3 YÉjöWã@sndgZddlmZddlmZddlmZddlmZddlm Z ddl m Z ddl m Z Gd d„deƒZd S) ÚFirewallDirecté)ÚLastUpdatedOrderedDict)Ú ipXtables)Úebtables)ÚFirewallTransaction)Úlog)Úerrors)Ú FirewallErrorc@sLeZdZdd„Zdd„Zdd„Zdd„Zd d „Zd d „Zd d„Z dd„Z dNdd„Z dd„Z dd„Z dOdd„Zdd„Zdd„Zdd„Zd d!„ZdPd"d#„ZdQd$d%„Zd&d'„Zd(d)„Zd*d+„ZdRd,d-„ZdSd.d/„Zd0d1„Zd2d3„Zd4d5„Zd6d7„Zd8d9„Zd:d;„ZdTdd?„Z!d@dA„Z"dBdC„Z#dDdE„Z$dFdG„Z%dHdI„Z&dJdK„Z'dLdM„Z(dS)VrcCs||_|jƒdS)N)Ú_fwÚ_FirewallDirect__init_vars)ÚselfÚfw©rú/usr/lib/python3.6/fw_direct.pyÚ__init__'szFirewallDirect.__init__cCsd|j|j|j|jfS)Nz%s(%r, %r, %r))Ú __class__Ú_chainsÚ_rulesÚ_rule_priority_positions)r rrrÚ__repr__+szFirewallDirect.__repr__cCs"i|_i|_i|_i|_d|_dS)N)rrrÚ _passthroughsÚ_obj)r rrrZ __init_vars/s zFirewallDirect.__init_varscCs |jƒdS)N)r )r rrrÚcleanup6szFirewallDirect.cleanupcCs t|jƒS)N)rr )r rrrÚnew_transaction;szFirewallDirect.new_transactioncCs ||_dS)N)r)r ÚobjrrrÚset_permanent_config@sz#FirewallDirect.set_permanent_configcCs*t|jƒt|jƒt|jƒdkr&dSdS)NrTF)Úlenrrr)r rrrÚhas_runtime_configurationCs"z(FirewallDirect.has_runtime_configurationcCsB|jƒr dSt|jjƒƒt|jjƒƒt|jjƒƒdkr>dSdS)NTrF)rrrÚget_all_chainsÚ get_all_rulesÚget_all_passthroughs)r rrrÚhas_configurationHs z FirewallDirect.has_configurationNcCsP|dkr|jƒ}n|}|j|jjƒ|jjƒ|jjƒf|ƒ|dkrL|jdƒdS)NT)rÚ set_configrrrr Úexecute)r Úuse_transactionÚ transactionrrrÚ apply_directQs   zFirewallDirect.apply_directc Csi}i}i}xL|jD]B}|\}}x4|j|D]&}|jj|||ƒs,|j|gƒj|ƒq,WqWxf|jD]\}|\}}}xL|j|D]>\} } |jj|||| | ƒs|||krªtƒ||<| ||| | f<q|WqbWxP|jD]F}x@|j|D]2} |jj || ƒsÚ||krþg||<||j| ƒqÚWqÊW|||fS)N) rrÚ query_chainÚ setdefaultÚappendrÚ query_rulerrÚquery_passthrough) r ZchainsÚrulesZ passthroughsÚtable_idÚipvÚtableÚchainÚchain_idÚpriorityÚargsrrrÚget_runtime_configbs,      z!FirewallDirect.get_runtime_configcCs|j|j|jfS)N)rrr)r rrrÚ get_configszFirewallDirect.get_configcCs¾|dkr|jƒ}n|}|\}}}x||D]t}|\}} xf||D]Z} |j|| | ƒsr Únftables_enabledÚget_direct_backend_by_ipvÚ our_chainsrZ OUR_CHAINSr rZ BUILTIN_CHAINÚzoneZzone_from_chainZ INVALID_CHAIN)r r.r/r0Zbuilt_in_chainsrCrrrÚ_check_builtin_chainºs"     z#FirewallDirect._check_builtin_chaincCsH|r|jj|gƒj|ƒn*|j|j|ƒt|j|ƒdkrD|j|=dS)Nr)rr(r)Úremover)r r-r0ÚaddrrrÚ_register_chainÐs zFirewallDirect._register_chaincCsV|dkr|jƒ}n|}|jjƒr.|j|jjƒ|jd||||ƒ|dkrR|jdƒdS)NT)rr Úmay_skip_flush_direct_backendsÚadd_preÚflush_direct_backendsÚ_chainr#)r r.r/r0r$r%rrrr6Øs  zFirewallDirect.add_chaincCs>|dkr|jƒ}n|}|jd||||ƒ|dkr:|jdƒdS)NFT)rrLr#)r r.r/r0r$r%rrrÚ remove_chainçs  zFirewallDirect.remove_chaincCs:|j||ƒ|j|||ƒ||f}||jko8||j|kS)N)r@rEr)r r.r/r0r-rrrr'òs   zFirewallDirect.query_chaincCs,|j||ƒ||f}||jkr(|j|SgS)N)r@r)r r.r/r-rrrÚ get_chainsùs    zFirewallDirect.get_chainscCsDg}x:|jD]0}|\}}x"|j|D]}|j|||fƒq$Wq W|S)N)rr))r ÚrÚkeyr.r/r0rrrrs  zFirewallDirect.get_all_chainscCsZ|dkr|jƒ}n|}|jjƒr.|j|jjƒ|jd||||||ƒ|dkrV|jdƒdS)NT)rr rIrJrKÚ_ruler#)r r.r/r0r2r3r$r%rrrr8 s  zFirewallDirect.add_rulecCsB|dkr|jƒ}n|}|jd||||||ƒ|dkr>|jdƒdS)NFT)rrQr#)r r.r/r0r2r3r$r%rrrÚ remove_rules  zFirewallDirect.remove_rulecCs2|j||ƒ|||f}||jko0||f|j|kS)N)r@r)r r.r/r0r2r3r1rrrr*#s   zFirewallDirect.query_rulecCs6|j||ƒ|||f}||jkr2t|j|jƒƒSgS)N)r@rÚlistr?)r r.r/r0r1rrrÚ get_rules)s    zFirewallDirect.get_rulesc CsRg}xH|jD]>}|\}}}x.|j|D] \}}|j||||t|ƒfƒq&Wq W|S)N)rr)rS)r rOrPr.r/r0r2r3rrrr0s    zFirewallDirect.get_all_rulescCs²|rr||jkrtƒ|j|<||j||<||jkrg}x4|jD]*}x$|j|D]}|j|t|ƒfƒqWq W|S)N)rr)rS)r rOr.r3rrrr {s  z#FirewallDirect.get_all_passthroughscCs4g}||jkr0x |j|D]}|jt|ƒƒqW|S)N)rr)rS)r r.rOr3rrrÚget_passthroughs‚s  zFirewallDirect.get_passthroughsc Cs¼g}x²|D]ª}d}x’|D]Š}y|j|ƒ}Wntk r>YqXt|ƒ|krd||dkrd}||djdƒ}x.|D]&} |dd…} | | |d<|j| ƒqxWqW|s |j|ƒq W|S)z5Split values combined with commas for options in optsFú,éTN)ÚindexÚ ValueErrorrÚsplitr)) r r,ZoptsZ out_rulesrYZ processedÚoptÚiÚitemsÚitemrQrrrÚ split_value‰s$     zFirewallDirect.split_valuec Cs*|j||ƒ|jj r2|dkr2|jjj||||ƒ|}|jj|ƒ} |jj rd| j|||ƒrdd|}n:|jjrž|dd…dkrž| j|||dd…ƒrž|dd…}|||f} ||f} |ræ| |jkrä| |j| krätt j d||||fƒ‚nB| |jks| |j| krtt j d||||fƒ‚|j| | }d} d } | |j kr”t |j | jƒƒ}d }x@|t|ƒkr’|||kr’| |j | ||7} |d7}qTWt|ƒg}|j|d d gƒ}|j|d d gƒ}x<|D]4}|j| | j|||| t|ƒƒƒ| d7} | d7} qÄW|j| | ||| ƒ|j|j| | || | ƒdS)Nr;r<z %s_directéZ_directz"rule '%s' already is in '%s:%s:%s'zrule '%s' is not in '%s:%s:%s'rdrz-sz--sourcez-dz --destination)r;r<iùÿÿÿiùÿÿÿiùÿÿÿ)r@r rArDÚcreate_zone_base_by_chainrBZis_chain_builtinrr rÚALREADY_ENABLEDÚ NOT_ENABLEDrÚsortedr?rrSrlr8Z build_rulerarXÚadd_fail)r rVr.r/r0r2r3r%rLÚbackendr1rUrerWZ positionsÚjZ args_listÚ_argsrrrrQ¥sZ         (   zFirewallDirect._rulecCsÌ|j||ƒ|j|||ƒ||f}|rV||jkr„||j|kr„ttjd|||fƒ‚n.||jksn||j|kr„ttjd|||fƒ‚|jj|ƒ}|j ||j |||ƒƒ|j |||ƒ|j |j ||| ƒdS)Nz chain '%s' already is in '%s:%s'zchain '%s' is not in '%s:%s') r@rErr rrorpr rBZ add_rulesZbuild_chain_rulesrHrr)r rGr.r/r0r%r-rsrrrrLs$    zFirewallDirect._chainc Csü|j|ƒt|ƒ}|rD||jkrp||j|krpttjd||fƒ‚n,||jks\||j|krpttjd||fƒ‚|jj|ƒ}|rÀ|j |ƒ|dkrº|j |ƒ\}}|rº|rº|jj j |||ƒ|} n |j |ƒ} |j|| ƒ|j|||ƒ|j|j||| ƒdS)Nzpassthrough '%s', '%s'r;r<)r;r<)r=rarr rrorpr rBZcheck_passthroughZpassthrough_parse_table_chainrDrnZreverse_passthroughr8r^rr) r rVr.r3r%Z tuple_argsrsr/r0rurrrr_'s0        zFirewallDirect._passthrough)N)N)N)N)N)N)N)N))Ú__name__Ú __module__Ú __qualname__rrr rrrrr!r&r4r5r"r=r@rErHr6rMr'rNrr8rRr*rTrrXr]r^r9r`r+r rbrlrQrLr_rrrrr&sL  '       jN)Ú__all__Zfirewall.fw_typesrZ firewall.corerrZfirewall.core.fw_transactionrZfirewall.core.loggerrZfirewallrZfirewall.errorsr ÚobjectrrrrrÚs