def is_duplicated(self, addr, orig_rule): # we need to duplicate the rule, otherwise we'd modify the UUID of the # orig rule. temp_c = ui_pb2.FwChain() temp_c.CopyFrom(orig_rule) # the UUID will be different, so zero it out. temp_c.Rules[0].UUID = "" node = self._nodes.get_node(addr) if node == None: return False if not 'firewall' in node: return False for n in node['firewall'].SystemRules: for c in n.Chains: if c.Name == temp_c.Name and \ c.Hook == temp_c.Hook and \ c.Table == temp_c.Table and \ c.Family == temp_c.Family and \ c.Type == temp_c.Type: for rdx, r in enumerate(c.Rules): uuid = c.Rules[rdx].UUID c.Rules[rdx].UUID = "" is_equal = c.Rules[rdx].SerializeToString( ) == temp_c.Rules[0].SerializeToString() c.Rules[rdx].UUID = uuid if is_equal: return True return False
def delete_profile(self, node_addr, json_profile): try: holder = ui_pb2.FwChain() profile = json_format.Parse(json_profile, holder) fwcfg = self._nodes.get_node(node_addr)['firewall'] for sdx, n in enumerate(fwcfg.SystemRules): for cdx, c in enumerate(n.Chains): if c.Hook.lower() == profile.Hook and \ c.Type.lower() == profile.Type and \ c.Family.lower() == profile.Family and \ c.Table.lower() == profile.Table: if profile.Policy == ProfileDropInput.value: profile.Policy = ProfileAcceptInput.value for rdx, r in enumerate(c.Rules): for pr in profile.Rules: if r.UUID == pr.UUID: print("delete_profile, rule:", r.UUID, r.Description) del fwcfg.SystemRules[sdx].Chains[ cdx].Rules[rdx] except Exception as e: print("firewall: error deleting profile:", e)
def forward(family=Family.INET.value): chain = ui_pb2.FwChain() chain.Name = Hooks.FORWARD.value chain.Table = Table.FILTER.value chain.Family = family chain.Type = ChainType.FILTER.value chain.Hook = Hooks.FORWARD.value return chain
def output(family=Family.INET.value): chain = ui_pb2.FwChain() chain.Name = Hooks.OUTPUT.value chain.Table = Table.FILTER.value chain.Family = family chain.Type = ChainType.FILTER.value chain.Hook = Hooks.OUTPUT.value return chain
def postrouting(family=Family.INET.value): chain = ui_pb2.FwChain() chain.Name = Hooks.POSTROUTING.value chain.Table = Table.MANGLE.value chain.Family = family chain.Type = ChainType.MANGLE.value chain.Hook = Hooks.POSTROUTING.value return chain
def input(family=Family.INET.value): chain = ui_pb2.FwChain(family=Family.INET.value) chain.Name = Hooks.INPUT.value chain.Table = Table.MANGLE.value chain.Family = family chain.Type = ChainType.MANGLE.value chain.Hook = Hooks.INPUT.value return chain
def apply_profile(self, node_addr, json_profile): """ Apply a profile to the firewall configuration. Given a chain (table+family+type+hook), apply its policy, and any rules defined. """ try: holder = ui_pb2.FwChain() profile = json_format.Parse(json_profile, holder) fwcfg = self._nodes.get_node(node_addr)['firewall'] for sdx, n in enumerate(fwcfg.SystemRules): for cdx, c in enumerate(n.Chains): if c.Hook.lower() == profile.Hook and \ c.Type.lower() == profile.Type and \ c.Family.lower() == profile.Family and \ c.Table.lower() == profile.Table: fwcfg.SystemRules[sdx].Chains[ cdx].Policy = profile.Policy for r in profile.Rules: temp_c = ui_pb2.FwChain() temp_c.CopyFrom(c) del temp_c.Rules[:] temp_c.Rules.extend([r]) if self.rules.is_duplicated(node_addr, temp_c): continue fwcfg.SystemRules[sdx].Chains[cdx].Rules.extend( [r]) self.rules.rulesUpdated.emit() return True, "" except Exception as e: print("firewall: error applying profile:", e) return False, "{0}".format(e) return False, QC.translate("firewall", "profile not applied")
def new(name="", table=Table.FILTER.value, family=Family.INET.value, ctype="", hook=Hooks.INPUT.value): chain = ui_pb2.FwChain() chain.Name = name chain.Table = table chain.Family = family chain.Type = ctype chain.Hook = hook return chain
def new_flat(c, r): """Create a new "flat" rule from a hierarchical one. Transform from: { xx: { yy: { to: {xx:, yy} """ chain = ui_pb2.FwChain() chain.CopyFrom(c) del chain.Rules[:] chain.Rules.extend([r]) return chain