def setAttributes(self, attr, is_modify): Rule.setAttributes(self, attr, is_modify) if self.type != NAT_TRANSLATE: self.nated_sources.clear() self.nated_destinations.clear() self.nated_filters.clear() if self.type == NAT_PREROUTING_ACCEPT: self.chain = u'PREROUTING' else: # type == NAT_POSTROUTING_ACCEPT self.chain = u'POSTROUTING' else: if len(self.nated_sources) != 0: self.chain = u'POSTROUTING' else: self.chain = u'PREROUTING'
def referentActionUpdates(self, action, referent, old_attr): old_id = old_attr['id'] # Check that the ACL is a FORWARD rule, referent is an interface and # referent identifier changed if (self.chain != 'FORWARD') \ or not isinstance(referent, InterfaceResource) \ or (referent.id == old_id): return Rule.referentActionUpdates(self, action, referent, old_attr) # the chain is a forward chain, because referent cannot be the firewall # object (read only object) if referent is self.input: input_id = old_id else: input_id = self.input.id if referent is self.output: output_id = old_id else: output_id = self.output.id old_chain_key = (input_id, output_id) new_chain_key = (self.input.id, self.output.id) # add the required updates domain = self.rules.UPDATE_CHAIN_DOMAIN action.addApplyUpdate(Update(domain, "delete", (old_chain_key, -1))) action.addApplyUpdate(Update(domain, "create", (new_chain_key, -1))) action.addUnapplyUpdate(Update(domain, "delete", (new_chain_key, -1))) action.addUnapplyUpdate(Update(domain, "create", (old_chain_key, -1)))
def exportXMLRPC(self, fusion): data = Rule.exportXMLRPC(self, fusion) data['address_type'] = self.address_type data['chain'] = self.chain data['input'] = self.input.getID(fusion) data['output'] = self.output.getID(fusion) return data
def setAttributes(self, attr, is_modify): Rule.setAttributes(self, attr, is_modify) if not self.user_groups: self.applications.clear() self.periodicities.clear() self.durations.clear() self.operating_systems.clear() self.input = getIface(self.sources, self.source_platforms) self.output = getIface(self.destinations, self.destination_platforms) if isinstance(self.input, FirewallResource): self.chain = u'OUTPUT' elif isinstance(self.output, FirewallResource): self.chain = u'INPUT' else: self.chain = u'FORWARD' self.address_type = self.ADDRESS_TYPE if not self.log: self.log_prefix = None
def checkRule(self, apply_rules, recursive=False): if not Rule.checkRule(self, apply_rules, recursive=recursive): return False if self.isForward() and (not self.config.isGateway()): apply_rules.error( tr("The firewall is configured as a local firewall: " "%s can not be generated."), unicode(self)) return False if self.user_groups and (not self.ruleset.useNuFW()): apply_rules.warning( tr("Identity-based Firewall is disabled: %s will not use identity."), unicode(self)) return True
def exportXMLRPC(self, fusion): data = Rule.exportXMLRPC(self, fusion) data['chain'] = self.chain return data
def __init__(self, acls, attr, loader_context=None): self.config = acls.ruleset.config Rule.__init__(self, acls, attr, loader_context)