def _GET(self, *param, **params):
host_id = self.chk_hostby1(param)
if host_id is None: return web.notfound()
self.view.host_id = host_id
kit = KaresansuiIpTables()
if os.path.exists(kit.firewall_xml_file) is False:
self.view.have_config = False
else:
kit.firewall_xml = kit.read_firewall_xml()
self.view.base_policy = 'ACCEPT'
self.view.rules = kit.get_rules()
self.view.have_config = True
return True
def validates_rule(obj, is_newrule=False):
checker = Checker()
check = True
_ = obj._
checker.errors = []
obj.view.error_msg = checker.errors
if is_newrule:
kit = KaresansuiIpTables()
rule_id_max_length = 1
if os.path.exists(kit.firewall_xml_file) is False:
check = False
checker.add_error(_('Has not been initialized. Please initialize.'))
else:
kit.firewall_xml = kit.read_firewall_xml()
rule_id_max_length += len(kit.get_rules())
if not is_param(obj.input, 'rule_id'):
check = False
checker.add_error(_('"%s" is required.') % _('ID'))
else:
check = checker.check_number(
_('ID'),
obj.input.rule_id,
CHECK_EMPTY | CHECK_VALID | CHECK_MIN | CHECK_MAX,
min = ID_MIN_LENGTH,
max = rule_id_max_length,
) and check
if not is_param(obj.input, 'target'):
check = False
checker.add_error(_('"%s" is required.') % _('Target'))
else:
check = checker.check_firewall_policy(
_('Target'),
obj.input.target,
CHECK_EMPTY | CHECK_VALID,
) and check
if not is_param(obj.input, 'protocol'):
check = False
checker.add_error(_('"%s" is required.') % _('Protocol'))
else:
check = checker.check_firewall_protocol(
_('Protocol'),
obj.input.protocol,
CHECK_VALID,
) and check
if not is_param(obj.input, 'source'):
check = False
checker.add_error(_('"%s" is required.') % _('Source Address'))
else:
check = checker.check_ipaddr(
_('Source Address'),
obj.input.source,
CHECK_VALID,
) and check
if not is_param(obj.input, 'sport'):
check = False
checker.add_error(_('"%s" is required.') % _('Source Port'))
else:
if obj.input.protocol == 'tcp' or obj.input.protocol == 'udp':
check = checker.check_number(
_('Source Port'),
obj.input.sport,
CHECK_VALID | CHECK_MIN | CHECK_MAX,
min = PORT_MIN_NUMBER,
max = PORT_MAX_NUMBER,
) and check
if not is_param(obj.input, 'destination'):
check = False
checker.add_error(_('"%s" is required.') % _('Destination Address'))
else:
check = checker.check_ipaddr(
_('Destination Address'),
obj.input.destination,
CHECK_VALID,
) and check
if not is_param(obj.input, 'dport'):
check = False
checker.add_error(_('"%s" is required.') % _('Destination Port'))
else:
if obj.input.protocol == 'tcp' or obj.input.protocol == 'udp':
check = checker.check_number(
_('Destination Port'),
obj.input.dport,
CHECK_VALID | CHECK_MIN | CHECK_MAX,
min = PORT_MIN_NUMBER,
max = PORT_MAX_NUMBER,
) and check
if not is_param(obj.input, 'inif'):
check = False
checker.add_error(_('"%s" is required.') % _('In Interface'))
else:
check = checker.check_firewall_if(
_('In Interface'),
obj.input.inif,
CHECK_EXIST,
) and check
if not is_param(obj.input, 'outif'):
check = False
checker.add_error(_('"%s" is required.') % _('Out Interface'))
else:
check = checker.check_firewall_if(
_('Out Interface'),
obj.input.outif,
CHECK_EXIST,
) and check
obj.view.alert = checker.errors
return check
def _GET(self, *param, **params):
host_id = self.chk_hostby1(param)
if host_id is None: return web.notfound()
self.view.host_id = host_id
kit = KaresansuiIpTables()
if os.path.exists(kit.firewall_xml_file) is False:
self.view.have_config = False
else:
kit.firewall_xml = kit.read_firewall_xml()
# --
self.view.iptables = Storage(
is_running=kit.is_running(),
is_configured=kit.is_configured(),
)
self.view.have_config = True
if self.is_mode_input() is True:
self.view.default_rule_id = len(kit.get_rules()) + 1
self.view.targets = kit.basic_targets['filter']
self.view.protocols = kit.chain_protos
devtype_regexs = {
"phy":"^(lo|eth)",
"vir":"^(xenbr|virbr|vif|veth)",
}
devtype_phy_regex = re.compile(r"%s" % devtype_regexs['phy'])
devtype_vir_regex = re.compile(r"%s" % devtype_regexs['vir'])
devs = {}
devs['phy'] = []
devs['vir'] = []
devs['oth'] = []
cidrs = []
ips = []
for dev,dev_info in get_ifconfig_info().iteritems():
try:
if devtype_phy_regex.match(dev):
devs['phy'].append(dev)
elif devtype_vir_regex.match(dev):
devs['vir'].append(dev)
else:
devs['oth'].append(dev)
if dev_info['ipaddr'] is not None:
if not dev_info['ipaddr'] in ips:
ips.append(dev_info['ipaddr'])
if dev_info['cidr'] is not None:
if not dev_info['cidr'] in cidrs:
cidrs.append(dev_info['cidr'])
except:
pass
devs['phy'].sort()
devs['vir'].sort()
devs['oth'].sort()
self.view.devs = [{'Physical' : devs['phy']},
{'Virtual' : devs['vir']},
{'Other' : devs['oth']},
]
self.view.cidrs = cidrs
self.view.ips = ips
# --
return True
def _GET(self, *param, **params):
host_id = self.chk_hostby1(param)
if host_id is None: return web.notfound()
rule_id = param[1]
if not validates_param_id(self, rule_id):
return web.notfound(self.view.alert)
kit = KaresansuiIpTables()
kit.firewall_xml = kit.read_firewall_xml()
rules = kit.get_rules()
cnt = 1
for rule in rules:
if cnt == int(rule_id):
self.view.rule = rule
break
cnt = cnt + 1
if self.is_mode_input():
self.view.targets = kit.basic_targets['filter']
self.view.protocols = kit.chain_protos
self.view.netinfo = get_ifconfig_info()
devtype_regexs = {
"phy":"^(lo|eth)",
"vir":"^(xenbr|virbr|vif|veth)",
}
devtype_phy_regex = re.compile(r"%s" % devtype_regexs['phy'])
devtype_vir_regex = re.compile(r"%s" % devtype_regexs['vir'])
devs = {}
devs['phy'] = []
devs['vir'] = []
devs['oth'] = []
cidrs = []
ips = []
for dev,dev_info in get_ifconfig_info().iteritems():
try:
if devtype_phy_regex.match(dev):
devs['phy'].append(dev)
elif devtype_vir_regex.match(dev):
devs['vir'].append(dev)
else:
devs['oth'].append(dev)
if dev_info['ipaddr'] is not None:
if not dev_info['ipaddr'] in ips:
ips.append(dev_info['ipaddr'])
if dev_info['cidr'] is not None:
if not dev_info['cidr'] in cidrs:
cidrs.append(dev_info['cidr'])
except:
pass
devs['phy'].sort()
devs['vir'].sort()
devs['oth'].sort()
self.view.devs = [{'Physical' : devs['phy']},
{'Virtual' : devs['vir']},
{'Other' : devs['oth']},
]
self.view.cidrs = cidrs
self.view.ips = ips
return True
else:
return web.nomethod()
def _GET(self, *param, **params):
host_id = self.chk_hostby1(param)
if host_id is None: return web.notfound()
self.view.host_id = host_id
kit = KaresansuiIpTables()
if os.path.exists(kit.firewall_xml_file) is False:
self.view.have_config = False
else:
kit.firewall_xml = kit.read_firewall_xml()
# --
self.view.iptables = Storage(
is_running=kit.is_running(),
is_configured=kit.is_configured(),
)
self.view.have_config = True
if self.is_mode_input() is True:
self.view.default_rule_id = len(kit.get_rules()) + 1
self.view.targets = kit.basic_targets['filter']
self.view.protocols = kit.chain_protos
devtype_regexs = {
"phy": "^(lo|eth)",
"vir": "^(xenbr|virbr|vif|veth)",
}
devtype_phy_regex = re.compile(r"%s" % devtype_regexs['phy'])
devtype_vir_regex = re.compile(r"%s" % devtype_regexs['vir'])
devs = {}
devs['phy'] = []
devs['vir'] = []
devs['oth'] = []
cidrs = []
ips = []
for dev, dev_info in get_ifconfig_info().iteritems():
try:
if devtype_phy_regex.match(dev):
devs['phy'].append(dev)
elif devtype_vir_regex.match(dev):
devs['vir'].append(dev)
else:
devs['oth'].append(dev)
if dev_info['ipaddr'] is not None:
if not dev_info['ipaddr'] in ips:
ips.append(dev_info['ipaddr'])
if dev_info['cidr'] is not None:
if not dev_info['cidr'] in cidrs:
cidrs.append(dev_info['cidr'])
except:
pass
devs['phy'].sort()
devs['vir'].sort()
devs['oth'].sort()
self.view.devs = [
{
'Physical': devs['phy']
},
{
'Virtual': devs['vir']
},
{
'Other': devs['oth']
},
]
self.view.cidrs = cidrs
self.view.ips = ips
# --
return True
def _GET(self, *param, **params):
host_id = self.chk_hostby1(param)
if host_id is None: return web.notfound()
rule_id = param[1]
if not validates_param_id(self, rule_id):
return web.notfound(self.view.alert)
kit = KaresansuiIpTables()
kit.firewall_xml = kit.read_firewall_xml()
rules = kit.get_rules()
cnt = 1
for rule in rules:
if cnt == int(rule_id):
self.view.rule = rule
break
cnt = cnt + 1
if self.is_mode_input():
self.view.targets = kit.basic_targets['filter']
self.view.protocols = kit.chain_protos
self.view.netinfo = get_ifconfig_info()
devtype_regexs = {
"phy":"^(lo|eth)",
"vir":"^(xenbr|virbr|vif|veth)",
}
devtype_phy_regex = re.compile(r"%s" % devtype_regexs['phy'])
devtype_vir_regex = re.compile(r"%s" % devtype_regexs['vir'])
devs = {}
devs['phy'] = []
devs['vir'] = []
devs['oth'] = []
cidrs = []
ips = []
for dev,dev_info in get_ifconfig_info().iteritems():
try:
if devtype_phy_regex.match(dev):
devs['phy'].append(dev)
elif devtype_vir_regex.match(dev):
devs['vir'].append(dev)
else:
devs['oth'].append(dev)
if dev_info['ipaddr'] is not None:
if not dev_info['ipaddr'] in ips:
ips.append(dev_info['ipaddr'])
if dev_info['cidr'] is not None:
if not dev_info['cidr'] in cidrs:
cidrs.append(dev_info['cidr'])
except:
pass
devs['phy'].sort()
devs['vir'].sort()
devs['oth'].sort()
self.view.devs = [{'Physical' : devs['phy']},
{'Virtual' : devs['vir']},
{'Other' : devs['oth']},
]
self.view.cidrs = cidrs
self.view.ips = ips
return True
else:
return web.nomethod()
