Commit 58c1a1bc authored by Benjamin Graillot's avatar Benjamin Graillot
Browse files

More logging

parent 2520bc34
......@@ -84,6 +84,8 @@ if __name__ == "__main__":
for dn, entry in networks_query[1]:
networks[entry['cn'][0].decode('utf-8')] = ipaddress.ip_network(entry['ipNetworkNumber'][0].decode('utf-8') + '/' + entry['ipNetmaskNumber'][0].decode('utf-8'))
logger.debug("Queried {} networks: {}".format(len(networks), networks))
services = {}
for dn, entry in services_query[1]:
......@@ -96,6 +98,8 @@ if __name__ == "__main__":
protocols = { protocol.decode('utf-8') for protocol in entry['ipServiceProtocol'] }
services[entry['cn'][0].decode('utf-8')] = (ports, protocols)
logger.debug("Queried {} services: {}".format(len(services), services))
ports_openings = []
for dn, entry in hosts_query[1]:
......@@ -132,6 +136,8 @@ if __name__ == "__main__":
udp_ports_out = ','.join( '{}-{}'.format(port[0], port[1]) if port[0] != port[1] else str(port[0]) for port in udp_ports_out )
ports_openings.append('ip{ip_version} saddr {ip} udp dport {{ {ports} }} accept'.format(ip_version='' if ip.version == 4 else '6', ip=ip, ports=udp_ports_out))
logger.debug("Generated {} ports openings".format(len(ports_openings)))
logger.info("Reading Re2o configuration")
re2o_config = configparser.ConfigParser()
re2o_config.read(os.path.join(path, 're2o-config.ini'))
......@@ -187,6 +193,8 @@ if __name__ == "__main__":
udp_ports_out = ','.join( '{}-{}'.format(port[0], port[1]) if port[0] != port[1] else str(port[0]) for port in udp_ports_out )
ports_openings_adh.append('ip{ip_version} saddr {ip} udp dport {{ {ports} }} accept'.format(ip_version='' if ip.version == 4 else '6', ip=ip, ports=udp_ports_out))
logger.debug("Generated {} ports opening".format(len(ports_openings_adh)))
with open(os.path.join(path, 'templates', 'nftables.conf.j2')) as firewall_template:
template = jinja2.Template(firewall_template.read())
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment