def del_iptables_rule(self,rule): """ Method: del_iptables_rule Description: 删除防火墙设置的原子操作 Parameter: rule: 防火墙规则,是个三元组,格式如下("网卡名称","tcp或udp","端口号") Return: 0代表成功,1代表失败 Others: 无 """ #删除 return_code = os_execute("iptables -D INPUT -i %s -p %s --dport %s -j ACCEPT" %( rule[0],rule[2],rule[1])) if return_code !=0: tracelog.error('Fail to del iptables rule') return 1 else: tracelog.info('iptables rule deleted and info is %s card %s port %s treaty'%( rule[0],rule[2],rule[1])) return_code = os_execute("service iptables save") if return_code !=0: tracelog.error('Fail to save iptables rule') return 1 else: tracelog.info('Success to save iptables') return 0
def mod_iptables_rule(self,oldrule,new_state): """ Method: mod_iptables_rule Description: 修改防火墙设置的原子操作 Parameter: oldrule: 旧规则,是个三元组,格式如下("网卡名称","tcp或udp","端口号") new_state: 新规则的状态,状态可以是 DROP,ACCEPT Return: 0代表成功,1代表失败 Others: 无 """ #删除 return_code = os_execute("iptables -D INPUT -i %s -p %s --dport %s -j ACCEPT" %( oldrule[0],oldrule[2],oldrule[1])) if return_code !=0: tracelog.error('Fail to del iptables rule') return 1 else: tracelog.info('iptables rule deleted and info is %s card %s port %s treaty'%( oldrule[0],oldrule[2],oldrule[1])) return_code = os_execute("iptables -A INPUT -i %s -p %s --dport %s -j %s" %( oldrule[0],oldrule[2],oldrule[1],new_state)) if return_code !=0: tracelog.error('Fail to add iptables rule') return 1 else: tracelog.info('iptables add and info is card:%s port:%s treaty:%s state:%s '%( oldrule[0],oldrule[2],oldrule[1],new_state)) return_code = os_execute("service iptables save") if return_code !=0: tracelog.error('Fail to save iptables rule') return 1 else: tracelog.info('Success to save iptables') return 0