def apply_ipsets(self): for name in self.get_ipsets(): obj = self._ipsets[name] obj.applied = False log.debug1("Applying ipset '%s'" % name) for backend in self.backends(): if backend.name == "ipset": active = backend.set_get_active_terse() if name in active and ("timeout" not in obj.options or \ obj.options["timeout"] == "0" or \ obj.type != active[name][0] or \ rm_def_cr_opts(obj.options) != \ active[name][1]): try: backend.set_destroy(name) except Exception as msg: log.error("Failed to destroy ipset '%s'" % name) log.error(msg) if self._fw.individual_calls() \ or backend.name == "nftables": try: backend.set_create(obj.name, obj.type, obj.options) except Exception as msg: log.error("Failed to create ipset '%s'" % obj.name) log.error(msg) else: obj.applied = True if "timeout" not in obj.options or \ obj.options["timeout"] != "0": # no entries visible for ipsets with timeout continue for entry in obj.entries: try: backend.set_add(obj.name, entry) except Exception as msg: log.error("Failed to add entry '%s' to ipset '%s'" % \ (entry, obj.name)) log.error(msg) else: try: backend.set_restore(obj.name, obj.type, obj.entries, obj.options, None) except Exception as msg: log.error("Failed to create ipset '%s'" % obj.name) log.error(msg) else: obj.applied = True
def apply_ipset(self, name): obj = self._ipsets[name] for backend in self.backends(): if backend.name == "ipset": active = backend.set_get_active_terse() if name in active and ("timeout" not in obj.options or \ obj.options["timeout"] == "0" or \ obj.type != active[name][0] or \ rm_def_cr_opts(obj.options) != \ active[name][1]): try: backend.set_destroy(name) except Exception as msg: raise FirewallError(errors.COMMAND_FAILED, msg) if self._fw._individual_calls: try: backend.set_create(obj.name, obj.type, obj.options) except Exception as msg: raise FirewallError(errors.COMMAND_FAILED, msg) else: obj.applied = True if "timeout" in obj.options and \ obj.options["timeout"] != "0": # no entries visible for ipsets with timeout continue try: backend.set_flush(obj.name) except Exception as msg: raise FirewallError(errors.COMMAND_FAILED, msg) for entry in obj.entries: try: backend.set_add(obj.name, entry) except Exception as msg: raise FirewallError(errors.COMMAND_FAILED, msg) else: try: backend.set_restore(obj.name, obj.type, obj.entries, obj.options, None) except Exception as msg: raise FirewallError(errors.COMMAND_FAILED, msg) else: obj.applied = True
def apply_ipsets(self): active = self._fw.ipset_backend.get_active_terse() for name in self.get_ipsets(): obj = self._ipsets[name] obj.applied = False if name in active and ("timeout" not in obj.options or \ obj.type != active[name][0] or \ rm_def_cr_opts(obj.options) != \ active[name][1]): try: self._fw.ipset_backend.destroy(name) except Exception as msg: log.error("Failed to destroy ipset '%s'" % name) log.error(msg) if self._fw.individual_calls(): try: self._fw.ipset_backend.create(obj.name, obj.type, obj.options) except Exception as msg: log.error("Failed to create ipset '%s'" % obj.name) log.error(msg) else: obj.applied = True if "timeout" not in obj.options: # no entries visible for ipsets with timeout continue for entry in obj.entries: try: self._fw.ipset_backend.add(obj.name, entry) except Exception as msg: log.error("Failed to add entry '%s' to ipset '%s'" % \ (entry, obj.name)) log.error(msg) else: try: self._fw.ipset_backend.restore(obj.name, obj.type, obj.entries, obj.options, None) except Exception as msg: log.error("Failed to create ipset '%s'" % obj.name) log.error(msg) else: obj.applied = True
def apply_ipsets(self): active = self._fw.ipset_backend.get_active_terse() for name in self.get_ipsets(): obj = self._ipsets[name] obj.applied = False if name in active and \ ("timeout" not in obj.options or \ obj.type != active[name][0] or \ rm_def_cr_opts(obj.options) != active[name][1]): try: self._fw.ipset_backend.destroy(name) except Exception as msg: log.error("Failed to destroy ipset '%s'" % name) log.error(msg) if self._fw.individual_calls(): try: self._fw.ipset_backend.create(obj.name, obj.type, obj.options) except Exception as msg: log.error("Failed to create ipset '%s'" % obj.name) log.error(msg) else: obj.applied = True if "timeout" not in obj.options: # no entries visible for ipsets with timeout continue for entry in obj.entries: try: self._fw.ipset_backend.add(obj.name, entry) except Exception as msg: log.error("Failed to add entry '%s' to ipset '%s'" % \ (entry, obj.name)) log.error(msg) else: try: self._fw.ipset_backend.restore(obj.name, obj.type, obj.entries, obj.options, None) except Exception as msg: log.error("Failed to create ipset '%s'" % obj.name) log.error(msg) else: obj.applied = True