def _start_check(self):
try:
self.ipset_backend.set_list()
except ValueError:
log.warning("ipset not usable, disabling ipset usage in firewall.")
# ipset is not usable, no supported types
self.ipset_enabled = False
self.ipset_supported_types = []
else:
# ipset is usable, get all supported types
self.ipset_supported_types = self.ipset_backend.set_supported_types(
)
self.ip4tables_backend.fill_exists()
if not self.ip4tables_backend.restore_command_exists:
if self.ip4tables_backend.command_exists:
log.warning("iptables-restore is missing, using "
"individual calls for IPv4 firewall.")
else:
log.warning("iptables-restore and iptables are missing, "
"disabling IPv4 firewall.")
self.ip4tables_enabled = False
if self.ip4tables_enabled:
self.ip4tables_supported_icmp_types = \
self.ip4tables_backend.supported_icmp_types()
else:
self.ip4tables_supported_icmp_types = []
self.ip6tables_backend.fill_exists()
if not self.ip6tables_backend.restore_command_exists:
if self.ip6tables_backend.command_exists:
log.warning("ip6tables-restore is missing, using "
"individual calls for IPv6 firewall.")
else:
log.warning("ip6tables-restore and ip6tables are missing, "
"disabling IPv6 firewall.")
self.ip6tables_enabled = False
if self.ip6tables_enabled:
self.ip6tables_supported_icmp_types = \
self.ip6tables_backend.supported_icmp_types()
else:
self.ip6tables_supported_icmp_types = []
self.ebtables_backend.fill_exists()
if not self.ebtables_backend.restore_command_exists:
if self.ebtables_backend.command_exists:
log.warning("ebtables-restore is missing, using "
"individual calls for bridge firewall.")
else:
log.warning("ebtables-restore and ebtables are missing, "
"disabling bridge firewall.")
self.ebtables_enabled = False
if self.ebtables_enabled and not self._individual_calls and \
not self.ebtables_backend.restore_noflush_option:
log.debug1("ebtables-restore is not supporting the --noflush "
"option, will therefore not be used")
if os.path.exists(config.COMMANDS["modinfo"]):
self.nf_conntrack_helpers = functions.get_nf_conntrack_helpers()
if len(self.nf_conntrack_helpers) > 0:
log.debug1("Conntrack helpers supported by the kernel:")
for key, values in self.nf_conntrack_helpers.items():
log.debug1(" %s: %s", key, ", ".join(values))
else:
log.debug1("No conntrack helpers supported by the kernel.")
self.nf_nat_helpers = functions.get_nf_nat_helpers()
if len(self.nf_nat_helpers) > 0:
log.debug1("NAT helpers supported by the kernel:")
for key, values in self.nf_nat_helpers.items():
log.debug1(" %s: %s", key, ", ".join(values))
else:
log.debug1("No NAT helpers supported by the kernel.")
else:
self.nf_conntrack_helpers = {}
self.nf_nat_helpers = {}
log.warning(
"modinfo command is missing, not able to detect conntrack helpers."
)
def _start_check(self):
try:
self.ipset_backend.list()
except ValueError:
log.warning("ipset not usable, disabling ipset usage in firewall.")
# ipset is not usable, no supported types
self.ipset_enabled = False
self.ipset_supported_types = [ ]
else:
# ipset is usable, get all supported types
self.ipset_supported_types = self.ipset_backend.supported_types()
self.ip4tables_backend.fill_exists()
if not self.ip4tables_backend.restore_command_exists:
if self.ip4tables_backend.command_exists:
log.warning("iptables-restore is missing, using "
"individual calls for IPv4 firewall.")
else:
log.warning("iptables-restore and iptables are missing, "
"disabling IPv4 firewall.")
self.ip4tables_enabled = False
if self.ip4tables_enabled:
self.ip4tables_supported_icmp_types = \
self.ip4tables_backend.supported_icmp_types()
else:
self.ip4tables_supported_icmp_types = [ ]
self.ip6tables_backend.fill_exists()
if not self.ip6tables_backend.restore_command_exists:
if self.ip6tables_backend.command_exists:
log.warning("ip6tables-restore is missing, using "
"individual calls for IPv6 firewall.")
else:
log.warning("ip6tables-restore and ip6tables are missing, "
"disabling IPv6 firewall.")
self.ip6tables_enabled = False
if self.ip6tables_enabled:
self.ip6tables_supported_icmp_types = \
self.ip6tables_backend.supported_icmp_types()
else:
self.ip6tables_supported_icmp_types = [ ]
self.ebtables_backend.fill_exists()
if not self.ebtables_backend.restore_command_exists:
if self.ebtables_backend.command_exists:
log.warning("ebtables-restore is missing, using "
"individual calls for bridge firewall.")
else:
log.warning("ebtables-restore and ebtables are missing, "
"disabling bridge firewall.")
self.ebtables_enabled = False
if self.ebtables_enabled and not self._individual_calls and \
not self.ebtables_backend.restore_noflush_option:
log.debug1("ebtables-restore is not supporting the --noflush "
"option, will therefore not be used")
if os.path.exists(config.COMMANDS["modinfo"]):
self.nf_conntrack_helpers = functions.get_nf_conntrack_helpers()
if len(self.nf_conntrack_helpers) > 0:
log.debug1("Conntrack helpers supported by the kernel:")
for key,values in self.nf_conntrack_helpers.items():
log.debug1(" %s: %s", key, ", ".join(values))
else:
log.debug1("No conntrack helpers supported by the kernel.")
self.nf_nat_helpers = functions.get_nf_nat_helpers()
if len(self.nf_nat_helpers) > 0:
log.debug1("NAT helpers supported by the kernel:")
for key,values in self.nf_nat_helpers.items():
log.debug1(" %s: %s", key, ", ".join(values))
else:
log.debug1("No NAT helpers supported by the kernel.")
else:
self.nf_conntrack_helpers = { }
self.nf_nat_helpers = { }
log.warning("modinfo command is missing, not able to detect conntrack helpers.")