£Á°èZ¨Ä…–K§‚«“ô4“ÒÙ´dîfUÙÃÅ WKbyʦ•êŽ…È®FÒ¿ÊÎóCozá¬S@6{Í:›œêZÌ:Š•_%:¢¾¾~;‘Ã~芩ÊǍí`ÔÑ©ú뙵'5I¿fš×WO%ø9¾«¾DK|€ùÍD”Ýs]nHÕ¶êםӼ㞪éUWŸÈË%DÒÕ¬ï‘]/Åcx ‰ï2ß]ä6G[]S£Ôϯrs{úëóµmÒï#UQxo·õÞCe]"±/aÙ&Eã4ú9Jé_ÞåëdãöKë)AÞ ¯¹ægƒÛowЍø^d™ý½ßB7áyMä9ÜÖUã !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! 3 YjW@sndgZddlmZddlmZddlmZddlmZddlm Z ddl m Z ddl m Z Gd ddeZd S) FirewallDirect)LastUpdatedOrderedDict) ipXtables)ebtables)FirewallTransaction)log)errors) FirewallErrorc@sLeZdZddZddZddZddZd d Zd d Zd dZ ddZ dNddZ ddZ ddZ dOddZddZddZddZd d!ZdPd"d#ZdQd$d%Zd&d'Zd(d)Zd*d+ZdRd,d-ZdSd.d/Zd0d1Zd2d3Zd4d5Zd6d7Zd8d9Zd:d;ZdTdd?Z!d@dAZ"dBdCZ#dDdEZ$dFdGZ%dHdIZ&dJdKZ'dLdMZ(dS)VrcCs||_|jdS)N)_fw_FirewallDirect__init_vars)selffwr/usr/lib/python3.6/fw_direct.py__init__'szFirewallDirect.__init__cCsd|j|j|j|jfS)Nz%s(%r, %r, %r)) __class___chains_rules_rule_priority_positions)r rrr__repr__+szFirewallDirect.__repr__cCs"i|_i|_i|_i|_d|_dS)N)rrr _passthroughs_obj)r rrrZ __init_vars/s zFirewallDirect.__init_varscCs |jdS)N)r )r rrrcleanup6szFirewallDirect.cleanupcCs t|jS)N)rr )r rrrnew_transaction;szFirewallDirect.new_transactioncCs ||_dS)N)r)r objrrrset_permanent_config@sz#FirewallDirect.set_permanent_configcCs*t|jt|jt|jdkr&dSdS)NrTF)lenrrr)r rrrhas_runtime_configurationCs"z(FirewallDirect.has_runtime_configurationcCsB|jr dSt|jjt|jjt|jjdkr>dSdS)NTrF)rrrget_all_chains get_all_rulesget_all_passthroughs)r rrrhas_configurationHs z FirewallDirect.has_configurationNcCsP|dkr|j}n|}|j|jj|jj|jjf||dkrL|jddS)NT)r set_configrrrr execute)r use_transaction transactionrrr apply_directQs   zFirewallDirect.apply_directc Csi}i}i}xL|jD]B}|\}}x4|j|D]&}|jj|||s,|j|gj|q,WqWxf|jD]\}|\}}}xL|j|D]>\} } |jj|||| | s|||krt||<| ||| | f<q|WqbWxP|jD]F}x@|j|D]2} |jj || s||krg||<||j| qWqW|||fS)N) rr query_chain setdefaultappendr query_rulerrquery_passthrough) r ZchainsrulesZ passthroughstable_idipvtablechainchain_idpriorityargsrrrget_runtime_configbs,      z!FirewallDirect.get_runtime_configcCs|j|j|jfS)N)rrr)r rrr get_configszFirewallDirect.get_configcCs|dkr|j}n|}|\}}}x||D]t}|\}} xf||D]Z} |j|| | sr nftables_enabledget_direct_backend_by_ipv our_chainsrZ OUR_CHAINSr rZ BUILTIN_CHAINzoneZzone_from_chainZ INVALID_CHAIN)r r.r/r0Zbuilt_in_chainsrCrrr_check_builtin_chains"     z#FirewallDirect._check_builtin_chaincCsH|r|jj|gj|n*|j|j|t|j|dkrD|j|=dS)Nr)rr(r)remover)r r-r0addrrr_register_chains zFirewallDirect._register_chaincCsV|dkr|j}n|}|jjr.|j|jj|jd|||||dkrR|jddS)NT)rr may_skip_flush_direct_backendsadd_preflush_direct_backends_chainr#)r r.r/r0r$r%rrrr6s  zFirewallDirect.add_chaincCs>|dkr|j}n|}|jd|||||dkr:|jddS)NFT)rrLr#)r r.r/r0r$r%rrr remove_chains  zFirewallDirect.remove_chaincCs:|j|||j|||||f}||jko8||j|kS)N)r@rEr)r r.r/r0r-rrrr's   zFirewallDirect.query_chaincCs,|j||||f}||jkr(|j|SgS)N)r@r)r r.r/r-rrr get_chainss    zFirewallDirect.get_chainscCsDg}x:|jD]0}|\}}x"|j|D]}|j|||fq$Wq W|S)N)rr))r rkeyr.r/r0rrrrs  zFirewallDirect.get_all_chainscCsZ|dkr|j}n|}|jjr.|j|jj|jd|||||||dkrV|jddS)NT)rr rIrJrK_ruler#)r r.r/r0r2r3r$r%rrrr8 s  zFirewallDirect.add_rulecCsB|dkr|j}n|}|jd|||||||dkr>|jddS)NFT)rrQr#)r r.r/r0r2r3r$r%rrr remove_rules  zFirewallDirect.remove_rulecCs2|j|||||f}||jko0||f|j|kS)N)r@r)r r.r/r0r2r3r1rrrr*#s   zFirewallDirect.query_rulecCs6|j|||||f}||jkr2t|j|jSgS)N)r@rlistr?)r r.r/r0r1rrr get_rules)s    zFirewallDirect.get_rulesc CsRg}xH|jD]>}|\}}}x.|j|D] \}}|j||||t|fq&Wq W|S)N)rr)rS)r rOrPr.r/r0r2r3rrrr0s    zFirewallDirect.get_all_rulescCs|rr||jkrt|j|<||j||<||jkrg}x4|jD]*}x$|j|D]}|j|t|fqWq W|S)N)rr)rS)r rOr.r3rrrr {s  z#FirewallDirect.get_all_passthroughscCs4g}||jkr0x |j|D]}|jt|qW|S)N)rr)rS)r r.rOr3rrrget_passthroughss  zFirewallDirect.get_passthroughsc Csg}x|D]}d}x|D]}y|j|}Wntk r>YqXt||krd||dkrd}||djd}x.|D]&} |dd} | | |d<|j| qxWqW|s |j|q W|S)z5Split values combined with commas for options in optsF,TN)index ValueErrorrsplitr)) r r,ZoptsZ out_rulesrYZ processedoptiitemsitemrQrrr split_values$     zFirewallDirect.split_valuec Cs*|j|||jj r2|dkr2|jjj|||||}|jj|} |jj rd| j|||rdd|}n:|jjr|dddkr| j|||ddr|dd}|||f} ||f} |r| |jkr| |j| krtt j d||||fnB| |jks| |j| krtt j d||||f|j| | }d} d } | |j krt |j | j}d }x@|t|kr|||kr| |j | ||7} |d7}qTWt|g}|j|d d g}|j|d d g}x<|D]4}|j| | j|||| t|| d7} | d7} qW|j| | ||| |j|j| | || | dS)Nr;r<z %s_directZ_directz"rule '%s' already is in '%s:%s:%s'zrule '%s' is not in '%s:%s:%s'rdrz-sz--sourcez-dz --destination)r;r<iii)r@r rArDcreate_zone_base_by_chainrBZis_chain_builtinrr rALREADY_ENABLED NOT_ENABLEDrsortedr?rrSrlr8Z build_rulerarXadd_fail)r rVr.r/r0r2r3r%rLbackendr1rUrerWZ positionsjZ args_list_argsrrrrQsZ         (   zFirewallDirect._rulecCs|j|||j|||||f}|rV||jkr||j|krttjd|||fn.||jksn||j|krttjd|||f|jj|}|j ||j ||||j ||||j |j ||| dS)Nz chain '%s' already is in '%s:%s'zchain '%s' is not in '%s:%s') r@rErr rrorpr rBZ add_rulesZbuild_chain_rulesrHrr)r rGr.r/r0r%r-rsrrrrLs$    zFirewallDirect._chainc Cs|j|t|}|rD||jkrp||j|krpttjd||fn,||jks\||j|krpttjd||f|jj|}|r|j ||dkr|j |\}}|r|r|jj j ||||} n |j |} |j|| |j||||j|j||| dS)Nzpassthrough '%s', '%s'r;r<)r;r<)r=rarr rrorpr rBZcheck_passthroughZpassthrough_parse_table_chainrDrnZreverse_passthroughr8r^rr) r rVr.r3r%Z tuple_argsrsr/r0rurrrr_'s0        zFirewallDirect._passthrough)N)N)N)N)N)N)N)N))__name__ __module__ __qualname__rrr rrrrr!r&r4r5r"r=r@rErHr6rMr'rNrr8rRr*rTrrXr]r^r9r`r+r rbrlrQrLr_rrrrr&sL  '       jN)__all__Zfirewall.fw_typesrZ firewall.corerrZfirewall.core.fw_transactionrZfirewall.core.loggerrZfirewallrZfirewall.errorsr objectrrrrrs