3 Yj%@sfdZdgZddlmZddlmZmZmZm Z ddl m Z ddl m Z ddlmZGdddeZd S) z ipset backend FirewallIPSet)log)remove_default_create_optionsnormalize_ipset_entrycheck_entry_overlaps_existingcheck_for_overlapping_entries)IPSet)errors) FirewallErrorc@seZdZddZddZddZddZd d Zd d Zd dZ d4ddZ ddZ ddZ d5ddZ ddZddZddZd6dd Zd!d"Zd#d$Zd%d&Zd7d'd(Zd)d*Zd+d,Zd-d.Zd/d0Zd1d2Zd3S)8rcCs||_i|_dS)N)_fw_ipsets)selffwr/usr/lib/python3.6/fw_ipset.py__init__#szFirewallIPSet.__init__cCsd|j|jfS)Nz%s(%r)) __class__r )r rrr__repr__'szFirewallIPSet.__repr__cCs|jjdS)N)r clear)r rrrcleanup,szFirewallIPSet.cleanupcCs||jkrttj|dS)N) get_ipsetsr r Z INVALID_IPSET)r namerrr check_ipset/s zFirewallIPSet.check_ipsetcCs ||jkS)N)r)r rrrr query_ipset3szFirewallIPSet.query_ipsetcCst|jjS)N)sortedr keys)r rrrr6szFirewallIPSet.get_ipsetscCst|jdkS)Nr)lenr )r rrr has_ipsets9szFirewallIPSet.has_ipsetsFcCs&|j||j|}|r"|j||S)N)rr check_applied_obj)r rappliedobjrrr get_ipset<s    zFirewallIPSet.get_ipsetcCs4g}|jjr|j|jj|jjr0|j|jj|S)N)r Znftables_enabledappendZnftables_backendZ ipset_enabledZ ipset_backend)r backendsrrrr#Cs zFirewallIPSet.backendscCs0|j|jjkr ttjd|j||j|j<dS)Nz'%s' is not supported by ipset.)typer Zipset_supported_typesr r Z INVALID_TYPEr r)r r rrr add_ipsetKs zFirewallIPSet.add_ipsetcCs|j|}|jrh| rhy x|jD]}|j|q"WWqttk rd}zttj|WYdd}~XqtXn tj d||j|=dS)Nz,Keeping ipset '%s' because of timeout option) r rr# set_destroy Exceptionr r COMMAND_FAILEDrdebug1)r rZkeepr backendmsgrrr remove_ipsetQs    zFirewallIPSet.remove_ipsetc<Cs$|j|}x|jD]}|jdkr|j}||krd|jksv|jddksv|j||dksvt|j||dkry|j|Wn.tk r}zt t j |WYdd}~XnX|j j ry|j|j|j|jWn0tk r}zt t j |WYdd}~Xn&Xd|_d|jkr,|jddkr,qy|j|jWn0tk rl}zt t j |WYdd}~XnXx|jD]J}y|j|j|Wn0tk r}zt t j |WYdd}~XnXqvWqy|j|j|j|j|jdWn0tk r}zt t j |WYdd}~XqXd|_qWdS)Nipsettimeout0rT)r r#rZset_get_active_terseoptionsr$rm_def_cr_optsr&r'r r r(r _individual_callsZ set_creater set_flushentriesset_add set_restore)r rr r*Zactiver+entryrrr apply_ipset]sL     &  zFirewallIPSet.apply_ipsetcCs>x8|jD],}|j|}d|_tjd||j|q WdS)NFzApplying ipset '%s')rr rrr)r9)r rr rrr apply_ipsetss  zFirewallIPSet.apply_ipsetscCsxz|jD]n}|jdkrq x\|jD]P}y|j||j|Wq$tk rr}z|jtjkrb|WYdd}~Xq$Xq$Wq WdS)NZnftables) r#rr check_appliedr&r coder NOT_APPLIED)r r*r-r+rrrflushs   zFirewallIPSet.flushTcCs|j||djS)N)r)r!r$)r rrrrrget_typeszFirewallIPSet.get_typecCst|j|ddjjdS)NT)r,)rr!r$split)r rrrr get_dimensionszFirewallIPSet.get_dimensioncCs|j|}|j|dS)N)r!r)r rr rrrr;s zFirewallIPSet.check_appliedcCs|jsttj|jdS)N)rr r r=r)r r rrrrszFirewallIPSet.check_applied_objcCs.|j||d}d|jkr*|jddkr*dSdS)N)rZfamilyZinet6Zipv6Zipv4)r!r1)r rrr rrr get_familys  zFirewallIPSet.get_familycCs|j|dd}t|}tj||j|j||jkrFttj d||ft ||jy$x|j D]}|j |j |q^WWn.tk r}zttj|WYdd}~Xn&Xd|jks|jddkr|jj|dS)NT)rz'%s' already is in '%s'r.r/)r!rr check_entryr1r$r5r r ZALREADY_ENABLEDrr#r6rr'r(r")r rr8r r*r+rrr add_entrys  zFirewallIPSet.add_entrycCs|j|dd}t|}||jkr4ttjd||fy$x|jD]}|j|j|q@WWn.t k r}zttj |WYdd}~Xn&Xd|j ks|j ddkr|jj |dS)NT)rz'%s' not in '%s'r.r/) r!rr5r r Z NOT_ENABLEDr#Z set_deleterr'r(r1remove)r rr8r r*r+rrr remove_entrys zFirewallIPSet.remove_entrycCsD|j|dd}t|}d|jkr:|jddkr:ttj|||jkS)NT)rr.r/)r!rr1r r ZIPSET_WITH_TIMEOUTr5)r rr8r rrr query_entrys  zFirewallIPSet.query_entrycCs|j|dd}|jS)NT)r)r!r5)r rr rrr get_entriesszFirewallIPSet.get_entriescCs@|j|dd}t|x|D]}tj||j|jqWd|jksN|jddkrT||_y"x|jD]}|j|j q`WWn.t k r}zt t j |WYdd}~XnXd|_yXxR|jD]F}|jjrx8|jD]}|j|j |qWq|j|j |j|j|jdqWWn0t k r4}zt t j |WYdd}~XnXd|_dS)NT)rr.r/)r!rrrDr1r$r5r#r4rr'r r r(rr r3r6r7)r rr5r r8r*r+rrr set_entriess.  zFirewallIPSet.set_entriesN)F)F)T)T)__name__ __module__ __qualname__rrrrrrrr!r#r%r,r9r:r>r?rBr;rrCrErGrHrIrJrrrrr"s0  1   N)__doc____all__Zfirewall.core.loggerrZfirewall.core.ipsetrr2rrrZfirewall.core.io.ipsetrZfirewallr Zfirewall.errorsr objectrrrrrs