def deinit_nftables(self):
cmds = []
cmds += self.cmd_delete_rule()
cmds += self.cmd_delete_sets()
nft(cmds)
def deinit_nftables(self):
cmds = [{
'delete': {
'table': {
'family': 'ip',
'name': self.table_name
}
}
}]
nft(cmds)
def init_nftables(self):
cmds = []
cmds += self.cmd_create_sets()
cmds += self.cmd_populate_set_ether_types()
cmds += self.cmd_populate_set_inet_protos()
cmds += self.cmd_populate_set_nets()
cmds += self.cmd_populate_set_ports()
cmds += self.cmd_create_rule()
try:
nft(cmds)
except NftablesError as e:
self.logger.error('Failed to apply nftables rules: %s', e)
self.logger.error(' Commands: %s', json.dumps(e.cmds, indent=2))
def find_handle(self, comment):
""" Find rule handle in chain by using the nftables comment """
cmds = [{
'list': {
'chain': {
**self.direction.profile.table, 'name':
self.direction.chain_name
}
}
}]
output = nft(cmds)
elms = output.get('nftables', [])
for elm in elms:
rule = elm.get('rule')
if rule is None:
continue
handle = rule.get('handle')
if handle is None:
continue
cmt = rule.get('comment')
if cmt == comment:
return handle
return None
def dump_nftables():
rulset = nft([
{
'list': {
'ruleset': None
}
}
])
LOGGER.debug(rulset)
def init_nftables(self):
cmds = [{'add': {'table': {'family': 'ip', 'name': self.table_name}}}]
nft(cmds)
def delete_net(self, cidr: ipaddress.IPv4Network):
if cidr in self.nets:
nft(self.cmd_modify_set_net('delete', cidr))
self.nets.remove(cidr)
def add_net(self, cidr: ipaddress.IPv4Network, comment: str = None):
if cidr not in self.nets:
nft(self.cmd_modify_set_net('add', cidr, comment))
self.nets.add(cidr)
def deinit_nftables(self):
cmds = []
cmds += self.cmd_delete_chain()
nft(cmds)
def init_nftables(self):
cmds = []
cmds += self.cmd_create_chain()
nft(cmds)
def init_nftables():
nft([{'flush': {'ruleset': None}}])