def setState(state): if state in ["on", "off"]: # Save state general = ModuleConfig("general") general.info["state"] = state general.save() if state == "on": # Start IPTables startService(script(), auto_start=True) # Execute active modules for module in listModuleConfigs(): if module not in MODULES: continue info = ModuleConfig(module).info if info.get("state", "off") == "on": inst = MODULES[module]() inst.loadModule(getModuleParameters(module)) else: # Flush IPTables since every module depends on it netfilterutils.clear() # Stop IPTables stopService(script(), permanent=True) # Unload modules for module in listModuleConfigs(): if module not in MODULES: continue inst = MODULES[module]() inst.unloadModule(shutdown=True) # Notify clients notify("Network.Firewall", "stateChanged", (state))
def stop(): # Save rules writeFile("/var/lib/iptables/rules", iptables.getRules()) # Clear chains & rules iptables.clear() # Remove lock file if os.access(LOCK_FILE, os.F_OK): os.unlink(LOCK_FILE) # Notify clients notify("System.Service", "Changed", (script(), "stopped"))
def initializeIPTables(): """ Initializes IPTables. """ # Active rules rules_active = netfilterutils.parseConf(netfilterutils.getRules()) # Compare rules for chain, rules in IPTABLES_RULES.iteritems(): if chain not in rules_active or len(set(rules) - set(rules_active[chain])): # At least one different rule, need re-initialization netfilterutils.clear() conf = netfilterutils.makeConf(IPTABLES_RULES) netfilterutils.restoreRules(conf) break
def initializeIPTables(): """ Initializes IPTables. """ # Active rules rules_active = netfilterutils.parseConf(netfilterutils.getRules()) # Compare rules for chain, rules in IPTABLES_RULES.iteritems(): if chain not in rules_active or len( set(rules) - set(rules_active[chain])): # At least one different rule, need re-initialization netfilterutils.clear() conf = netfilterutils.makeConf(IPTABLES_RULES) netfilterutils.restoreRules(conf) break
def start(): # Clear chains & rules iptables.clear() # Load rules profile_file = "/var/lib/iptables/rules" if os.path.exists(profile_file): rules = readFile(profile_file) iptables.restoreRules(rules) # Create lock file writeFile(LOCK_FILE, "") # Initialize Network.Firewall, if necessary startNetworkFirewall() # Notify clients notify("System.Service", "Changed", (script(), "started"))
def start(): # Clear chains & rules iptables.clear() # Load rules profile, save_filter, save_nat, save_mangle, save_raw = getProfile() save = { "filter": save_filter, "nat": save_nat, "mangle": save_mangle, "raw": save_raw, } profile_file = os.path.join('/var/lib/iptables', profile) profile_changes = '%s.diff' % profile_file base = {} changes = {} allowed_chains = {} for table in iptables.chains: allowed_chains[table] = save[table].split() # Load base rules if os.path.isfile(profile_file): rules = file(profile_file).read() base = iptables.parseConf(rules) iptables.restoreRules(rules) # Load allowed changes done in previous session if os.path.isfile(profile_changes): rules = file(profile_changes).read() changes = iptables.parseConf(rules) diff = iptables.filterDict(iptables.diffDict(changes, base), allowed_chains) iptables.restoreRules(iptables.makeConf(diff), flush=False) # Create lock file writeFile(lock_file, '')
def stop(): # Save rules profile, save_filter, save_nat, save_mangle, save_raw = getProfile() save = { "filter": save_filter, "nat": save_nat, "mangle": save_mangle, "raw": save_raw, } profile_file = os.path.join('/var/lib/iptables', profile) profile_changes = '%s.diff' % profile_file base = {} changes = {} allowed_chains = {} for table in iptables.chains: allowed_chains[table] = save[table].split() # Get base rules from /var/lib/iptables/<profile> if os.path.isfile(profile_file): rules = file(profile_file).read() base = iptables.parseConf(rules) changes = iptables.parseConf(iptables.getRules()) # Save allowed changes to /var/lib/iptables/<profile>.diff diff = iptables.filterDict(iptables.diffDict(changes, base), allowed_chains) writeFile(profile_changes, iptables.makeConf(diff)) # Clear chains & rules iptables.clear() # Remove lock file if os.access(lock_file, os.F_OK): os.unlink(lock_file)