Firewall rule management

firewall/migrations/0003_firewallsettings_forwardrule.py

@@ -0,0 +1,61 @@
+# Generated by Django 5.0.2 on 2024-02-28 15:37
+
+import django.db.models.deletion
+import uuid
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('firewall', '0002_redirectrule_masquerade_source_and_more'),
+        ('wireguard', '0018_wireguardinstance_legacy_firewall'),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='FirewallSettings',
+            fields=[
+                ('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('global', models.CharField(max_length=6, unique=True)),
+                ('default_forward_policy', models.CharField(choices=[('accept', 'ACCEPT'), ('reject', 'REJECT'), ('drop', 'DROP')], default='accept', max_length=6)),
+                ('default_output_policy', models.CharField(choices=[('accept', 'ACCEPT'), ('reject', 'REJECT'), ('drop', 'DROP')], default='accept', max_length=6)),
+                ('allow_peer_to_peer', models.BooleanField(default=True)),
+                ('allow_instance_to_instance', models.BooleanField(default=True)),
+                ('wan_interface', models.CharField(default='eth0', max_length=12)),
+            ],
+        ),
+        migrations.CreateModel(
+            name='ForwardRule',
+            fields=[
+                ('description', models.CharField(blank=True, max_length=100, null=True)),
+                ('firewall_chain', models.CharField(choices=[('FORWARD', 'FORWARD'), ('OUTPUT', 'OUTPUT'), ('POSTROUTING', 'POSTROUTING (nat)')], default='FORWARD', max_length=12)),
+                ('in_interface', models.CharField(blank=True, default='', max_length=12, null=True)),
+                ('out_interface', models.CharField(blank=True, default='', max_length=12, null=True)),
+                ('source_ip', models.GenericIPAddressField(blank=True, null=True, protocol='IPv4')),
+                ('source_netmask', models.PositiveIntegerField(choices=[(8, '/8 (255.0.0.0)'), (9, '/9 (255.128.0.0)'), (10, '/10 (255.192.0.0)'), (11, '/11 (255.224.0.0)'), (12, '/12 (255.240.0.0)'), (13, '/13 (255.248.0.0)'), (14, '/14 (255.252.0.0)'), (15, '/15 (255.254.0.0)'), (16, '/16 (255.255.0.0)'), (17, '/17 (255.255.128.0)'), (18, '/18 (255.255.192.0)'), (19, '/19 (255.255.224.0)'), (20, '/20 (255.255.240.0)'), (21, '/21 (255.255.248.0)'), (22, '/22 (255.255.252.0)'), (23, '/23 (255.255.254.0)'), (24, '/24 (255.255.255.0)'), (25, '/25 (255.255.255.128)'), (26, '/26 (255.255.255.192)'), (27, '/27 (255.255.255.224)'), (28, '/28 (255.255.255.240)'), (29, '/29 (255.255.255.248)'), (30, '/30 (255.255.255.252)'), (32, '/32 (255.255.255.255)')], default=32)),
+                ('source_peer_include_networks', models.BooleanField(default=False)),
+                ('not_source', models.BooleanField(default=False)),
+                ('destination_ip', models.GenericIPAddressField(blank=True, null=True, protocol='IPv4')),
+                ('destination_netmask', models.PositiveIntegerField(choices=[(8, '/8 (255.0.0.0)'), (9, '/9 (255.128.0.0)'), (10, '/10 (255.192.0.0)'), (11, '/11 (255.224.0.0)'), (12, '/12 (255.240.0.0)'), (13, '/13 (255.248.0.0)'), (14, '/14 (255.252.0.0)'), (15, '/15 (255.254.0.0)'), (16, '/16 (255.255.0.0)'), (17, '/17 (255.255.128.0)'), (18, '/18 (255.255.192.0)'), (19, '/19 (255.255.224.0)'), (20, '/20 (255.255.240.0)'), (21, '/21 (255.255.248.0)'), (22, '/22 (255.255.252.0)'), (23, '/23 (255.255.254.0)'), (24, '/24 (255.255.255.0)'), (25, '/25 (255.255.255.128)'), (26, '/26 (255.255.255.192)'), (27, '/27 (255.255.255.224)'), (28, '/28 (255.255.255.240)'), (29, '/29 (255.255.255.248)'), (30, '/30 (255.255.255.252)'), (32, '/32 (255.255.255.255)')], default=32)),
+                ('destination_peer_include_networks', models.BooleanField(default=False)),
+                ('not_destination', models.BooleanField(default=False)),
+                ('protocol', models.CharField(blank=True, choices=[('', 'all'), ('tcp', 'TCP'), ('udp', 'UDP'), ('both', 'TCP+UDP'), ('icmp', 'ICMP')], default='', max_length=4, null=True)),
+                ('destination_port', models.CharField(blank=True, max_length=11, null=True)),
+                ('state_new', models.BooleanField(default=False)),
+                ('state_related', models.BooleanField(default=False)),
+                ('state_established', models.BooleanField(default=False)),
+                ('state_invalid', models.BooleanField(default=False)),
+                ('state_untracked', models.BooleanField(default=False)),
+                ('not_state', models.BooleanField(default=False)),
+                ('rule_action', models.CharField(choices=[('accept', 'ACCEPT'), ('reject', 'REJECT'), ('drop', 'DROP'), ('masquerade', 'MASQUERADE')], default='accept', max_length=10)),
+                ('sort_order', models.PositiveIntegerField(default=0)),
+                ('created', models.DateTimeField(auto_now_add=True)),
+                ('updated', models.DateTimeField(auto_now=True)),
+                ('uuid', models.UUIDField(default=uuid.uuid4, editable=False, primary_key=True, serialize=False)),
+                ('destination_peer', models.ManyToManyField(blank=True, related_name='forward_rules_as_destination', to='wireguard.peer')),
+                ('source_peer', models.ManyToManyField(blank=True, related_name='forward_rules_as_source', to='wireguard.peer')),
+                ('wireguard_instance', models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.SET_NULL, to='wireguard.wireguardinstance')),
+            ],
+        ),
+    ]

firewall/migrations/0004_rename_forwardrule_firewallrule.py

@@ -0,0 +1,18 @@
+# Generated by Django 5.0.2 on 2024-02-29 13:02
+
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('firewall', '0003_firewallsettings_forwardrule'),
+        ('wireguard', '0018_wireguardinstance_legacy_firewall'),
+    ]
+
+    operations = [
+        migrations.RenameModel(
+            old_name='ForwardRule',
+            new_name='FirewallRule',
+        ),
+    ]

firewall/migrations/0005_firewallsettings_created_firewallsettings_updated.py

@@ -0,0 +1,23 @@
+# Generated by Django 5.0.2 on 2024-02-29 13:29
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('firewall', '0004_rename_forwardrule_firewallrule'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='firewallsettings',
+            name='created',
+            field=models.DateTimeField(auto_now=True),
+        ),
+        migrations.AddField(
+            model_name='firewallsettings',
+            name='updated',
+            field=models.DateTimeField(auto_now=True),
+        ),
+    ]

firewall/migrations/0006_alter_firewallsettings_created.py

@@ -0,0 +1,18 @@
+# Generated by Django 5.0.2 on 2024-02-29 13:29
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('firewall', '0005_firewallsettings_created_firewallsettings_updated'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='firewallsettings',
+            name='created',
+            field=models.DateTimeField(auto_now_add=True),
+        ),
+    ]

firewall/migrations/0007_firewallsettings_pending_changes.py

@@ -0,0 +1,18 @@
+# Generated by Django 5.0.2 on 2024-02-29 14:02
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('firewall', '0006_alter_firewallsettings_created'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='firewallsettings',
+            name='pending_changes',
+            field=models.BooleanField(default=False),
+        ),
+    ]

firewall/migrations/0008_remove_firewallsettings_global_firewallsettings_name.py

@@ -0,0 +1,22 @@
+# Generated by Django 5.0.2 on 2024-02-29 17:08
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('firewall', '0007_firewallsettings_pending_changes'),
+    ]
+
+    operations = [
+        migrations.RemoveField(
+            model_name='firewallsettings',
+            name='global',
+        ),
+        migrations.AddField(
+            model_name='firewallsettings',
+            name='name',
+            field=models.CharField(default='global', max_length=6, unique=True),
+        ),
+    ]

firewall/migrations/0009_remove_firewallrule_wireguard_instance.py

@@ -0,0 +1,17 @@
+# Generated by Django 5.0.2 on 2024-03-01 00:12
+
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('firewall', '0008_remove_firewallsettings_global_firewallsettings_name'),
+    ]
+
+    operations = [
+        migrations.RemoveField(
+            model_name='firewallrule',
+            name='wireguard_instance',
+        ),
+    ]

firewall/migrations/0010_alter_firewallrule_firewall_chain.py

@@ -0,0 +1,18 @@
+# Generated by Django 5.0.2 on 2024-03-01 01:44
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('firewall', '0009_remove_firewallrule_wireguard_instance'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='firewallrule',
+            name='firewall_chain',
+            field=models.CharField(choices=[('forward', 'FORWARD'), ('postrouting', 'POSTROUTING (nat)')], default='forward', max_length=12),
+        ),
+    ]