Example #1
0
def stop():
    # Save rules
    writeFile("/var/lib/iptables/rules", iptables.getRules())

    # Clear chains & rules
    iptables.clear()

    # Remove lock file
    if os.access(LOCK_FILE, os.F_OK):
        os.unlink(LOCK_FILE)

    # Notify clients
    notify("System.Service", "Changed", (script(), "stopped"))
Example #2
0
def stop():
    # Save rules
    writeFile("/var/lib/iptables/rules", iptables.getRules())

    # Clear chains & rules
    iptables.clear()

    # Remove lock file
    if os.access(LOCK_FILE, os.F_OK):
        os.unlink(LOCK_FILE)

    # Notify clients
    notify("System.Service", "Changed", (script(), "stopped"))
Example #3
0
def initializeIPTables():
    """
        Initializes IPTables.
    """
    # Active rules
    rules_active = netfilterutils.parseConf(netfilterutils.getRules())

    # Compare rules
    for chain, rules in IPTABLES_RULES.iteritems():
        if chain not in rules_active or len(set(rules) - set(rules_active[chain])):
            # At least one different rule, need re-initialization
            netfilterutils.clear()
            conf = netfilterutils.makeConf(IPTABLES_RULES)
            netfilterutils.restoreRules(conf)
            break
Example #4
0
def initializeIPTables():
    """
        Initializes IPTables.
    """
    # Active rules
    rules_active = netfilterutils.parseConf(netfilterutils.getRules())

    # Compare rules
    for chain, rules in IPTABLES_RULES.iteritems():
        if chain not in rules_active or len(
                set(rules) - set(rules_active[chain])):
            # At least one different rule, need re-initialization
            netfilterutils.clear()
            conf = netfilterutils.makeConf(IPTABLES_RULES)
            netfilterutils.restoreRules(conf)
            break
Example #5
0
def stop():
    # Save rules
    profile, save_filter, save_nat, save_mangle, save_raw = getProfile()
    save = {
        "filter": save_filter,
        "nat": save_nat,
        "mangle": save_mangle,
        "raw": save_raw,
    }

    profile_file = os.path.join('/var/lib/iptables', profile)
    profile_changes = '%s.diff' % profile_file

    base = {}
    changes = {}
    allowed_chains = {}

    for table in iptables.chains:
        allowed_chains[table] = save[table].split()

    # Get base rules from /var/lib/iptables/<profile>
    if os.path.isfile(profile_file):
        rules = file(profile_file).read()
        base = iptables.parseConf(rules)

    changes = iptables.parseConf(iptables.getRules())

    # Save allowed changes to /var/lib/iptables/<profile>.diff
    diff = iptables.filterDict(iptables.diffDict(changes, base),
                               allowed_chains)

    writeFile(profile_changes, iptables.makeConf(diff))

    # Clear chains & rules
    iptables.clear()

    # Remove lock file
    if os.access(lock_file, os.F_OK):
        os.unlink(lock_file)
Example #6
0
def stop():
    # Save rules
    profile, save_filter, save_nat, save_mangle, save_raw = getProfile()
    save = {
        "filter": save_filter,
        "nat": save_nat,
        "mangle": save_mangle,
        "raw": save_raw,
    }

    profile_file = os.path.join('/var/lib/iptables', profile)
    profile_changes = '%s.diff' % profile_file

    base = {}
    changes = {}
    allowed_chains = {}

    for table in iptables.chains:
        allowed_chains[table] = save[table].split()

    # Get base rules from /var/lib/iptables/<profile>
    if os.path.isfile(profile_file):
        rules = file(profile_file).read()
        base = iptables.parseConf(rules)

    changes = iptables.parseConf(iptables.getRules())

    # Save allowed changes to /var/lib/iptables/<profile>.diff
    diff = iptables.filterDict(iptables.diffDict(changes, base), allowed_chains)

    writeFile(profile_changes, iptables.makeConf(diff))

    # Clear chains & rules
    iptables.clear()

    # Remove lock file
    if os.access(lock_file, os.F_OK):
        os.unlink(lock_file)
Example #7
0
def getRules():
    """Get user defined rules."""
    state = call(script(), "System.Service", "info")[2]
    if state in ["off", "stopped"]:
        fail("FW is offline")

    profile, save_filter, save_nat, save_mangle, save_raw = getProfile()
    save = {
        "filter": save_filter,
        "nat": save_nat,
        "mangle": save_mangle,
        "raw": save_raw,
    }

    profile_file = os.path.join("/var/lib/iptables/", profile)

    base = {}
    changes = {}
    allowed_chains = {}

    for table in iptables.chains:
        allowed_chains[table] = save[table].split()

    # Get base rules from /var/lib/iptables/<profile>
    if os.path.isfile(profile_file):
        rules = file(profile_file).read()
        base = iptables.parseConf(rules)

    changes = iptables.parseConf(iptables.getRules())

    # Get user defined rules in filter table
    diff = iptables.filterDict(iptables.diffDict(changes, base), allowed_chains)

    ret = []
    for table in diff:
        for rule in diff[table]:
            ret.append("%s %s" % (table, rule))
    return ret