def ldapRules(context, component, ruleset, rule_type, identifiers): logger = ContextLoggerChild(context, component) result = ApplyRulesResult(logger) if rule_type == 'acls-ipv6': rules = ruleset.acls_ipv6 elif rule_type == 'acls-ipv4': rules = ruleset.acls_ipv4 else: # NuFW (LDAP) doesn't authenticate NAT rules raise RulesetError(tr("LDAP doesn't support rule type: %s"), repr(rule_type)) if identifiers: rules = [ rules[id] for id in identifiers ] else: rules = rules ldap = WriteLdapRules(logger, component.config['ldap']) with TemplateInstanciation(ruleset): rules = filterRules(result, rules) lines = [] for dn, attr in ldap.createRules(rules): lines.append(unicode(dn)) attrs = attr.items() attrs.sort(key=lambda item: item[0]) for key, value in attrs: lines.append(u" %s=%r" % (key, value)) lines.append(u"") xmlrpc = result.exportXMLRPC() xmlrpc['ldap'] = lines return xmlrpc
def applyRules(self): if not self.only_consistency: self.lock_manager.acquire(self.context, "ufwi_ruleset_applyRules") try: if self.ruleset: with TemplateInstanciation(self.ruleset): self.acls_ipv4 = filterRules(self.result, self.acls_ipv4) self.acls_ipv6 = filterRules(self.result, self.acls_ipv6) self.nats = filterRules(self.result, self.nats) self.checkUserGroups() if self.result.errors: return self.result.exportXMLRPC() return self._applyRulesThread() else: return self._applyRulesThread() finally: if not self.only_consistency: self.lock_manager.release(self.context, "ufwi_ruleset_applyRules")
def iptablesRules(context, component, ruleset, rule_type, identifiers, use_nufw): logger = ContextLoggerChild(context, component) result = ApplyRulesResult(logger) # Not NAT rules in IPv6! if rule_type == 'nats': rules = ruleset.nats use_ipv6 = False default_decisions = None elif rule_type == 'acls-ipv6': rules = ruleset.acls_ipv6 use_ipv6 = True default_decisions = rules.default_decisions else: rules = ruleset.acls_ipv4 use_ipv6 = False default_decisions = rules.default_decisions if identifiers: rules = [ rules[id] for id in identifiers ] else: rules = rules options = IptablesOptions() options.format = "iptables" options.ipv6 = use_ipv6 options.nufw = use_nufw with TemplateInstanciation(ruleset): rules = filterRules(result, rules) # Create iptables rules iptables = IptablesGenerator(logger, default_decisions, options, component.config, result) if rule_type != 'nats': lines = aclsRules(iptables, rules) else: lines = natsRules(iptables, rules, result) xmlrpc = result.exportXMLRPC() xmlrpc['iptables'] = [unicode(line) for line in lines] return xmlrpc