def flush_table(table_id):
table = get_table(table_id)
cmd = nft_utils.nft_command('flush table {family} {name}'.format(**table))
cmd_result = cmd.wait()
if cmd_result == 0:
nft_utils.close_nft_command(cmd)
table['id'] = '{family}:{name}'.format(**table)
return table
else:
raise NFTError(Error(cmd.stdout.readlines()))
def delete_chain(chain_id):
chain = flush_chain(chain_id)
cmd = nft_utils.nft_command(
'delete chain {family} {tableName} {name}'.format(**chain))
cmd_result = cmd.wait()
if cmd_result == 0:
nft_utils.close_nft_command(cmd)
chain['id'] = '{family}:{tableName}:{name}'.format(**chain)
return chain
else:
raise NFTError(Error(cmd.stdout.readlines()))
def delete_table(table_id):
table = flush_table(table_id)
for chain_id in table['chains']:
chain_wrapper.delete_chain(chain_id)
cmd = nft_utils.nft_command('delete table {family} {name}'.format(**table))
cmd_result = cmd.wait()
if cmd_result == 0:
nft_utils.close_nft_command(cmd)
table['id'] = '{family}:{name}'.format(**table)
return table
else:
raise NFTError(Error(cmd.stdout.readlines()))
def create_table(table_json):
cmd = nft_utils.nft_command(
'add table {family} {name}'.format(**table_json))
cmd_result = cmd.wait()
if cmd_result == 0:
nft_utils.close_nft_command(cmd)
table = table_json
table['id'] = '{family}:{name}'.format(**table)
table['chains'], table['sets'], table['dictionaries'] = ([], [], [])
return table
else:
raise NFTError(Error(cmd.stdout.readlines()))
def flush_chain(chain_id):
chain = get_chain(chain_id)
chain['family'], chain['tableName'] = chain['table'].split(':')
cmd = nft_utils.nft_command(
'flush chain {family} {tableName} {name}'.format(**chain))
cmd_result = cmd.wait()
if cmd_result == 0:
nft_utils.close_nft_command(cmd)
chain['id'] = '{family}:{tableName}:{name}'.format(**chain)
return chain
else:
raise NFTError(Error(cmd.stdout.readlines()))
def nft_get_json_command(as_str=False):
cmd = nft_command('export json')
cmd_result = cmd.wait()
if cmd_result == 0:
if as_str:
nft_json = cmd.stdout.read()
else:
nft_json = json.loads(cmd.stdout.read())['nftables']
close_nft_command(cmd)
return nft_json
else:
raise NFTError(Error(cmd.stdout.readlines()))
def delete_rule(rule_id):
rule = {}
rule['family'], rule['tableName'], rule['chainName'], rule[
'handle'] = rule_id.split(':')
cmd = nft_utils.nft_command(
'delete rule {family} {tableName} {chainName} handle {handle}'.format(
**rule))
cmd_result = cmd.wait()
if cmd_result == 0:
nft_utils.close_nft_command(cmd)
return None
else:
raise NFTError(Error(cmd.stdout.readlines()))
def create_set(set_json):
set_json['family'], set_json['table'] = set_json['table'].split(':')
cmd_string = 'add set {family} {table} {name} {{ type {dataType}; }}'.format(**set_json)
cmd = nft_utils.nft_command(cmd_string)
cmd_result = cmd.wait()
if cmd_result == 0:
nft_utils.close_nft_command(cmd)
set = set_json
set['id'] = '{family}:{table}:{name}'.format(**set_json)
set['items'] = set['items'] if set['items'] else None
set['table'] = set['family'] + ':' + set['table']
return set
else:
raise NFTError(Error(cmd.stdout.readlines()))
def update_set(set_json):
set_json['family'], set_json['table'] = set_json['table'].split(':')
if set_json['items']:
cmd_string = 'add element {family} {table} {name} {{ {items} }}'.format(**set_json)
cmd = nft_utils.nft_command(cmd_string)
cmd_result = cmd.wait()
else:
cmd_result = 0
if cmd_result == 0:
nft_utils.close_nft_command(cmd)
set = set_json
set['table'] = set['family'] + ':' + set['table']
return set
else:
raise NFTError(Error(cmd.stdout.readlines()))
def nft_list_ruleset(nna=False):
if nna:
cmd = nft_command('list ruleset -nna')
else:
cmd = nft_command('list ruleset')
cmd_result = cmd.wait()
if cmd_result == 0:
if nna:
ruleset = cmd.stdout.readlines()
else:
ruleset = cmd.stdout.read()
close_nft_command(cmd)
return ruleset
else:
raise NFTError(Error(cmd.stdout.readlines()))
def restore_backup():
'''
POST:
Receive a backup file and load it into the system
'''
with tempfile.NamedTemporaryFile(suffix='.nft', delete=False) as tf:
backup = request.files['file'].read()
tf.write(backup)
cmd = nft_utils.nft_command('-f ' + tf.name)
cmd_result = cmd.wait()
if cmd_result == 0:
nft_utils.close_nft_command(cmd)
os.remove(tf.name)
return make_response('Backup restored')
else:
return abort(500, NFTError(Error(cmd.stdout.read())))
def update_dictionary(dictionary_json):
dictionary_json['family'], dictionary_json['table'] = dictionary_json[
'table'].split(':')
if dictionary_json['items']:
cmd_string = 'add element {family} {table} {name} {{ {items} }}'.format(
**dictionary_json)
cmd = nft_utils.nft_command(cmd_string)
cmd_result = cmd.wait()
else:
cmd_result = 0
if cmd_result == 0:
dictionary = dictionary_json
dictionary['table'] = dictionary['family'] + ':' + dictionary['table']
return dictionary
else:
raise NFTError(Error(cmd.stdout.readlines()))
def create_dictionary(dictionary_json):
dictionary_json['family'], dictionary_json['table'] = dictionary_json[
'table'].split(':')
cmd_string = 'add map {family} {table} {name} {{ type {keyDataType}:{valueDataType}; }}'.format(
**dictionary_json)
cmd = nft_utils.nft_command(cmd_string)
cmd_result = cmd.wait()
if cmd_result == 0:
dictionary = dictionary_json
dictionary['id'] = '{family}:{table}:{name}'.format(**dictionary_json)
dictionary[
'items'] = dictionary['items'] if dictionary['items'] else None
dictionary['table'] = dictionary['family'] + ':' + dictionary['table']
return dictionary
else:
raise NFTError(Error(cmd.stdout.readlines()))
def create_chain(chain_json):
chain_json['family'], chain_json['tableName'] = chain_json['table'].split(
':')
cmd_string = 'add chain {family} {tableName} {name}'.format(**chain_json)
if chain_json['hook'] and chain_json[
'type'] and not chain_json['priority'] == None:
cmd_string += ' {{ type {type} hook {hook} priority {priority} ; }}'.format(
**chain_json)
cmd = nft_utils.nft_command(cmd_string)
cmd_result = cmd.wait()
if cmd_result == 0:
nft_utils.close_nft_command(cmd)
chain = chain_json
chain['id'] = '{family}:{tableName}:{name}'.format(**chain_json)
return chain
else:
raise NFTError(Error(cmd.stdout.readlines()))
def create_rule(rule_json):
rule_json['family'], rule_json['tableName'], rule_json[
'chainName'] = rule_json['chain'].split(':')
cmd_string = 'add rule {family} {tableName} {chainName} '.format(
**rule_json)
cmd_string += '{expression} {key} '.format(**rule_json)
cmd_string += nft_utils.statements_to_str(rule_json['statements'])
cmd = nft_utils.nft_command(cmd_string)
cmd_result = cmd.wait()
if cmd_result == 0:
nft_utils.close_nft_command(cmd)
from wrappers import chain_wrapper
rule = rule_json
# Get handle from last rule added
rule['handle'] = chain_wrapper.get_chain(
rule['chain'])['rules'][-1].split(':')[3]
rule['id'] = rule['chain'] + ':' + rule['handle']
return rule
else:
raise NFTError(Error(cmd.stdout.readlines()))