def checkNetworkInclusion(parent, networks):
interface = None
for group1, group2 in combinaisons2(networks):
for new_resource in flattenNetwork(group1):
# Ensure that all networks are part of the same network interface
if interface is None:
interface = new_resource.interface
elif new_resource.interface != interface:
raise RulesetError(
tr('Error in %s: the %s network (%s interface) is not part of the %s interface!'),
unicode(parent), group1.formatID(), new_resource.interface.formatID(), interface.formatID())
# Check network inclusion
for resource in flattenNetwork(group2):
if resource.match(new_resource):
raise RulesetError(
tr('Error in %s: the %s network is already part of the %s network!'),
unicode(parent), new_resource.formatID(), group2.formatID())
if new_resource.match(resource):
raise RulesetError(
tr('Error in %s: the %s network is already part of the %s network!'),
unicode(parent), resource.formatID(), group1.formatID())
def checkConsistency(self, loader_context=None):
if not (self.sources | self.source_platforms):
raise RulesetError(
tr("%s has no source."),
unicode(self))
if not (self.destinations | self.destination_platforms):
raise RulesetError(
tr("%s has no destination."),
unicode(self))
if not((self.source_platforms | self.destination_platforms) or self.protocols):
raise RulesetError(
tr("%s has no protocol."),
unicode(self))
if self.sources and self.source_platforms:
raise RulesetError(
tr("%s source can not associate a platform with another type of object."),
unicode(self))
if self.destinations and self.destination_platforms:
raise RulesetError(
tr("%s destination can not associate a platform with another type of object."),
unicode(self))
if self.source_platforms and self.destination_platforms:
raise RulesetError(tr('Platforms can not be used '
'concurrently in source and destination'))
if ((self.source_platforms or self.destination_platforms)
and self.protocols):
raise RulesetError(
tr('Protocols can not be used together with platforms.'))
checkNetworkInclusion(self, self.sources)
checkNetworkInclusion(self, self.destinations)
checkNetworkInclusion(self, flattenNetwork(self.source_platforms))
checkNetworkInclusion(self, flattenNetwork(self.destination_platforms))
if isinstance(self.input, FirewallResource) \
and isinstance(self.output, FirewallResource):
raise RulesetError(tr("The firewall can not be the source and the destination of a rule!"))
if self.user_groups:
if not self.isForward():
raise RulesetError(
tr("INPUT/OUTPUT rules (%s) can not use identity!"),
unicode(self))
for protocol in self.listAllProtocols():
if protocol.layer4 in (u'tcp', u'udp'):
continue
raise RulesetError(tr("The protocol %s of the %s cannot be identified."),
protocol.formatID(), unicode(self))
if 1 < len(self.periodicities):
raise RulesetError(
tr("%s can not use more than one time criterion!"),
unicode(self))
if 1 < len(self.durations):
raise RulesetError(
tr("%s can not use more than one duration!"),
unicode(self))
if 1 < len(self.periodicities) + len(self.durations):
raise RulesetError(
tr("%s can not use one period and one duration!"),
unicode(self))
address_types = createAddressTypes(
self.getSources(),
self.getDestinations(),
self.listAllProtocols())
if self.address_type not in address_types:
raise RulesetError(self.ADDRESS_TYPE_ERROR)
