forked from fabtools/fabtools
-
Notifications
You must be signed in to change notification settings - Fork 0
/
shorewall.py
111 lines (78 loc) · 2.41 KB
/
shorewall.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
"""
Shorewall firewall
==================
"""
from socket import gethostbyname
import re
from fabric.api import hide, settings
from fabtools.utils import run_as_root
def status():
"""
Get the firewall status.
"""
with settings(hide('running', 'stdout', 'warnings'), warn_only=True):
res = run_as_root('shorewall status')
return re.search(r'\nShorewall is (\w+)', res).group(1)
def is_started():
"""
Check if the firewall is started.
"""
return status() == 'running'
def is_stopped():
"""
Check if the firewall is stopped.
"""
return status() == 'stopped'
def hosts(hostnames, zone='net'):
"""
Builds a host list suitable for use in a firewall rule.
"""
addresses = [gethostbyname(name) for name in hostnames]
return "%s:%s" % (zone, ','.join(addresses))
def rule(port, action='ACCEPT', source='net', dest='$FW', proto='tcp'):
"""
Helper to build a firewall rule.
Examples::
from fabtools.shorewall import rule
# Rule to accept connections from example.com on port 1234
r1 = rule(port=1234, source=hosts(['example.com']))
# Rule to reject outgoing SMTP connections
r2 = rule(port=25, action='REJECT', source='$FW', dest='net')
"""
return {
'action': action,
'source': source,
'dest': dest,
'proto': proto,
'dest_port': port,
}
def Ping(**kwargs):
"""
Helper to build a firewall rule for ICMP pings.
Extra args will be passed to :py:func:`~fabtools.shorewall.rule`.
"""
return rule(port=8, proto='icmp', **kwargs)
def SSH(port=22, **kwargs):
"""
Helper to build a firewall rule for SSH connections
Extra args will be passed to :py:func:`~fabtools.shorewall.rule`.
"""
return rule(port, **kwargs)
def HTTP(port=80, **kwargs):
"""
Helper to build a firewall rule for HTTP connections
Extra args will be passed to :py:func:`~fabtools.shorewall.rule`.
"""
return rule(port, **kwargs)
def HTTPS(port=443, **kwargs):
"""
Helper to build a firewall rule for HTTPS connections
Extra args will be passed to :py:func:`~fabtools.shorewall.rule`.
"""
return rule(port, **kwargs)
def SMTP(port=25, **kwargs):
"""
Helper to build a firewall rule for SMTP connections
Extra args will be passed to :py:func:`~fabtools.shorewall.rule`.
"""
return rule(port, **kwargs)