Gitiles
Code Review Sign In
gerrit.onosproject.org / spring-open / 116e6e8c4a30545efbd822e21bb530652286aef2^! / . / cli / sdncon / controller / firewall.py
commit116e6e8c4a30545efbd822e21bb530652286aef2[log] [tgz]
authorsrikanth <srikanthvavila@gmail.com>Tue Aug 19 07:22:37 2014 -0700
committersrikanth <srikanthvavila@gmail.com>Tue Aug 19 07:22:37 2014 -0700
tree9fa9038721c323bd2d7548d120a22c70a258b501
parent9aa4c0f8d4914859426f297af667ef5c0fb0d532 [diff] [blame]
Base net-virt CLI files on top of which ONOS specific changes will be done

diff --git a/cli/sdncon/controller/firewall.py b/cli/sdncon/controller/firewall.py
new file mode 100755
index 0000000..ccf3d9b
--- /dev/null
+++ b/cli/sdncon/controller/firewall.py

@@ -0,0 +1,68 @@
+#
+# Copyright (c) 2013 Big Switch Networks, Inc.
+#
+# Licensed under the Eclipse Public License, Version 1.0 (the
+# "License"); you may not use this file except in compliance with the
+# License. You may obtain a copy of the License at
+#
+#      http://www.eclipse.org/legal/epl-v10.html
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied. See the License for the specific language governing
+# permissions and limitations under the License.
+#
+
+#from sdncon.controller.models import ControllerAclEntry
+
+def map_controller_acl_entry_to_ufw_string(acl_entry, in_acl, interface=None, delete=False):
+    # TODO optimize this method by building an array and then joining it
+    command = "ufw "
+    
+    if delete:
+        command += "delete "
+        
+    if acl_entry['action'] == "permit":
+        command += "allow "
+    else:
+        command += "deny "
+    
+    if in_acl:
+        command += "in "
+    else:
+        command += "out "
+        
+    command += ("on " + interface + " ")
+    
+    if acl_entry['type'] == 'ip':
+        pass
+    elif acl_entry['type'] == 'tcp' or acl_entry['type'] == 'udp':
+        command += ("proto " + acl_entry['type'] + " from ")
+        if acl_entry['src_ip'] != None: # TODO check none
+            command += acl_entry['src_ip']
+            if acl_entry['src_ip_mask'] != None:
+                command += ("/" + acl_entry['src_ip_mask'] + " ")
+            else:
+                command += " "
+        else:
+            command += "any "
+            
+        if acl_entry['src_tp_port_op'] == 'eq':
+            command += ("port " + acl_entry['src_tp_port'] + " ")
+
+        command += "to "
+        if acl_entry['dst_ip'] != None: #TODO check none
+            command += acl_entry['dst_ip']
+            if acl_entry['dst_ip_mask'] != None:
+                command += ("/" + acl_entry['dst_ip_mask'] + " ")
+            else:
+                command += " "
+        else:
+            command += "any "
+            
+        if acl_entry['dst_tp_port_op'] == 'eq':
+            command += ("port " + acl_entry['dst_tp_port'] + " ")
+    return command
+    
+