コード例 #1
0
ファイル: fw_ipset.py プロジェクト: adrianbroher/firewalld
    def set_entries(self, ipset, entries, sender=None):
        obj = self.get_ipset(ipset)
        if "timeout" in obj.options:
            # no entries visible for ipsets with timeout
            raise FirewallError(IPSET_WITH_TIMEOUT, ipset)

        for entry in entries:
            IPSet.check_entry(entry, obj.options, obj.type)

        for entry in obj.entries:
            try:
                self._fw._ipset.remove(obj.name, entry)
            except Exception as msg:
                log.error("Failed to remove entry '%s' from ipset '%s'" % \
                          (entry, obj.name))
                log.error(msg)
        obj.entries.clear()

        for entry in entries:
            try:
                self._fw._ipset.add(obj.name, entry)
            except Exception as msg:
                log.error("Failed to remove entry '%s' from ipset '%s'" % \
                          (entry, obj.name))
                log.error(msg)
            else:
                obj.entries.append(entry)
コード例 #2
0
    def set_entries(self, name, entries):
        obj = self.get_ipset(name, applied=True)

        for entry in entries:
            IPSet.check_entry(entry, obj.options, obj.type)
        if "timeout" not in obj.options or obj.options["timeout"] == "0":
            # no entries visible for ipsets with timeout
            obj.entries = entries

        try:
            for backend in self.backends():
                backend.set_flush(obj.name)
        except Exception as msg:
            raise FirewallError(errors.COMMAND_FAILED, msg)
        else:
            obj.applied = True

        try:
            for backend in self.backends():
                if self._fw.individual_calls() \
                   or backend.name == "nftables":
                    for entry in obj.entries:
                        backend.set_add(obj.name, entry)
                else:
                    backend.set_restore(obj.name, obj.type, obj.entries,
                                                   obj.options, None)
        except Exception as msg:
            raise FirewallError(errors.COMMAND_FAILED, msg)
        else:
            obj.applied = True

        return
コード例 #3
0
ファイル: fw_ipset.py プロジェクト: tomzhic/firewalld
    def set_entries(self, ipset, entries, sender=None):
        obj = self.get_ipset(ipset)
        if "timeout" in obj.options:
            # no entries visible for ipsets with timeout
            raise FirewallError(IPSET_WITH_TIMEOUT, ipset)

        for entry in entries:
            IPSet.check_entry(entry, obj.options, obj.type)

        for entry in obj.entries:
            try:
                self._fw._ipset.remove(obj.name, entry)
            except Exception as msg:
                log.error("Failed to remove entry '%s' from ipset '%s'" % \
                          (entry, obj.name))
                log.error(msg)
        obj.entries.clear()

        for entry in entries:
            try:
                self._fw._ipset.add(obj.name, entry)
            except Exception as msg:
                log.error("Failed to remove entry '%s' from ipset '%s'" % \
                          (entry, obj.name))
                log.error(msg)
            else:
                obj.entries.append(entry)
コード例 #4
0
ファイル: fw_ipset.py プロジェクト: Pengsicong/site-packages
    def set_entries(self, name, entries):
        obj = self.get_ipset(name, applied=True)
        if "timeout" in obj.options and obj.options["timeout"] != "0":
            # no entries visible for ipsets with timeout
            raise FirewallError(errors.IPSET_WITH_TIMEOUT, name)

        for entry in entries:
            IPSet.check_entry(entry, obj.options, obj.type)
        obj.entries = entries

        if self._fw.individual_calls():
            try:
                self._fw.ipset_backend.flush(obj.name)
            except Exception as msg:
                log.error("Failed to flush ipset '%s'" % obj.name)
                log.error(msg)
            else:
                obj.applied = True

            for entry in obj.entries:
                try:
                    self._fw.ipset_backend.add(obj.name, entry)
                except Exception as msg:
                    log.error("Failed to add entry '%s' to ipset '%s'" % \
                              (entry, obj.name))
                    log.error(msg)
        else:
            try:
                self._fw.ipset_backend.flush(obj.name)
            except Exception as msg:
                log.error("Failed to flush ipset '%s'" % obj.name)
                log.error(msg)
            else:
                obj.applied = True

            try:
                self._fw.ipset_backend.restore(obj.name, obj.type, obj.entries,
                                               obj.options, None)
            except Exception as msg:
                log.error("Failed to create ipset '%s'" % obj.name)
                log.error(msg)
            else:
                obj.applied = True

        return
コード例 #5
0
ファイル: fw_ipset.py プロジェクト: Acidburn0zzz/firewalld
    def set_entries(self, name, entries):
        obj = self.get_ipset(name)
        if "timeout" in obj.options:
            # no entries visible for ipsets with timeout
            raise FirewallError(errors.IPSET_WITH_TIMEOUT, name)

        for entry in entries:
            IPSet.check_entry(entry, obj.options, obj.type)
        obj.entries = entries

        if self._fw.individual_calls():
            try:
                self._fw.ipset_backend.flush(obj.name)
            except Exception as msg:
                log.error("Failed to flush ipset '%s'" % obj.name)
                log.error(msg)
            else:
                obj.applied = True

            for entry in obj.entries:
                try:
                    self._fw.ipset_backend.add(obj.name, entry)
                except Exception as msg:
                    log.error("Failed to add entry '%s' to ipset '%s'" % \
                              (entry, obj.name))
                    log.error(msg)
        else:
            try:
                self._fw.ipset_backend.flush(obj.name)
            except Exception as msg:
                log.error("Failed to flush ipset '%s'" % obj.name)
                log.error(msg)
            else:
                obj.applied = True

            try:
                self._fw.ipset_backend.restore(obj.name, obj.type, obj.entries,
                                               obj.options, None)
            except Exception as msg:
                log.error("Failed to create ipset '%s'" % obj.name)
                log.error(msg)
            else:
                obj.applied = True

        return
コード例 #6
0
    def add_entry(self, name, entry):
        obj = self.get_ipset(name, applied=True)

        IPSet.check_entry(entry, obj.options, obj.type)
        if entry in obj.entries:
            raise FirewallError(errors.ALREADY_ENABLED,
                                "'%s' already is in '%s'" % (entry, name))

        try:
            for backend in self.backends():
                backend.set_add(obj.name, entry)
        except Exception as msg:
            raise FirewallError(errors.COMMAND_FAILED, msg)
        else:
            if "timeout" not in obj.options or obj.options["timeout"] == "0" \
               and entry not in obj.entries:
                # no entries visible for ipsets with timeout
                obj.entries.append(entry)
コード例 #7
0
ファイル: fw_config.py プロジェクト: AndersBlomdell/firewalld
    def new_ipset(self, name, conf):
        if name in self._ipsets or name in self._builtin_ipsets:
            raise FirewallError(errors.NAME_CONFLICT,
                                "new_ipset(): '%s'" % name)

        x = IPSet()
        x.check_name(name)
        x.import_config(conf)
        x.name = name
        x.filename = "%s.xml" % name
        x.path = config.ETC_FIREWALLD_IPSETS
        # It is not possible to add a new one with a name of a buitin
        x.builtin = False
        x.default = True

        ipset_writer(x)
        self.add_ipset(x)
        return x
コード例 #8
0
    def add_entry(self, name, entry):
        obj = self.get_ipset(name, applied=True)

        IPSet.check_entry(entry, obj.options, obj.type)
        if entry in obj.entries:
            raise FirewallError(errors.ALREADY_ENABLED,
                                "'%s' already is in '%s'" % (entry, name))

        try:
            self._fw.ipset_backend.add(obj.name, entry)
        except Exception as msg:
            log.error("Failed to add entry '%s' to ipset '%s'" % \
                      (entry, obj.name))
            log.error(msg)
        else:
            if "timeout" not in obj.options or obj.options["timeout"] == "0":
                # no entries visible for ipsets with timeout
                obj.entries.append(entry)
コード例 #9
0
ファイル: fw_config.py プロジェクト: tomzhic/firewalld
    def new_ipset(self, name, config):
        try:
            self.get_ipset(name)
        except:
            pass
        else:
            raise FirewallError(NAME_CONFLICT, "new_ipset(): '%s'" % name)

        x = IPSet()
        x.check_name(name)
        x.import_config(config)
        x.name = name
        x.filename = "%s.xml" % name
        x.path = ETC_FIREWALLD_IPSETS
        x.default = False

        ipset_writer(x)
        self.add_ipset(x)
        return x
コード例 #10
0
ファイル: fw_config.py プロジェクト: htaira/firewalld
    def new_ipset(self, name, config):
        try:
            self.get_ipset(name)
        except:
            pass
        else:
            raise FirewallError(NAME_CONFLICT, "new_ipset(): '%s'" % name)

        x = IPSet()
        x.check_name(name)
        x.import_config(config)
        x.name = name
        x.filename = "%s.xml" % name
        x.path = ETC_FIREWALLD_IPSETS
        # It is not possible to add a new one with a name of a buitin
        x.builtin = False
        x.default = True

        ipset_writer(x)
        self.add_ipset(x)
        return x
コード例 #11
0
ファイル: fw_ipset.py プロジェクト: adrianbroher/firewalld
    def add_entry(self, ipset, entry, sender=None):
        obj = self.get_ipset(ipset)
        if "timeout" in obj.options:
            # no entries visible for ipsets with timeout
            raise FirewallError(IPSET_WITH_TIMEOUT, ipset)

        IPSet.check_entry(entry, obj.options, obj.type)
        if entry in obj.entries:
            raise FirewallError(ALREADY_ENABLED,
                                "'%s' already is in '%s'" % (entry, ipset))

        try:
            self._fw._ipset.add(obj.name, entry)
        except Exception as msg:
            log.error("Failed to add entry '%s' to ipset '%s'" % \
                      (entry, obj.name))
            log.error(msg)
        else:
            if "timeout" not in obj.options:
                # no entries visible for ipsets with timeout
                obj.entries.append(entry)
コード例 #12
0
ファイル: fw_ipset.py プロジェクト: tomzhic/firewalld
    def add_entry(self, ipset, entry, sender=None):
        obj = self.get_ipset(ipset)
        if "timeout" in obj.options:
            # no entries visible for ipsets with timeout
            raise FirewallError(IPSET_WITH_TIMEOUT, ipset)

        IPSet.check_entry(entry, obj.options, obj.type)
        if entry in obj.entries:
            raise FirewallError(ALREADY_ENABLED,
                                "'%s' already is in '%s'" % (entry, ipset))

        try:
            self._fw._ipset.add(obj.name, entry)
        except Exception as msg:
            log.error("Failed to add entry '%s' to ipset '%s'" % \
                      (entry, obj.name))
            log.error(msg)
        else:
            if "timeout" not in obj.options:
                # no entries visible for ipsets with timeout
                obj.entries.append(entry)
コード例 #13
0
    def set_entries(self, name, entries):
        obj = self.get_ipset(name, applied=True)

        for entry in entries:
            IPSet.check_entry(entry, obj.options, obj.type)
        if "timeout" not in obj.options or obj.options["timeout"] == "0":
            # no entries visible for ipsets with timeout
            obj.entries = entries

        for backend in self.backends():
            try:
                backend.set_flush(obj.name)
            except Exception as msg:
                log.error("Failed to flush ipset '%s'" % obj.name)
                log.error(msg)
            else:
                obj.applied = True

            if self._fw.individual_calls() \
               or backend.name == "nftables":
                for entry in obj.entries:
                    try:
                        backend.set_add(obj.name, entry)
                    except Exception as msg:
                        log.error("Failed to add entry '%s' to ipset '%s'" % \
                                  (entry, obj.name))
                        log.error(msg)
            else:
                try:
                    backend.set_restore(obj.name, obj.type, obj.entries,
                                        obj.options, None)
                except Exception as msg:
                    log.error("Failed to create ipset '%s'" % obj.name)
                    log.error(msg)
                else:
                    obj.applied = True

        return
コード例 #14
0
ファイル: fw_config.py プロジェクト: ntadmin/firewalld
    def new_ipset(self, name, config):
        try:
            self.get_ipset(name)
        except:
            pass
        else:
            raise FirewallError(NAME_CONFLICT, "new_ipset(): '%s'" % name)

        x = IPSet()
        x.check_name(name)
        x.import_config(config)
        x.name = name
        x.filename = "%s.xml" % name
        x.path = ETC_FIREWALLD_IPSETS
        x.default = False

        ipset_writer(x)
        self.add_ipset(x)
        return x
コード例 #15
0
    def set_entries(self, name, entries):
        obj = self.get_ipset(name, applied=True)

        _entries = set()
        for _entry in entries:
            check_entry_overlaps_existing(_entry, _entries)
            _entries.add(normalize_ipset_entry(_entry))
        entries = list(_entries)

        for entry in entries:
            IPSet.check_entry(entry, obj.options, obj.type)
        if "timeout" not in obj.options or obj.options["timeout"] == "0":
            # no entries visible for ipsets with timeout
            obj.entries = entries

        try:
            for backend in self.backends():
                backend.set_flush(obj.name)
        except Exception as msg:
            raise FirewallError(errors.COMMAND_FAILED, msg)
        else:
            obj.applied = True

        try:
            for backend in self.backends():
                if self._fw._individual_calls:
                    for entry in obj.entries:
                        backend.set_add(obj.name, entry)
                else:
                    backend.set_restore(obj.name, obj.type, obj.entries,
                                        obj.options, None)
        except Exception as msg:
            raise FirewallError(errors.COMMAND_FAILED, msg)
        else:
            obj.applied = True

        return
コード例 #16
0
ファイル: fw_config.py プロジェクト: symious/firewalld
    def new_ipset(self, name, conf):
        if name in self._ipsets or name in self._builtin_ipsets:
            raise FirewallError(errors.NAME_CONFLICT,
                                "new_ipset(): '%s'" % name)

        x = IPSet()
        x.check_name(name)
        x.import_config(conf)
        x.name = name
        x.filename = "%s.xml" % name
        x.path = config.ETC_FIREWALLD_IPSETS
        # It is not possible to add a new one with a name of a buitin
        x.builtin = False
        x.default = True

        ipset_writer(x)
        self.add_ipset(x)
        return x