, [network], protocols, timeranges):
yield rule
else:
for rule in self.aclRule(acl, common_attr, [network], platform_networks, protocols, timeranges):
yield rule
