def _cleanup_port_range(port): input_list = firewall.flatten(port) output_list = [] for p in input_list: if isinstance(p, int): output_list.append(p) elif isinstance(p, str): if ":" in p: begin, end = p.split(":") output_list.extend(range(int(begin), int(end) + 1)) else: output_list.append(str(p)) return output_list
def log(chain, ignore=None, limit=None, burst=None): logger.trace("chain=%s, ignore=%s, limit=%s, burst=%s" % (chain, ignore, limit, burst)) if ignore is None: ignore = [] if limit is None: limit = 10 if burst is None: burst = 100 ignore = map(str, firewall.flatten(ignore)) if "all" in ignore: return [] r = firewall.IPTablesRuleset("filter", chain) if "udp" in ignore: r.add(r="-p udp -j DROP") if "tcphigh" in ignore: r.add(r="-p tcp -m multiport --dport 135:139,445,1024:65535 -j DROP") r.add(r="-m limit --limit %s/sec --limit-burst %s " '-j LOG --log-prefix "IPT %s DEAD: "' % (limit, burst, chain)) return r