def del_iptables_rule(self,rule):
"""
Method: del_iptables_rule
Description: 删除防火墙设置的原子操作
Parameter:
rule: 防火墙规则,是个三元组,格式如下("网卡名称","tcp或udp","端口号")
Return: 0代表成功,1代表失败
Others: 无
"""
#删除
return_code = os_execute("iptables -D INPUT -i %s -p %s --dport %s -j ACCEPT" %(
rule[0],rule[2],rule[1]))
if return_code !=0:
tracelog.error('Fail to del iptables rule')
return 1
else:
tracelog.info('iptables rule deleted and info is %s card %s port %s treaty'%(
rule[0],rule[2],rule[1]))
return_code = os_execute("service iptables save")
if return_code !=0:
tracelog.error('Fail to save iptables rule')
return 1
else:
tracelog.info('Success to save iptables')
return 0
def mod_iptables_rule(self,oldrule,new_state):
"""
Method: mod_iptables_rule
Description: 修改防火墙设置的原子操作
Parameter:
oldrule: 旧规则,是个三元组,格式如下("网卡名称","tcp或udp","端口号")
new_state: 新规则的状态,状态可以是 DROP,ACCEPT
Return: 0代表成功,1代表失败
Others: 无
"""
#删除
return_code = os_execute("iptables -D INPUT -i %s -p %s --dport %s -j ACCEPT" %(
oldrule[0],oldrule[2],oldrule[1]))
if return_code !=0:
tracelog.error('Fail to del iptables rule')
return 1
else:
tracelog.info('iptables rule deleted and info is %s card %s port %s treaty'%(
oldrule[0],oldrule[2],oldrule[1]))
return_code = os_execute("iptables -A INPUT -i %s -p %s --dport %s -j %s" %(
oldrule[0],oldrule[2],oldrule[1],new_state))
if return_code !=0:
tracelog.error('Fail to add iptables rule')
return 1
else:
tracelog.info('iptables add and info is card:%s port:%s treaty:%s state:%s '%(
oldrule[0],oldrule[2],oldrule[1],new_state))
return_code = os_execute("service iptables save")
if return_code !=0:
tracelog.error('Fail to save iptables rule')
return 1
else:
tracelog.info('Success to save iptables')
return 0
