def __apply_default_rules(self, ipv, transaction): default_rules = {} if ipv in ["ipv4", "ipv6"]: x = ipXtables else: x = ebtables for table in x.DEFAULT_RULES: default_rules[table] = x.DEFAULT_RULES[table][:] if self._log_denied != "off": for table in x.LOG_RULES: default_rules.setdefault(table, []).extend(x.LOG_RULES[table]) for table in default_rules: if table not in self.get_available_tables(ipv): continue prefix = ["-t", table] for rule in default_rules[table]: if type(rule) == list: _rule = prefix + rule else: _rule = prefix + functions.splitArgs(rule) #if self._individual_calls or \ # (ipv == "eb" and not # self.ebtables_backend.restore_noflush_option): # self.rule(ipv, _rule) #else: # transaction.add_rule(ipv, _rule) transaction.add_rule(ipv, _rule)
def __apply_default_rules(self, ipv, transaction): default_rules = { } if ipv in [ "ipv4", "ipv6" ]: x = ipXtables else: x = ebtables for table in x.DEFAULT_RULES: default_rules[table] = x.DEFAULT_RULES[table][:] if self._log_denied != "off": for table in x.LOG_RULES: default_rules.setdefault(table, []).extend(x.LOG_RULES[table]) for table in default_rules: if table not in self.get_available_tables(ipv): continue prefix = [ "-t", table ] for rule in default_rules[table]: if type(rule) == list: _rule = prefix + rule else: _rule = prefix + functions.splitArgs(rule) #if self._individual_calls or \ # (ipv == "eb" and not # self.ebtables_backend.restore_noflush_option): # self.rule(ipv, _rule) #else: # transaction.add_rule(ipv, _rule) transaction.add_rule(ipv, _rule)
def __apply_default_rules(self, ipv): default_rules = { } if ipv in [ "ipv4", "ipv6" ]: x = ipXtables else: x = ebtables for table in x.DEFAULT_RULES: default_rules[table] = x.DEFAULT_RULES[table][:] if self._log_denied != "off": for table in x.LOG_RULES: default_rules.setdefault(table, []).extend(x.LOG_RULES[table]) rules = { } for table in default_rules: if not self.is_table_available(ipv, table): continue prefix = [ "-t", table ] for rule in default_rules[table]: if type(rule) == list: _rule = prefix + rule else: _rule = prefix + functions.splitArgs(rule) if self._individual_calls or \ (ipv == "eb" and not self._ebtables.restore_noflush_option): self.rule(ipv, _rule) else: rules.setdefault(ipv, []).append(_rule) for ipv in rules: self.rules(ipv, rules[ipv])
def endElement(self, name): IO_Object_ContentHandler.endElement(self, name) if name == "rule": if self._element: # add arguments self._rule.append([ u2b_if_py2(x) for x in splitArgs(self._element) ]) self.item.add_rule(*self._rule) else: log.error("Error: rule does not have any arguments, ignoring.") self._rule = None elif name == "passthrough": if self._element: # add arguments self._passthrough.append([ u2b_if_py2(x) for x in splitArgs(self._element) ]) self.item.add_passthrough(*self._passthrough) else: log.error("Error: passthrough does not have any arguments, " + "ignoring.") self._passthrough = None
def endElement(self, name): IO_Object_ContentHandler.endElement(self, name) if name == "rule": if self._element: # add arguments self._rule.append(splitArgs(self._element)) self.item.add_rule(*self._rule) else: log.error("Error: rule does not have any arguments, ignoring.") self._rule = None elif name == "passthrough": if self._element: # add arguments self._passthrough.append(splitArgs(self._element)) self.item.add_passthrough(*self._passthrough) else: log.error("Error: passthrough does not have any arguments, " + "ignoring.") self._passthrough = None
def apply_default_rules(self, transaction, log_denied="off"): for table in DEFAULT_RULES: if table not in self.available_tables(): continue default_rules = DEFAULT_RULES[table][:] if log_denied != "off" and table in LOG_RULES: default_rules.extend(LOG_RULES[table]) prefix = ["-t", table] for rule in default_rules: if type(rule) == list: _rule = prefix + rule else: _rule = prefix + splitArgs(rule) transaction.add_rule(self.ipv, _rule)
def apply_default_rules(self, transaction, log_denied="off"): for table in DEFAULT_RULES: if table not in self.get_available_tables(): continue default_rules = DEFAULT_RULES[table][:] if log_denied != "off" and table in LOG_RULES: default_rules.extend(LOG_RULES[table]) prefix = [ "-t", table ] for rule in default_rules: if type(rule) == list: _rule = prefix + rule else: _rule = prefix + splitArgs(rule) transaction.add_rule(self.ipv, _rule)
def build_default_rules(self, log_denied="off"): default_rules = [] for table in DEFAULT_RULES: if table not in self.get_available_tables(): continue _default_rules = DEFAULT_RULES[table][:] if log_denied != "off" and table in LOG_RULES: _default_rules.extend(LOG_RULES[table]) prefix = [ "-t", table ] for rule in _default_rules: if type(rule) == list: default_rules.append(prefix + rule) else: default_rules.append(prefix + splitArgs(rule)) return default_rules
def _lexer(self, rule_str): """ Lexical analysis """ tokens = [] for r in functions.splitArgs(rule_str): if "=" in r: attr = r.split('=') if len(attr) != 2 or not attr[0] or not attr[1]: raise FirewallError(INVALID_RULE, 'internal error in _lexer(): %s' % r) tokens.append({'attr_name':attr[0], 'attr_value':attr[1]}) else: tokens.append({'element':r}) tokens.append({'element':'EOL'}) return tokens
def _lexer(self, rule_str): """ Lexical analysis """ tokens = [] for r in functions.splitArgs(rule_str): if "=" in r: attr = r.split("=") if len(attr) != 2 or not attr[0] or not attr[1]: raise FirewallError(INVALID_RULE, "internal error in _lexer(): %s" % r) tokens.append({"attr_name": attr[0], "attr_value": attr[1]}) else: tokens.append({"element": r}) tokens.append({"element": "EOL"}) return tokens
def _lexer(self, rule_str): """ Lexical analysis """ tokens = [] for r in functions.splitArgs(rule_str): if "=" in r: attr = r.split('=') if len(attr) != 2 or not attr[0] or not attr[1]: raise FirewallError(INVALID_RULE, 'internal error in _lexer(): %s' % r) tokens.append({'attr_name': attr[0], 'attr_value': attr[1]}) else: tokens.append({'element': r}) tokens.append({'element': 'EOL'}) return tokens
def configure_directs(jconfig, errors=None, changes=None, apply_retry=0, **kwargs): if errors is None: errors = [] if changes is None: changes = [] msg = 'Activating direct rules' log.info(msg) for rule in jconfig.get('direct', []): try: drule = rule.split(None, 4) if len(drule) != 5: raise ValueError( '{0} is not formatted as a direct rule'.format(rule)) rule_chunk = get_direct_chunks([drule])[0] # cache can be a source of errors, if we are retrying we # skip cache if apply_retry > 0: rules = get_directs(cache=False) else: rules = get_directs() rules_chunks = get_direct_chunks(rules) if rule_chunk not in rules_chunks: rules = get_directs() rules_chunks = get_direct_chunks(rules) if rule_chunk not in rules_chunks: msg = ' - Add direct rule {0}'.format(rule) log.info(msg) changes.append(msg) fw().addRule(drule[0], drule[1], drule[2], int(drule[3]), splitArgs(drule[4])) else: msg = ' - Already activated: {0}'.format(rule) log.info(msg) except (Exception) as ex: trace = traceback.format_exc() errors.append({ 'trace': trace, 'type': 'directs/rule', 'id': "directs/rule/{0}".format(rule), 'exception': ex })