def moveRule(self, context, rule_type, identifier, delta):
identifier = getInteger(identifier)
rules = self.getRuleset(context).getRuleList(rule_type)
rule = rules[identifier]
chain = rules.getAclChain(rule)
new_order = chain.getOrder(rule) + delta
updates = rules.moveAt(rule, new_order)
self.saveSession(context)
return updates
def service_moveRule(self, context, rule_type, identifier, new_order):
"""
Move a rule to the new specific order (in the same chain).
"""
identifier = getInteger(identifier)
rules = self.getRuleset(context).getRuleList(rule_type)
updates = rules.moveAt(rules[identifier], new_order)
self.saveSession(context)
return updates
def service_ruleClone(self, context, rule_type, acl_id):
"""
Clone an ACL: acl_id is its identifier.
"""
acl_id = getInteger(acl_id)
ruleset = self.getRuleset(context)
rules = ruleset.getRuleList(rule_type)
updates = rules.clone(acl_id)
self.saveSession(context)
return updates
def service_ruleChange(self, context, rule_type, acl_id, new_values):
"""
Change attributes of an ACL:
- acl_id: acl identifier (unicode)
- new_values: dictionary (attribute name => value)
"""
acl_id = getInteger(acl_id)
acls = self.getRuleset(context).getRuleList(rule_type)
acl = acls[acl_id]
updates = acls.modifyObject(acl, new_values, False)
self.saveSession(context)
return updates
def service_getRule(self, context, rule_type, rule_id, fusion=None):
"""
Get a ACL or NAT rule. Arguments:
- rule_type: possible values are
* "acls-ipv4" (IPv4 ACL)
* "acls-ipv6" (IPv6 ACL)
* "nats" (IPv4 NAT)
- rule_id (integer): rule identifier
- fusion (boolean): if True, replace generic networks / user groups by
physical networks / user groups
Result is a dictionary with the following keys.
Common keys:
- mandatory keys
* id (integer): unique rule identifier
* mandatory (boolean): True if the rule is mandatory
* enabled (boolean): ACL is enabled? (bool)
* sources (list of unicode): List of network identifiers
* destinations (list of unicode): List of network identifiers
- optional keys:
* comment (unicode): Comment
ACL keys:
- mandatory keys:
* decision (unicode): 'ACCEPT', 'DROP' or 'REJECT'
* protocols (list of unicode): List of protocol identifiers
* address_type (unicode): IPV4_ADDRESS or IPV6_ADDRESS
* input (unicode): Identifier of the input interface
* output (unicode): Identifier of the output interface
* chain (unicode): 'INPUT', 'OUTPUT' or 'FORWARD'
* log (boolean): Log connections or not?
- optional keys:
* user_groups (list of unicode): List of user group identifiers
* applications (list of unicode): List of application identifiers
* operating_systems (list of unicode): List of operating system identifiers
* periodicities (list of unicode): List of periodicity identifiers
* durations (list of unicode): List of duration identifiers
* log_prefix (unciode): Prefix of an log entry
NAT keys:
- mandatory keys:
* filters (list of unicode): List of protocol identifiers
* nated_sources (list of unicode): List of translated network identifiers
* nated_destinations (list of unicode): List of translated network identifiers
* nated_filters (list of unicode): List of translated protocol identifiers
* chain (unicode): 'PREROUTING' or 'POSTROUTING'
A rule identifier is only unique in its list. Eg. you can have an IPv4
ACL and an IPv6 ACL with the same identifier. Use (rule_type, rule_id)
for a global unique identifier.
"""
rule_type = getUnicode(rule_type)
rule_id = getInteger(rule_id)
fusion = self.getFusion(context, fusion)
rules = self.getRuleset(context).getRuleList(rule_type)
rule = rules[rule_id]
return rule.exportXMLRPC(fusion)
