| srikanth | 116e6e8 | 2014-08-19 07:22:37 -0700 | [diff] [blame] | 1 | # |
| 2 | # Copyright (c) 2013 Big Switch Networks, Inc. |
| 3 | # |
| 4 | # Licensed under the Eclipse Public License, Version 1.0 (the |
| 5 | # "License"); you may not use this file except in compliance with the |
| 6 | # License. You may obtain a copy of the License at |
| 7 | # |
| 8 | # http://www.eclipse.org/legal/epl-v10.html |
| 9 | # |
| 10 | # Unless required by applicable law or agreed to in writing, software |
| 11 | # distributed under the License is distributed on an "AS IS" BASIS, |
| 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or |
| 13 | # implied. See the License for the specific language governing |
| 14 | # permissions and limitations under the License. |
| 15 | # |
| 16 | |
| 17 | #from sdncon.controller.models import ControllerAclEntry |
| 18 | |
| 19 | def map_controller_acl_entry_to_ufw_string(acl_entry, in_acl, interface=None, delete=False): |
| 20 | # TODO optimize this method by building an array and then joining it |
| 21 | command = "ufw " |
| 22 | |
| 23 | if delete: |
| 24 | command += "delete " |
| 25 | |
| 26 | if acl_entry['action'] == "permit": |
| 27 | command += "allow " |
| 28 | else: |
| 29 | command += "deny " |
| 30 | |
| 31 | if in_acl: |
| 32 | command += "in " |
| 33 | else: |
| 34 | command += "out " |
| 35 | |
| 36 | command += ("on " + interface + " ") |
| 37 | |
| 38 | if acl_entry['type'] == 'ip': |
| 39 | pass |
| 40 | elif acl_entry['type'] == 'tcp' or acl_entry['type'] == 'udp': |
| 41 | command += ("proto " + acl_entry['type'] + " from ") |
| 42 | if acl_entry['src_ip'] != None: # TODO check none |
| 43 | command += acl_entry['src_ip'] |
| 44 | if acl_entry['src_ip_mask'] != None: |
| 45 | command += ("/" + acl_entry['src_ip_mask'] + " ") |
| 46 | else: |
| 47 | command += " " |
| 48 | else: |
| 49 | command += "any " |
| 50 | |
| 51 | if acl_entry['src_tp_port_op'] == 'eq': |
| 52 | command += ("port " + acl_entry['src_tp_port'] + " ") |
| 53 | |
| 54 | command += "to " |
| 55 | if acl_entry['dst_ip'] != None: #TODO check none |
| 56 | command += acl_entry['dst_ip'] |
| 57 | if acl_entry['dst_ip_mask'] != None: |
| 58 | command += ("/" + acl_entry['dst_ip_mask'] + " ") |
| 59 | else: |
| 60 | command += " " |
| 61 | else: |
| 62 | command += "any " |
| 63 | |
| 64 | if acl_entry['dst_tp_port_op'] == 'eq': |
| 65 | command += ("port " + acl_entry['dst_tp_port'] + " ") |
| 66 | return command |
| 67 | |
| 68 | |