diff --git a/flowspec/forms.py b/flowspec/forms.py index 856ab6ce97e74ad423b5d0247a7ecefd7509c3d5..997a4500ed1c8147612a10a65b00faf5789034b8 100644 --- a/flowspec/forms.py +++ b/flowspec/forms.py @@ -188,8 +188,9 @@ class RouteForm(forms.ModelForm): existing_routes = existing_routes.filter(pk__in=route_pk_list) else: existing_routes = existing_routes.filter(port=None) - for route in existing_routes: - if name != route.name: + if not settings.DISABLE_RULE_OVERLAP_CHECK: + for route in existing_routes: + if name != route.name: existing_url = reverse('edit-route', args=[route.name]) if IPNetwork(destination) in IPNetwork(route.destination) or IPNetwork(route.destination) in IPNetwork(destination): raise forms.ValidationError('Found an exact %s rule, %s with destination prefix %s<br>To avoid overlapping try editing rule <a href=\'%s\'>%s</a>' % (route.status, route.name, route.destination, existing_url, route.name)) diff --git a/flowspec/validators.py b/flowspec/validators.py index efa55b2ae827870a0029ebb90bdc80b9b9c83413..fce7796f6ab0e5cd85de42c14ec2b626d695928f 100644 --- a/flowspec/validators.py +++ b/flowspec/validators.py @@ -183,23 +183,24 @@ def check_if_rule_exists(fields, queryset): :rtype: tuple(bool, str) """ - routes = queryset.filter( - source=fields.get('source'), - destination=IPNetwork(fields.get('destination')).compressed, - ) - if routes: - ids = [str(item[0]) for item in routes.values_list('pk')] - return ( - True, _('Rule(s) regarding those addresses already exist ' - 'with id(s) {}. Please edit those instead'.format(', '.join(ids)))) - - routes = Route.objects.filter( - source=fields.get('source'), - destination=IPNetwork(fields.get('destination')).compressed, - ) - for route in routes: - return ( - True, _('Rule(s) regarding those addresses already exist ' - 'but you cannot edit them. Please refer to the ' - 'application\'s administrators for further clarification')) + if not settings.DISABLE_RULE_OVERLAP_CHECK: + routes = queryset.filter( + source=fields.get('source'), + destination=IPNetwork(fields.get('destination')).compressed, + ) + if routes: + ids = [str(item[0]) for item in routes.values_list('pk')] + return ( + True, _('Rule(s) regarding those addresses already exist ' + 'with id(s) {}. Please edit those instead'.format(', '.join(ids)))) + + routes = Route.objects.filter( + source=fields.get('source'), + destination=IPNetwork(fields.get('destination')).compressed, + ) + for route in routes: + return ( + True, _('Rule(s) regarding those addresses already exist ' + 'but you cannot edit them. Please refer to the ' + 'application\'s administrators for further clarification')) return (False, None) diff --git a/flowspy/settings_local.py.dist b/flowspy/settings_local.py.dist index a542706fa26bbacc8b900c40a16b38e33fe84188..2f3c71814b125125d90b23c2ebee2c475474c86b 100644 --- a/flowspy/settings_local.py.dist +++ b/flowspy/settings_local.py.dist @@ -100,7 +100,7 @@ ACCOUNT_ACTIVATION_DAYS = 7 # Define subnets that should not have any rules applied whatsoever #PROTECTED_SUBNETS = ['10.10.0.0/16'] PROTECTED_SUBNETS = [] -#MAX_RULE_EXPIRE_DAYS = 10 +# max number of days into the future that is allowed to pick in rule expiration datepicker MAX_RULE_EXPIRE_DAYS = 30 # Add two whois servers in order to be able to get all the subnets for an AS. @@ -153,7 +153,7 @@ SNMP_MAX_SAMPLECOUNT = 12 # Age of inactive routes that can be already removed (in seconds) SNMP_REMOVE_RULES_AFTER = 3600 - +DISABLE_RULE_OVERLAP_CHECK = True ############################################################################## ##############################################################################