def rulesetUpload(component, logger, filetype, input_filename, content, netcfg):
# Extract ruleset name from the input filename
name = basename(input_filename)
if not name.lower().endswith(".xml"):
raise RulesetError('File extension is not ".xml"!')
name = name[:-4]
# Ensure that the ruleset doesn't exist on disk
rulesetFilename(filetype, name, check_existing=True)
# Decode the content
content = decodeFileContent(content)
# Open the ruleset the check the consistency
ruleset = Ruleset(component, logger, netcfg, read_only=True)
ruleset.load(logger, filetype, name, content=content)
if component.core.getMultisiteType() == MULTISITE_SLAVE:
if exists(MULTISITE_TEMPLATE_FILENAME):
template = MULTISITE_TEMPLATE_NAME
else:
template = None
replaceTemplate(logger, ruleset, template)
# Write the ruleset
try:
ruleset.save()
except IOError, err:
raise RulesetError(
tr("Unable to write into the file %s (%s): %s!"),
basename(ruleset.filename),
ruleset.filetype,
exceptionAsUnicode(err),
)
def apply(self):
self.error('Create ruleset "%s"' % self.name)
logger = self.getLogger()
ruleset = Ruleset(self.component, logger, self.netcfg)
ruleset.create(logger, "ruleset", self.netcfg, base_template=MULTISITE_TEMPLATE_NAME)
ruleset.saveAs(self.name)
self.filename = rulesetFilename("ruleset", self.name)
def service_rulesetOpen(self, context, filetype, name):
"""
Open a ruleset or a template (if is_template is True).
"""
filetype = getUnicode(filetype)
name = getUnicode(name)
checkRulesetName(name)
client = self.getClient(context)
logger = ContextLoggerChild(context, self)
self.info(context, 'Open the ruleset "%s"' % name)
data = yield self.core.callService(self.ufwi_ruleset_context, 'network', 'getNetconfig')
netcfg = deserializeNetCfg(data)
read_only = not any(context.hasRole(role) for role in RULESET_FORWARD_WRITE_ROLES)
if EDENWALL \
and (not read_only) \
and (filetype == "template") \
and (self.core.getMultisiteType() == MULTISITE_SLAVE):
read_only = True
ruleset = Ruleset(self, logger, netcfg,
read_only=read_only, client=client)
result = ruleset.load(logger, filetype, name)
if not read_only:
self.core.lock_manager.acquire(context, LOCK_RULESET)
self._saveRuleset(context, ruleset)
returnValue(result)
def apply(self):
self.debug("Replace multisite templates in ruleset %s" % self.ruleset)
logger = self.getLogger()
ruleset = Ruleset(self.component, logger, self.netcfg)
ruleset.load(logger, "ruleset", self.ruleset)
if self.use_template:
template = self.template
else:
template = None
replaceTemplate(self.getLogger(), ruleset, template)
ruleset.write(self.filename)
def apply(self):
if not self.ruleset_name:
self.info("Don't apply rule set (no production rule set)")
self.info("Apply rule set %s" % self.ruleset_name)
logger = self.getLogger()
ruleset = Ruleset(self.component, logger, self.netcfg)
ruleset.load(logger, "ruleset", self.ruleset_name, filename=self.filename)
apply = ApplyRules(self.context, self.component, ruleset, self.use_nufw,
raise_error=True, consistency_error=False)
apply.applyRules()
def reapplyLastRuleset(netcfg, context, component):
logger = ContextLoggerChild(context, component)
last_ruleset = lastRulesetApplied()
if 'ruleset' in last_ruleset:
name = last_ruleset['ruleset']
message = "Reapply the last rule set: %s" % name
ruleset = Ruleset(component, logger, netcfg)
ruleset.load(logger, "ruleset", name, filename=PRODUCTION_RULESET)
use_nufw = last_ruleset['use_nufw']
else:
message = "Reapply the last rule set: not rule set (only write localfw rules)"
ruleset = None
use_nufw = False
logger.error(message)
apply = ApplyRules(context, component, ruleset, use_nufw,
raise_error=True, consistency_error=False)
return apply.applyRules()
def service_rulesetCreate(self, context, filetype, base_template):
"""
Create a new ruleset based on a template. Use base_template='' to
ignore the base template.
"""
self.info(context, 'Create a new ruleset')
if EDENWALL:
multisite_type = self.core.getMultisiteType()
base_template = checkMultisiteTypeValue(multisite_type, filetype, base_template)
client = self.getClient(context)
logger = ContextLoggerChild(context, self)
data = yield self.core.callService(self.ufwi_ruleset_context, 'network', 'getNetconfig')
netcfg = deserializeNetCfg(data)
ruleset = Ruleset(self, logger, netcfg, client=client)
result = ruleset.create(logger, filetype, netcfg, base_template=base_template)
if not ruleset.read_only:
self.core.lock_manager.acquire(context, LOCK_RULESET)
self._saveRuleset(context, ruleset)
returnValue(result)
def getMissingLinks(component, logger, filetype, name, netcfg, links):
ruleset = Ruleset(component, logger, netcfg)
ruleset.load(logger, filetype, name)
generic_links = ruleset.generic_links
generic_links.setLinks(links)
return generic_links.getMissingLinks()
