def post(self): log.debug4("%s.post()" % type(self)) super(FirewallTransaction, self).post() for zone in self.zone_transactions: self.zone_transactions[zone].post()
def execute(self, enable): log.debug4("%s.execute(%s)" % (type(self), enable)) rules, modules = self.prepare(enable) # pre self.pre() # stage 1: apply rules error = False errorMsg = "" done = [] for backend_name in rules: try: self.fw.rules(backend_name, rules[backend_name]) except Exception as msg: error = True errorMsg = msg log.error(msg) else: done.append(backend_name) # stage 2: load modules if not error: module_return = self.fw.handle_modules(modules, enable) if module_return: (cleanup_modules, msg) = module_return if cleanup_modules is not None: error = True errorMsg = msg self.fw.handle_modules(cleanup_modules, not enable) # error case: revert rules if error: undo_rules = {} for backend_name in done: undo_rules[backend_name] = [] for rule in reversed(rules[backend_name]): undo_rules[backend_name].append( self.fw.get_backend_by_name(backend_name).reverse_rule( rule)) for backend_name in undo_rules: try: self.fw.rules(backend_name, undo_rules[backend_name]) except Exception as msg: log.error(msg) # call failure functions for (func, args) in self.fail_funcs: try: func(*args) except Exception as msg: log.error("Calling fail func %s(%s) failed: %s" % \ (func, args, msg)) raise FirewallError(errors.COMMAND_FAILED, errorMsg) # post self.post()
def execute(self, enable): log.debug4("%s.execute(%s)" % (type(self), enable)) rules, modules = self.prepare(enable) # pre self.pre() # stage 1: apply rules error = False errorMsg = "" done = [ ] for ipv in rules: try: self.fw.rules(ipv, rules[ipv]) except Exception as msg: error = True errorMsg = msg log.error(msg) else: done.append(ipv) # stage 2: load modules if not error: module_return = self.fw.handle_modules(modules, enable) if module_return: (cleanup_modules, msg) = module_return if cleanup_modules is not None: error = True errorMsg = msg self.fw.handle_modules(cleanup_modules, not enable) # error case: revert rules if error: undo_rules = { } for ipv in done: undo_rules[ipv] = [ ] for rule in reversed(rules[ipv]): undo_rules[ipv].append( self.fw.get_ipv_backend(ipv).reverse_rule(rule)) for ipv in undo_rules: try: self.fw.rules(ipv, undo_rules[ipv]) except Exception as msg: log.error(msg) # call failure functions for (func, args) in self.fail_funcs: try: func(*args) except Exception as msg: log.error("Calling fail func %s(%s) failed: %s" % \ (func, args, msg)) raise FirewallError(errors.COMMAND_FAILED, errorMsg) # post self.post()
def post(self): log.debug4("%s.post()" % type(self)) for (func, args) in self.post_funcs: try: func(*args) except Exception as msg: log.error("Calling post func %s(%s) failed: %s" % \ (func, args, msg))
def pre(self): log.debug4("%s.pre()" % type(self)) for (func, args) in self.pre_funcs: try: func(*args) except Exception as msg: log.debug1(traceback.format_exc()) log.error("Calling pre func %s(%s) failed: %s" % \ (func, args, msg))
def prepare(self, enable, rules=None, modules=None): log.debug4("%s.prepare(%s, %s)" % (type(self), enable, "...")) rules, modules = super(FirewallZoneTransaction, self).prepare( enable, rules, modules) for module in self.modules: if module not in modules: modules.append(module) return rules, modules
def prepare(self, enable): log.debug4("%s.prepare(%s, %s)" % (type(self), enable, "...")) rules = { } if not enable: # reverse rule order for cleanup for backend_name in self.rules: for rule in reversed(self.rules[backend_name]): rules.setdefault(backend_name, [ ]).append( self.fw.get_backend_by_name(backend_name).reverse_rule(rule)) else: for backend_name in self.rules: rules.setdefault(backend_name, [ ]).extend(self.rules[backend_name]) return rules, self.modules
def prepare(self, enable, rules=None, modules=None): log.debug4("%s.prepare(%s, %s)" % (type(self), enable, "...")) rules, modules = super(FirewallTransaction, self).prepare( enable, rules, modules) for zone in self.zone_transactions: try: self.zone_transactions[zone].prepare(enable, rules) for module in self.zone_transactions[zone].modules: if module not in modules: modules.append(module) except FirewallError as msg: log.error("Failed to prepare transaction rules for zone '%s'", str(msg)) return rules, modules
def prepare(self, enable, rules=None, modules=None): log.debug4("%s.prepare(%s, %s)" % (type(self), enable, "...")) if rules is None: rules = { } if modules is None: modules = [ ] if not enable: # reverse rule order for cleanup for ipv in self.rules: for rule in reversed(self.rules[ipv]): rules.setdefault(ipv, [ ]).append(reverse_rule(rule)) else: for ipv in self.rules: rules.setdefault(ipv, [ ]).extend(self.rules[ipv]) return rules, modules
def post(self): log.debug4("%s.post()" % type(self)) for (func, args) in self.post_funcs: func(*args)
def pre(self): log.debug4("%s.pre()" % type(self)) for (func, args) in self.pre_funcs: func(*args)
def execute(self, enable): log.debug4("%s.execute(%s)" % (type(self), enable)) rules, modules = self.prepare(enable) # pre self.pre() # stage 1: apply rules error = False errorMsg = "" done = [] for backend_name in rules: try: self.fw.rules(backend_name, rules[backend_name]) except Exception as msg: error = True errorMsg = msg log.debug1(traceback.format_exc()) log.error(msg) else: done.append(backend_name) # stage 2: load modules if not error: module_return = self.fw.handle_modules(modules, enable) if module_return: # Debug log about issues loading modules, but don't error. The # modules may be builtin or CONFIG_MODULES=n, in which case # modprobe will fail. Or we may be running inside a container # that doesn't have sufficient privileges. Unfortunately there # is no way for us to know. (status, msg) = module_return if status: log.debug1(msg) # error case: revert rules if error: undo_rules = {} for backend_name in done: undo_rules[backend_name] = [] for rule in reversed(rules[backend_name]): undo_rules[backend_name].append( self.fw.get_backend_by_name(backend_name).reverse_rule( rule)) for backend_name in undo_rules: try: self.fw.rules(backend_name, undo_rules[backend_name]) except Exception as msg: log.debug1(traceback.format_exc()) log.error(msg) # call failure functions for (func, args) in self.fail_funcs: try: func(*args) except Exception as msg: log.debug1(traceback.format_exc()) log.error("Calling fail func %s(%s) failed: %s" % \ (func, args, msg)) raise FirewallError(errors.COMMAND_FAILED, errorMsg) # post self.post()
def execute(self, enable): log.debug4("%s.execute(%s)" % (type(self), enable)) rules, modules = self.prepare(enable) # pre self.pre() # stage 1: apply rules error = False done = [] for ipv in rules: try: self.fw.rules(ipv, rules[ipv]) except Exception as msg: error = True if not self.generous_mode: log.warning(msg) else: done.append(ipv) if error and self.generous_mode: for ipv in rules: if ipv in done: continue for rule in rules[ipv]: try: self.fw.rule(ipv, rule) except Exception as msg: log.warning(msg) done.append(ipv) error = False # stage 2: load modules if not error: module_return = self.fw.handle_modules(modules, enable) if module_return: (cleanup_modules, msg) = module_return if cleanup_modules is not None: error = True self.fw.handle_modules(cleanup_modules, not enable) # error case: revert rules if error: undo_rules = {} for ipv in done: undo_rules[ipv] = [] for rule in reversed(rules[ipv]): undo_rules[ipv].append(reverse_rule(rule)) for ipv in undo_rules: try: self.fw.rules(ipv, undo_rules[ipv]) except Exception as msg: log.error(msg) # call failure functions for (func, args) in self.fail_funcs: try: func(*args) except Exception as msg: log.error("Calling fail func %s(%s) failed: %s" % \ (func, args, msg)) raise FirewallError(errors.COMMAND_FAILED) # post self.post()