def process(self): (opts, args) = getopts() chkopts(opts) self.up_progress(10) kit = KaresansuiIpTables() try: kit.firewall_xml__to__iptables_config() self.up_progress(10) except: self.logger.error("Cannot write '%s'." % (kit.iptables_conf_file)) raise self.up_progress(10) if opts.action is not None: try: exec("func = kit.%s" % opts.action) self.up_progress(10) ret = func() if ret != 0: return False self.up_progress(30) except: self.logger.error("Unknown action '%s'." % (opts.action)) raise return True
def process(self): (opts, args) = getopts() chkopts(opts) self.up_progress(10) kit = KaresansuiIpTables() try: kit.firewall_xml__to__iptables_config() self.up_progress(10) except: self.logger.error("Cannot write '%s'." % (kit.iptables_conf_file)) raise self.up_progress(10) if opts.action is not None: try: exec("func = kit.%s" % opts.action) self.up_progress(10) ret = func() if ret != 0: return False self.up_progress(30) except: self.logger.error("Unknown action '%s'." % (opts.action)) raise return True
def process(self): (opts, args) = getopts() chkopts(opts) self.up_progress(10) kit = KaresansuiIpTables() self.up_progress(20) kit.firewall_xml__from__iptables_config() self.up_progress(30) return True
def process(self): (opts, args) = getopts() chkopts(opts) self.up_progress(10) kit = KaresansuiIpTables() self.up_progress(20) kit.firewall_xml__from__iptables_config() self.up_progress(30) return True
def _POST(self, *param, **params): host_id = self.chk_hostby1(param) if host_id is None: return web.notfound() if not validates_rule(self, is_newrule=True): return web.badrequest(self.view.alert) kit = KaresansuiIpTables() kit.firewall_xml = kit.read_firewall_xml() rule_info = { "target": self.input.target, "protocol": self.input.protocol, "source": self.input.source, "destination": self.input.destination, "source-port": self.input.sport, "destination-port": self.input.dport, "in-interface": self.input.inif, "out-interface": self.input.outif, } if self.input.rule_id == "": rule_id = kit.add_rule(rule_info) else: rule_id = kit.insert_rule(int(self.input.rule_id), rule_info) kit.write_firewall_xml() self.view.host_id = host_id return web.created('%s/%d' % ( web.ctx.path, rule_id, ))
def _GET(self, *param, **params): host_id = self.chk_hostby1(param) if host_id is None: return web.notfound() self.view.host_id = host_id kit = KaresansuiIpTables() if os.path.exists(kit.firewall_xml_file) is False: self.view.have_config = False else: kit.firewall_xml = kit.read_firewall_xml() self.view.base_policy = 'ACCEPT' self.view.rules = kit.get_rules() self.view.have_config = True return True
def _PUT(self, *param, **params): host_id = self.chk_hostby1(param) if host_id is None: return web.notfound() if not validates_rule(self): return web.badrequest(self.view.alert) rule_id = int(param[1]) if not validates_param_id(self, rule_id): return web.notfound(self.view.alert) self.view.host_id = host_id kit = KaresansuiIpTables() kit.firewall_xml = kit.read_firewall_xml() rule_info = {"target" : self.input.target, "protocol" : self.input.protocol, "source" : self.input.source, "destination" : self.input.destination, "source-port" : self.input.sport, "destination-port" : self.input.dport, "in-interface" : self.input.inif, "out-interface" : self.input.outif, } rule_id = kit.modify_rule(rule_id,rule_info) kit.write_firewall_xml() return web.seeother("%s?mode=input" % web.ctx.path)
def _POST(self, *param, **params): host_id = self.chk_hostby1(param) if host_id is None: return web.notfound() if not validates_rule(self, is_newrule=True): return web.badrequest(self.view.alert) kit = KaresansuiIpTables() kit.firewall_xml = kit.read_firewall_xml() rule_info = {"target" : self.input.target, "protocol" : self.input.protocol, "source" : self.input.source, "destination" : self.input.destination, "source-port" : self.input.sport, "destination-port" : self.input.dport, "in-interface" : self.input.inif, "out-interface" : self.input.outif, } if self.input.rule_id == "": rule_id = kit.add_rule(rule_info) else: rule_id = kit.insert_rule(int(self.input.rule_id),rule_info) kit.write_firewall_xml() self.view.host_id = host_id return web.created('%s/%d' % (web.ctx.path, rule_id,))
def _GET(self, *param, **params): host_id = self.chk_hostby1(param) if host_id is None: return web.notfound() self.view.host_id = host_id kit = KaresansuiIpTables() if os.path.exists(kit.firewall_xml_file) is False: self.view.have_config = False else: self.view.have_config = True kit.firewall_xml = kit.read_firewall_xml() for chain in kit.basic_chains['filter']: try: policy = kit.firewall_xml['filter'][chain]['policy'] except: policy = 'ACCEPT' chain = chain.lower() exec("self.view.%s_policy_ACCEPT_checked = ''" % chain) exec("self.view.%s_policy_DROP_checked = ''" % chain) exec("self.view.%s_policy_REJECT_checked = ''" % chain) if policy == 'REJECT': exec("self.view.%s_policy = 'REJECT'" % chain) exec("self.view.%s_policy_REJECT_checked = 'checked'" % chain) elif policy == 'DROP': exec("self.view.%s_policy = 'DROP'" % chain) exec("self.view.%s_policy_DROP_checked = 'checked'" % chain) self.view.base_policy_DROP_checked = 'checked'; else: exec("self.view.%s_policy = 'ACCEPT'" % chain) exec("self.view.%s_policy_ACCEPT_checked = 'checked'" % chain) self.view.iptables = Storage( is_running=kit.is_running(), is_configured=kit.is_configured(), ) self.view.targets = kit.basic_targets['filter'] return True
def _PUT(self, *param, **params): host_id = self.chk_hostby1(param) if host_id is None: return web.notfound() if not validates_rule(self): return web.badrequest(self.view.alert) rule_id = int(param[1]) if not validates_param_id(self, rule_id): return web.notfound(self.view.alert) self.view.host_id = host_id kit = KaresansuiIpTables() kit.firewall_xml = kit.read_firewall_xml() rule_info = {"target" : self.input.target, "protocol" : self.input.protocol, "source" : self.input.source, "destination" : self.input.destination, "source-port" : self.input.sport, "destination-port" : self.input.dport, "in-interface" : self.input.inif, "out-interface" : self.input.outif, } rule_id = kit.modify_rule(rule_id,rule_info) kit.write_firewall_xml() return web.seeother("%s?mode=input" % web.ctx.path)
def _DELETE(self, *param, **params): host_id = self.chk_hostby1(param) if host_id is None: return web.notfound() rule_id = param[1] if not validates_param_id(self, rule_id): return web.notfound(self.view.alert) new_rules = [] kit = KaresansuiIpTables() kit.firewall_xml = kit.read_firewall_xml() kit.delete_rule(int(rule_id)) kit.write_firewall_xml() return web.seeother("%s.part" % web.ctx.path[:web.ctx.path.rfind('/')])
def _PUT(self, *param, **params): """<comment-ja> ステータス更新 - param - read = 0 - start = 1 - stop = 2 - restart = 3 </comment-ja> <comment-en> TODO: English Comment </comment-en> """ host_id = self.chk_hostby1(param) if host_id is None: return web.notfound() if not validates_fw_status(self): return web.badrequest(self.view.alert) status = int(self.input.status) kit = KaresansuiIpTables() model = findbyhost1(self.orm, host_id) ret = False if status == FIREWALL_ACTION_INIT: ret = firewall_save(self, model) elif status & FIREWALL_ACTION_STOP and status & FIREWALL_ACTION_START: kit.firewall_xml = kit.read_firewall_xml() ret = firewall_restore(self, model, 'restart') elif status & FIREWALL_ACTION_STOP: kit.firewall_xml = kit.read_firewall_xml() ret = firewall_restore(self, model, 'stop') elif status & FIREWALL_ACTION_START: kit.firewall_xml = kit.read_firewall_xml() ret = firewall_restore(self, model, 'start') if ret is True: return web.accepted(url=web.ctx.path) else: return False
def _DELETE(self, *param, **params): host_id = self.chk_hostby1(param) if host_id is None: return web.notfound() rule_id = param[1] if not validates_param_id(self, rule_id): return web.notfound(self.view.alert) new_rules = [] kit = KaresansuiIpTables() kit.firewall_xml = kit.read_firewall_xml() kit.delete_rule(int(rule_id)) kit.write_firewall_xml() return web.seeother("%s.part" % web.ctx.path[:web.ctx.path.rfind('/')])
def _PUT(self, *param, **params): """<comment-ja> ステータス更新 - param - read = 0 - start = 1 - stop = 2 - restart = 3 </comment-ja> <comment-en> TODO: English Comment </comment-en> """ host_id = self.chk_hostby1(param) if host_id is None: return web.notfound() if not validates_fw_status(self): return web.badrequest(self.view.alert) status = int(self.input.status) kit = KaresansuiIpTables() model = findbyhost1(self.orm, host_id) ret = False if status == FIREWALL_ACTION_INIT: ret = firewall_save(self, model) elif status & FIREWALL_ACTION_STOP and status & FIREWALL_ACTION_START: kit.firewall_xml = kit.read_firewall_xml() ret = firewall_restore(self, model, 'restart') elif status & FIREWALL_ACTION_STOP: kit.firewall_xml = kit.read_firewall_xml() ret = firewall_restore(self, model, 'stop') elif status & FIREWALL_ACTION_START: kit.firewall_xml = kit.read_firewall_xml() ret = firewall_restore(self, model, 'start') if ret is True: return web.accepted(url=web.ctx.path) else: return False
def _GET(self, *param, **params): host_id = self.chk_hostby1(param) if host_id is None: return web.notfound() self.view.host_id = host_id kit = KaresansuiIpTables() if os.path.exists(kit.firewall_xml_file) is False: self.view.have_config = False else: self.view.have_config = True kit.firewall_xml = kit.read_firewall_xml() for chain in kit.basic_chains['filter']: try: policy = kit.firewall_xml['filter'][chain]['policy'] except: policy = 'ACCEPT' chain = chain.lower() exec("self.view.%s_policy_ACCEPT_checked = ''" % chain) exec("self.view.%s_policy_DROP_checked = ''" % chain) exec("self.view.%s_policy_REJECT_checked = ''" % chain) if policy == 'REJECT': exec("self.view.%s_policy = 'REJECT'" % chain) exec("self.view.%s_policy_REJECT_checked = 'checked'" % chain) elif policy == 'DROP': exec("self.view.%s_policy = 'DROP'" % chain) exec("self.view.%s_policy_DROP_checked = 'checked'" % chain) self.view.base_policy_DROP_checked = 'checked' else: exec("self.view.%s_policy = 'ACCEPT'" % chain) exec("self.view.%s_policy_ACCEPT_checked = 'checked'" % chain) self.view.iptables = Storage( is_running=kit.is_running(), is_configured=kit.is_configured(), ) self.view.targets = kit.basic_targets['filter'] return True
def validates_rule(obj, is_newrule=False): checker = Checker() check = True _ = obj._ checker.errors = [] obj.view.error_msg = checker.errors if is_newrule: kit = KaresansuiIpTables() rule_id_max_length = 1 if os.path.exists(kit.firewall_xml_file) is False: check = False checker.add_error(_('Has not been initialized. Please initialize.')) else: kit.firewall_xml = kit.read_firewall_xml() rule_id_max_length += len(kit.get_rules()) if not is_param(obj.input, 'rule_id'): check = False checker.add_error(_('"%s" is required.') % _('ID')) else: check = checker.check_number( _('ID'), obj.input.rule_id, CHECK_EMPTY | CHECK_VALID | CHECK_MIN | CHECK_MAX, min = ID_MIN_LENGTH, max = rule_id_max_length, ) and check if not is_param(obj.input, 'target'): check = False checker.add_error(_('"%s" is required.') % _('Target')) else: check = checker.check_firewall_policy( _('Target'), obj.input.target, CHECK_EMPTY | CHECK_VALID, ) and check if not is_param(obj.input, 'protocol'): check = False checker.add_error(_('"%s" is required.') % _('Protocol')) else: check = checker.check_firewall_protocol( _('Protocol'), obj.input.protocol, CHECK_VALID, ) and check if not is_param(obj.input, 'source'): check = False checker.add_error(_('"%s" is required.') % _('Source Address')) else: check = checker.check_ipaddr( _('Source Address'), obj.input.source, CHECK_VALID, ) and check if not is_param(obj.input, 'sport'): check = False checker.add_error(_('"%s" is required.') % _('Source Port')) else: if obj.input.protocol == 'tcp' or obj.input.protocol == 'udp': check = checker.check_number( _('Source Port'), obj.input.sport, CHECK_VALID | CHECK_MIN | CHECK_MAX, min = PORT_MIN_NUMBER, max = PORT_MAX_NUMBER, ) and check if not is_param(obj.input, 'destination'): check = False checker.add_error(_('"%s" is required.') % _('Destination Address')) else: check = checker.check_ipaddr( _('Destination Address'), obj.input.destination, CHECK_VALID, ) and check if not is_param(obj.input, 'dport'): check = False checker.add_error(_('"%s" is required.') % _('Destination Port')) else: if obj.input.protocol == 'tcp' or obj.input.protocol == 'udp': check = checker.check_number( _('Destination Port'), obj.input.dport, CHECK_VALID | CHECK_MIN | CHECK_MAX, min = PORT_MIN_NUMBER, max = PORT_MAX_NUMBER, ) and check if not is_param(obj.input, 'inif'): check = False checker.add_error(_('"%s" is required.') % _('In Interface')) else: check = checker.check_firewall_if( _('In Interface'), obj.input.inif, CHECK_EXIST, ) and check if not is_param(obj.input, 'outif'): check = False checker.add_error(_('"%s" is required.') % _('Out Interface')) else: check = checker.check_firewall_if( _('Out Interface'), obj.input.outif, CHECK_EXIST, ) and check obj.view.alert = checker.errors return check
def _GET(self, *param, **params): host_id = self.chk_hostby1(param) if host_id is None: return web.notfound() rule_id = param[1] if not validates_param_id(self, rule_id): return web.notfound(self.view.alert) kit = KaresansuiIpTables() kit.firewall_xml = kit.read_firewall_xml() rules = kit.get_rules() cnt = 1 for rule in rules: if cnt == int(rule_id): self.view.rule = rule break cnt = cnt + 1 if self.is_mode_input(): self.view.targets = kit.basic_targets['filter'] self.view.protocols = kit.chain_protos self.view.netinfo = get_ifconfig_info() devtype_regexs = { "phy":"^(lo|eth)", "vir":"^(xenbr|virbr|vif|veth)", } devtype_phy_regex = re.compile(r"%s" % devtype_regexs['phy']) devtype_vir_regex = re.compile(r"%s" % devtype_regexs['vir']) devs = {} devs['phy'] = [] devs['vir'] = [] devs['oth'] = [] cidrs = [] ips = [] for dev,dev_info in get_ifconfig_info().iteritems(): try: if devtype_phy_regex.match(dev): devs['phy'].append(dev) elif devtype_vir_regex.match(dev): devs['vir'].append(dev) else: devs['oth'].append(dev) if dev_info['ipaddr'] is not None: if not dev_info['ipaddr'] in ips: ips.append(dev_info['ipaddr']) if dev_info['cidr'] is not None: if not dev_info['cidr'] in cidrs: cidrs.append(dev_info['cidr']) except: pass devs['phy'].sort() devs['vir'].sort() devs['oth'].sort() self.view.devs = [{'Physical' : devs['phy']}, {'Virtual' : devs['vir']}, {'Other' : devs['oth']}, ] self.view.cidrs = cidrs self.view.ips = ips return True else: return web.nomethod()
def _PUT(self, *param, **params): host_id = self.chk_hostby1(param) if host_id is None: return web.notfound() kit = KaresansuiIpTables() kit.firewall_xml = kit.read_firewall_xml() if not validates_policy(self): self.logger.debug("Create account is failed, Invalid input value") return web.badrequest(self.view.alert) kit.modify_policy("INPUT", self.input.input_policy) kit.modify_policy("OUTPUT", self.input.output_policy) kit.modify_policy("FORWARD",self.input.forward_policy) kit.write_firewall_xml() for chain in kit.basic_chains['filter']: try: policy = kit.firewall_xml['filter'][chain]['policy'] except: policy = 'ACCEPT' chain = chain.lower() exec("self.view.%s_policy_ACCEPT_checked = ''" % chain) exec("self.view.%s_policy_DROP_checked = ''" % chain) exec("self.view.%s_policy_REJECT_checked = ''" % chain) if policy == 'REJECT': exec("self.view.%s_policy = 'REJECT'" % chain) exec("self.view.%s_policy_REJECT_checked = 'checked'" % chain) elif policy == 'DROP': exec("self.view.%s_policy = 'DROP'" % chain) exec("self.view.%s_policy_DROP_checked = 'checked'" % chain) self.view.base_policy_DROP_checked = 'checked'; else: exec("self.view.%s_policy = 'ACCEPT'" % chain) exec("self.view.%s_policy_ACCEPT_checked = 'checked'" % chain) return web.seeother(web.ctx.path)
def _GET(self, *param, **params): host_id = self.chk_hostby1(param) if host_id is None: return web.notfound() self.view.host_id = host_id kit = KaresansuiIpTables() if os.path.exists(kit.firewall_xml_file) is False: self.view.have_config = False else: kit.firewall_xml = kit.read_firewall_xml() # -- self.view.iptables = Storage( is_running=kit.is_running(), is_configured=kit.is_configured(), ) self.view.have_config = True if self.is_mode_input() is True: self.view.default_rule_id = len(kit.get_rules()) + 1 self.view.targets = kit.basic_targets['filter'] self.view.protocols = kit.chain_protos devtype_regexs = { "phy": "^(lo|eth)", "vir": "^(xenbr|virbr|vif|veth)", } devtype_phy_regex = re.compile(r"%s" % devtype_regexs['phy']) devtype_vir_regex = re.compile(r"%s" % devtype_regexs['vir']) devs = {} devs['phy'] = [] devs['vir'] = [] devs['oth'] = [] cidrs = [] ips = [] for dev, dev_info in get_ifconfig_info().iteritems(): try: if devtype_phy_regex.match(dev): devs['phy'].append(dev) elif devtype_vir_regex.match(dev): devs['vir'].append(dev) else: devs['oth'].append(dev) if dev_info['ipaddr'] is not None: if not dev_info['ipaddr'] in ips: ips.append(dev_info['ipaddr']) if dev_info['cidr'] is not None: if not dev_info['cidr'] in cidrs: cidrs.append(dev_info['cidr']) except: pass devs['phy'].sort() devs['vir'].sort() devs['oth'].sort() self.view.devs = [ { 'Physical': devs['phy'] }, { 'Virtual': devs['vir'] }, { 'Other': devs['oth'] }, ] self.view.cidrs = cidrs self.view.ips = ips # -- return True
def _PUT(self, *param, **params): host_id = self.chk_hostby1(param) if host_id is None: return web.notfound() kit = KaresansuiIpTables() kit.firewall_xml = kit.read_firewall_xml() if not validates_policy(self): self.logger.debug("Create account is failed, Invalid input value") return web.badrequest(self.view.alert) kit.modify_policy("INPUT", self.input.input_policy) kit.modify_policy("OUTPUT", self.input.output_policy) kit.modify_policy("FORWARD", self.input.forward_policy) kit.write_firewall_xml() for chain in kit.basic_chains['filter']: try: policy = kit.firewall_xml['filter'][chain]['policy'] except: policy = 'ACCEPT' chain = chain.lower() exec("self.view.%s_policy_ACCEPT_checked = ''" % chain) exec("self.view.%s_policy_DROP_checked = ''" % chain) exec("self.view.%s_policy_REJECT_checked = ''" % chain) if policy == 'REJECT': exec("self.view.%s_policy = 'REJECT'" % chain) exec("self.view.%s_policy_REJECT_checked = 'checked'" % chain) elif policy == 'DROP': exec("self.view.%s_policy = 'DROP'" % chain) exec("self.view.%s_policy_DROP_checked = 'checked'" % chain) self.view.base_policy_DROP_checked = 'checked' else: exec("self.view.%s_policy = 'ACCEPT'" % chain) exec("self.view.%s_policy_ACCEPT_checked = 'checked'" % chain) return web.seeother(web.ctx.path)
def _GET(self, *param, **params): host_id = self.chk_hostby1(param) if host_id is None: return web.notfound() rule_id = param[1] if not validates_param_id(self, rule_id): return web.notfound(self.view.alert) kit = KaresansuiIpTables() kit.firewall_xml = kit.read_firewall_xml() rules = kit.get_rules() cnt = 1 for rule in rules: if cnt == int(rule_id): self.view.rule = rule break cnt = cnt + 1 if self.is_mode_input(): self.view.targets = kit.basic_targets['filter'] self.view.protocols = kit.chain_protos self.view.netinfo = get_ifconfig_info() devtype_regexs = { "phy":"^(lo|eth)", "vir":"^(xenbr|virbr|vif|veth)", } devtype_phy_regex = re.compile(r"%s" % devtype_regexs['phy']) devtype_vir_regex = re.compile(r"%s" % devtype_regexs['vir']) devs = {} devs['phy'] = [] devs['vir'] = [] devs['oth'] = [] cidrs = [] ips = [] for dev,dev_info in get_ifconfig_info().iteritems(): try: if devtype_phy_regex.match(dev): devs['phy'].append(dev) elif devtype_vir_regex.match(dev): devs['vir'].append(dev) else: devs['oth'].append(dev) if dev_info['ipaddr'] is not None: if not dev_info['ipaddr'] in ips: ips.append(dev_info['ipaddr']) if dev_info['cidr'] is not None: if not dev_info['cidr'] in cidrs: cidrs.append(dev_info['cidr']) except: pass devs['phy'].sort() devs['vir'].sort() devs['oth'].sort() self.view.devs = [{'Physical' : devs['phy']}, {'Virtual' : devs['vir']}, {'Other' : devs['oth']}, ] self.view.cidrs = cidrs self.view.ips = ips return True else: return web.nomethod()
def _GET(self, *param, **params): host_id = self.chk_hostby1(param) if host_id is None: return web.notfound() self.view.host_id = host_id kit = KaresansuiIpTables() if os.path.exists(kit.firewall_xml_file) is False: self.view.have_config = False else: kit.firewall_xml = kit.read_firewall_xml() # -- self.view.iptables = Storage( is_running=kit.is_running(), is_configured=kit.is_configured(), ) self.view.have_config = True if self.is_mode_input() is True: self.view.default_rule_id = len(kit.get_rules()) + 1 self.view.targets = kit.basic_targets['filter'] self.view.protocols = kit.chain_protos devtype_regexs = { "phy":"^(lo|eth)", "vir":"^(xenbr|virbr|vif|veth)", } devtype_phy_regex = re.compile(r"%s" % devtype_regexs['phy']) devtype_vir_regex = re.compile(r"%s" % devtype_regexs['vir']) devs = {} devs['phy'] = [] devs['vir'] = [] devs['oth'] = [] cidrs = [] ips = [] for dev,dev_info in get_ifconfig_info().iteritems(): try: if devtype_phy_regex.match(dev): devs['phy'].append(dev) elif devtype_vir_regex.match(dev): devs['vir'].append(dev) else: devs['oth'].append(dev) if dev_info['ipaddr'] is not None: if not dev_info['ipaddr'] in ips: ips.append(dev_info['ipaddr']) if dev_info['cidr'] is not None: if not dev_info['cidr'] in cidrs: cidrs.append(dev_info['cidr']) except: pass devs['phy'].sort() devs['vir'].sort() devs['oth'].sort() self.view.devs = [{'Physical' : devs['phy']}, {'Virtual' : devs['vir']}, {'Other' : devs['oth']}, ] self.view.cidrs = cidrs self.view.ips = ips # -- return True