def setState(state):
if state in ["on", "off"]:
# Save state
general = ModuleConfig("general")
general.info["state"] = state
general.save()
if state == "on":
# Start IPTables
startService(script(), auto_start=True)
# Execute active modules
for module in listModuleConfigs():
if module not in MODULES:
continue
info = ModuleConfig(module).info
if info.get("state", "off") == "on":
inst = MODULES[module]()
inst.loadModule(getModuleParameters(module))
else:
# Flush IPTables since every module depends on it
netfilterutils.clear()
# Stop IPTables
stopService(script(), permanent=True)
# Unload modules
for module in listModuleConfigs():
if module not in MODULES:
continue
inst = MODULES[module]()
inst.unloadModule(shutdown=True)
# Notify clients
notify("Network.Firewall", "stateChanged", (state))
def setState(state):
if state in ["on", "off"]:
# Save state
general = ModuleConfig("general")
general.info["state"] = state
general.save()
if state == "on":
# Start IPTables
startService(script(), auto_start=True)
# Execute active modules
for module in listModuleConfigs():
if module not in MODULES:
continue
info = ModuleConfig(module).info
if info.get("state", "off") == "on":
inst = MODULES[module]()
inst.loadModule(getModuleParameters(module))
else:
# Flush IPTables since every module depends on it
netfilterutils.clear()
# Stop IPTables
stopService(script(), permanent=True)
# Unload modules
for module in listModuleConfigs():
if module not in MODULES:
continue
inst = MODULES[module]()
inst.unloadModule(shutdown=True)
# Notify clients
notify("Network.Firewall", "stateChanged", (state))
def stop():
# Save rules
writeFile("/var/lib/iptables/rules", iptables.getRules())
# Clear chains & rules
iptables.clear()
# Remove lock file
if os.access(LOCK_FILE, os.F_OK):
os.unlink(LOCK_FILE)
# Notify clients
notify("System.Service", "Changed", (script(), "stopped"))
def stop():
# Save rules
writeFile("/var/lib/iptables/rules", iptables.getRules())
# Clear chains & rules
iptables.clear()
# Remove lock file
if os.access(LOCK_FILE, os.F_OK):
os.unlink(LOCK_FILE)
# Notify clients
notify("System.Service", "Changed", (script(), "stopped"))
def initializeIPTables():
"""
Initializes IPTables.
"""
# Active rules
rules_active = netfilterutils.parseConf(netfilterutils.getRules())
# Compare rules
for chain, rules in IPTABLES_RULES.iteritems():
if chain not in rules_active or len(set(rules) - set(rules_active[chain])):
# At least one different rule, need re-initialization
netfilterutils.clear()
conf = netfilterutils.makeConf(IPTABLES_RULES)
netfilterutils.restoreRules(conf)
break
def initializeIPTables():
"""
Initializes IPTables.
"""
# Active rules
rules_active = netfilterutils.parseConf(netfilterutils.getRules())
# Compare rules
for chain, rules in IPTABLES_RULES.iteritems():
if chain not in rules_active or len(
set(rules) - set(rules_active[chain])):
# At least one different rule, need re-initialization
netfilterutils.clear()
conf = netfilterutils.makeConf(IPTABLES_RULES)
netfilterutils.restoreRules(conf)
break
def start():
# Clear chains & rules
iptables.clear()
# Load rules
profile_file = "/var/lib/iptables/rules"
if os.path.exists(profile_file):
rules = readFile(profile_file)
iptables.restoreRules(rules)
# Create lock file
writeFile(LOCK_FILE, "")
# Initialize Network.Firewall, if necessary
startNetworkFirewall()
# Notify clients
notify("System.Service", "Changed", (script(), "started"))
def start():
# Clear chains & rules
iptables.clear()
# Load rules
profile_file = "/var/lib/iptables/rules"
if os.path.exists(profile_file):
rules = readFile(profile_file)
iptables.restoreRules(rules)
# Create lock file
writeFile(LOCK_FILE, "")
# Initialize Network.Firewall, if necessary
startNetworkFirewall()
# Notify clients
notify("System.Service", "Changed", (script(), "started"))
def start():
# Clear chains & rules
iptables.clear()
# Load rules
profile, save_filter, save_nat, save_mangle, save_raw = getProfile()
save = {
"filter": save_filter,
"nat": save_nat,
"mangle": save_mangle,
"raw": save_raw,
}
profile_file = os.path.join('/var/lib/iptables', profile)
profile_changes = '%s.diff' % profile_file
base = {}
changes = {}
allowed_chains = {}
for table in iptables.chains:
allowed_chains[table] = save[table].split()
# Load base rules
if os.path.isfile(profile_file):
rules = file(profile_file).read()
base = iptables.parseConf(rules)
iptables.restoreRules(rules)
# Load allowed changes done in previous session
if os.path.isfile(profile_changes):
rules = file(profile_changes).read()
changes = iptables.parseConf(rules)
diff = iptables.filterDict(iptables.diffDict(changes, base),
allowed_chains)
iptables.restoreRules(iptables.makeConf(diff), flush=False)
# Create lock file
writeFile(lock_file, '')
def stop():
# Save rules
profile, save_filter, save_nat, save_mangle, save_raw = getProfile()
save = {
"filter": save_filter,
"nat": save_nat,
"mangle": save_mangle,
"raw": save_raw,
}
profile_file = os.path.join('/var/lib/iptables', profile)
profile_changes = '%s.diff' % profile_file
base = {}
changes = {}
allowed_chains = {}
for table in iptables.chains:
allowed_chains[table] = save[table].split()
# Get base rules from /var/lib/iptables/<profile>
if os.path.isfile(profile_file):
rules = file(profile_file).read()
base = iptables.parseConf(rules)
changes = iptables.parseConf(iptables.getRules())
# Save allowed changes to /var/lib/iptables/<profile>.diff
diff = iptables.filterDict(iptables.diffDict(changes, base),
allowed_chains)
writeFile(profile_changes, iptables.makeConf(diff))
# Clear chains & rules
iptables.clear()
# Remove lock file
if os.access(lock_file, os.F_OK):
os.unlink(lock_file)
def start():
# Clear chains & rules
iptables.clear()
# Load rules
profile, save_filter, save_nat, save_mangle, save_raw = getProfile()
save = {
"filter": save_filter,
"nat": save_nat,
"mangle": save_mangle,
"raw": save_raw,
}
profile_file = os.path.join('/var/lib/iptables', profile)
profile_changes = '%s.diff' % profile_file
base = {}
changes = {}
allowed_chains = {}
for table in iptables.chains:
allowed_chains[table] = save[table].split()
# Load base rules
if os.path.isfile(profile_file):
rules = file(profile_file).read()
base = iptables.parseConf(rules)
iptables.restoreRules(rules)
# Load allowed changes done in previous session
if os.path.isfile(profile_changes):
rules = file(profile_changes).read()
changes = iptables.parseConf(rules)
diff = iptables.filterDict(iptables.diffDict(changes, base), allowed_chains)
iptables.restoreRules(iptables.makeConf(diff), flush=False)
# Create lock file
writeFile(lock_file, '')
def stop():
# Save rules
profile, save_filter, save_nat, save_mangle, save_raw = getProfile()
save = {
"filter": save_filter,
"nat": save_nat,
"mangle": save_mangle,
"raw": save_raw,
}
profile_file = os.path.join('/var/lib/iptables', profile)
profile_changes = '%s.diff' % profile_file
base = {}
changes = {}
allowed_chains = {}
for table in iptables.chains:
allowed_chains[table] = save[table].split()
# Get base rules from /var/lib/iptables/<profile>
if os.path.isfile(profile_file):
rules = file(profile_file).read()
base = iptables.parseConf(rules)
changes = iptables.parseConf(iptables.getRules())
# Save allowed changes to /var/lib/iptables/<profile>.diff
diff = iptables.filterDict(iptables.diffDict(changes, base), allowed_chains)
writeFile(profile_changes, iptables.makeConf(diff))
# Clear chains & rules
iptables.clear()
# Remove lock file
if os.access(lock_file, os.F_OK):
os.unlink(lock_file)
