Viewing File: /usr/lib/python3.6/site-packages/firewall/core/__pycache__/fw_direct.cpython-36.opt-1.pyc

3

��g�W�@sndgZddlmZddlmZddlmZddlmZddlm	Z	ddl
mZddlm
Z
Gd	d�de�Zd
S)�FirewallDirect�)�LastUpdatedOrderedDict)�	ipXtables)�ebtables)�FirewallTransaction)�log)�errors)�
FirewallErrorc@sLeZdZdd�Zdd�Zdd�Zdd�Zd	d
�Zdd�Zd
d�Z	dd�Z
dNdd�Zdd�Zdd�Z
dOdd�Zdd�Zdd�Zdd�Zd d!�ZdPd"d#�ZdQd$d%�Zd&d'�Zd(d)�Zd*d+�ZdRd,d-�ZdSd.d/�Zd0d1�Zd2d3�Zd4d5�Zd6d7�Zd8d9�Zd:d;�ZdTd<d=�Z dUd>d?�Z!d@dA�Z"dBdC�Z#dDdE�Z$dFdG�Z%dHdI�Z&dJdK�Z'dLdM�Z(dS)VrcCs||_|j�dS)N)�_fw�_FirewallDirect__init_vars)�self�fw�r�/usr/lib/python3.6/fw_direct.py�__init__'szFirewallDirect.__init__cCsd|j|j|j|jfS)Nz%s(%r, %r, %r))�	__class__�_chains�_rules�_rule_priority_positions)rrrr�__repr__+szFirewallDirect.__repr__cCs"i|_i|_i|_i|_d|_dS)N)rrr�
_passthroughs�_obj)rrrrZ__init_vars/s
zFirewallDirect.__init_varscCs|j�dS)N)r)rrrr�cleanup6szFirewallDirect.cleanupcCs
t|j�S)N)rr
)rrrr�new_transaction;szFirewallDirect.new_transactioncCs
||_dS)N)r)r�objrrr�set_permanent_config@sz#FirewallDirect.set_permanent_configcCs*t|j�t|j�t|j�dkr&dSdS)NrTF)�lenrrr)rrrr�has_runtime_configurationCs"z(FirewallDirect.has_runtime_configurationcCsB|j�rdSt|jj��t|jj��t|jj��dkr>dSdS)NTrF)rrr�get_all_chains�
get_all_rules�get_all_passthroughs)rrrr�has_configurationHsz FirewallDirect.has_configurationNcCsP|dkr|j�}n|}|j|jj�|jj�|jj�f|�|dkrL|jd�dS)NT)r�
set_configrrrr �execute)r�use_transaction�transactionrrr�apply_directQs

zFirewallDirect.apply_directcCsi}i}i}xL|jD]B}|\}}x4|j|D]&}|jj|||�s,|j|g�j|�q,WqWxf|jD]\}|\}}}xL|j|D]>\}	}
|jj||||	|
�s|||kr�t�||<|	|||	|
f<q|WqbWxP|jD]F}x@|j|D]2}
|jj	||
�s�||k�r�g||<||j|
�q�Wq�W|||fS)N)
rr�query_chain�
setdefault�appendr�
query_rulerr�query_passthrough)rZchains�rulesZpassthroughs�table_id�ipv�table�chain�chain_id�priority�argsrrr�get_runtime_configbs,


z!FirewallDirect.get_runtime_configcCs|j|j|jfS)N)rrr)rrrr�
get_config�szFirewallDirect.get_configcCs�|dkr|j�}n|}|\}}}x||D]t}|\}}	xf||D]Z}
|j||	|
�s<y|j||	|
|d�Wq<tk
r�}ztjt|��WYdd}~Xq<Xq<Wq&Wx�|D]�}|\}}	}
xt||D]h\}
}|j||	|
|
|�s�y|j||	|
|
||d�Wq�tk
�r"}ztjt|��WYdd}~Xq�Xq�Wq�Wxx|D]p}xh||D]\}|j	||��s@y|j
|||d�Wn2tk
�r�}ztjt|��WYdd}~XnX�q@W�q2W|dk�r�|jd�dS)N)r$T)rr'�	add_chainr	rZwarning�strr*�add_ruler+�add_passthroughr#)rZconfr$r%rrrr-r.r/r0�errorr1r2r3rrrr"�s@



(

(
,
zFirewallDirect.set_configcCs*dddg}||kr&ttjd||f��dS)N�ipv4�ipv6Zebz'%s' not in '%s')r	rZINVALID_IPV)rr.Zipvsrrr�
_check_ipv�s
zFirewallDirect._check_ipvcCsF|j|�|dkrtjj�ntjj�}||krBttjd||f��dS)Nr;r<z'%s' not in '%s')r;r<)r=r�BUILT_IN_CHAINS�keysrr	rZ
INVALID_TABLE)rr.r/Ztablesrrr�_check_ipv_table�s

zFirewallDirect._check_ipv_tablecCs�|dkr4tj|}|jjr i}qH|jj|�j|}ntj|}tj|}||kr`tt	j
d|��||krxtt	j
d|��|dkr�|jjj|�dk	r�tt	j
d|��dS)Nr;r<zchain '%s' is built-in chainzchain '%s' is reservedzChain '%s' is reserved)r;r<)r;r<)rr>r
�nftables_enabled�get_direct_backend_by_ipv�
our_chainsrZ
OUR_CHAINSr	rZ
BUILTIN_CHAIN�zoneZzone_from_chainZ
INVALID_CHAIN)rr.r/r0Zbuilt_in_chainsrCrrr�_check_builtin_chain�s"




z#FirewallDirect._check_builtin_chaincCsH|r|jj|g�j|�n*|j|j|�t|j|�dkrD|j|=dS)Nr)rr(r)�remover)rr-r0�addrrr�_register_chain�s
zFirewallDirect._register_chaincCsV|dkr|j�}n|}|jj�r.|j|jj�|jd||||�|dkrR|jd�dS)NT)rr
�may_skip_flush_direct_backends�add_pre�flush_direct_backends�_chainr#)rr.r/r0r$r%rrrr6�s

zFirewallDirect.add_chaincCs>|dkr|j�}n|}|jd||||�|dkr:|jd�dS)NFT)rrLr#)rr.r/r0r$r%rrr�remove_chain�s
zFirewallDirect.remove_chaincCs:|j||�|j|||�||f}||jko8||j|kS)N)r@rEr)rr.r/r0r-rrrr'�s

zFirewallDirect.query_chaincCs,|j||�||f}||jkr(|j|SgS)N)r@r)rr.r/r-rrr�
get_chains�s


zFirewallDirect.get_chainscCsDg}x:|jD]0}|\}}x"|j|D]}|j|||f�q$WqW|S)N)rr))r�r�keyr.r/r0rrrrszFirewallDirect.get_all_chainscCsZ|dkr|j�}n|}|jj�r.|j|jj�|jd||||||�|dkrV|jd�dS)NT)rr
rIrJrK�_ruler#)rr.r/r0r2r3r$r%rrrr8	s

zFirewallDirect.add_rulecCsB|dkr|j�}n|}|jd||||||�|dkr>|jd�dS)NFT)rrQr#)rr.r/r0r2r3r$r%rrr�remove_rules
zFirewallDirect.remove_rulecCs2|j||�|||f}||jko0||f|j|kS)N)r@r)rr.r/r0r2r3r1rrrr*#s

zFirewallDirect.query_rulecCs6|j||�|||f}||jkr2t|j|j��SgS)N)r@r�listr?)rr.r/r0r1rrr�	get_rules)s


zFirewallDirect.get_rulesc	CsRg}xH|jD]>}|\}}}x.|j|D] \}}|j||||t|�f�q&WqW|S)N)rr)rS)rrOrPr.r/r0r2r3rrrr0s
 zFirewallDirect.get_all_rulescCs�|rr||jkrt�|j|<||j||<||jkr<i|j|<||j|krb|j|||7<q�||j||<n<|j||=t|j|�dkr�|j|=|j|||8<dS)Nr)rrrr)r�rule_idr1r2�enable�countrrr�_register_rule8s


zFirewallDirect._register_rulecCsVy|jj|jj|�j|�Stk
rP}ztj|�ttj	|��WYdd}~XnXdS)N)
r
�rulerB�name�	ExceptionrZdebug2r	rZCOMMAND_FAILED)rr.r3�msgrrr�passthroughLs

zFirewallDirect.passthroughcCsX|r*||jkrg|j|<|j|j|�n*|j|j|�t|j|�dkrT|j|=dS)Nr)rr)rFr)rr.r3rVrrr�_register_passthroughTs

z$FirewallDirect._register_passthroughcCsX|dkr|j�}n|}|jj�r.|j|jj�|jd|t|�|�|dkrT|jd�dS)NT)rr
rIrJrK�_passthroughrSr#)rr.r3r$r%rrrr9^s

zFirewallDirect.add_passthroughcCs@|dkr|j�}n|}|jd|t|�|�|dkr<|jd�dS)NFT)rr_rSr#)rr.r3r$r%rrr�remove_passthroughls
z!FirewallDirect.remove_passthroughcCs||jkot|�|j|kS)N)r�tuple)rr.r3rrrr+ws
z FirewallDirect.query_passthroughcCs>g}x4|jD]*}x$|j|D]}|j|t|�f�qWqW|S)N)rr)rS)rrOr.r3rrrr {s
z#FirewallDirect.get_all_passthroughscCs4g}||jkr0x |j|D]}|jt|��qW|S)N)rr)rS)rr.rOr3rrr�get_passthroughs�s

zFirewallDirect.get_passthroughscCs�g}x�|D]�}d}x�|D]�}y|j|�}Wntk
r>YqXt|�|krd||dkrd}||djd�}x.|D]&}	|dd�}
|	|
|d<|j|
�qxWqW|s
|j|�q
W|S)z5Split values combined with commas for options in optsF�,�TN)�index�
ValueErrorr�splitr))rr,ZoptsZ	out_rulesrYZ	processed�opt�i�items�itemrQrrr�split_value�s$


zFirewallDirect.split_valuec
Cs*|j||�|jjr2|dkr2|jjj||||�|}|jj|�}	|jjrd|	j|||�rdd|}n:|jjr�|dd�dkr�|	j|||dd��r�|dd�}|||f}
||f}|r�|
|jkr�||j|
kr�tt	j
d||||f��nB|
|jk�s||j|
k�rtt	jd||||f��|j|
|}d}d	}
|
|jk�r�t
|j|
j��}d	}x@|t|�k�r�|||k�r�||j|
||7}|d7}�qTWt|�g}|j|d
dg�}|j|dd
g�}x<|D]4}|j|	|	j||||t|���|d7}|
d7}
�q�W|j||
|||
�|j|j||
|||
�dS)Nr;r<z	%s_direct�Z_directz"rule '%s' already is in '%s:%s:%s'zrule '%s' is not in '%s:%s:%s'rdrz-sz--sourcez-dz
--destination)r;r<i����i����i����)r@r
rArD�create_zone_base_by_chainrBZis_chain_builtinrr	r�ALREADY_ENABLED�NOT_ENABLEDr�sortedr?rrSrlr8Z
build_rulerarX�add_fail)rrVr.r/r0r2r3r%rL�backendr1rUrerWZ	positions�jZ	args_list�_argsrrrrQ�sZ




(

zFirewallDirect._rulecCs�|j||�|j|||�||f}|rV||jkr�||j|kr�ttjd|||f��n.||jksn||j|kr�ttjd|||f��|jj|�}|j	||j
|||��|j|||�|j|j|||�dS)Nz chain '%s' already is in '%s:%s'zchain '%s' is not in '%s:%s')
r@rErr	rrorpr
rBZ	add_rulesZbuild_chain_rulesrHrr)rrGr.r/r0r%r-rsrrrrLs$

zFirewallDirect._chainc
Cs�|j|�t|�}|rD||jkrp||j|krpttjd||f��n,||jks\||j|krpttjd||f��|jj|�}|r�|j	|�|dkr�|j
|�\}}|r�|r�|jjj|||�|}	n
|j
|�}	|j||	�|j|||�|j|j|||�dS)Nzpassthrough '%s', '%s'r;r<)r;r<)r=rarr	rrorpr
rBZcheck_passthroughZpassthrough_parse_table_chainrDrnZreverse_passthroughr8r^rr)
rrVr.r3r%Z
tuple_argsrsr/r0rurrrr_'s0




zFirewallDirect._passthrough)N)N)N)N)N)N)N)N))�__name__�
__module__�__qualname__rrrrrrrr!r&r4r5r"r=r@rErHr6rMr'rNrr8rRr*rTrrXr]r^r9r`r+r rbrlrQrLr_rrrrr&sL	

'	

	




jN)�__all__Zfirewall.fw_typesrZ
firewall.corerrZfirewall.core.fw_transactionrZfirewall.core.loggerrZfirewallrZfirewall.errorsr	�objectrrrrr�<module>s
Back to Directory File Manager
<