From 7c2210e26cf741d4076d9c7cb03a35347343eba2 Mon Sep 17 00:00:00 2001 From: Samuel Lorch Date: Fri, 20 Oct 2023 23:35:51 +0200 Subject: [PATCH] Add firewall, service, system and vpn definitions --- Cargo.lock | 10 ++++++ Cargo.toml | 3 +- src/definitions.rs | 8 +++++ src/definitions/firewall.rs | 61 +++++++++++++++++++++++++++++++++ src/definitions/service.rs | 67 +++++++++++++++++++++++++++++++++++++ src/definitions/system.rs | 15 +++++++++ src/definitions/vpn.rs | 33 ++++++++++++++++++ 7 files changed, 196 insertions(+), 1 deletion(-) create mode 100644 src/definitions/firewall.rs create mode 100644 src/definitions/service.rs create mode 100644 src/definitions/system.rs create mode 100644 src/definitions/vpn.rs diff --git a/Cargo.lock b/Cargo.lock index 072cd4a..2cbb9a1 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -68,6 +68,15 @@ version = "1.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646" +[[package]] +name = "macaddr" +version = "1.0.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "baee0bbc17ce759db233beb01648088061bf678383130602a298e6998eedb2d8" +dependencies = [ + "serde", +] + [[package]] name = "matches" version = "0.1.10" @@ -85,6 +94,7 @@ name = "nfsense" version = "0.1.0" dependencies = [ "ipnet", + "macaddr", "serde", "serde_json", "validator", diff --git a/Cargo.toml b/Cargo.toml index 94e8aa2..c5915e7 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -7,6 +7,7 @@ edition = "2021" [dependencies] ipnet = { version = "2.8.0", features = ["serde"] } +macaddr = { version = "1.0.1", features = ["serde"] } serde = { version = "1.0.189", features = ["derive"] } serde_json = "1.0.107" -validator = { version = "0.15", features = ["derive"] } \ No newline at end of file +validator = { version = "0.15", features = ["derive"] } diff --git a/src/definitions.rs b/src/definitions.rs index a1dc9c8..6acd1d6 100644 --- a/src/definitions.rs +++ b/src/definitions.rs @@ -1,5 +1,9 @@ +pub mod firewall; pub mod network; pub mod object; +pub mod service; +pub mod system; +pub mod vpn; use serde::{Deserialize, Serialize}; use validator::Validate; @@ -9,4 +13,8 @@ pub struct Config { pub config_version: u64, pub network: network::Network, pub object: object::Object, + pub system: system::System, + pub service: service::Service, + pub vpn: vpn::VPN, + pub firewall: firewall::Firewall, } diff --git a/src/definitions/firewall.rs b/src/definitions/firewall.rs new file mode 100644 index 0000000..8633795 --- /dev/null +++ b/src/definitions/firewall.rs @@ -0,0 +1,61 @@ +use serde::{Deserialize, Serialize}; +use validator::Validate; + +#[derive(Serialize, Deserialize, Validate, Default, Debug)] +pub struct Firewall { + forward_rules: Vec, + destination_nat_rules: Vec, + source_nat_rules: Vec, +} + +#[derive(Serialize, Deserialize, Validate, Debug)] +pub struct ForwardRule { + pub name: String, + pub services: Vec, + pub source_addresses: Vec, + pub destination_addresses: Vec, + pub comment: String, + pub counter: bool, + pub verdict: Verdict, +} + +#[derive(Serialize, Deserialize, Validate, Debug)] +pub struct DestinationNATRule { + pub name: String, + pub services: Vec, + pub source_addresses: Vec, + pub destination_addresses: Vec, + pub comment: String, + pub counter: bool, + pub dnat_address: String, + pub dnat_service: String, +} + +#[derive(Serialize, Deserialize, Validate, Debug)] +pub struct SourceNATRule { + pub name: String, + pub services: Vec, + pub source_addresses: Vec, + pub destination_addresses: Vec, + pub comment: String, + pub counter: bool, + pub snat_type: SNATType, +} + +#[derive(Serialize, Deserialize, Debug)] +#[serde(rename_all = "snake_case")] +pub enum Verdict { + Accept, + Drop, + Continue, +} + +#[derive(Serialize, Deserialize, Debug)] +#[serde(rename_all = "snake_case")] +pub enum SNATType { + SNAT { + snat_address: String, + snat_service: String, + }, + Masquerade, +} diff --git a/src/definitions/service.rs b/src/definitions/service.rs new file mode 100644 index 0000000..9e07e3d --- /dev/null +++ b/src/definitions/service.rs @@ -0,0 +1,67 @@ +use core::time; +use macaddr::MacAddr8; +use serde::{Deserialize, Serialize}; +use std::net::IpAddr; +use validator::Validate; + +#[derive(Serialize, Deserialize, Validate, Default, Debug)] +pub struct Service { + pub dhcp_servers: Vec, + pub dns_servers: Vec, + pub ntp_servers: Vec, +} + +#[derive(Serialize, Deserialize, Validate, Debug)] +pub struct DHCPServer { + pub interface: String, + pub pool: Vec, + pub lease_time: time::Duration, + pub gateway_mode: GatewayMode, + pub dns_server_mode: DNSServerMode, + pub ntp_server_mode: NTPServerMode, + pub reservations: Vec, + pub comment: String, +} + +#[derive(Serialize, Deserialize, Validate, Debug)] +pub struct DNSServer { + pub interface: String, + pub comment: String, +} + +#[derive(Serialize, Deserialize, Validate, Debug)] +pub struct NTPServer { + pub interface: String, + pub comment: String, +} + +#[derive(Serialize, Deserialize, Debug)] +#[serde(rename_all = "snake_case")] +pub enum GatewayMode { + None, + Interface, + Specify { gateway: String }, +} + +#[derive(Serialize, Deserialize, Debug)] +#[serde(rename_all = "snake_case")] +pub enum DNSServerMode { + None, + Interface, + Specify { dns_servers: Vec }, +} + +#[derive(Serialize, Deserialize, Debug)] +#[serde(rename_all = "snake_case")] +pub enum NTPServerMode { + None, + Interface, + Specify { ntp_servers: Vec }, +} + +#[derive(Serialize, Deserialize, Debug)] +pub struct Reservation { + pub ip_address: IpAddr, + pub hardware_address: MacAddr8, + pub comment: String, +} diff --git a/src/definitions/system.rs b/src/definitions/system.rs new file mode 100644 index 0000000..7fa899b --- /dev/null +++ b/src/definitions/system.rs @@ -0,0 +1,15 @@ +use serde::{Deserialize, Serialize}; +use std::collections::HashMap; +use validator::Validate; + +#[derive(Serialize, Deserialize, Validate, Default, Debug)] +pub struct System { + pub users: HashMap, +} + +#[derive(Serialize, Deserialize, Validate, Default, Debug)] +pub struct User { + pub comment: String, + pub hash: String, + pub salt: String, +} diff --git a/src/definitions/vpn.rs b/src/definitions/vpn.rs new file mode 100644 index 0000000..f8a6452 --- /dev/null +++ b/src/definitions/vpn.rs @@ -0,0 +1,33 @@ +use serde::{Deserialize, Serialize}; +use std::collections::HashMap; +use validator::Validate; + +#[derive(Serialize, Deserialize, Validate, Default, Debug)] +pub struct VPN { + pub wireguard: Wireguard, +} + +#[derive(Serialize, Deserialize, Validate, Default, Debug)] +pub struct Wireguard { + pub interfaces: HashMap, + pub peers: HashMap, +} + +#[derive(Serialize, Deserialize, Validate, Debug)] +pub struct WireguardInterface { + pub public_key: String, + pub private_key: String, + pub listen_port: u64, + pub peers: Vec, + pub comment: String, +} + +#[derive(Serialize, Deserialize, Validate, Debug)] +pub struct WireguardPeer { + pub public_key: String, + pub preshared_key: Option, + pub allowed_ips: Vec, + pub endpoint: Option, + pub persistent_keepalive: Option, + pub comment: String, +}