def get_ftp_rule_by_hostname(self): rules = list() port = self._uri.port if not port: port = 21 ipaddrs = self.get_ip_from_hostname(self._uri.hostname, None) if not ipaddrs: _logger.error('{0}: no ip addresses found from lookup, this is unexpected.'.format(self.get_name())) return None for ipaddr in ipaddrs: _logger.debug( '{0}: adding rules for: hostname: {1}, ip addr: {2}, ftp ports: {3}, 20, etc'.format( self.get_name(), self._uri.hostname, ipaddr, port)) # FTP control rules.append(create_iptables_egress_ingress_rule(ipaddr, port, u'tcp', self._slot_config_access, transport=ipt.TRANSPORT_AUTO)) # FTP data transfer rules.append( create_iptables_egress_rule_dest(ipaddr, 20, u'tcp', self._slot_config_access, u'ESTABLISHED', transport=ipt.TRANSPORT_AUTO)) rules.append(create_iptables_ingress_rule_source(ipaddr, 20, u'tcp', self._slot_config_access, u'ESTABLISHED,RELATED', transport=ipt.TRANSPORT_AUTO)) rules.append(create_iptables_egress_rule_dest(ipaddr, None, u'tcp', self._slot_config_access, u'ESTABLISHED,RELATED', transport=ipt.TRANSPORT_AUTO)) rules.append( create_iptables_ingress_rule_source(ipaddr, None, u'tcp', self._slot_config_access, u'ESTABLISHED', transport=ipt.TRANSPORT_AUTO)) return rules
def add_ftp_rule_by_url(self, uri): """ Add rules to allow FTP access based on uri value :param uri: urlparse uri value :return: rules """ # Check to make sure we can add ftp rules. if self._disable_auto_updates_ftp: return None rules = list() ipaddrs = self.resolve_hostname(uri.hostname, 21) if ipaddrs: for ipaddr in ipaddrs: _logger.debug('{0}: adding ip: {1} from hostname: {2}'.format( self.get_name(), uri.scheme + '://' + ipaddr, uri.hostname)) # FTP control rules.append(create_iptables_egress_ingress_rule(ipaddr, 21, 'tcp', self._slot, transport=ipt.TRANSPORT_AUTO)) # FTP data transfer rules.append(create_iptables_egress_rule_dest(ipaddr, 20, 'tcp', self._slot, 'ESTABLISHED', transport=ipt.TRANSPORT_AUTO)) rules.append( create_iptables_ingress_rule_source(ipaddr, 20, 'tcp', self._slot, 'ESTABLISHED,RELATED', transport=ipt.TRANSPORT_AUTO)) rules.append( create_iptables_egress_rule_dest(ipaddr, None, 'tcp', self._slot, 'ESTABLISHED,RELATED', transport=ipt.TRANSPORT_AUTO)) rules.append( create_iptables_ingress_rule_source(ipaddr, None, 'tcp', self._slot, 'ESTABLISHED', transport=ipt.TRANSPORT_AUTO)) return rules
def add_ftp_rule_by_url(self, uri): """ Add rules to allow FTP access based on uri value :param uri: urlparse uri value :return: rules """ # Check to make sure we can add ftp rules. if self._disable_auto_updates_ftp: return None rules = list() ipaddrs = self.resolve_hostname(uri.hostname, 21) if ipaddrs: for ipaddr in ipaddrs: _logger.debug('{0}: adding ip: {1} from hostname: {2}'.format( self.get_name(), uri.scheme + '://' + ipaddr, uri.hostname)) # FTP control rules.append( create_iptables_egress_ingress_rule( ipaddr, 21, 'tcp', self._slot, transport=ipt.TRANSPORT_AUTO)) # FTP data transfer rules.append( create_iptables_egress_rule_dest( ipaddr, 20, 'tcp', self._slot, 'ESTABLISHED', transport=ipt.TRANSPORT_AUTO)) rules.append( create_iptables_ingress_rule_source( ipaddr, 20, 'tcp', self._slot, 'ESTABLISHED,RELATED', transport=ipt.TRANSPORT_AUTO)) rules.append( create_iptables_egress_rule_dest( ipaddr, None, 'tcp', self._slot, 'ESTABLISHED,RELATED', transport=ipt.TRANSPORT_AUTO)) rules.append( create_iptables_ingress_rule_source( ipaddr, None, 'tcp', self._slot, 'ESTABLISHED', transport=ipt.TRANSPORT_AUTO)) return rules
def get_ftp_rule_by_hostname(self): rules = list() port = self._uri.port if not port: port = 21 ipaddrs = self.get_ip_from_hostname(self._uri.hostname, None) if not ipaddrs: _logger.error( '{0}: no ip addresses found from lookup, this is unexpected.'. format(self.get_name())) return None for ipaddr in ipaddrs: _logger.debug( '{0}: adding rules for: hostname: {1}, ip addr: {2}, ftp ports: {3}, 20, etc' .format(self.get_name(), self._uri.hostname, ipaddr, port)) # FTP control rules.append( create_iptables_egress_ingress_rule( ipaddr, port, u'tcp', self._slot_config_access, transport=ipt.TRANSPORT_AUTO)) # FTP data transfer rules.append( create_iptables_egress_rule_dest(ipaddr, 20, u'tcp', self._slot_config_access, u'ESTABLISHED', transport=ipt.TRANSPORT_AUTO)) rules.append( create_iptables_ingress_rule_source( ipaddr, 20, u'tcp', self._slot_config_access, u'ESTABLISHED,RELATED', transport=ipt.TRANSPORT_AUTO)) rules.append( create_iptables_egress_rule_dest(ipaddr, None, u'tcp', self._slot_config_access, u'ESTABLISHED,RELATED', transport=ipt.TRANSPORT_AUTO)) rules.append( create_iptables_ingress_rule_source( ipaddr, None, u'tcp', self._slot_config_access, u'ESTABLISHED', transport=ipt.TRANSPORT_AUTO)) return rules