def is_duplicated(self, addr, orig_rule):
# we need to duplicate the rule, otherwise we'd modify the UUID of the
# orig rule.
temp_c = ui_pb2.FwChain()
temp_c.CopyFrom(orig_rule)
# the UUID will be different, so zero it out.
temp_c.Rules[0].UUID = ""
node = self._nodes.get_node(addr)
if node == None:
return False
if not 'firewall' in node:
return False
for n in node['firewall'].SystemRules:
for c in n.Chains:
if c.Name == temp_c.Name and \
c.Hook == temp_c.Hook and \
c.Table == temp_c.Table and \
c.Family == temp_c.Family and \
c.Type == temp_c.Type:
for rdx, r in enumerate(c.Rules):
uuid = c.Rules[rdx].UUID
c.Rules[rdx].UUID = ""
is_equal = c.Rules[rdx].SerializeToString(
) == temp_c.Rules[0].SerializeToString()
c.Rules[rdx].UUID = uuid
if is_equal:
return True
return False
def delete_profile(self, node_addr, json_profile):
try:
holder = ui_pb2.FwChain()
profile = json_format.Parse(json_profile, holder)
fwcfg = self._nodes.get_node(node_addr)['firewall']
for sdx, n in enumerate(fwcfg.SystemRules):
for cdx, c in enumerate(n.Chains):
if c.Hook.lower() == profile.Hook and \
c.Type.lower() == profile.Type and \
c.Family.lower() == profile.Family and \
c.Table.lower() == profile.Table:
if profile.Policy == ProfileDropInput.value:
profile.Policy = ProfileAcceptInput.value
for rdx, r in enumerate(c.Rules):
for pr in profile.Rules:
if r.UUID == pr.UUID:
print("delete_profile, rule:", r.UUID,
r.Description)
del fwcfg.SystemRules[sdx].Chains[
cdx].Rules[rdx]
except Exception as e:
print("firewall: error deleting profile:", e)
def forward(family=Family.INET.value):
chain = ui_pb2.FwChain()
chain.Name = Hooks.FORWARD.value
chain.Table = Table.FILTER.value
chain.Family = family
chain.Type = ChainType.FILTER.value
chain.Hook = Hooks.FORWARD.value
return chain
def output(family=Family.INET.value):
chain = ui_pb2.FwChain()
chain.Name = Hooks.OUTPUT.value
chain.Table = Table.FILTER.value
chain.Family = family
chain.Type = ChainType.FILTER.value
chain.Hook = Hooks.OUTPUT.value
return chain
def postrouting(family=Family.INET.value):
chain = ui_pb2.FwChain()
chain.Name = Hooks.POSTROUTING.value
chain.Table = Table.MANGLE.value
chain.Family = family
chain.Type = ChainType.MANGLE.value
chain.Hook = Hooks.POSTROUTING.value
return chain
def input(family=Family.INET.value):
chain = ui_pb2.FwChain(family=Family.INET.value)
chain.Name = Hooks.INPUT.value
chain.Table = Table.MANGLE.value
chain.Family = family
chain.Type = ChainType.MANGLE.value
chain.Hook = Hooks.INPUT.value
return chain
def apply_profile(self, node_addr, json_profile):
"""
Apply a profile to the firewall configuration.
Given a chain (table+family+type+hook), apply its policy, and any rules
defined.
"""
try:
holder = ui_pb2.FwChain()
profile = json_format.Parse(json_profile, holder)
fwcfg = self._nodes.get_node(node_addr)['firewall']
for sdx, n in enumerate(fwcfg.SystemRules):
for cdx, c in enumerate(n.Chains):
if c.Hook.lower() == profile.Hook and \
c.Type.lower() == profile.Type and \
c.Family.lower() == profile.Family and \
c.Table.lower() == profile.Table:
fwcfg.SystemRules[sdx].Chains[
cdx].Policy = profile.Policy
for r in profile.Rules:
temp_c = ui_pb2.FwChain()
temp_c.CopyFrom(c)
del temp_c.Rules[:]
temp_c.Rules.extend([r])
if self.rules.is_duplicated(node_addr, temp_c):
continue
fwcfg.SystemRules[sdx].Chains[cdx].Rules.extend(
[r])
self.rules.rulesUpdated.emit()
return True, ""
except Exception as e:
print("firewall: error applying profile:", e)
return False, "{0}".format(e)
return False, QC.translate("firewall", "profile not applied")
def new(name="",
table=Table.FILTER.value,
family=Family.INET.value,
ctype="",
hook=Hooks.INPUT.value):
chain = ui_pb2.FwChain()
chain.Name = name
chain.Table = table
chain.Family = family
chain.Type = ctype
chain.Hook = hook
return chain
def new_flat(c, r):
"""Create a new "flat" rule from a hierarchical one.
Transform from:
{
xx:
{
yy: {
to:
{xx:, yy}
"""
chain = ui_pb2.FwChain()
chain.CopyFrom(c)
del chain.Rules[:]
chain.Rules.extend([r])
return chain