Viewing File: /usr/lib/python3.6/site-packages/firewall/core/__pycache__/fw_zone.cpython-36.pyc

3

��gy��@s�ddlZddlZddlmZmZmZddlmZddlm	Z	ddl
mZddlm
Z
mZmZmZmZmZmZmZmZddlmZmZmZddlmZdd	lmZdd
lmZGdd�de �Z!dS)
�N)�	SHORTCUTS�DEFAULT_ZONE_TARGET�SOURCE_IPSET_TYPES)�FirewallTransaction)�Policy)�log)	�Rich_Service�	Rich_Port�
Rich_Protocol�Rich_SourcePort�Rich_ForwardPort�Rich_IcmpBlock�
Rich_IcmpType�Rich_Masquerade�	Rich_Mark)�checkIPnMask�
checkIP6nMask�	check_mac)�errors)�
FirewallError)�LastUpdatedOrderedDictc@sNeZdZdZdd�Zdd�Zdd�Zdd	�Zd
d�Zdd
�Z	dd�Z
dd�Zdd�Zdd�Z
dd�Zdd�Zdd�Zdd�Zd�dd �Zd!d"�Zd#d$�Zd%d&�Zd�d'd(�Zd)d*�Zd+d,�Zd-d.�Zd�d/d0�Zd�d1d2�Zd3d4�Zd5d6�Zd7d8�Zd9d:�Zd;d<�Z d=d>�Z!d�d@dA�Z"dBdC�Z#d�dDdE�Z$d�dFdG�Z%d�dHdI�Z&dJdK�Z'dLdM�Z(dNdO�Z)d�dQdR�Z*d�dSdT�Z+d�dUdV�Z,dWdX�Z-d�dYdZ�Z.d�d[d\�Z/d]d^�Z0d_d`�Z1dadb�Z2d�dcdd�Z3dedf�Z4dgdh�Z5didj�Z6dkdl�Z7dmdn�Z8dodp�Z9d�dqdr�Z:dsdt�Z;dudv�Z<dwdx�Z=d�dydz�Z>d{d|�Z?d}d~�Z@dd��ZAd�d�d��ZBd�d��ZCd�d��ZDd�d��ZEd�d��ZFd�d�d��ZGd�d��ZHd�d��ZId�d��ZJd�d�d��ZKd�d��ZLd�d��ZMd�d��ZNd�d�d��ZOd�d��ZPd�d��ZQd�d�d��ZRd�d�d��ZSd�d�d��ZTd�d��ZUd�d�d��ZVd�d��ZWd�d��ZXd�d��ZYd�d�d��ZZd�d��Z[d�d��Z\d�d��Z]d�d��Z^d�d��Z_d�d�d��Z`d�d��Zad�d�d„Zbd�dĄZcd�dƄZddS)��FirewallZonercCs||_i|_i|_dS)N)�_fw�_zones�_zone_policies)�self�fw�r�/usr/lib/python3.6/fw_zone.py�__init__&szFirewallZone.__init__cCsd|j|jfS)Nz%s(%r))�	__class__r)rrrr�__repr__+szFirewallZone.__repr__cCs|jj�|jj�dS)N)r�clearr)rrrr�cleanup.s
zFirewallZone.cleanupcCs
t|j�S)N)rr)rrrr�new_transaction2szFirewallZone.new_transactioncCsdj||d�S)Nzzone_{fromZone}_{toZone})�fromZone�toZone)�format)rr%r&rrr�policy_name_from_zones5sz#FirewallZone.policy_name_from_zonescCst|jj��S)N)�sortedr�keys)rrrr�	get_zones:szFirewallZone.get_zonescCs8g}x.|j�D]"}|j|�s&|j|�r|j|�qW|S)N)r+�list_interfaces�list_sources�append)rZactive_zones�zonerrr�get_active_zones=s
zFirewallZone.get_active_zonescCs6|j|�}x&|jD]}||j|jdkr|SqWdS)N�
interfaces)�_FirewallZone__interface_idr�settings)r�	interface�interface_idr/rrr�get_zone_of_interfaceDs

z"FirewallZone.get_zone_of_interfacecCs6|j|�}x&|jD]}||j|jdkr|SqWdS)N�sources)�_FirewallZone__source_idrr3)r�source�	source_idr/rrr�get_zone_of_sourceLs

zFirewallZone.get_zone_of_sourcecCs|jj|�}|j|S)N)r�
check_zoner)rr/�zrrr�get_zoneTszFirewallZone.get_zonecCsBt�}|j|_|j||�|_|j|_|j|_|g|_|g|_�x�dD�]�}||jkr~|d	kr~|dkr~t	||t
jt||���qD|d
kr�||jkr�|d
kr�t	||t
jt||���qD||jko�|d
ko�|dk�r�t	||t
jt||���qD|dkrDg|_
xB|j
D]8}|j||�}||j|j|�k�r�|j
jt
j|���q�WqDW|S)N�services�ports�
masquerade�
forward_ports�source_ports�icmp_blocks�rules�	protocols�HOST�ANY)r?r@rArBrCrDrErF)r?r@rCrDrF)rA)rDrB)rE)r�nameZderived_from_zoner(�ZONE_POLICY_PRIORITYZpriority�targetZ
ingress_zonesZegress_zones�setattr�copy�deepcopy�getattrrE�_rich_rule_to_policiesr.)r�z_objr%r&�p_objZsetting�ruleZcurrent_policyrrr�policy_obj_from_zone_objXs6

z%FirewallZone.policy_obj_from_zone_objcCs�dd�d	D�|_||j|j<g|j|j<xX|jdfd|jf|jdfgD]8\}}|j|||�}|jjj|�|j|jj|j�qFW|j	|j�dS)
NcSsi|]}t�|�qSr)r)�.0�xrrr�
<dictcomp>sz)FirewallZone.add_zone.<locals>.<dictcomp>r1r7�icmp_block_inversion�forwardrGrH)r1r7rXrY)
r3rrIrrTr�policyZ
add_policyr.�copy_permanent_to_runtime)r�objr%r&rRrrr�add_zone~s

zFirewallZone.add_zonecCsn|j|}x|jD]}|j||dd�qWx|jD]}|j||dd�q2W|jrZ|j|�|jrj|j|�dS)NF)�allow_apply)	rr1�
add_interfacer7�
add_sourcerY�add_forwardrX�add_icmp_block_inversion)rr/r\�argrrrr[�s

z&FirewallZone.copy_permanent_to_runtimecCs8|j|}|jr|j|�|jj�|j|=|j|=dS)N)r�applied�unapply_zone_settingsr3r"r)rr/r\rrr�remove_zone�s


zFirewallZone.remove_zoneNcCsVxP|j�D]D}|j|}t|j�dks4t|j�dkr
tjd|�|j||d�q
WdS)NrzApplying zone '%s')�use_transaction)r+r�lenr1r7r�debug1�apply_zone_settings)rrgr/rQrrr�apply_zones�s

zFirewallZone.apply_zonescCs|j|}||_dS)N)rrd)rr/rdr\rrr�set_zone_applied�s
zFirewallZone.set_zone_appliedcCs�d|krdS|jd�}t|�dkr&dSd}x tD]}|dt|kr0|}q0W|dk	r�|d|j�krhdSt|�dks�t|�dkr�|ddkr�|d|fSdS)N�_�r���prer�deny�allow�post)rqrrrrsrt)�splitrhrr+)r�chainZsplits�_chainrVrrr�zone_from_chain�s 

zFirewallZone.zone_from_chaincCst|j|�}|dkrdS|\}}|d	kr0|}d}n4|d
krB|}d}n"|dkrTd}|}nttjd|��|j||�|fS)N�
PREROUTING�
FORWARD_INrH�INPUTrG�POSTROUTING�FORWARD_OUTz&chain '%s' can't be mapped to a policy)ryrz)r{)r|r})rxrrZ
INVALID_CHAINr()rrvrVr/rwr%r&rrr�policy_from_chain�s
zFirewallZone.policy_from_chainc	Csj|dkrf|j|�}|dk	rf|j|�\}}|dkr:|j�}n|}|jjj|d|||�|dkrf|jd�dS)N�ipv4�ipv6T)rr�)r~r$rrZZgen_chain_rules�execute)	r�ipv�tablervrgrVrZrw�transactionrrr�create_zone_base_by_chain�s

z&FirewallZone.create_zone_base_by_chaincCstj�||d�}|S)N)Zdate�sender�timeout)�time)rr�r��retrrrZ__gen_settings�szFirewallZone.__gen_settingscCs|j|�jS)N)r>r3)rr/rrr�get_settings�szFirewallZone.get_settingscCs�|j|�}x�|D]z}xt||D]h}|dkr<|j||||�q|dkr`|j|||d|d|�q|dkrlqq|dkrvqtjd|||�qWqW|r�|j|||�dS)Nr1r7rrorXrYz3Zone '%s': Unknown setting '%s:%s', unable to apply)r��
_interface�_sourcerZwarning�_icmp_block_inversion)r�enabler/r�r3�key�argsrrr�_zone_settingss

zFirewallZone._zone_settingscCs�|jj|�}|j|}|jr dSd|_|dkr8|j�}n|}x2|j|D]$}tjd||�|jjj	||d�qHW|j
d||�|dkr�|jd�dS)NTz+Applying policy (%s) derived from zone '%s')rg)rr<rrdr$rrrirZ�apply_policy_settingsr�r�)rr/rg�_zoner\r�rZrrrrjs

z FirewallZone.apply_zone_settingscCs�|jj|�}|j|}|js dS|dkr2|j�}n|}x$|j|D]}|jjj||d�qBW|jd||�|dkr||j	d�dS)N)rgFT)
rr<rrdr$rrZ�unapply_policy_settingsr�r�)rr/rgr�r\r�rZrrrre,s

z"FirewallZone.unapply_zone_settingscCs~|j|�}|j|�}g}x\td�D]P}|j|d|krZ|jtjt||j|d���q"|j||j|d�q"Wt|�S)zH
        :return: exported config updated with runtime settings
        �r)	r>�get_config_with_settings_dict�rangeZIMPORT_EXPORT_STRUCTUREr.rMrNrO�tuple)rr/r\Z	conf_dictZ	conf_list�irrr�get_config_with_settings?s

"z%FirewallZone.get_config_with_settingsc
Cs�|j|�j�}|dtkr"d|d<|j|�|j|�|j|�|j|�|j|�|j|�|j	|�|j
|�|j|�|j|�|j
|�|j|�d�}|jj||�S)zH
        :return: exported config updated with runtime settings
        rK�default)r?r@rDrArBr1r7�	rules_strrFrCrXrY)r>Zexport_config_dictr�
list_services�
list_ports�list_icmp_blocks�query_masquerade�list_forward_portsr,r-�
list_rules�list_protocols�list_source_ports�query_icmp_block_inversion�
query_forwardrZ'combine_runtime_with_permanent_settings)rr/Z	permanentZruntimerrrr�Os z*FirewallZone.get_config_with_settings_dictc
sddlm�d��fdd�	}��fdd�}�j�jf�j�jf�j�jf�j�j	f�j
�jf�j�j
f�j�jf||f�j�jf�j�jf�j�jf�j�jfd�}�j|�}�jj||�\}}	xv|	D]n}
t|	|
t��r$xX|	|
D]:}t|t��r||
d|f|��q�||
d||�q�Wq�||
d|�q�Wx�|D]�}
t||
t��r�x�||
D]l}|
dk�r�||
d|||d�nDt|t��r�||
d|f|�d|d��n||
d||d|d��q\Wn6|
dk�r�||
d||d�n||
d|d|d��q>WdS)Nr)�	Rich_Rulecs�j|�|d�d|d�dS)N)�rule_strr)r�r�)�add_rule)r/r�r�r�)r�rrr�add_rule_wrapperhszDFirewallZone.set_config_with_settings_dict.<locals>.add_rule_wrappercs�j|�|d��dS)N)r�)�remove_rule)r/r�)r�rrr�remove_rule_wrapperjszGFirewallZone.set_config_with_settings_dict.<locals>.remove_rule_wrapper)r?r@rDrArBr1r7r�rFrCrXrYror1r7)r�)r�r�rX)rN)r1r7)rX)�firewall.core.richr��add_service�remove_service�add_port�remove_port�add_icmp_block�remove_icmp_block�add_masquerade�remove_masquerade�add_forward_port�remove_forward_portr_�remove_interfacer`�
remove_source�add_protocol�remove_protocol�add_source_port�remove_source_portrb�remove_icmp_block_inversionra�remove_forwardr�rZget_added_and_removed_settings�
isinstance�listr�)rr/r3r�r�r�Z
setting_to_fnZold_settingsZadd_settingsZremove_settingsr�r�r)r�rr�set_config_with_settings_dictesF













  
z*FirewallZone.set_config_with_settings_dictcCs|jj|�dS)N)r�check_interface)rr4rrrr��szFirewallZone.check_interfacecCs\|jj|�}|j|}|j|�}||jdkrX|jd|}d|krX|ddk	rX|dSdS)Nr1r�)rr<rr2r3)rr/r4r��_objr5r3rrr�interface_get_sender�s

z!FirewallZone.interface_get_sendercCs|j|�|S)N)r�)rr4rrrZ__interface_id�s
zFirewallZone.__interface_idTc
Cs|jj�|jj|�}|j|}|j|�}||jdkrLttjd||f��|j	|�dk	rjttj
d|��tjd||f�|dkr�|j
�}	n|}	|jr�|r�|j||	d�|	j|j|d�|r�|jd|||	�|j||||�|	j|j||�|dk�r|	jd�|S)Nr1z'%s' already bound to '%s'z'%s' already bound to a zonez&Setting zone of interface '%s' to '%s')rgFT)r�check_panicr<rr2r3rr�ZONE_ALREADY_SETr6�
ZONE_CONFLICTrrir$rdrj�add_failrlr��!_FirewallZone__register_interface�#_FirewallZone__unregister_interfacer�)
rr/r4r�rgr^r�r�r5r�rrrr_�s8









zFirewallZone.add_interfacecCs6|jd|�|jd|<|p"|dk|jd|d<dS)Nrr1��__default__)�_FirewallZone__gen_settingsr3)rr�r5r/r�rrrZ__register_interface�sz!FirewallZone.__register_interfacecCsR|jj�|j|�}|jj|�}||kr,|S|dk	r@|j||�|j|||�}|S)N)rr�r6r<r�r_)rr/r4r��	_old_zone�	_new_zoner�rrr�change_zone_of_interface�s

z%FirewallZone.change_zone_of_interfacecCsz|jj�|dkr|j�}n|}|j||�|jd|d|dd�|dk	rd|dkrd|jd|d|dd�|dkrv|jd�dS)NT�+)r.r�F)rr�r$rjr�r�)rZold_zoneZnew_zonergr�rrr�change_default_zone�s

z FirewallZone.change_default_zonec	Cs�|jj�|j|�}|dkr,ttjd|��|dkr8|n
|jj|�}||krbttjd|||f��|dkrt|j�}n|}|j	|}|j
|�}|j|j||�|j
d|||�|dkr�|jd�|S)Nz'%s' is not in any zoner�z"remove_interface(%s, %s): zoi='%s'FT)rr�r6rrZUNKNOWN_INTERFACEr<r�r$rr2�add_postr�r�r�)	rr/r4rgZzoir�r�r�r5rrrr��s(






zFirewallZone.remove_interfacecCs||jdkr|jd|=dS)Nr1)r3)rr�r5rrrZ__unregister_interfacesz#FirewallZone.__unregister_interfacecCs|j|�|j|�dkS)Nr1)r2r�)rr/r4rrr�query_interfaceszFirewallZone.query_interfacecCs|j|�dj�S)Nr1)r�r*)rr/rrrr,"szFirewallZone.list_interfacesFcCsxt|�rdSt|�rdSt|�r$dS|jd�rh|j|dd��|rV|j|dd��|j|dd��Sttj	|��dS)Nrr�r�zipset:�)
rrr�
startswith�_check_ipset_type_for_source�_check_ipset_applied�
_ipset_familyrrZINVALID_ADDR)rr9rdrrr�check_source's
zFirewallZone.check_sourcecCs|j||d�}||fS)N)rd)r�)rr9rdr�rrrZ__source_id6szFirewallZone.__source_idc
Cs|jj�|jj|�}|j|}t|�r0|j�}|j||d�}||jdkr`tt	j
d||f��|j|�dk	r~tt	jd|��|dkr�|j
�}	n|}	|jr�|r�|j||	d�|	j|j|d�|r�|jd||d|d	|	�|j||||�|	j|j||�|dk�r|	jd�|S)
N)rdr7z'%s' already bound to '%s'z'%s' already bound to a zone)rgFTrro)rr�r<rr�upperr8r3rrr�r;r�r$rdrjr�rlr��_FirewallZone__register_source� _FirewallZone__unregister_sourcer�)
rr/r9r�rgr^r�r�r:r�rrrr`:s4





zFirewallZone.add_sourcecCs6|jd|�|jd|<|p"|dk|jd|d<dS)Nrr7r�r�)r�r3)rr�r:r/r�rrrZ__register_sourceaszFirewallZone.__register_sourcecCsb|jj�|j|�}|jj|�}||kr,|St|�r<|j�}|dk	rP|j||�|j|||�}|S)N)rr�r;r<rr�r�r`)rr/r9r�r�r�r�rrr�change_zone_of_sourcegs

z"FirewallZone.change_zone_of_sourcec	Cs�|jj�t|�r|j�}|j|�}|dkr<ttjd|��|dkrH|n
|jj|�}||krrttj	d|||f��|dkr�|j
�}n|}|j|}|j|�}|j
|j||�|jd||d|d|�|dkr�|jd�|S)Nz'%s' is not in any zoner�zremove_source(%s, %s): zos='%s'FrroT)rr�rr�r;rrZUNKNOWN_SOURCEr<r�r$rr8r�r�r�r�)	rr/r9rgZzosr�r�r�r:rrrr�ys,






zFirewallZone.remove_sourcecCs||jdkr|jd|=dS)Nr7)r3)rr�r:rrrZ__unregister_source�sz FirewallZone.__unregister_sourcecCs(t|�r|j�}|j|�|j|�dkS)Nr7)rr�r8r�)rr/r9rrr�query_source�szFirewallZone.query_sourcecCsdd�|j|�dj�D�S)NcSsg|]}|d�qS)ror)rU�krrr�
<listcomp>�sz-FirewallZone.list_sources.<locals>.<listcomp>r7)r�r*)rr/rrrr-�szFirewallZone.list_sourcescs�x��jj�D]�}|jsqxP�j|D]B}x<�jjj|�D]*\}}	|j||||||	|�}
|j||
�q8Wq$W�j|d�}�j	|�dr|d
kr|j
|||d|d�}
|j||
�qWxΈjjj�D]�}|�jjj|�kr�|�jjj
|�kr�q�|�jjj�k�rd�jjj|�j�rd|�r<t�j|��dk�r<�jjj||d�n&�jjjd	||�|j�fd
d�|�q�|r�|j�fdd�|�q�WdS)NrHrYr��*�filter)r4ro)rgFcs |�jjj�ko�jjjd|�S)NT)rrZ�)get_active_policies_not_derived_from_zone�!_ingress_egress_zones_transaction)�p)rrr�<lambda>�sz)FirewallZone._interface.<locals>.<lambda>cs|�jjj�ko�jjj|�S)N)rrZr�r�)r�)rrrr��s)r�r�)r�enabled_backends�policies_supportedrrZ�#_get_table_chains_for_zone_dispatchZ!build_zone_source_interface_rules�	add_rulesr(r��build_zone_forward_rules�"get_policies_not_derived_from_zone�list_ingress_zones�list_egress_zonesr��
get_policyrdrhr,r��_ingress_egress_zonesr�)rr�r/r4r�r.�backendrZr�rvrEr)rrr��s2$zFirewallZone._interfacecCs$|j|�dkrdS|jjj|dd�S)Nzhash:macF)rd)�_ipset_typer�ipsetZ
get_family)rrIrrrr��szFirewallZone._ipset_familycCs|jjj|dd�S)NF)rd)rr�Zget_type)rrIrrrr��szFirewallZone._ipset_typecCsdj|g|jjj|��S)N�,)�joinrr�Z
get_dimension)rrI�flagrrr�_ipset_match_flags�szFirewallZone._ipset_match_flagscCs|jjj|�S)N)rr�Z
check_applied)rrIrrrr��sz!FirewallZone._check_ipset_appliedcCs*|j|�}|tkr&ttjd||f��dS)Nz.ipset '%s' with type '%s' not usable as source)r�rrrZ
INVALID_IPSET)rrIZ_typerrrr��s
z)FirewallZone._check_ipset_type_for_sourcec
s�x�|r�jj|�gn�jj�D]�}|js*qxN�j|D]@}x:�jjj|�D](\}}	|j||||||	�}
|j||
�qJWq6W�j	|d�}�j
|�dr|j|||d|d�}
|j||
�qWxΈjjj�D]�}|�jjj
|�kr�|�jjj|�kr�q�|�jjj�k�rl�jjj|�j�rl|�rDt�j|��dk�rD�jjj||d�n&�jjjd||�|j�fdd	�|�q�|r�|j�fd
d	�|�q�WdS)NrHrYr�)r9ro)rgFcs |�jjj�ko�jjjd|�S)NT)rrZr�r�)r�)rrrr�sz&FirewallZone._source.<locals>.<lambda>cs|�jjj�ko�jjj|�S)N)rrZr�r�)r�)rrrr�
s)r�get_backend_by_ipvr�r�rrZr�Zbuild_zone_source_address_rulesr�r(r�r�r�r�r�r�r�rdrhr-r�r�r�)rr�r/r�r9r�r�rZr�rvrEr)rrr��s2"$zFirewallZone._sourcecCs0|jj|�}|j|d�}|jjj||||�|S)NrG)rr<r(rZr�)rr/�servicer�r��p_namerrrr�
szFirewallZone.add_servicecCs,|jj|�}|j|d�}|jjj||�|S)NrG)rr<r(rZr�)rr/r�r�rrrr�szFirewallZone.remove_servicecCs(|jj|�}|j|d�}|jjj||�S)NrG)rr<r(rZ�
query_service)rr/r�r�rrrr�szFirewallZone.query_servicecCs&|jj|�}|j|d�}|jjj|�S)NrG)rr<r(rZr�)rr/r�rrrr�szFirewallZone.list_servicescCs2|jj|�}|j|d�}|jjj|||||�|S)NrG)rr<r(rZr�)rr/�port�protocolr�r�r�rrrr�#szFirewallZone.add_portcCs.|jj|�}|j|d�}|jjj|||�|S)NrG)rr<r(rZr�)rr/r�r�r�rrrr�)szFirewallZone.remove_portcCs*|jj|�}|j|d�}|jjj|||�S)NrG)rr<r(rZ�
query_port)rr/r�r�r�rrrr/szFirewallZone.query_portcCs&|jj|�}|j|d�}|jjj|�S)NrG)rr<r(rZr�)rr/r�rrrr�4szFirewallZone.list_portscCs2|jj|�}|j|d�}|jjj|||||�|S)NrG)rr<r(rZr�)rr/�source_portr�r�r�r�rrrr�9szFirewallZone.add_source_portcCs.|jj|�}|j|d�}|jjj|||�|S)NrG)rr<r(rZr�)rr/rr�r�rrrr�?szFirewallZone.remove_source_portcCs*|jj|�}|j|d�}|jjj|||�S)NrG)rr<r(rZ�query_source_port)rr/rr�r�rrrrEszFirewallZone.query_source_portcCs&|jj|�}|j|d�}|jjj|�S)NrG)rr<r(rZr�)rr/r�rrrr�JszFirewallZone.list_source_portscCs�|jj|�}t|j�tkr(|j|d�gSt|j�ttt	t
gkrL|j|d�gSt|j�ttgkrv|j|d�|j|d�gSt|j�t
gkr�|j|d�gSt|j�tgkr�|jd|�gS|jdkr�|j|d�gStdt|j���dS)NrHrGz Rich rule type (%s) not handled.)rr<�type�actionrr(�elementrr	r
rr
rrrr)rr/rSrrrrPOs 

z#FirewallZone._rich_rule_to_policiescCs.x(|j||�D]}|jjj||||�qW|S)N)rPrrZr�)rr/rSr�r�r�rrrr�bszFirewallZone.add_rulecCs*x$|j||�D]}|jjj||�qW|S)N)rPrrZr�)rr/rSr�rrrr�gszFirewallZone.remove_rulecCs2d}x(|j||�D]}|o(|jjj||�}qW|S)NT)rPrrZ�
query_rule)rr/rSr�r�rrrrlszFirewallZone.query_rulecCs^|jj|�}t�}xB|j|d�|j|d�|jd|�gD]}|jt|jjj|���q6Wt|�S)NrHrG)rr<�setr(�updaterZr�r�)rr/r�r�rrrr�rs
zFirewallZone.list_rulescCs0|jj|�}|j|d�}|jjj||||�|S)NrG)rr<r(rZr�)rr/r�r�r�r�rrrr�{szFirewallZone.add_protocolcCs,|jj|�}|j|d�}|jjj||�|S)NrG)rr<r(rZr�)rr/r�r�rrrr��szFirewallZone.remove_protocolcCs(|jj|�}|j|d�}|jjj||�S)NrG)rr<r(rZ�query_protocol)rr/r�r�rrrr	�szFirewallZone.query_protocolcCs&|jj|�}|j|d�}|jjj|�S)NrG)rr<r(rZr�)rr/r�rrrr��szFirewallZone.list_protocolscCs.|jj|�}|jd|�}|jjj|||�|S)NrH)rr<r(rZr�)rr/r�r�r�rrrr��szFirewallZone.add_masqueradecCs*|jj|�}|jd|�}|jjj|�|S)NrH)rr<r(rZr�)rr/r�rrrr��szFirewallZone.remove_masqueradecCs&|jj|�}|jd|�}|jjj|�S)NrH)rr<r(rZr�)rr/r�rrrr��szFirewallZone.query_masqueradec	Cs6|jj|�}|j|d�}|jjj|||||||�|S)NrH)rr<r(rZr�)	rr/r�r��toport�toaddrr�r�r�rrrr��s
zFirewallZone.add_forward_portcCs2|jj|�}|j|d�}|jjj|||||�|S)NrH)rr<r(rZr�)rr/r�r�r
rr�rrrr��sz FirewallZone.remove_forward_portcCs.|jj|�}|j|d�}|jjj|||||�S)NrH)rr<r(rZ�query_forward_port)rr/r�r�r
rr�rrrr�szFirewallZone.query_forward_portcCs&|jj|�}|j|d�}|jjj|�S)NrH)rr<r(rZr�)rr/r�rrrr��szFirewallZone.list_forward_portscCsP|jj|�}|j|d�}|jjj||||�|j|d�}|jjj||||�|S)NrGrH)rr<r(rZr�)rr/�icmpr�r�r�rrrr��szFirewallZone.add_icmp_blockcCsH|jj|�}|j|d�}|jjj||�|j|d�}|jjj||�|S)NrGrH)rr<r(rZr�)rr/r
r�rrrr��szFirewallZone.remove_icmp_blockcCsD|jj|�}|j|d�}|j|d�}|jjj||�oB|jjj||�S)NrGrH)rr<r(rZ�query_icmp_block)rr/r
�p_name_host�
p_name_fwdrrrr�s
zFirewallZone.query_icmp_blockcCsH|jj|�}|j|d�}|j|d�}tt|jjj|�|jjj|���S)NrGrH)rr<r(r)rrZr�)rr/rrrrrr��s
zFirewallZone.list_icmp_blockscCsH|jj|�}|j|d�}|jjj||�|j|d�}|jjj||�|S)NrGrH)rr<r(rZrb)rr/r�r�rrrrb�sz%FirewallZone.add_icmp_block_inversioncCsL|jj|�}|j|d�}|jjj|||�|j|d�}|jjj|||�dS)NrGrH)rr<r(rZr�)rr�r/r�r�rrrr��s
z"FirewallZone._icmp_block_inversioncCsD|jj|�}|j|d�}|jjj|�|j|d�}|jjj|�|S)NrGrH)rr<r(rZr�)rr/r�rrrr��sz(FirewallZone.remove_icmp_block_inversioncCs@|jj|�}|j|d�}|j|d�}|jjj|�o>|jjj|�S)NrGrH)rr<r(rZr�)rr/rrrrrr��s
z'FirewallZone.query_icmp_block_inversionc
	Cs�|j|d�}xT|j|jdD]@}x:|jj�D],}|js:q.|j|||d|d�}|j||�q.WqWxj|j|jdD]V\}}	xL|r�|jj|�gn|jj�D],}|js�q�|j|||d|	d�}|j||�q�WqtWdS)NrHr1r�)r4r7)r9)	r(rr3rr�r�r�r�r�)
rr�r/r�r�r4r�rEr�r9rrr�_forward�s"zFirewallZone._forwardcCsdS)NTr)rrrrZ__forward_idszFirewallZone.__forward_idc	Cs�|jj|�}|jj|�|jj�|j|}|j�}||jdkrRttj	d|��|dkrd|j
�}n|}|jr||jd||�|j
||||�|j|j||�|dkr�|jd�|S)NrYzforward already enabled in '%s'T)rr<Z
check_timeoutr�r�_FirewallZone__forward_idr3rrZALREADY_ENABLEDr$rdr�_FirewallZone__register_forwardr��!_FirewallZone__unregister_forwardr�)	rr/r�r�rgr�r��
forward_idr�rrrras$




zFirewallZone.add_forwardcCs|j||�|jd|<dS)NrY)r�r3)rr�rr�r�rrrZ__register_forward.szFirewallZone.__register_forwardcCs�|jj|�}|jj�|j|}|j�}||jdkrFttjd|��|dkrX|j	�}n|}|j
rp|jd||�|j|j
||�|dkr�|jd�|S)NrYzforward not enabled in '%s'FT)rr<r�rrr3rrZNOT_ENABLEDr$rdrr�rr�)rr/rgr�r�rr�rrrr�2s 




zFirewallZone.remove_forwardcCs||jdkr|jd|=dS)NrY)r3)rr�rrrrZ__unregister_forwardKsz!FirewallZone.__unregister_forwardcCs|j�|j|�dkS)NrY)rr�)rr/rrrr�OszFirewallZone.query_forward)N)N)N)N)NNT)N)N)N)F)F)NNT)N)N)F)rN)rN)rN)rN)rN)rN)NNrN)NN)NN)rN)N)rNN)N)e�__name__�
__module__�__qualname__rJrr!r#r$r(r+r0r6r;r>rTr]r[rfrkrlrxr~r�r�r�r�rjrer�r�r�r�r�r2r_r�r�r�r�r�r�r,r�r8r`r�r�r�r�r�r-r�r�r�r�r�r�r�r�r�r�r�r�r�rr�r�r�rr�rPr�r�rr�r�r�r	r�r�r�r�r�r�rr�r�r�rr�rbr�r�r�rrrarr�rr�rrrrr#s�&



8
(





&


,(



	





		
		

r)"r�rMZfirewall.core.baserrrZfirewall.core.fw_transactionrZfirewall.core.io.policyrZfirewall.core.loggerrr�rr	r
rrr
rrrZfirewall.functionsrrrZfirewallrZfirewall.errorsrZfirewall.fw_typesr�objectrrrrr�<module>s,
Back to Directory File Manager
<