Beispiel #1
0
def unfilter_ports(device):
    """Removes from iptables the ports related with gluster on the given device."""

    input_filter = 'gluster-input'
    output_filter = 'gluster-output'

    print "Removing Gluster port filtering..."

    table = Table('filter')

    chains = table.list_chains()

    if input_filter in chains:

        in_rule = Rule(in_interface=device, jump=input_filter)
        try:
            table.delete_rule('INPUT', in_rule)
        except IptablesError:
            pass
        table.flush_chain(input_filter)
        table.delete_chain(input_filter)
    else:
        print "Gluster input ports are not filtered. Ignoring request..."

    if output_filter in chains:

        out_rule = Rule(out_interface=device, jump=output_filter)
        table.delete_rule('OUTPUT', out_rule)
        table.flush_chain(output_filter)
        table.delete_chain(output_filter)
    else:
        print "Gluster output ports are not filtered. Ignoring request..."
Beispiel #2
0
def block_rules():
    nattable = Table('nat')
    filtable = Table('filter')

    filtable.set_policy('INPUT', 'ACCEPT')

    nattable.flush_chain('POSTROUTING')
    filtable.flush_chain('FORWARD')
    filtable.flush_chain('OUTPUT')
    filtable.flush_chain('INPUT')
    #nattable.delete_chain()

    rulessh = Rule(protocol='tcp',
                   matches=[Match('tcp', '--dport 22')],
                   jump='ACCEPT')
    filtable.append_rule('INPUT', rulessh)

    rulecs = Rule(in_interface='wlan0',
                  out_interface='eth0',
                  protocol='udp',
                  matches=[Match('udp', '--dport 32100')],
                  jump='ACCEPT')
    filtable.append_rule('FORWARD', rulecs)

    rulefreturn = Rule(in_interface='eth0',
                       out_interface='wlan0',
                       jump='ACCEPT',
                       matches=[Match('state', '--state RELATED,ESTABLISHED')])
    filtable.append_rule('FORWARD', rulefreturn)

    rule0 = Rule(jump='ACCEPT',
                 matches=[Match('state', '--state RELATED,ESTABLISHED')])
    filtable.append_rule('INPUT', rule0)

    rule1 = Rule(out_interface='eth0', jump='MASQUERADE')
    nattable.append_rule('POSTROUTING', rule1)

    rule2 = Rule(out_interface='wlan0', jump='ACCEPT')
    filtable.append_rule('OUTPUT', rule2)

    rule3 = Rule(out_interface='eth0', jump='ACCEPT')
    filtable.append_rule('OUTPUT', rule3)

    rule4 = Rule(in_interface='wlan0', jump='ACCEPT')
    filtable.append_rule('INPUT', rule4)

    rule5 = Rule(in_interface='lo', jump='ACCEPT')
    filtable.append_rule('INPUT', rule5)

    rule6 = Rule(out_interface='lo', jump='ACCEPT')
    filtable.append_rule('OUTPUT', rule6)

    filtable.set_policy('FORWARD', 'DROP')
    filtable.set_policy('INPUT', 'DROP')
    filtable.set_policy('OUTPUT', 'DROP')