def get_ftp_rule_by_hostname(self):
rules = list()
port = self._uri.port
if not port:
port = 21
ipaddrs = self.get_ip_from_hostname(self._uri.hostname, None)
if not ipaddrs:
_logger.error('{0}: no ip addresses found from lookup, this is unexpected.'.format(self.get_name()))
return None
for ipaddr in ipaddrs:
_logger.debug(
'{0}: adding rules for: hostname: {1}, ip addr: {2}, ftp ports: {3}, 20, etc'.format(
self.get_name(), self._uri.hostname, ipaddr, port))
# FTP control
rules.append(create_iptables_egress_ingress_rule(ipaddr, port, u'tcp', self._slot_config_access,
transport=ipt.TRANSPORT_AUTO))
# FTP data transfer
rules.append(
create_iptables_egress_rule_dest(ipaddr, 20, u'tcp', self._slot_config_access, u'ESTABLISHED',
transport=ipt.TRANSPORT_AUTO))
rules.append(create_iptables_ingress_rule_source(ipaddr, 20, u'tcp', self._slot_config_access,
u'ESTABLISHED,RELATED', transport=ipt.TRANSPORT_AUTO))
rules.append(create_iptables_egress_rule_dest(ipaddr, None, u'tcp', self._slot_config_access,
u'ESTABLISHED,RELATED', transport=ipt.TRANSPORT_AUTO))
rules.append(
create_iptables_ingress_rule_source(ipaddr, None, u'tcp', self._slot_config_access, u'ESTABLISHED',
transport=ipt.TRANSPORT_AUTO))
return rules
def add_ftp_rule_by_url(self, uri):
"""
Add rules to allow FTP access based on uri value
:param uri: urlparse uri value
:return: rules
"""
# Check to make sure we can add ftp rules.
if self._disable_auto_updates_ftp:
return None
rules = list()
ipaddrs = self.resolve_hostname(uri.hostname, 21)
if ipaddrs:
for ipaddr in ipaddrs:
_logger.debug('{0}: adding ip: {1} from hostname: {2}'.format(
self.get_name(), uri.scheme + '://' + ipaddr, uri.hostname))
# FTP control
rules.append(create_iptables_egress_ingress_rule(ipaddr, 21, 'tcp', self._slot,
transport=ipt.TRANSPORT_AUTO))
# FTP data transfer
rules.append(create_iptables_egress_rule_dest(ipaddr, 20, 'tcp', self._slot, 'ESTABLISHED',
transport=ipt.TRANSPORT_AUTO))
rules.append(
create_iptables_ingress_rule_source(ipaddr, 20, 'tcp', self._slot, 'ESTABLISHED,RELATED',
transport=ipt.TRANSPORT_AUTO))
rules.append(
create_iptables_egress_rule_dest(ipaddr, None, 'tcp', self._slot, 'ESTABLISHED,RELATED',
transport=ipt.TRANSPORT_AUTO))
rules.append(
create_iptables_ingress_rule_source(ipaddr, None, 'tcp', self._slot, 'ESTABLISHED',
transport=ipt.TRANSPORT_AUTO))
return rules
def add_ftp_rule_by_url(self, uri):
"""
Add rules to allow FTP access based on uri value
:param uri: urlparse uri value
:return: rules
"""
# Check to make sure we can add ftp rules.
if self._disable_auto_updates_ftp:
return None
rules = list()
ipaddrs = self.resolve_hostname(uri.hostname, 21)
if ipaddrs:
for ipaddr in ipaddrs:
_logger.debug('{0}: adding ip: {1} from hostname: {2}'.format(
self.get_name(), uri.scheme + '://' + ipaddr,
uri.hostname))
# FTP control
rules.append(
create_iptables_egress_ingress_rule(
ipaddr,
21,
'tcp',
self._slot,
transport=ipt.TRANSPORT_AUTO))
# FTP data transfer
rules.append(
create_iptables_egress_rule_dest(
ipaddr,
20,
'tcp',
self._slot,
'ESTABLISHED',
transport=ipt.TRANSPORT_AUTO))
rules.append(
create_iptables_ingress_rule_source(
ipaddr,
20,
'tcp',
self._slot,
'ESTABLISHED,RELATED',
transport=ipt.TRANSPORT_AUTO))
rules.append(
create_iptables_egress_rule_dest(
ipaddr,
None,
'tcp',
self._slot,
'ESTABLISHED,RELATED',
transport=ipt.TRANSPORT_AUTO))
rules.append(
create_iptables_ingress_rule_source(
ipaddr,
None,
'tcp',
self._slot,
'ESTABLISHED',
transport=ipt.TRANSPORT_AUTO))
return rules
def get_ftp_rule_by_hostname(self):
rules = list()
port = self._uri.port
if not port:
port = 21
ipaddrs = self.get_ip_from_hostname(self._uri.hostname, None)
if not ipaddrs:
_logger.error(
'{0}: no ip addresses found from lookup, this is unexpected.'.
format(self.get_name()))
return None
for ipaddr in ipaddrs:
_logger.debug(
'{0}: adding rules for: hostname: {1}, ip addr: {2}, ftp ports: {3}, 20, etc'
.format(self.get_name(), self._uri.hostname, ipaddr, port))
# FTP control
rules.append(
create_iptables_egress_ingress_rule(
ipaddr,
port,
u'tcp',
self._slot_config_access,
transport=ipt.TRANSPORT_AUTO))
# FTP data transfer
rules.append(
create_iptables_egress_rule_dest(ipaddr,
20,
u'tcp',
self._slot_config_access,
u'ESTABLISHED',
transport=ipt.TRANSPORT_AUTO))
rules.append(
create_iptables_ingress_rule_source(
ipaddr,
20,
u'tcp',
self._slot_config_access,
u'ESTABLISHED,RELATED',
transport=ipt.TRANSPORT_AUTO))
rules.append(
create_iptables_egress_rule_dest(ipaddr,
None,
u'tcp',
self._slot_config_access,
u'ESTABLISHED,RELATED',
transport=ipt.TRANSPORT_AUTO))
rules.append(
create_iptables_ingress_rule_source(
ipaddr,
None,
u'tcp',
self._slot_config_access,
u'ESTABLISHED',
transport=ipt.TRANSPORT_AUTO))
return rules
