def _setup_firewall(self, ri, fw):
client = self._get_vyatta_client(ri.router)
fw_cmd_list = []
# Create firewall
fw_name = vyatta_utils.get_firewall_name(ri, fw)
fw_cmd_list.append(
vyatta_client.SetCmd(FW_NAME.format(parse.quote_plus(fw_name))))
if fw.get('description'):
fw_cmd_list.append(
vyatta_client.SetCmd(
FW_DESCRIPTION.format(parse.quote_plus(fw_name),
parse.quote_plus(
fw['description']))))
# Set firewall state policy
fw_cmd_list.append(vyatta_client.SetCmd(FW_ESTABLISHED_ACCEPT))
fw_cmd_list.append(vyatta_client.SetCmd(FW_RELATED_ACCEPT))
# Create firewall rules
rule_num = 0
for rule in fw['firewall_rule_list']:
if not rule['enabled']:
continue
if rule['ip_version'] == 4:
rule_num += 1
fw_cmd_list += self._set_firewall_rule(fw_name, rule_num, rule)
else:
LOG.warning(_LW("IPv6 rules are not supported."))
# Configure router zones
zone_cmd_list = vyatta_utils.get_zone_cmds(client, ri, fw_name)
client.exec_cmd_batch(fw_cmd_list + zone_cmd_list)
def _setup_firewall(self, ri, fw):
client = self._get_vyatta_client(ri.router)
fw_cmd_list = []
# Create firewall
fw_name = vyatta_utils.get_firewall_name(ri, fw)
fw_cmd_list.append(
vyatta_client.SetCmd(
FW_NAME.format(parse.quote_plus(fw_name))))
if fw.get('description'):
fw_cmd_list.append(vyatta_client.SetCmd(
FW_DESCRIPTION.format(
parse.quote_plus(fw_name),
parse.quote_plus(fw['description']))))
# Set firewall state policy
fw_cmd_list.append(vyatta_client.SetCmd(FW_ESTABLISHED_ACCEPT))
fw_cmd_list.append(vyatta_client.SetCmd(FW_RELATED_ACCEPT))
# Create firewall rules
rule_num = 0
for rule in fw['firewall_rule_list']:
if not rule['enabled']:
continue
if rule['ip_version'] == 4:
rule_num += 1
fw_cmd_list += self._set_firewall_rule(fw_name, rule_num, rule)
else:
LOG.warn(_LW("IPv6 rules are not supported."))
# Configure router zones
zone_cmd_list = vyatta_utils.get_zone_cmds(client, ri, fw_name)
client.exec_cmd_batch(fw_cmd_list + zone_cmd_list)
def test_get_firewall_name(self):
fake_firewall = {
'id': '74bc106d-fff0-4f92-ac1a-60d4b6b44fe1',
}
fw_name = vyatta_utils.get_firewall_name(None, fake_firewall)
self.assertEqual('74bc106dfff04f92ac1a60d4b6b4', fw_name)
def test_get_firewall_name(self):
fake_firewall = {
'id': '74bc106d-fff0-4f92-ac1a-60d4b6b44fe1',
}
fw_name = vyatta_utils.get_firewall_name(
None, fake_firewall)
self.assertEqual('74bc106dfff04f92ac1a60d4b6b4', fw_name)
def setUp(self):
super(VyattaFwaasTestCase, self).setUp()
mock.patch.object(vyatta_client, 'SetCmd', fake_cmd).start()
mock.patch.object(vyatta_client, 'DeleteCmd', fake_cmd).start()
self.fwaas_driver = vyatta_fwaas.VyattaFirewallDriver()
self.fake_rules = [self._make_fake_fw_rule()]
self.fake_firewall = self._make_fake_firewall(self.fake_rules)
self.fake_firewall_name = vyatta_utils.get_firewall_name(
None, self.fake_firewall)
self.fake_apply_list = [self._make_fake_router_info()]
self.fake_agent_mode = None
def process_router(self, ri):
LOG.debug("VyattaFirewallAgent:: process_router() called")
ctx = context.Context(None, ri.router['tenant_id'])
client = self._vyatta_clients_pool.get_by_db_lookup(
ri.router['id'], ctx)
fw_list = self.fwplugin_rpc.get_firewalls_for_tenant(ctx)
if fw_list:
zone_cmds = []
for fw in fw_list:
if ri.router['id'] in fw['router_ids']:
fw_name = vyatta_utils.get_firewall_name(ri, fw)
zone_cmds.extend(vyatta_utils.get_zone_cmds(client, ri,
fw_name))
client.exec_cmd_batch(zone_cmds)
def setUp(self):
super(VyattaFwaasTestCase, self).setUp()
mock.patch.object(vyatta_client, 'SetCmd', fake_cmd).start()
mock.patch.object(vyatta_client, 'DeleteCmd', fake_cmd).start()
self.fwaas_driver = vyatta_fwaas.VyattaFirewallDriver()
self.fake_rules = [self._make_fake_fw_rule()]
self.fake_firewall = self._make_fake_firewall(self.fake_rules)
self.fake_firewall_name = vyatta_utils.get_firewall_name(
None, self.fake_firewall)
self.fake_apply_list = [self._make_fake_router_info()]
self.fake_agent_mode = None
def _delete_firewall(self, ri, fw):
client = self._get_vyatta_client(ri.router)
cmd_list = []
# Delete zones
cmd_list.append(vyatta_client.DeleteCmd("zone-policy"))
# Delete firewall
fw_name = vyatta_utils.get_firewall_name(ri, fw)
cmd_list.append(
vyatta_client.DeleteCmd(FW_NAME.format(parse.quote_plus(fw_name))))
# Delete firewall state policy
cmd_list.append(vyatta_client.DeleteCmd("firewall/state-policy"))
client.exec_cmd_batch(cmd_list)
def _delete_firewall(self, ri, fw):
client = self._get_vyatta_client(ri.router)
cmd_list = []
# Delete zones
cmd_list.append(vyatta_client.DeleteCmd("zone-policy"))
# Delete firewall
fw_name = vyatta_utils.get_firewall_name(ri, fw)
cmd_list.append(vyatta_client.DeleteCmd(
FW_NAME.format(parse.quote_plus(fw_name))))
# Delete firewall state policy
cmd_list.append(vyatta_client.DeleteCmd("firewall/state-policy"))
client.exec_cmd_batch(cmd_list)
def sync_firewall_zones(resource, event, l3_agent, **kwargs):
LOG.debug('VyattaFirewallService:: sync_firewall_zones() called')
ri = kwargs['router']
ctx = context.Context(None, ri.router['tenant_id'])
client = l3_agent._vyatta_clients_pool.get_by_db_lookup(
ri.router['id'], ctx)
fw_list = l3_agent.fwplugin_rpc.get_firewalls_for_tenant(ctx)
if fw_list:
zone_cmds = []
for fw in fw_list:
if ri.router['id'] in fw['router_ids']:
fw_name = vyatta_utils.get_firewall_name(ri, fw)
zone_cmds.extend(
vyatta_utils.get_zone_cmds(client, ri, fw_name))
client.exec_cmd_batch(zone_cmds)
def sync_firewall_zones(resource, event, l3_agent, **kwargs):
LOG.debug('VyattaFirewallService:: sync_firewall_zones() called')
ri = kwargs['router']
ctx = context.Context(None, ri.router['tenant_id'])
client = l3_agent._vyatta_clients_pool.get_by_db_lookup(
ri.router['id'], ctx)
fw_list = l3_agent.fwplugin_rpc.get_firewalls_for_tenant(ctx)
if fw_list:
zone_cmds = []
for fw in fw_list:
if ri.router['id'] in fw['router_ids']:
fw_name = vyatta_utils.get_firewall_name(ri, fw)
zone_cmds.extend(vyatta_utils.get_zone_cmds(client, ri,
fw_name))
client.exec_cmd_batch(zone_cmds)