def set_loglevel(self, level): '''Sets log level of firewall''' res = "" try: res = self.backend.set_loglevel(level) except UFWError, e: error(e.value)
def set_default_application_policy(self, policy): '''Sets default application policy of firewall''' res = "" try: res = self.backend.set_default_application_policy(policy) except UFWError, e: error(e.value)
def get_show_raw(self, rules_type="raw"): """Shows raw output of firewall""" try: out = self.backend.get_running_raw(rules_type) except UFWError as e: error(e.value) return out
def get_show_raw(self, rules_type="raw"): '''Shows raw output of firewall''' try: out = self.backend.get_running_raw(rules_type) except UFWError as e: # pragma: no cover error(e.value) return out
def get_status(self, verbose=False, show_count=False): '''Shows status of firewall''' try: out = self.backend.get_status(verbose, show_count) except UFWError as e: # pragma: no cover error(e.value) return out
def get_status(self, verbose=False, show_count=False): """Shows status of firewall""" try: out = self.backend.get_status(verbose, show_count) except UFWError as e: error(e.value) return out
class UFWFrontend: '''UI''' def __init__(self, dryrun, backend_type="iptables"): if backend_type == "iptables": try: self.backend = UFWBackendIptables(dryrun) except Exception: raise else: raise UFWError("Unsupported backend type '%s'" % (backend_type)) # Initialize input strings for translations self.no = _("n") self.yes = _("y") self.yes_full = _("yes") def set_enabled(self, enabled): '''Toggles ENABLED state in <config_dir>/ufw/ufw.conf and starts or stops running firewall. ''' res = "" config_str = "no" if enabled: config_str = "yes" changed = False if (enabled and not self.backend.is_enabled()) or \ (not enabled and self.backend.is_enabled()): changed = True # Update the config files when toggling enable/disable if changed: try: self.backend.set_default(self.backend.files['conf'], \ "ENABLED", config_str) except UFWError, e: error(e.value) error_str = "" if enabled: try: self.backend.start_firewall() except UFWError, e: if changed: error_str = e.value if error_str != "": # Revert config files when toggling enable/disable and # firewall failed to start try: self.backend.set_default(self.backend.files['conf'], \ "ENABLED", "no") except UFWError, e: error(e.value) # Report the error error(error_str)
def set_loglevel(self, level): '''Sets log level of firewall''' res = "" try: res = self.backend.set_loglevel(level) except UFWError as e: # pragma: no cover error(e.value) return res
def set_loglevel(self, level): """Sets log level of firewall""" res = "" try: res = self.backend.set_loglevel(level) except UFWError as e: error(e.value) return res
def set_default_application_policy(self, policy): '''Sets default application policy of firewall''' res = "" try: res = self.backend.set_default_application_policy(policy) except UFWError as e: # pragma: no cover error(e.value) return res
def set_default_application_policy(self, policy): """Sets default application policy of firewall""" res = "" try: res = self.backend.set_default_application_policy(policy) except UFWError as e: error(e.value) return res
def set_default_policy(self, policy, direction): '''Sets default policy of firewall''' res = "" try: res = self.backend.set_default_policy(policy, direction) if self.backend.is_enabled(): self.backend.stop_firewall() self.backend.start_firewall() except UFWError, e: error(e.value)
def set_default_policy(self, policy, direction): '''Sets default policy of firewall''' res = "" try: res = self.backend.set_default_policy(policy, direction) if self.backend._is_enabled(): self.backend.stop_firewall() self.backend.start_firewall() except UFWError, e: error(e.value)
def set_default_policy(self, policy, direction): """Sets default policy of firewall""" res = "" try: res = self.backend.set_default_policy(policy, direction) if self.backend.is_enabled(): self.backend.stop_firewall() self.backend.start_firewall() except UFWError as e: error(e.value) return res
def set_default_policy(self, policy, direction): '''Sets default policy of firewall''' res = "" try: res = self.backend.set_default_policy(policy, direction) if self.backend.is_enabled(): self.backend.stop_firewall() self.backend.start_firewall() except UFWError as e: # pragma: no cover error(e.value) return res
def initcaps(self): '''Initialize the capabilities database. This needs to be called before accessing the database.''' # Only initialize if not initialized already if self.caps is not None: return self.caps = {} self.caps['limit'] = {} # Set defaults for dryrun, non-root, etc self.caps['limit']['4'] = True self.caps['limit']['6'] = False # historical default for the testsuite # Try to get capabilities from the running system if root if self.do_checks and os.getuid( ) == 0 and not self.dryrun: # pragma: no coverage # v4 try: nf_caps = ufw.util.get_netfilter_capabilities(self.iptables) except OSError as e: msg = "initcaps\n%s" % e if self.is_enabled(): error(msg) warn(msg) return if 'recent-set' in nf_caps and 'recent-update' in nf_caps: self.caps['limit']['4'] = True else: self.caps['limit']['4'] = False # v6 (skip capabilities check for ipv6 if ipv6 is disabled in ufw # because the system may not have ipv6 support (LP: #1039729) if self.use_ipv6(): try: nf_caps = ufw.util.get_netfilter_capabilities( self.ip6tables) except OSError as e: error("initcaps\n%s" % e) if 'recent-set' in nf_caps and 'recent-update' in nf_caps: self.caps['limit']['6'] = True else: self.caps['limit']['6'] = False
def set_enabled(self, enabled): '''Toggles ENABLED state in <config_dir>/ufw/ufw.conf and starts or stops running firewall. ''' res = "" config_str = "no" if enabled: config_str = "yes" changed = False if (enabled and not self.backend.is_enabled()) or \ (not enabled and self.backend.is_enabled()): changed = True # Update the config files when toggling enable/disable if changed: try: self.backend.set_default(self.backend.files['conf'], \ "ENABLED", config_str) except UFWError as e: # pragma: no cover error(e.value) error_str = "" if enabled: try: self.backend.start_firewall() except UFWError as e: # pragma: no cover if changed: error_str = e.value if error_str != "": # pragma: no cover # Revert config files when toggling enable/disable and # firewall failed to start try: self.backend.set_default(self.backend.files['conf'], \ "ENABLED", "no") except UFWError as e: error(e.value) # Report the error error(error_str) res = _("Firewall is active and enabled on system startup") else: try: self.backend.stop_firewall() except UFWError as e: # pragma: no cover error(e.value) res = _("Firewall stopped and disabled on system startup") return res
def set_enabled(self, enabled): """Toggles ENABLED state in <config_dir>/ufw/ufw.conf and starts or stops running firewall. """ res = "" config_str = "no" if enabled: config_str = "yes" changed = False if (enabled and not self.backend.is_enabled()) or (not enabled and self.backend.is_enabled()): changed = True # Update the config files when toggling enable/disable if changed: try: self.backend.set_default(self.backend.files["conf"], "ENABLED", config_str) except UFWError, e: error(e.value)
def parse_command(argv): '''Parse command. Returns tuple for action, rule, ip_version and dryrun.''' p = ufw.parser.UFWParser() # Basic commands for i in ['enable', 'disable', 'help', '--help', 'version', '--version', \ 'reload', 'reset' ]: p.register_command(ufw.parser.UFWCommandBasic(i)) # Application commands for i in ['list', 'info', 'default', 'update']: p.register_command(ufw.parser.UFWCommandApp(i)) # Logging commands for i in ['on', 'off', 'low', 'medium', 'high', 'full']: p.register_command(ufw.parser.UFWCommandLogging(i)) # Default commands for i in ['allow', 'deny', 'reject']: p.register_command(ufw.parser.UFWCommandDefault(i)) # Status commands ('status', 'status verbose', 'status numbered') for i in [None, 'verbose', 'numbered']: p.register_command(ufw.parser.UFWCommandStatus(i)) # Show commands for i in ['raw', 'before-rules', 'user-rules', 'after-rules', \ 'logging-rules', 'builtins', 'listening', 'added']: p.register_command(ufw.parser.UFWCommandShow(i)) # Rule commands rule_commands = ['allow', 'limit', 'deny', 'reject', 'insert', 'delete'] for i in rule_commands: p.register_command(ufw.parser.UFWCommandRule(i)) p.register_command(ufw.parser.UFWCommandRouteRule(i)) # Don't require the user to have to specify 'rule' as the command. Instead # insert 'rule' into the arguments if this is a rule command. if len(argv) > 2: idx = 1 if argv[idx].lower() == "--dry-run": idx = 2 if argv[idx].lower() != "default" and \ argv[idx].lower() != "route" and \ argv[idx].lower() in rule_commands: argv.insert(idx, 'rule') if len(argv) < 2 or ('--dry-run' in argv and len(argv) < 3): error("not enough args") # pragma: no cover try: pr = p.parse_command(argv[1:]) except UFWError as e: error("%s" % (e.value)) # pragma: no cover except Exception: error("Invalid syntax", do_exit=False) raise return pr
def parse_command(argv): '''Parse command. Returns tuple for action, rule, ip_version and dryrun.''' p = ufw.parser.UFWParser() # Basic commands for i in ['enable', 'disable', 'help', '--help', 'version', '--version', \ 'reload', 'reset' ]: p.register_command(ufw.parser.UFWCommandBasic(i)) # Application commands for i in ['list', 'info', 'default', 'update']: p.register_command(ufw.parser.UFWCommandApp(i)) # Logging commands for i in ['on', 'off', 'low', 'medium', 'high', 'full']: p.register_command(ufw.parser.UFWCommandLogging(i)) # Default commands for i in ['allow', 'deny', 'reject']: p.register_command(ufw.parser.UFWCommandDefault(i)) # Status commands ('status', 'status verbose', 'status numbered') for i in [None, 'verbose', 'numbered']: p.register_command(ufw.parser.UFWCommandStatus(i)) # Show commands for i in ['raw', 'before-rules', 'user-rules', 'after-rules', \ 'logging-rules', 'builtins', 'listening', 'added']: p.register_command(ufw.parser.UFWCommandShow(i)) # Rule commands rule_commands = ['allow', 'limit', 'deny' , 'reject', 'insert', 'delete'] for i in rule_commands: p.register_command(ufw.parser.UFWCommandRule(i)) p.register_command(ufw.parser.UFWCommandRouteRule(i)) # Don't require the user to have to specify 'rule' as the command. Instead # insert 'rule' into the arguments if this is a rule command. if len(argv) > 2: idx = 1 if argv[idx].lower() == "--dry-run": idx = 2 if argv[idx].lower() != "default" and \ argv[idx].lower() != "route" and \ argv[idx].lower() in rule_commands: argv.insert(idx, 'rule') if len(argv) < 2 or ('--dry-run' in argv and len(argv) < 3): error("not enough args") # pragma: no cover try: pr = p.parse_command(argv[1:]) except UFWError as e: error("%s" % (e.value)) # pragma: no cover except Exception: error("Invalid syntax", do_exit=False) raise return pr
def set_enabled(self, enabled): '''Toggles ENABLED state in <config_dir>/ufw/ufw.conf and starts or stops running firewall. ''' res = "" config_str = "no" if enabled: config_str = "yes" changed = False if (enabled and not self.backend.is_enabled()) or \ (not enabled and self.backend.is_enabled()): changed = True # Update the config files when toggling enable/disable if changed: try: self.backend.set_default(self.backend.files['conf'], \ "ENABLED", config_str) except UFWError, e: error(e.value)
def initcaps(self): '''Initialize the capabilities database. This needs to be called before accessing the database.''' # Only initialize if not initialized already if self.caps != None: return self.caps = {} self.caps['limit'] = {} # Set defaults for dryrun, non-root, etc self.caps['limit']['4'] = True self.caps['limit']['6'] = False # historical default for the testsuite # Try to get capabilities from the running system if root if self.do_checks and os.getuid() == 0 and not self.dryrun: # pragma: no coverage # v4 try: nf_caps = ufw.util.get_netfilter_capabilities(self.iptables) except OSError as e: error("initcaps\n%s" % e) if 'recent-set' in nf_caps and 'recent-update' in nf_caps: self.caps['limit']['4'] = True else: self.caps['limit']['4'] = False # v6 (skip capabilities check for ipv6 if ipv6 is disabled in ufw # because the system may not have ipv6 support (LP: #1039729) if self.use_ipv6(): try: nf_caps = ufw.util.get_netfilter_capabilities(self.ip6tables) except OSError as e: error("initcaps\n%s" % e) if 'recent-set' in nf_caps and 'recent-update' in nf_caps: self.caps['limit']['6'] = True else: self.caps['limit']['6'] = False
def parse_command(argv): """Parse command. Returns tuple for action, rule, ip_version and dryrun.""" p = ufw.parser.UFWParser() # Basic commands for i in ["enable", "disable", "help", "--help", "version", "--version", "reload", "reset"]: p.register_command(ufw.parser.UFWCommandBasic(i)) # Application commands for i in ["list", "info", "default", "update"]: p.register_command(ufw.parser.UFWCommandApp(i)) # Logging commands for i in ["on", "off", "low", "medium", "high", "full"]: p.register_command(ufw.parser.UFWCommandLogging(i)) # Default commands for i in ["allow", "deny", "reject"]: p.register_command(ufw.parser.UFWCommandDefault(i)) # Status commands ('status', 'status verbose', 'status numbered') for i in [None, "verbose", "numbered"]: p.register_command(ufw.parser.UFWCommandStatus(i)) # Show commands for i in ["raw", "before-rules", "user-rules", "after-rules", "logging-rules", "builtins", "listening", "added"]: p.register_command(ufw.parser.UFWCommandShow(i)) # Rule commands rule_commands = ["allow", "limit", "deny", "reject", "insert", "delete"] for i in rule_commands: p.register_command(ufw.parser.UFWCommandRule(i)) # Don't require the user to have to specify 'rule' as the command. Instead # insert 'rule' into the arguments if this is a rule command. if len(argv) > 2: idx = 1 if argv[idx].lower() == "--dry-run": idx = 2 if argv[idx].lower() != "default" and argv[idx].lower() in rule_commands: argv.insert(idx, "rule") if len(argv) < 2 or ("--dry-run" in argv and len(argv) < 3): error("not enough args") try: pr = p.parse_command(argv[1:]) except UFWError as e: error("%s" % (e.value)) except Exception: error("Invalid syntax", do_exit=False) raise return pr
def get_status(self, verbose=False, show_count=False): '''Shows status of firewall''' try: out = self.backend.get_status(verbose, show_count) except UFWError, e: error(e.value)
def do_action(self, action, rule, ip_version, force=False): '''Perform action on rule. action, rule and ip_version are usually based on return values from parse_command(). ''' res = "" if action.startswith("logging-on"): tmp = action.split('_') if len(tmp) > 1: res = self.set_loglevel(tmp[1]) else: res = self.set_loglevel("on") elif action == "logging-off": res = self.set_loglevel("off") elif action.startswith("default-"): err_msg = _("Unsupported default policy") tmp = action.split('-') if len(tmp) != 3: raise UFWError(err_msg) res = self.set_default_policy(tmp[1], tmp[2]) elif action == "reset": res = self.reset(force) elif action == "status": res = self.get_status() elif action == "status-verbose": res = self.get_status(True) elif action.startswith("show"): tmp = action.split('-')[1] if tmp == "listening": res = self.get_show_listening() elif tmp == "added": res = self.get_show_added() else: res = self.get_show_raw(tmp) elif action == "status-numbered": res = self.get_status(False, True) elif action == "enable": res = self.set_enabled(True) elif action == "disable": res = self.set_enabled(False) elif action == "reload": if self.backend.is_enabled(): self.set_enabled(False) self.set_enabled(True) res = _("Firewall reloaded") else: res = _("Firewall not enabled (skipping reload)") elif action.startswith("delete-"): res = self.delete_rule(action.split('-')[1], force) elif action == "allow" or action == "deny" or action == "reject" or \ action == "limit": # allow case insensitive matches for application rules if rule.dapp != "": try: tmp = self.backend.find_application_name(rule.dapp) if tmp != rule.dapp: rule.dapp = tmp rule.set_port(tmp, "dst") except UFWError as e: # allow for the profile being deleted (LP: #407810) if not rule.remove: # pragma: no cover error(e.value) if not ufw.applications.valid_profile_name(rule.dapp): err_msg = _("Invalid profile name") raise UFWError(err_msg) if rule.sapp != "": try: tmp = self.backend.find_application_name(rule.sapp) if tmp != rule.sapp: rule.sapp = tmp rule.set_port(tmp, "dst") except UFWError as e: # allow for the profile being deleted (LP: #407810) if not rule.remove: # pragma: no cover error(e.value) if not ufw.applications.valid_profile_name(rule.sapp): err_msg = _("Invalid profile name") raise UFWError(err_msg) res = self.set_rule(rule, ip_version) else: err_msg = _("Unsupported action '%s'") % (action) raise UFWError(err_msg) return res
def set_rule(self, rule, ip_version): '''Updates firewall with rule''' res = "" err_msg = "" tmp = "" rules = [] if rule.dapp == "" and rule.sapp == "": rules.append(rule) else: tmprules = [] try: if rule.remove: if ip_version == "v4": tmprules = self.backend.get_app_rules_from_system( rule, False) elif ip_version == "v6": tmprules = self.backend.get_app_rules_from_system( rule, True) elif ip_version == "both": tmprules = self.backend.get_app_rules_from_system( rule, False) tmprules6 = self.backend.get_app_rules_from_system( rule, True) # Only add rules that are different by more than v6 (we # will handle 'ip_version == both' specially, below). for x in tmprules: for y in tmprules6: prev6 = y.v6 y.v6 = False if not x.match(y): y.v6 = prev6 tmprules.append(y) else: err_msg = _("Invalid IP version '%s'") % (ip_version) raise UFWError(err_msg) # Don't process removal of non-existing application rules if len(tmprules) == 0 and not self.backend.dryrun: tmp = _("Could not delete non-existent rule") if ip_version == "v4": res = tmp elif ip_version == "v6": res = tmp + " (v6)" elif ip_version == "both": res = tmp + "\n" + tmp + " (v6)" return res for tmp in tmprules: r = tmp.dup_rule() r.remove = rule.remove r.set_action(rule.action) r.set_logtype(rule.logtype) rules.append(r) else: rules = self.backend.get_app_rules_from_template(rule) # Reverse the order of rules for inserted rules, so they # are inserted in the right order if rule.position > 0: rules.reverse() except Exception: raise count = 0 set_error = False pos_err_msg = _("Invalid position '") num_v4 = self.backend.get_rules_count(False) num_v6 = self.backend.get_rules_count(True) for i, r in enumerate(rules): count = i if r.position > num_v4 + num_v6: pos_err_msg += str(r.position) + "'" raise UFWError(pos_err_msg) try: if self.backend.use_ipv6(): if ip_version == "v4": if r.position > num_v4: pos_err_msg += str(r.position) + "'" raise UFWError(pos_err_msg) r.set_v6(False) tmp = self.backend.set_rule(r) elif ip_version == "v6": if r.position > num_v4: r.set_position(r.position - num_v4) elif r.position != 0 and r.position <= num_v4: pos_err_msg += str(r.position) + "'" raise UFWError(pos_err_msg) r.set_v6(True) tmp = self.backend.set_rule(r) elif ip_version == "both": user_pos = r.position # user specified position r.set_v6(False) if not r.remove and user_pos > num_v4: # The user specified a v6 rule, so try to find a # match in the v4 rules and use its position. p = self.backend.find_other_position( \ user_pos - num_v4 + count, True) if p > 0: r.set_position(p) else: # If not found, then add the rule r.set_position(0) tmp = self.backend.set_rule(r) # We need to readjust the position since the number # the number of ipv4 rules increased if not r.remove and user_pos > 0: num_v4 = self.backend.get_rules_count(False) r.set_position(user_pos + 1) r.set_v6(True) if not r.remove and r.position > 0 and \ r.position <= num_v4: # The user specified a v4 rule, so try to find a # match in the v6 rules and use its position. p = self.backend.find_other_position(r.position, \ False) if p > 0: # Subtract count since the list is reversed r.set_position(p - count) else: # If not found, then add the rule r.set_position(0) if tmp != "": tmp += "\n" # Readjust position to send to set_rule if not r.remove and r.position > num_v4: r.set_position(r.position - num_v4) tmp += self.backend.set_rule(r) else: err_msg = _("Invalid IP version '%s'") % (ip_version) raise UFWError(err_msg) else: if ip_version == "v4" or ip_version == "both": r.set_v6(False) tmp = self.backend.set_rule(r) elif ip_version == "v6": err_msg = _("IPv6 support not enabled") raise UFWError(err_msg) else: err_msg = _("Invalid IP version '%s'") % (ip_version) raise UFWError(err_msg) except UFWError as e: err_msg = e.value set_error = True break if r.updated: warn_msg = _("Rule changed after normalization") warnings.warn(warn_msg) if not set_error: # Just return the last result if no error res += tmp elif len(rules) == 1: # If no error, and just one rule, error out error(err_msg) # pragma: no cover else: # If error and more than one rule, delete the successfully added # rules in reverse order undo_error = False indexes = list(range(count + 1)) indexes.reverse() for j in indexes: if count > 0 and rules[j]: backout_rule = rules[j].dup_rule() backout_rule.remove = True try: self.set_rule(backout_rule, ip_version) except Exception: # Don't fail, so we can try to backout more undo_error = True warn_msg = _("Could not back out rule '%s'") % \ r.format_rule() warn(warn_msg) err_msg += _("\nError applying application rules.") if undo_error: err_msg += _(" Some rules could not be unapplied.") else: err_msg += _(" Attempted rules successfully unapplied.") raise UFWError(err_msg) return res
def get_show_raw(self, rules_type="raw"): '''Shows raw output of firewall''' try: out = self.backend.get_running_raw(rules_type) except UFWError, e: error(e.value)
def set_rule(self, rule, ip_version): '''Updates firewall with rule''' res = "" err_msg = "" tmp = "" rules = [] if rule.dapp == "" and rule.sapp == "": rules.append(rule) else: tmprules = [] try: if rule.remove: if ip_version == "v4": tmprules = self.backend.get_app_rules_from_system( rule, False) elif ip_version == "v6": tmprules = self.backend.get_app_rules_from_system( rule, True) elif ip_version == "both": tmprules = self.backend.get_app_rules_from_system( rule, False) tmprules6 = self.backend.get_app_rules_from_system( rule, True) # Only add rules that are different by more than v6 (we # will handle 'ip_version == both' specially, below). for x in tmprules: for y in tmprules6: prev6 = y.v6 y.v6 = False if not x.match(y): y.v6 = prev6 tmprules.append(y) else: err_msg = _("Invalid IP version '%s'") % (ip_version) raise UFWError(err_msg) # Don't process removal of non-existing application rules if len(tmprules) == 0 and not self.backend.dryrun: tmp = _("Could not delete non-existent rule") if ip_version == "v4": res = tmp elif ip_version == "v6": res = tmp + " (v6)" elif ip_version == "both": res = tmp + "\n" + tmp + " (v6)" return res for tmp in tmprules: r = tmp.dup_rule() r.remove = rule.remove r.set_action(rule.action) r.set_logtype(rule.logtype) rules.append(r) else: rules = self.backend.get_app_rules_from_template(rule) # Reverse the order of rules for inserted rules, so they # are inserted in the right order if rule.position > 0: rules.reverse() except Exception: raise count = 0 set_error = False pos_err_msg = _("Invalid position '") num_v4 = self.backend.get_rules_count(False) num_v6 = self.backend.get_rules_count(True) for i, r in enumerate(rules): count = i if r.position > num_v4 + num_v6: pos_err_msg += str(r.position) + "'" raise UFWError(pos_err_msg) try: if self.backend.use_ipv6(): if ip_version == "v4": if r.position > num_v4: pos_err_msg += str(r.position) + "'" raise UFWError(pos_err_msg) r.set_v6(False) tmp = self.backend.set_rule(r) elif ip_version == "v6": if r.position > num_v4: r.set_position(r.position - num_v4) elif r.position != 0 and r.position <= num_v4: pos_err_msg += str(r.position) + "'" raise UFWError(pos_err_msg) r.set_v6(True) tmp = self.backend.set_rule(r) elif ip_version == "both": user_pos = r.position # user specified position r.set_v6(False) if not r.remove and user_pos > num_v4: # The user specified a v6 rule, so try to find a # match in the v4 rules and use its position. p = self.backend.find_other_position( \ user_pos - num_v4 + count, True) if p > 0: r.set_position(p) else: # If not found, then add the rule r.set_position(0) tmp = self.backend.set_rule(r) # We need to readjust the position since the number # the number of ipv4 rules increased if not r.remove and user_pos > 0: num_v4 = self.backend.get_rules_count(False) r.set_position(user_pos + 1) r.set_v6(True) if not r.remove and r.position > 0 and \ r.position <= num_v4: # The user specified a v4 rule, so try to find a # match in the v6 rules and use its position. p = self.backend.find_other_position(r.position, \ False) if p > 0: # Subtract count since the list is reversed r.set_position(p - count) else: # If not found, then add the rule r.set_position(0) if tmp != "": tmp += "\n" # Readjust position to send to set_rule if not r.remove and r.position > num_v4: r.set_position(r.position - num_v4) tmp += self.backend.set_rule(r) else: err_msg = _("Invalid IP version '%s'") % (ip_version) raise UFWError(err_msg) else: if ip_version == "v4" or ip_version == "both": r.set_v6(False) tmp = self.backend.set_rule(r) elif ip_version == "v6": err_msg = _("IPv6 support not enabled") raise UFWError(err_msg) else: err_msg = _("Invalid IP version '%s'") % (ip_version) raise UFWError(err_msg) except UFWError as e: err_msg = e.value set_error = True break if r.updated: warn_msg = _("Rule changed after normalization") warnings.warn(warn_msg) if not set_error: # Just return the last result if no error res += tmp elif len(rules) == 1: # If no error, and just one rule, error out error(err_msg) # pragma: no cover else: # If error and more than one rule, delete the successfully added # rules in reverse order undo_error = False indexes = list(range(count+1)) indexes.reverse() for j in indexes: if count > 0 and rules[j]: backout_rule = rules[j].dup_rule() backout_rule.remove = True try: self.set_rule(backout_rule, ip_version) except Exception: # Don't fail, so we can try to backout more undo_error = True warn_msg = _("Could not back out rule '%s'") % \ r.format_rule() warn(warn_msg) err_msg += _("\nError applying application rules.") if undo_error: err_msg += _(" Some rules could not be unapplied.") else: err_msg += _(" Attempted rules successfully unapplied.") raise UFWError(err_msg) return res
# firewall failed to start try: self.backend.set_default(self.backend.files['conf'], \ "ENABLED", "no") except UFWError, e: error(e.value) # Report the error error(error_str) res = _("Firewall is active and enabled on system startup") else: try: self.backend.stop_firewall() except UFWError, e: error(e.value) res = _("Firewall stopped and disabled on system startup") return res def set_default_policy(self, policy, direction): '''Sets default policy of firewall''' res = "" try: res = self.backend.set_default_policy(policy, direction) if self.backend._is_enabled(): self.backend.stop_firewall() self.backend.start_firewall() except UFWError, e: error(e.value)
# firewall failed to start try: self.backend.set_default(self.backend.files['conf'], \ "ENABLED", "no") except UFWError, e: error(e.value) # Report the error error(error_str) res = _("Firewall is active and enabled on system startup") else: try: self.backend.stop_firewall() except UFWError, e: error(e.value) res = _("Firewall stopped and disabled on system startup") return res def set_default_policy(self, policy, direction): '''Sets default policy of firewall''' res = "" try: res = self.backend.set_default_policy(policy, direction) if self.backend.is_enabled(): self.backend.stop_firewall() self.backend.start_firewall() except UFWError, e: error(e.value)
def get_show_raw(self, set="raw"): '''Shows raw output of firewall''' try: out = self.backend.get_running_raw(set) except UFWError, e: error(e.value)