# -*- mode: python; coding: utf-8 -*-
# Re2o est un logiciel d'administration développé initiallement au rezometz. Il
# se veut agnostique au réseau considéré, de manière à être installable en
# quelques clics.
#
# Copyright © 2017  Gabriel Détraz
# Copyright © 2017  Goulven Kermarec
# Copyright © 2017  Augustin Lemesle
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License along
# with this program; if not, write to the Free Software Foundation, Inc.,
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.


### Specify each interface role
role = ['routeur']  # , 'portail']

interfaces_type = {
    'routable' : ['eth1', 'eth2'],
    # 'routable-portail': ['eth2'],
    'sortie' : ['eth3', 'eth4'],
    'admin' : ['eth5', 'eth6']
}

### Specify nat settings: name, interfaces with range, and global range for nat
### WARNING : "interface_ip_to_nat' MUST contain /24 ranges, and ip_sources MUST
### contain /16 range

nat = [
    {
        'name' : 'nat1',
        'interfaces_ip_to_nat' : {
            'eth1' : '185.230.76.0/24',
            'eth2' : '138.230.76.0/24',
        },
        'ip_sources' : '10.42.0.0/16',
        'extra_nat' : {
            'eth1': {
                '10.129.1.240' : '45.66.108.251'
            },
        },
    },
    {
        'name' : 'nat2',
        'interfaces_ip_to_nat' : {
            'eth1' : '185.230.77.0/24',
            'eth3' : '138.1.145.0/24'
        },
        'ip_sources' : '10.43.0.0/16',
        'extra_nat' : {
            'eth2': {
                '10.129.1.240' : '45.66.108.251'
            },
        },
    }
]

# portail = {
#     "autorized_hosts": {
#         "tcp": {
#             "45.66.111.61": ["80", "443"],
#             "185.230.79.10": ["80", "443"]
#         },
#         "udp": {}
#     },
#     "ip_redirect": {
#        "0.0.0.0/0": {
#             "tcp": {
#                 "45.66.111.61": ["80", "443"]
#             }
#         }
#     }
# }

# ATTENTION: on doit avoir retry ≥ grace
# ATTENTION: il faut que ip_redirect gère tous les ports
# autorisés dans le profile re2o, sinon on laisse sortir
# du trafic
accueils = [
    {
        'iface': 'ens23',
        'grace_period': 1800,
        'retry_period': 86400,
        'ip_sources': [
            '10.43.1.0/24',
            '10.43.2.0/24',
        ],
        'ip_redirect': {
            "tcp": {
                "10.43.0.247": ["80", "443"]
            }
        },
        'triggers': [
            ('4', 'tcp', '46.255.53.35', 443),  # ComNPay
            ('4', 'tcp', '46.255.53.35', 80),
        ]
    }
]

### Specifiy tuples of interfaces that should be directly forwarded without any
### firewall rule.

# external_forward = [
#     ('eth1', 'eth2'),
# ]