def make_script(dhcp):
print("make_script")
templ = [
('filter', "-A INPUT --src {0} -m mac --mac-source {1} -j {2}"),
('filter', "-A FORWARD --src {0} -m mac --mac-source {1} -j {2}"),
('mangle', "-A FORWARD --src {0} -j {2}"),
('mangle', "-A FORWARD --dst {0} -j {2}")
]
iptb = {"mangle": [], "filter": []}
i = 0
for lease in dhcp:
doc = user.find_one({"devices": {"mac": lease.mac}})
jump = mac_status(doc)
# print(lease.mac, jump, jump.name, jump.access)
iptb['mangle'] += ["-A FORWARD --src {0} -j {2}".format(lease.ip, lease.mac, jump.name)]
iptb['mangle'] += ["-A FORWARD --dst {0} -j {2}".format(lease.ip, lease.mac, jump.name)]
iptb['filter'] += ["-A allow-inet --src {0} -m mac --mac-source {1} -j {2}".format(lease.ip, lease.mac, jump.access)]
script = ''
script += '*mangle\n'
script += '-F FORWARD\n'
script += '\n'.join(list(set(iptb['mangle'])))
script += '\nCOMMIT\n'
script += '*filter\n'
script += ':allow-inet - [0:0]\n'
script += '\n'.join(list(set(iptb['filter']))) + '\n'
script += 'COMMIT\n'
# print(script)
return script
def from_dhcp(self):
with open(self.dhcp_lease, "r") as fd:
st = fd.read().split("\n")
ends = ''
starts = ''
mac = ''
macs = dict()
jump = "ACCEPT"
rules = []
for line in st:
if not line or line.startswith("#"):
continue;
if line == '}' and lease:
now = datetime.datetime.utcnow()
if(ends > now or debug):
macs[lease] = mac
rules.append(IpTablesRule(lease, mac, mac_status(mac).access, self.chain_name, self.iface_name, starts, ends))
lease = None
continue
m = re.search(r'lease\s*([0-9\.]+)\s*\{', line)
if m:
lease = m.groups()[0]
continue
m = re.search(r'\s+([a-z\s\-]+)\s+\"?(.+?)?\"?\;', line)
if m:
k, v = m.groups()
if k == "hardware ethernet":
mac = v
elif k == "ends":
ends = datetime.datetime.strptime(v, "%w %Y/%m/%d %H:%M:%S")
elif k == "starts":
starts = datetime.datetime.strptime(v, "%w %Y/%m/%d %H:%M:%S")
return rules