def _discover_iptables(self):
rules = list()
_logger.debug('{0}: adding DHCP Client Rules.'.format(self.get_name()))
rules.append(create_iptables_udp_egress_ingress_rule(None, 67, self._slot, transport=ipt.TRANSPORT_IPV4))
rules.append(create_iptables_udp_egress_ingress_rule(None, 67, self._slot, transport=ipt.TRANSPORT_IPV6))
return rules
def _discover_iptables(self):
rules = list()
_logger.debug('{0}: adding DHCP Client Rules.'.format(self.get_name()))
rules.append(create_iptables_udp_egress_ingress_rule(None, 67, self._slot, transport=ipt.TRANSPORT_IPV4))
rules.append(create_iptables_udp_egress_ingress_rule(None, 67, self._slot, transport=ipt.TRANSPORT_IPV6))
return rules
def _discover_iptables(self):
rules = list()
ntpq = which(u'ntpq')
if not ntpq:
_logger.debug('Failed to find program path for "{0}"'.format('ntpq'))
return rules
# Check to see if ntpd is running
if not is_service_running('ntpd'):
_logger.debug('ntpd is not running.')
return rules
p = subprocess.Popen(shlex.split('ntpq -p -n'), stdout=subprocess.PIPE)
stdoutdata, stderrdata = p.communicate()
result = p.wait()
if stderrdata is None:
data = stdoutdata.decode('utf-8')
for line in data.split('\n'):
item = line.split(' ', 1)
if item[0][:1] == '+' or item[0][:1] == '-' or item[0][:1] == '*' or item[0][:1] == 'x' or \
item[0][:1] == '.' or item[0][:1] == '#' or item[0][:1] == 'o':
ipaddr = item[0][1:]
_logger.debug('{0}: adding NTP Client Rules for {1}'.format(self.get_name(), ipaddr))
rules.append(create_iptables_udp_egress_ingress_rule(
ipaddr, 123, self._slot, transport=ipt.TRANSPORT_AUTO))
return rules
def _discover_iptables(self):
"""
Look at /etc/resolv.conf file to get external DNS servers and set outbound rule(s) to allow access.
"""
if not os.path.exists('/etc/resolv.conf'):
_logger.error('{0}: resolv.conf not found.'.format(self.get_name()))
return None
rules = list()
ipaddrs = list()
# Get all nameserver ip address values
with open('/etc/resolv.conf') as handle:
for line in handle:
if 'nameserver' in line.lower() and not line.strip().startswith('#'):
ipaddrs.append(line.split()[1])
if len(ipaddrs) == 0:
_logger.error('{0}: no name server values found in resolv.conf'.format(self.get_name()))
return None
for ipaddr in ipaddrs:
try:
_logger.debug('{0}: adding DNS IP address {1}'.format(self.get_name(), ipaddr))
rules.append(create_iptables_tcp_egress_ingress_rule(ipaddr, 53, self._slot))
rules.append(create_iptables_udp_egress_ingress_rule(ipaddr, 53, self._slot))
except ValueError:
_logger.error('{0}: Unable to validate DNS ip address {1}.'.format(self.get_name(), ipaddr))
return rules
def _discover_iptables(self):
rules = list()
ntpq = which(u'ntpq')
if not ntpq:
_logger.debug('Failed to find program path for "{0}"'.format('ntpq'))
return rules
# Check to see if ntpd is running
if not is_service_running('ntpd'):
_logger.debug('ntpd is not running.')
return rules
p = subprocess.Popen(shlex.split('ntpq -p -n'), stdout=subprocess.PIPE)
stdoutdata, stderrdata = p.communicate()
result = p.wait()
if stderrdata is None:
data = stdoutdata.decode('utf-8')
for line in data.split('\n'):
item = line.split(' ', 1)
if item[0][:1] == '+' or item[0][:1] == '-' or item[0][:1] == '*' or item[0][:1] == 'x' or \
item[0][:1] == '.' or item[0][:1] == '#' or item[0][:1] == 'o':
ipaddr = item[0][1:]
_logger.debug('{0}: adding NTP Client Rules for {1}'.format(self.get_name(), ipaddr))
rules.append(create_iptables_udp_egress_ingress_rule(
ipaddr, 123, self._slot, transport=ipt.TRANSPORT_AUTO))
return rules
def _discover_iptables(self):
"""
Look at /etc/resolv.conf file to get external DNS servers and set outbound rule(s) to allow access.
"""
if not os.path.exists('/etc/resolv.conf'):
_logger.error('{0}: resolv.conf not found.'.format(
self.get_name()))
return None
rules = list()
ipaddrs = list()
# Get all nameserver ip address values
with open('/etc/resolv.conf') as handle:
for line in handle:
if 'nameserver' in line.lower(
) and not line.strip().startswith('#'):
ipaddrs.append(line.split()[1])
if len(ipaddrs) == 0:
_logger.error(
'{0}: no name server values found in resolv.conf'.format(
self.get_name()))
return None
for ipaddr in ipaddrs:
try:
_logger.debug('{0}: adding DNS IP address {1}'.format(
self.get_name(), ipaddr))
rules.append(
create_iptables_tcp_egress_ingress_rule(
ipaddr, 53, self._slot))
rules.append(
create_iptables_udp_egress_ingress_rule(
ipaddr, 53, self._slot))
except ValueError:
_logger.error(
'{0}: Unable to validate DNS ip address {1}.'.format(
self.get_name(), ipaddr))
return rules
