def setAttributes(self, attr, is_modify):
Rule.setAttributes(self, attr, is_modify)
if self.type != NAT_TRANSLATE:
self.nated_sources.clear()
self.nated_destinations.clear()
self.nated_filters.clear()
if self.type == NAT_PREROUTING_ACCEPT:
self.chain = u'PREROUTING'
else: # type == NAT_POSTROUTING_ACCEPT
self.chain = u'POSTROUTING'
else:
if len(self.nated_sources) != 0:
self.chain = u'POSTROUTING'
else:
self.chain = u'PREROUTING'
def referentActionUpdates(self, action, referent, old_attr):
old_id = old_attr['id']
# Check that the ACL is a FORWARD rule, referent is an interface and
# referent identifier changed
if (self.chain != 'FORWARD') \
or not isinstance(referent, InterfaceResource) \
or (referent.id == old_id):
return Rule.referentActionUpdates(self, action, referent, old_attr)
# the chain is a forward chain, because referent cannot be the firewall
# object (read only object)
if referent is self.input:
input_id = old_id
else:
input_id = self.input.id
if referent is self.output:
output_id = old_id
else:
output_id = self.output.id
old_chain_key = (input_id, output_id)
new_chain_key = (self.input.id, self.output.id)
# add the required updates
domain = self.rules.UPDATE_CHAIN_DOMAIN
action.addApplyUpdate(Update(domain, "delete", (old_chain_key, -1)))
action.addApplyUpdate(Update(domain, "create", (new_chain_key, -1)))
action.addUnapplyUpdate(Update(domain, "delete", (new_chain_key, -1)))
action.addUnapplyUpdate(Update(domain, "create", (old_chain_key, -1)))
def exportXMLRPC(self, fusion):
data = Rule.exportXMLRPC(self, fusion)
data['address_type'] = self.address_type
data['chain'] = self.chain
data['input'] = self.input.getID(fusion)
data['output'] = self.output.getID(fusion)
return data
def setAttributes(self, attr, is_modify):
Rule.setAttributes(self, attr, is_modify)
if not self.user_groups:
self.applications.clear()
self.periodicities.clear()
self.durations.clear()
self.operating_systems.clear()
self.input = getIface(self.sources, self.source_platforms)
self.output = getIface(self.destinations, self.destination_platforms)
if isinstance(self.input, FirewallResource):
self.chain = u'OUTPUT'
elif isinstance(self.output, FirewallResource):
self.chain = u'INPUT'
else:
self.chain = u'FORWARD'
self.address_type = self.ADDRESS_TYPE
if not self.log:
self.log_prefix = None
def checkRule(self, apply_rules, recursive=False):
if not Rule.checkRule(self, apply_rules, recursive=recursive):
return False
if self.isForward() and (not self.config.isGateway()):
apply_rules.error(
tr("The firewall is configured as a local firewall: "
"%s can not be generated."),
unicode(self))
return False
if self.user_groups and (not self.ruleset.useNuFW()):
apply_rules.warning(
tr("Identity-based Firewall is disabled: %s will not use identity."),
unicode(self))
return True
def exportXMLRPC(self, fusion):
data = Rule.exportXMLRPC(self, fusion)
data['chain'] = self.chain
return data
def __init__(self, acls, attr, loader_context=None):
self.config = acls.ruleset.config
Rule.__init__(self, acls, attr, loader_context)
