def __init__(self):
"""the init function creates some class variables"""
self.config = Config("config/easywall.ini")
self.enabled = bool(self.config.get_value("ACCEPTANCE", "enabled"))
self.filename = self.config.get_value("ACCEPTANCE", "filename")
logging.debug("Acceptance Process initialized. Status: " +
str(self.enabled) + " Filename: " + self.filename)
def reset(self):
"""the function resets iptables to a clean state"""
logging.debug("resetting iptables to empty configuration")
self.add_policy("INPUT", "ACCEPT")
self.add_policy("OUTPUT", "ACCEPT")
self.add_policy("FORWARD", "ACCEPT")
self.flush()
self.delete_chain()
def rotate_backup(self):
"""the function rotates the backup files to have a clean history of files"""
self.filepath = self.config.get_value("BACKUP", "filepath")
self.filename = self.config.get_value("BACKUP", "ipv4filename")
self.date = datetime.now().strftime("%Y-%m-%d_%H-%M-%S")
logging.debug("rotating backup files in folder " +
self.filepath + " -> add prefix " + self.date)
self.rename_backup_file()
if self.ipv6 is True:
self.filename = self.config.get_value("BACKUP", "ipv6filename")
self.rename_backup_file()
def add_append(self, chain, rule, onlyv6=False, onlyv4=False):
"""the function creates a new append in iptables"""
if onlyv4 is True or (onlyv6 is False and onlyv4 is False):
logging.debug("adding append for ipv4, chain: " + chain +
", rule: " + rule)
self.system_call(self.iptables_bin + " -A " + chain + " " + rule)
if self.ipv6 is True and (onlyv6 is True or
(onlyv6 is False and onlyv4 is False)):
logging.debug("adding append for ipv6, chain: " + chain +
", rule: " + rule)
self.system_call(self.ip6tables_bin + " -A " + chain + " " + rule)
def add_policy(self, chain, target):
"""the function creates a new policy in iptables"""
logging.debug("adding policy for chain " + chain + " and target " +
target)
if target == "ACCEPT" or target == "DROP":
self.system_call(self.iptables_bin + " -P " + chain + " " + target)
if self.ipv6 is True:
self.system_call(self.ip6tables_bin + " -P " + chain + " " +
target)
else:
logging.error("Invalid Target for addPolicy " + target)
def __init__(self):
"""the init function creates some useful class variables"""
logging.debug("Setting up iptables...")
self.config = Config("config/easywall.ini")
self.ipv6 = bool(self.config.get_value("IPV6", "enabled"))
self.iptables_bin = self.config.get_value("EXEC", "iptables")
self.iptables_bin_save = self.config.get_value("EXEC", "iptables-save")
self.iptables_bin_restore = self.config.get_value(
"EXEC", "iptables-restore")
if self.ipv6 is True:
logging.debug("IPV6 is enabled")
self.ip6tables_bin = self.config.get_value("EXEC", "ip6tables")
self.ip6tables_bin_save = self.config.get_value(
"EXEC", "ip6tables-save")
self.ip6tables_bin_restore = self.config.get_value(
"EXEC", "ip6tables-restore")
def check(self):
"""the function checks for acceptance and executes the next steps"""
if self.enabled:
seconds = int(self.config.get_value("ACCEPTANCE", "time"))
logging.debug(
"Starting Acceptance Check... waiting for " + str(seconds) +
" seconds")
while seconds > 0:
sleep(1)
seconds = seconds - 1
with open(self.filename, 'r') as accfile:
accepted = accfile.read()
accepted = accepted.replace("\n", "")
if accepted == "true":
logging.debug("Acceptance Process Result: Accepted")
return True
else:
logging.debug(
"Acceptance Process Result: Not Accepted (file content: " + accepted + ")")
return False
else:
logging.debug("Acceptance is disabled. Skipping check.")
return True
def restore(self):
"""the function restores iptables rules from a file"""
logging.debug("Starting Firewall Rule Restore...")
filepath = self.config.get_value("BACKUP", "filepath")
create_folder_if_not_exists(filepath)
logging.debug("Restoring ipv4 rules...")
filename = self.config.get_value("BACKUP", "ipv4filename")
self.system_call(self.iptables_bin_restore + " < " + filepath + "/" +
filename)
if self.ipv6 is True:
logging.debug("Restoring ipv6 rules...")
filename = self.config.get_value("BACKUP", "ipv6filename")
self.system_call(self.ip6tables_bin_restore + " < " + filepath +
"/" + filename)
def save(self):
"""the function saves the current iptables state into a file"""
logging.debug("Starting Firewall Rule Backup...")
# Create Backup Directory if not exists
filepath = self.config.get_value("BACKUP", "filepath")
create_folder_if_not_exists(filepath)
# backing up ipv4 iptables rules
logging.debug("Backing up ipv4 rules...")
filename = self.config.get_value("BACKUP", "ipv4filename")
open(filepath + "/" + filename, 'w')
self.save_execute(self.iptables_bin_save, filepath, filename)
# backing up ipv6 iptables rules
if self.ipv6 is True:
logging.debug("Backing up ipv6 rules...")
filename = self.config.get_value("BACKUP", "ipv6filename")
open(filepath + "/" + filename, 'w')
self.save_execute(self.ip6tables_bin_save, filepath, filename)
def reset(self):
"""the function is called then the user did not accept the changes"""
if self.enabled:
create_file_if_not_exists(self.filename)
write_into_file(self.filename, "false")
logging.debug("Acceptance has been reset.")
def delete_chain(self, chain=""):
"""the function deletes a chain in iptables"""
logging.debug("deleting chain " + chain)
self.system_call(self.iptables_bin + " -X " + chain)
if self.ipv6 is True:
self.system_call(self.ip6tables_bin + " -X " + chain)
def flush(self, chain=""):
"""the function flushes a iptables chain or all chains"""
logging.debug("flushing iptables chain: " + chain)
self.system_call(self.iptables_bin + " -F " + chain)
if self.ipv6 is True:
self.system_call(self.ip6tables_bin + " -F " + chain)
def add_chain(self, chain):
"""the function creates a new chain in iptables"""
logging.debug("adding chain " + chain)
self.system_call(self.iptables_bin + " -N " + chain)
if self.ipv6 is True:
self.system_call(self.ip6tables_bin + " -N " + chain)