def on_deleted(path): """Invoked when a network rule is deleted.""" # Edge case, if the directory where the rules are kept gets removed, # abort if path == rulemgr.path: _LOGGER.critical('Network rules directory was removed: %r', path) utils.sys_exit(1) # The rule is the filename rule_file = os.path.basename(path) _LOGGER.info('Removing %r', rule_file) chain_rule = rulemgr.get_rule(rule_file) if chain_rule is not None: chain, rule = chain_rule iptables.delete_rule(rule, chain=chain) if isinstance(rule, fw.PassThroughRule): if passthrough[rule.src_ip] == 1: # Remove the IPs from the passthrough set passthrough.pop(rule.src_ip) _LOGGER.info('Removing passthrough %r', rule.src_ip) iptables.rm_ip_set(iptables.SET_PASSTHROUGHS, rule.src_ip) iptables.flush_pt_conntrack_table(rule.src_ip) else: passthrough[rule.src_ip] -= 1 else: _LOGGER.warning('Ignoring unparseable file %r', rule_file)
def test_delete_rule(self): """Test generic removal of a rule""" dnat_rule = self.dnat_rules.pop() passthrough_rule = self.passthrough_rules.pop() iptables.delete_rule(dnat_rule, chain='TEST_CHAIN') self.assertEquals( 0, treadmill.iptables.delete_passthrough_rule.call_count ) treadmill.iptables.delete_dnat_rule.assert_called_with( dnat_rule, chain='TEST_CHAIN' ) treadmill.iptables.delete_passthrough_rule.reset_mock() treadmill.iptables.delete_dnat_rule.reset_mock() iptables.delete_rule(passthrough_rule, chain='TEST_CHAIN') treadmill.iptables.delete_passthrough_rule.assert_called_with( passthrough_rule, chain='TEST_CHAIN' ) self.assertEquals( 0, treadmill.iptables.delete_dnat_rule.call_count )