def __init__(self, component, logger, netcfg,
read_only=False, client=None):
# Define ruleset attributes
if not client:
self.client = createLocalClient()
else:
self.client = client
self.name = None
self.filename = None
self.filetype = "ruleset"
self.is_template = False
self.read_only = read_only
self.input_output_rules = component.input_output_rules
self.format_version = RULESET_VERSION
self.config = component.config
# Create object libraries
self.resources = Resources(self)
self.protocols = Protocols(self)
self.applications = Applications(self)
self.periodicities = Periodicities(self)
self.operating_systems = OperatingSystems(self)
self.user_groups = UserGroups(self)
self.durations = Durations(self)
self.acls_ipv4 = AclIPv4Rules(self)
self.acls_ipv6 = AclIPv6Rules(self)
self.nats = NatRules(self)
self.rules = {
'acls-ipv4': self.acls_ipv4,
'acls-ipv6': self.acls_ipv6,
'nats': self.nats,
}
self.platforms = Platforms(self)
self.custom_rules = CustomRules(self)
self.include_templates = {} # name => IncludeTemplate object
# order is cosmetic
self._libraries = odict((
('resources', self.resources),
('protocols', self.protocols),
('platforms', self.platforms),
('applications', self.applications),
('periodicities', self.periodicities),
('operating_systems', self.operating_systems),
('user_groups', self.user_groups),
('durations', self.durations),
('acls_ipv4', self.acls_ipv4),
('acls_ipv6', self.acls_ipv6),
('nats', self.nats),
))
self.createBaseObjects(logger, netcfg)
# Generic links, fusion and actions attributes
self.generic_links = GenericLinks(self)
self.generic_links.load()
self.fusion = Fusion(self)
self.actions = ActionStack(self, UNDO_MAX_SIZE)
class Ruleset:
"""
A ruleset contains resources, protocols and acls.
Attributes:
- filename: full path of the last saved version
- name: filename without path and without ".xml" suffix, None if the
ruleset is not yet saved on the disk
- is_modified (bool): True if the ruleset is modified since the last
save, always True if the ruleset is not saved yet
"""
def __init__(self, component, logger, netcfg,
read_only=False, client=None):
# Define ruleset attributes
if not client:
self.client = createLocalClient()
else:
self.client = client
self.name = None
self.filename = None
self.filetype = "ruleset"
self.is_template = False
self.read_only = read_only
self.input_output_rules = component.input_output_rules
self.format_version = RULESET_VERSION
self.config = component.config
# Create object libraries
self.resources = Resources(self)
self.protocols = Protocols(self)
self.applications = Applications(self)
self.periodicities = Periodicities(self)
self.operating_systems = OperatingSystems(self)
self.user_groups = UserGroups(self)
self.durations = Durations(self)
self.acls_ipv4 = AclIPv4Rules(self)
self.acls_ipv6 = AclIPv6Rules(self)
self.nats = NatRules(self)
self.rules = {
'acls-ipv4': self.acls_ipv4,
'acls-ipv6': self.acls_ipv6,
'nats': self.nats,
}
self.platforms = Platforms(self)
self.custom_rules = CustomRules(self)
self.include_templates = {} # name => IncludeTemplate object
# order is cosmetic
self._libraries = odict((
('resources', self.resources),
('protocols', self.protocols),
('platforms', self.platforms),
('applications', self.applications),
('periodicities', self.periodicities),
('operating_systems', self.operating_systems),
('user_groups', self.user_groups),
('durations', self.durations),
('acls_ipv4', self.acls_ipv4),
('acls_ipv6', self.acls_ipv6),
('nats', self.nats),
))
self.createBaseObjects(logger, netcfg)
# Generic links, fusion and actions attributes
self.generic_links = GenericLinks(self)
self.generic_links.load()
self.fusion = Fusion(self)
self.actions = ActionStack(self, UNDO_MAX_SIZE)
def load(self, logger, filetype, name, filename=None, content=None):
self.name = name
if filename:
self.filename = filename
else:
self.filename = rulesetFilename(filetype, name)
self.filetype = filetype
self.is_template = (filetype == "template")
loader_context = LoadRulesetContext(logger)
# Load an existing ruleset/template
self.loadFile(loader_context, self.filetype, self.name,
editable=True, filename=self.filename, content=content,
ruleset_id=0)
self.updateFusion()
return self.formatRuleset(loader_context)
def create(self, logger, filetype, netcfg, base_template=None):
self.name = None
self.filename = None
self.filetype = filetype
self.is_template = (filetype == "template")
loader_context = LoadRulesetContext(logger)
if base_template:
self.loadTemplate(loader_context, base_template, from_template=base_template)
if self.filetype == "ruleset":
self.createSystemNetworks(logger, netcfg)
if not base_template:
self.createBuiltinNetworks(logger, netcfg)
self.updateFusion()
return self.formatRuleset(loader_context)
def createBaseObjects(self, logger, netcfg):
loader_context = LoadRulesetContext(logger)
# Load the standard library (protocols, periodicities, etc.),
# and create the firewall object
try:
self.loadFile(loader_context, "library", u"ufwi_ruleset",
# Use invalid identifier just to log with at a different log level
ruleset_id=-1)
except Exception, err:
self.loadError(err, tr('the standard library'))
firewall = FirewallResource(self.resources, netcfg)
self.resources._create(firewall)
