def start():
# Clear chains & rules
iptables.clear()
# Load rules
profile, save_filter, save_nat, save_mangle, save_raw = getProfile()
save = {
"filter": save_filter,
"nat": save_nat,
"mangle": save_mangle,
"raw": save_raw,
}
profile_file = os.path.join('/var/lib/iptables', profile)
profile_changes = '%s.diff' % profile_file
base = {}
changes = {}
allowed_chains = {}
for table in iptables.chains:
allowed_chains[table] = save[table].split()
# Load base rules
if os.path.isfile(profile_file):
rules = file(profile_file).read()
base = iptables.parseConf(rules)
iptables.restoreRules(rules)
# Load allowed changes done in previous session
if os.path.isfile(profile_changes):
rules = file(profile_changes).read()
changes = iptables.parseConf(rules)
diff = iptables.filterDict(iptables.diffDict(changes, base),
allowed_chains)
iptables.restoreRules(iptables.makeConf(diff), flush=False)
# Create lock file
writeFile(lock_file, '')
def stop():
# Save rules
profile, save_filter, save_nat, save_mangle, save_raw = getProfile()
save = {
"filter": save_filter,
"nat": save_nat,
"mangle": save_mangle,
"raw": save_raw,
}
profile_file = os.path.join('/var/lib/iptables', profile)
profile_changes = '%s.diff' % profile_file
base = {}
changes = {}
allowed_chains = {}
for table in iptables.chains:
allowed_chains[table] = save[table].split()
# Get base rules from /var/lib/iptables/<profile>
if os.path.isfile(profile_file):
rules = file(profile_file).read()
base = iptables.parseConf(rules)
changes = iptables.parseConf(iptables.getRules())
# Save allowed changes to /var/lib/iptables/<profile>.diff
diff = iptables.filterDict(iptables.diffDict(changes, base),
allowed_chains)
writeFile(profile_changes, iptables.makeConf(diff))
# Clear chains & rules
iptables.clear()
# Remove lock file
if os.access(lock_file, os.F_OK):
os.unlink(lock_file)
def start():
# Clear chains & rules
iptables.clear()
# Load rules
profile, save_filter, save_nat, save_mangle, save_raw = getProfile()
save = {
"filter": save_filter,
"nat": save_nat,
"mangle": save_mangle,
"raw": save_raw,
}
profile_file = os.path.join('/var/lib/iptables', profile)
profile_changes = '%s.diff' % profile_file
base = {}
changes = {}
allowed_chains = {}
for table in iptables.chains:
allowed_chains[table] = save[table].split()
# Load base rules
if os.path.isfile(profile_file):
rules = file(profile_file).read()
base = iptables.parseConf(rules)
iptables.restoreRules(rules)
# Load allowed changes done in previous session
if os.path.isfile(profile_changes):
rules = file(profile_changes).read()
changes = iptables.parseConf(rules)
diff = iptables.filterDict(iptables.diffDict(changes, base), allowed_chains)
iptables.restoreRules(iptables.makeConf(diff), flush=False)
# Create lock file
writeFile(lock_file, '')
def stop():
# Save rules
profile, save_filter, save_nat, save_mangle, save_raw = getProfile()
save = {
"filter": save_filter,
"nat": save_nat,
"mangle": save_mangle,
"raw": save_raw,
}
profile_file = os.path.join('/var/lib/iptables', profile)
profile_changes = '%s.diff' % profile_file
base = {}
changes = {}
allowed_chains = {}
for table in iptables.chains:
allowed_chains[table] = save[table].split()
# Get base rules from /var/lib/iptables/<profile>
if os.path.isfile(profile_file):
rules = file(profile_file).read()
base = iptables.parseConf(rules)
changes = iptables.parseConf(iptables.getRules())
# Save allowed changes to /var/lib/iptables/<profile>.diff
diff = iptables.filterDict(iptables.diffDict(changes, base), allowed_chains)
writeFile(profile_changes, iptables.makeConf(diff))
# Clear chains & rules
iptables.clear()
# Remove lock file
if os.access(lock_file, os.F_OK):
os.unlink(lock_file)
def getRules():
"""Get user defined rules."""
state = call(script(), "System.Service", "info")[2]
if state in ["off", "stopped"]:
fail("FW is offline")
profile, save_filter, save_nat, save_mangle, save_raw = getProfile()
save = {
"filter": save_filter,
"nat": save_nat,
"mangle": save_mangle,
"raw": save_raw,
}
profile_file = os.path.join("/var/lib/iptables/", profile)
base = {}
changes = {}
allowed_chains = {}
for table in iptables.chains:
allowed_chains[table] = save[table].split()
# Get base rules from /var/lib/iptables/<profile>
if os.path.isfile(profile_file):
rules = file(profile_file).read()
base = iptables.parseConf(rules)
changes = iptables.parseConf(iptables.getRules())
# Get user defined rules in filter table
diff = iptables.filterDict(iptables.diffDict(changes, base), allowed_chains)
ret = []
for table in diff:
for rule in diff[table]:
ret.append("%s %s" % (table, rule))
return ret
def initializeIPTables():
"""
Initializes IPTables.
"""
# Active rules
rules_active = netfilterutils.parseConf(netfilterutils.getRules())
# Compare rules
for chain, rules in IPTABLES_RULES.iteritems():
if chain not in rules_active or len(set(rules) - set(rules_active[chain])):
# At least one different rule, need re-initialization
netfilterutils.clear()
conf = netfilterutils.makeConf(IPTABLES_RULES)
netfilterutils.restoreRules(conf)
break
def initializeIPTables():
"""
Initializes IPTables.
"""
# Active rules
rules_active = netfilterutils.parseConf(netfilterutils.getRules())
# Compare rules
for chain, rules in IPTABLES_RULES.iteritems():
if chain not in rules_active or len(
set(rules) - set(rules_active[chain])):
# At least one different rule, need re-initialization
netfilterutils.clear()
conf = netfilterutils.makeConf(IPTABLES_RULES)
netfilterutils.restoreRules(conf)
break