Coverage for src/meshadmin/server/networks/migrations/0002_firewall_rule.py: 100%
5 statements
« prev ^ index » next coverage.py v7.6.12, created at 2025-04-10 16:08 +0200
« prev ^ index » next coverage.py v7.6.12, created at 2025-04-10 16:08 +0200
1# Generated by Django 5.1.1 on 2024-09-20 13:47
3import django.db.models.deletion
4from django.db import migrations, models
7class Migration(migrations.Migration):
8 dependencies = [
9 ("networks", "0001_initial"),
10 ]
12 operations = [
13 migrations.CreateModel(
14 name="Firewall",
15 fields=[
16 (
17 "id",
18 models.BigAutoField(
19 auto_created=True,
20 primary_key=True,
21 serialize=False,
22 verbose_name="ID",
23 ),
24 ),
25 ("name", models.CharField(max_length=200)),
26 ("description", models.TextField()),
27 (
28 "network",
29 models.ForeignKey(
30 on_delete=django.db.models.deletion.CASCADE,
31 to="networks.network",
32 ),
33 ),
34 ],
35 ),
36 migrations.CreateModel(
37 name="Rule",
38 fields=[
39 (
40 "id",
41 models.BigAutoField(
42 auto_created=True,
43 primary_key=True,
44 serialize=False,
45 verbose_name="ID",
46 ),
47 ),
48 (
49 "direction",
50 models.CharField(
51 choices=[("I", "inbound"), ("O", "outbound")],
52 default="I",
53 max_length=10,
54 ),
55 ),
56 (
57 "proto",
58 models.CharField(
59 choices=[
60 ("any", "any"),
61 ("udp", "udp"),
62 ("tcp", "tcp"),
63 ("icmp", "icmp"),
64 ],
65 default="any",
66 help_text="One of any, tcp, udp, or icmp",
67 max_length=4,
68 ),
69 ),
70 (
71 "port",
72 models.CharField(
73 default="any",
74 help_text="Takes 0 or any as any, a single number (e.g. 80), a range (e.g. 200-901), or fragment to match second and further fragments of fragmented packets (since there is no port available).",
75 max_length=255,
76 ),
77 ),
78 (
79 "cidr",
80 models.CharField(
81 blank=True,
82 help_text="a CIDR, 0.0.0.0/0 is any. This restricts which Nebula IP addresses the rule allows.",
83 max_length=255,
84 null=True,
85 ),
86 ),
87 (
88 "local_cidr",
89 models.CharField(
90 blank=True,
91 help_text="a local CIDR, 0.0.0.0/0 is any. This restricts which destination IP addresses, when using unsafe_routes, the rule allows. If unset, the rule will allow access to the specified ports on both the node itself as well as any IP addresses it routes to.",
92 max_length=255,
93 null=True,
94 ),
95 ),
96 (
97 "firewall",
98 models.ForeignKey(
99 on_delete=django.db.models.deletion.CASCADE,
100 to="networks.firewall",
101 ),
102 ),
103 (
104 "group",
105 models.ForeignKey(
106 blank=True,
107 help_text="Can be any or a literal group name, ie default-group",
108 null=True,
109 on_delete=django.db.models.deletion.CASCADE,
110 related_name="fw_groups",
111 to="networks.group",
112 ),
113 ),
114 (
115 "groups",
116 models.ManyToManyField(
117 blank=True,
118 null=True,
119 related_name="fw_groupss",
120 to="networks.group",
121 ),
122 ),
123 ],
124 ),
125 ]