def natRules(self, nats, custom_rules): for line in longComment("nat table"): yield line yield "*nat" for chain in (u"PREROUTING", u"POSTROUTING", u"OUTPUT"): yield Counters(chain) for line in self.userPreRules('nat'): yield line for line in self.customRules(custom_rules, 'nat-pre'): yield line for line in natsRules(self, nats, self.apply_rules): yield line for line in self.customRules(custom_rules, 'nat-post'): yield line for line in self.userPostRules('nat'): yield line
def iptablesRules(context, component, ruleset, rule_type, identifiers, use_nufw): logger = ContextLoggerChild(context, component) result = ApplyRulesResult(logger) # Not NAT rules in IPv6! if rule_type == 'nats': rules = ruleset.nats use_ipv6 = False default_decisions = None elif rule_type == 'acls-ipv6': rules = ruleset.acls_ipv6 use_ipv6 = True default_decisions = rules.default_decisions else: rules = ruleset.acls_ipv4 use_ipv6 = False default_decisions = rules.default_decisions if identifiers: rules = [ rules[id] for id in identifiers ] else: rules = rules options = IptablesOptions() options.format = "iptables" options.ipv6 = use_ipv6 options.nufw = use_nufw with TemplateInstanciation(ruleset): rules = filterRules(result, rules) # Create iptables rules iptables = IptablesGenerator(logger, default_decisions, options, component.config, result) if rule_type != 'nats': lines = aclsRules(iptables, rules) else: lines = natsRules(iptables, rules, result) xmlrpc = result.exportXMLRPC() xmlrpc['iptables'] = [unicode(line) for line in lines] return xmlrpc