def unfilter_ports(device):
"""Removes from iptables the ports related with gluster on the given device."""
input_filter = 'gluster-input'
output_filter = 'gluster-output'
print "Removing Gluster port filtering..."
table = Table('filter')
chains = table.list_chains()
if input_filter in chains:
in_rule = Rule(in_interface=device, jump=input_filter)
try:
table.delete_rule('INPUT', in_rule)
except IptablesError:
pass
table.flush_chain(input_filter)
table.delete_chain(input_filter)
else:
print "Gluster input ports are not filtered. Ignoring request..."
if output_filter in chains:
out_rule = Rule(out_interface=device, jump=output_filter)
table.delete_rule('OUTPUT', out_rule)
table.flush_chain(output_filter)
table.delete_chain(output_filter)
else:
print "Gluster output ports are not filtered. Ignoring request..."
def filter_ports(device, ports):
"""Adds to iptables the ports to filter for the given device."""
input_filter = 'gluster-input'
output_filter = 'gluster-output'
table = Table('filter')
if input_filter in table.list_chains():
print "Gluster ports are already filtered out. Ignoring request..."
return
# Create and prepare the chains that will hold gluster rules.
table.create_chain(input_filter)
in_rule = Rule(
in_interface=device,
jump=input_filter)
table.append_rule('INPUT', in_rule)
table.create_chain(output_filter)
out_rule = Rule(
out_interface=device,
jump=output_filter)
table.append_rule('OUTPUT', out_rule)
# Now we actually do the filtering.
for protocol in ports['input'].keys():
for port in ports['input'][protocol]:
in_rule = Rule(
in_interface=device,
protocol=protocol,
matches=[Match(protocol, '--dport %s' % port)],
jump='DROP')
print "Filtering port %s from INPUT on device %s..." % (port, device)
table.append_rule(input_filter, in_rule)
for protocol in ports['output'].keys():
for port in ports['output'][protocol]:
out_rule = Rule(
out_interface=device,
protocol=protocol,
matches=[Match(protocol, '--dport %s' % port)],
jump='DROP')
print "Filtering port %s from OUTPUT on device %s..." % (port, device)
table.append_rule(output_filter, out_rule)
def get(self, request):
try:
from netfilter.table import Table
table = Table('raw')
print(table.list_chains())
except netfilter.table.IptablesError as e:
return ('error', {
'title':
'IPTables',
'error':
'Unable to initialize IPTables. Do you need to insmod?',
'fixes': [{
'text':
'IPTables must be inserted as a module into the linux kernel.',
'command': 'modprobe ip_tables'
}, {
'text': 'Update your installed packages.',
'command': 'yum -y update'
}, {
'text': 'Update your kernel. Then, restart your system.',
'command': 'yum -y update kernel'
}]
})
return ('overview.html')
if debug_option:
option.display()
print "debug cleanup ", debug_cleanup
print "debug database", debug_database
print "+" * 80
if debug_cleanup:
cleanup_time = 5
else:
cleanup_time = 60
# setup/check of netfilter
try:
_table = Table(option['table'])
if option['chain'] not in _table.list_chains():
print 'can not find the chain name provided:', option['chain']
sys.exit(1)
except IptablesError, e:
print 'can not find the table specified:', option['table']
sys.exit(1)
# connection to database
from scavenger.tools.database.connection import Connection
class Database(object):
_create = """
create table if not exists tracking
(
if debug_option: option.display() print "debug cleanup ", debug_cleanup print "debug database", debug_database print "+"*80 if debug_cleanup: cleanup_time=5 else: cleanup_time=60 # setup/check of netfilter try: _table = Table(option['table']) if option['chain'] not in _table.list_chains(): print 'can not find the chain name provided:', option['chain'] sys.exit(1) except IptablesError,e: print 'can not find the table specified:', option['table'] sys.exit(1) # connection to database from scavenger.tools.database.connection import Connection class Database (object): _create = """ create table if not exists tracking ( start integer,
