def on_deleted(path):
"""Invoked when a network rule is deleted."""
# Edge case, if the directory where the rules are kept gets removed,
# abort
if path == rulemgr.path:
_LOGGER.critical('Network rules directory was removed: %r',
path)
utils.sys_exit(1)
# The rule is the filename
rule_file = os.path.basename(path)
_LOGGER.info('Removing %r', rule_file)
chain_rule = rulemgr.get_rule(rule_file)
if chain_rule is not None:
chain, rule = chain_rule
iptables.delete_rule(rule, chain=chain)
if isinstance(rule, fw.PassThroughRule):
if passthrough[rule.src_ip] == 1:
# Remove the IPs from the passthrough set
passthrough.pop(rule.src_ip)
_LOGGER.info('Removing passthrough %r', rule.src_ip)
iptables.rm_ip_set(iptables.SET_PASSTHROUGHS, rule.src_ip)
iptables.flush_pt_conntrack_table(rule.src_ip)
else:
passthrough[rule.src_ip] -= 1
else:
_LOGGER.warning('Ignoring unparseable file %r', rule_file)
def test_delete_rule(self):
"""Test generic removal of a rule"""
dnat_rule = self.dnat_rules.pop()
passthrough_rule = self.passthrough_rules.pop()
iptables.delete_rule(dnat_rule, chain='TEST_CHAIN')
self.assertEquals(
0, treadmill.iptables.delete_passthrough_rule.call_count
)
treadmill.iptables.delete_dnat_rule.assert_called_with(
dnat_rule,
chain='TEST_CHAIN'
)
treadmill.iptables.delete_passthrough_rule.reset_mock()
treadmill.iptables.delete_dnat_rule.reset_mock()
iptables.delete_rule(passthrough_rule, chain='TEST_CHAIN')
treadmill.iptables.delete_passthrough_rule.assert_called_with(
passthrough_rule,
chain='TEST_CHAIN'
)
self.assertEquals(
0, treadmill.iptables.delete_dnat_rule.call_count
)