def rules_remove(self, iterator, object):
"""Remove the specified rules
requests.options = [{
'object': <string>,
}, ]
"""
# Try to load firewall configuration
try:
firewall = backend.Firewall()
except backend.Error as e:
message = _(u"Could not load firewall configuration")
MODULE.error(u"%s: %s" % (message, str(e), ))
raise umc.modules.UMC_CommandError(message)
for (object, ) in iterator:
try:
firewall.remove_rule(object)
except backend.Error as e:
yield {u'object': object, u'success': False, u'details': str(e), }
else:
yield {u'object': object, u'success': True, }
# Try to save firewall configuration
try:
firewall.save()
except backend.Error as e:
message = _(u"Could not save firewall configuration")
MODULE.error(u"%s: %s" % (message, str(e), ))
raise umc.modules.UMC_CommandError(message)
def query(self, category, pattern):
def match(rule):
if category != 'port': # Simple match for most cases:
return pattern.match(getattr(rule, category))
# Special case 'port': Check every port number
for port in range(*rule.port):
match = pattern.match(str(port))
if match:
return match
else:
return None
firewall = backend.Firewall()
rules = []
for rule in firewall.rules.values():
if not rule or not match(rule):
# rule isn't complete (e.g. missing action) or
# rule doesn't match the pattern
continue
entry = {}
entry = {
'name': rule.name,
'address': rule.address,
'port': rule.port,
'protocol': rule.protocol,
'package': rule.package,
'action': rule.action,
'description': rule.description,
}
rules.append(entry)
return rules
def rules_get(self, iterator):
"""Returns the specified rules
requests.options = [
<string>,
]
"""
def get_address_type(address):
if backend.REGEX_RULE_ADDRESS.match(address):
return address
else:
return u'specific'
def get_address_value(address):
if backend.REGEX_RULE_ADDRESS.match(address):
return None
else:
return address
# Try to load firewall configuration
try:
firewall = backend.Firewall()
except backend.Error as e:
message = _(u"Could not load firewall configuration")
MODULE.error(u"%s: %s" % (
message,
str(e),
))
raise umc.modules.UMC_CommandError(message)
for identifier in iterator:
try:
rule = firewall.rules[identifier]
entry = {
u'identifier': rule.identifier,
u'protocol': rule.protocol,
u'portStart': rule.port[0],
u'portEnd': (rule.port[1] - 1),
u'addressType': get_address_type(rule.address),
u'addressValue': get_address_value(rule.address),
u'packageName': rule.package,
u'action': rule.action.lower(),
u'description': self._get_description(rule.description),
}
except (backend.Error, KeyError) as e:
message = _(u"Could not get firewall rule")
MODULE.error(u"%s: %s" % (
message,
str(e),
))
raise umc.modules.UMC_CommandError(message)
else:
yield entry
def add(self, address, port_start, port_end, protocol, action,
description):
try:
rule = backend.Rule(address, (
port_start,
port_end,
), protocol)
rule.action = action
# TODO: Add the description
except backend.Error as e:
return {'success': False, 'message': str(e.message)}
# TODO: try-except
firewall = backend.Firewall()
firewall.add_rule(rule)
firewall.save()
return {'success': True}
def _add_or_edit(self, iterator, object, edit=False):
def get_address(address_type, address_value):
if address_type == u'specific':
return address_value
else:
return address_type
# Try to load firewall configuration
try:
firewall = backend.Firewall()
except backend.Error as e:
message = _(u"Could not load firewall configuration")
MODULE.error(u"%s: %s" % (message, str(e), ))
raise umc.modules.UMC_CommandError(message)
for (object, ) in iterator:
try:
if edit:
firewall.remove_rule(object[u'identifier'])
port = (object[u'portStart'], (object[u'portEnd'] + 1), )
address = get_address(object[u'addressType'], object[u'addressValue'])
rule = backend.Rule(object[u'protocol'], port, address, None, object[u'action'].lower())
firewall.add_rule(rule)
except backend.Error as e:
if edit:
yield {u'object': object[u'identifier'], u'success': False, u'details': str(e), }
else:
yield {u'success': False, u'details': str(e), }
else:
yield {u'object': rule.identifier, u'success': True, }
# Try to save firewall configuration
try:
firewall.save()
except backend.Error as e:
message = _(u"Could not save firewall configuration")
MODULE.error(u"%s: %s" % (message, str(e), ))
raise umc.modules.UMC_CommandError(message)
def rules_query(self, category, pattern):
"""Searches for firewall rules
requests.options = [
'category': 'protocol' | 'port' | 'address' | 'package' |
'description',
'pattern': <str>,
]
"""
def match(rule):
if category == u'port':
# Check every port number
for port in range(*rule.port):
match = pattern.match(str(port))
if match:
return match
else:
return False
elif category == u'packageName':
if rule.package:
return pattern.match(rule.package)
else:
return False
elif category == u'description':
for language in rule.description.values():
match = pattern.match(language)
if match:
return match
else:
return False
else:
# Simple match for most cases:
return pattern.match(getattr(rule, category))
def get_address(address):
if address == u'all':
return _(u'All addresses')
elif address == u'ipv4':
return _(u'All IPv4 addresses')
elif address == u'ipv6':
return _(u'All IPv6 addresses')
else:
return address
# Try to load firewall configuration
try:
firewall = backend.Firewall()
except backend.Error as e:
message = _(u"Could not load firewall configuration")
MODULE.error(u"%s: %s" % (
message,
str(e),
))
raise umc.modules.UMC_CommandError(message)
result = []
for rule in firewall.rules.values():
if not rule or not match(rule):
# rule isn't complete (e.g. missing action) or
# rule doesn't match the pattern
continue
entry = {}
entry = {
u'identifier': rule.identifier,
u'protocol': rule.protocol,
u'portStart': rule.port[0],
u'portEnd': (rule.port[1] - 1),
u'address': get_address(rule.address),
u'packageName': rule.package,
u'action': rule.action.lower(),
u'description': self._get_description(rule.description),
}
result.append(entry)
return result