def moveRule(self, context, rule_type, identifier, delta): identifier = getInteger(identifier) rules = self.getRuleset(context).getRuleList(rule_type) rule = rules[identifier] chain = rules.getAclChain(rule) new_order = chain.getOrder(rule) + delta updates = rules.moveAt(rule, new_order) self.saveSession(context) return updates
def service_moveRule(self, context, rule_type, identifier, new_order): """ Move a rule to the new specific order (in the same chain). """ identifier = getInteger(identifier) rules = self.getRuleset(context).getRuleList(rule_type) updates = rules.moveAt(rules[identifier], new_order) self.saveSession(context) return updates
def service_ruleClone(self, context, rule_type, acl_id): """ Clone an ACL: acl_id is its identifier. """ acl_id = getInteger(acl_id) ruleset = self.getRuleset(context) rules = ruleset.getRuleList(rule_type) updates = rules.clone(acl_id) self.saveSession(context) return updates
def service_ruleChange(self, context, rule_type, acl_id, new_values): """ Change attributes of an ACL: - acl_id: acl identifier (unicode) - new_values: dictionary (attribute name => value) """ acl_id = getInteger(acl_id) acls = self.getRuleset(context).getRuleList(rule_type) acl = acls[acl_id] updates = acls.modifyObject(acl, new_values, False) self.saveSession(context) return updates
def service_getRule(self, context, rule_type, rule_id, fusion=None): """ Get a ACL or NAT rule. Arguments: - rule_type: possible values are * "acls-ipv4" (IPv4 ACL) * "acls-ipv6" (IPv6 ACL) * "nats" (IPv4 NAT) - rule_id (integer): rule identifier - fusion (boolean): if True, replace generic networks / user groups by physical networks / user groups Result is a dictionary with the following keys. Common keys: - mandatory keys * id (integer): unique rule identifier * mandatory (boolean): True if the rule is mandatory * enabled (boolean): ACL is enabled? (bool) * sources (list of unicode): List of network identifiers * destinations (list of unicode): List of network identifiers - optional keys: * comment (unicode): Comment ACL keys: - mandatory keys: * decision (unicode): 'ACCEPT', 'DROP' or 'REJECT' * protocols (list of unicode): List of protocol identifiers * address_type (unicode): IPV4_ADDRESS or IPV6_ADDRESS * input (unicode): Identifier of the input interface * output (unicode): Identifier of the output interface * chain (unicode): 'INPUT', 'OUTPUT' or 'FORWARD' * log (boolean): Log connections or not? - optional keys: * user_groups (list of unicode): List of user group identifiers * applications (list of unicode): List of application identifiers * operating_systems (list of unicode): List of operating system identifiers * periodicities (list of unicode): List of periodicity identifiers * durations (list of unicode): List of duration identifiers * log_prefix (unciode): Prefix of an log entry NAT keys: - mandatory keys: * filters (list of unicode): List of protocol identifiers * nated_sources (list of unicode): List of translated network identifiers * nated_destinations (list of unicode): List of translated network identifiers * nated_filters (list of unicode): List of translated protocol identifiers * chain (unicode): 'PREROUTING' or 'POSTROUTING' A rule identifier is only unique in its list. Eg. you can have an IPv4 ACL and an IPv6 ACL with the same identifier. Use (rule_type, rule_id) for a global unique identifier. """ rule_type = getUnicode(rule_type) rule_id = getInteger(rule_id) fusion = self.getFusion(context, fusion) rules = self.getRuleset(context).getRuleList(rule_type) rule = rules[rule_id] return rule.exportXMLRPC(fusion)