def add_ip_networks(ip_route: IPRoute, ip_networks, ipsec_connection_name): ipsec_info = IPSecInfo(ip_route=ip_route) ipsec_entries = ipsec_info.entries() rules = [] table = iptc.Table(iptc.Table.NAT) table.autocommit = False chain = iptc.Chain(table, 'POSTROUTING') filter_func = functools.partial(comment_matches_ipsec_connection, ipsec_connection_name) existing_rules = filter_iptables_rules(chain, filter_func) existing_rules_sources = set( map(lambda er: netaddr.IPNetwork(er.src), existing_rules)) for network in ip_networks: if network in existing_rules_sources: continue route_to_rule = functools.partial(ipsec_route_to_rule, network, ip_route) rules.extend(map(route_to_rule, ipsec_entries)) if len(rules) > 0: for rule in rules: install_iptables_rule(table, ipsec_connection_name, *rule) table.commit()
def add_ip_networks(ip_route: IPRoute, ip_networks, ipsec_connection_name): ipsec_info = IPSecInfo(ip_route=ip_route) ipsec_entries = ipsec_info.entries() rules = [] table = iptc.Table(iptc.Table.NAT) table.autocommit = False chain = iptc.Chain(table, 'POSTROUTING') filter_func = functools.partial(comment_matches_ipsec_connection, ipsec_connection_name) existing_rules = filter_iptables_rules(chain, filter_func) existing_rules_sources = set(map(lambda er: netaddr.IPNetwork(er.src), existing_rules)) for network in ip_networks: if network in existing_rules_sources: continue route_to_rule = functools.partial(ipsec_route_to_rule, network, ip_route) rules.extend(map(route_to_rule, ipsec_entries)) if len(rules) > 0: for rule in rules: install_iptables_rule(table, ipsec_connection_name, *rule) table.commit()
def get_ipsec_connection_routes(ipsec_info: IPSecInfo, ipsec_connection): filter_func = functools.partial(route_table_entry_matches_ipsec_connection, ipsec_connection) return tuple(filter(filter_func, ipsec_info.entries()))