Exemple #1
0
 def natRules(self, nats, custom_rules):
     for line in longComment("nat table"):
         yield line
     yield "*nat"
     for chain in (u"PREROUTING", u"POSTROUTING", u"OUTPUT"):
         yield Counters(chain)
     for line in self.userPreRules('nat'):
         yield line
     for line in self.customRules(custom_rules, 'nat-pre'):
         yield line
     for line in natsRules(self, nats, self.apply_rules):
         yield line
     for line in self.customRules(custom_rules, 'nat-post'):
         yield line
     for line in self.userPostRules('nat'):
         yield line
Exemple #2
0
def iptablesRules(context, component, ruleset, rule_type, identifiers, use_nufw):
    logger = ContextLoggerChild(context, component)
    result = ApplyRulesResult(logger)

    # Not NAT rules in IPv6!
    if rule_type == 'nats':
        rules = ruleset.nats
        use_ipv6 = False
        default_decisions = None
    elif rule_type == 'acls-ipv6':
        rules = ruleset.acls_ipv6
        use_ipv6 = True
        default_decisions = rules.default_decisions
    else:
        rules = ruleset.acls_ipv4
        use_ipv6 = False
        default_decisions = rules.default_decisions
    if identifiers:
        rules = [ rules[id] for id in identifiers ]
    else:
        rules = rules

    options = IptablesOptions()
    options.format = "iptables"
    options.ipv6 = use_ipv6
    options.nufw = use_nufw

    with TemplateInstanciation(ruleset):
        rules = filterRules(result, rules)

        # Create iptables rules
        iptables = IptablesGenerator(logger, default_decisions, options, component.config, result)
        if rule_type != 'nats':
            lines = aclsRules(iptables, rules)
        else:
            lines = natsRules(iptables, rules, result)
        xmlrpc = result.exportXMLRPC()
        xmlrpc['iptables'] = [unicode(line) for line in lines]
        return xmlrpc