def __init__(self, resources, values, loader_context=None): Group.__init__(self, resources, values, loader_context) ResourcesContainer.__init__(self, resources) self.interface = getFirst(self.objects).interface self.parent = self.interface self.allow_child = False self.type = GROUP_RESTYPE
def getFirstProtocol(objects): return getFirst(flattenProtocolList(objects))
def getFirstNetwork(objects): return getFirst(flattenNetworkList(objects))
def getFirstObject(objects): return getFirst(flattenObjectList(objects))
def checkConsistency(self, loader_context=None): if len(self.destinations) == 0 and len(self.sources) == 0: raise RulesetError(tr("A NAT rule requires at least one source or one destination.")) for source in flattenObjectList(self.sources): if isinstance(source, Platform): raise RulesetError(tr('Platforms can not be used' ' in NAT rules')) for source in flattenObjectList(self.sources): if isinstance(source, Platform): raise RulesetError(tr('Platforms can not be used' ' in NAT rules')) if self.type == NAT_TRANSLATE: if len(self.nated_destinations) == 0 and len(self.nated_sources) == 0: raise RulesetError(tr("A NAT rule requires at least one translated source or destination.")) if len(self.nated_sources) != 0 and len(self.sources) == 0: raise RulesetError(tr("You need to specify a source to be able to translate it.")) if len(self.nated_destinations) != 0 and len(self.destinations) == 0: raise RulesetError(tr("You need to specify a destination to be able to translate it.")) if len(self.nated_filters) != 0 and len(self.nated_destinations) == 0: raise RulesetError(tr("You need to translate the destination address to be able to translate the protocol.")) if len(self.nated_sources) > 1 or len(self.nated_destinations) > 1 or len(self.nated_filters) > 1 : raise RulesetError(tr("You can not create a NAT rule comprising more than one translated source, destination or protocol.")) if len(self.nated_sources) != 0 and (len(self.nated_destinations) != 0 or len(self.nated_filters) != 0): raise RulesetError(tr("You can not set a translated source at the same time as a translated destination or protocol.")) if len(self.nated_sources): nated_src = getFirst(self.nated_sources) if not isinstance(nated_src, (HostResource, HostnameResource, NetworkResource, IPsecNetworkResource, FirewallResource)): raise RulesetError(tr("The translated source must be a host, a network or the firewall interface.")) if self.chain == 'POSTROUTING': for src in self.sources: if not isinstance(src, InterfaceResource): continue raise RulesetError(tr("A source NAT rule can not use an interface in sources.")) if len(self.nated_destinations): nated_dst = getFirst(self.nated_destinations) if not isinstance(nated_dst, (HostResource, HostnameResource, NetworkResource, IPsecNetworkResource)): raise RulesetError(tr("The translated destination must be a host or a network.")) if self.chain == 'PREROUTING': for dst in self.destinations: if not isinstance(dst, InterfaceResource): continue raise RulesetError(tr("A destination NAT rule can not use an interface in destinations.")) if len(self.nated_filters) and not len(self.filters): raise RulesetError(tr("You have to specify at least one protocol to filter to translate it to another protocol.")) if len(self.nated_filters): proto = getFirst(self.nated_filters) if proto.layer4 != u'tcp' and proto.layer4 != u'udp': raise RulesetError(tr("Translated port can only be TCP or UDP.")) for obj in flattenObjectList(self.filters): if obj.layer4 != proto.layer4: raise RulesetError( tr("The translated port needs to use the same transport protocol (TCP/UDP) as the filtered port. " "The %s protocol does not use the same transport protocol as the translated port.") % proto.formatID()) if (not proto.dport) or (proto.dport.first != proto.dport.last): raise RulesetError(tr("The translated port must be an unique port number.")) for protocol in chain(self.filters, self.nated_filters): if IPV4_ADDRESS not in protocol.getAddressTypes(): raise RulesetError( tr("The %s protocol can not be used in IPv4!"), protocol.formatID())
def __init__(self, library, values, loader_context=None): self.library = library Object.__init__(self, values, loader_context) self.update_domain = getFirst(self.objects).update_domain
def iptableRules(iptables, nat, empty_line, apply_rules): ruleset = nat.ruleset if iptables.options.format == "iptables": prefix = Arguments("iptables", "-t", "nat") else: prefix = Arguments() # Create header (title and comment) title = unicode(nat) if not nat.enabled: title += u' (disabled)' for line in comment(title, extra=nat.comment, empty_line=empty_line): yield line # Create source and destination parameters chain = nat.createChainKey() # Create protocols protocols = list(flattenObjectList(nat.filters)) if not protocols: protocols = (None,) # Get nated sources if len(nat.nated_sources): nated_src = getFirst(nat.nated_sources) else: nated_src = None # Get nated destinations if len(nat.nated_destinations): nated_dst = getFirst(nat.nated_destinations) else: nated_dst = None if nat.type != NAT_TRANSLATE: suffix = Arguments('-j', 'ACCEPT') elif chain == u'POSTROUTING' and isinstance(nated_src, FirewallResource): suffix = Arguments('-j', 'MASQUERADE') elif chain == u'POSTROUTING': source = getFirstAddress(nat, nated_src, apply_rules) if isinstance(nated_src, (NetworkResource, IPsecNetworkResource)): suffix = Arguments('-j', 'NETMAP', '--to', source) else: suffix = Arguments('-j', 'SNAT', '--to-source', source) elif chain == u'PREROUTING': dest = getFirstAddress(nat, nated_dst, apply_rules) if len(nat.nated_filters): newproto = getFirst(nat.nated_filters) dest += u':%s' % newproto.dport if isinstance(nated_dst, (NetworkResource, IPsecNetworkResource)): suffix = Arguments('-j', 'NETMAP', '--to', dest) else: suffix = Arguments('-j', 'DNAT', '--to-destination', dest) rule_number = 1 for network_args in formatSrcDst(ruleset.resources, nat, chain): for proto in protocols: iptable_rule = prefix if not nat.enabled: iptable_rule += Arguments("#") iptable_rule += Arguments('-A', chain) iptable_rule += network_args if proto: iptable_rule += formatProtocol(proto, chain) iptable_rule += suffix if iptables.options.format != "iptables": iptable_rule += iptables.ruleComment(nat, rule_number) rule_number += 1 yield iptable_rule
def netAbstract(net): if net.ip_addrs: ip = getFirst(net.ip_addrs) return "%s/%s" % (unicode(ip), net.net.prefixlen()) return "<i>%s</i>" % net.label