def apply_ipsets(self):
for name in self.get_ipsets():
obj = self._ipsets[name]
obj.applied = False
log.debug1("Applying ipset '%s'" % name)
for backend in self.backends():
if backend.name == "ipset":
active = backend.set_get_active_terse()
if name in active and ("timeout" not in obj.options or \
obj.options["timeout"] == "0" or \
obj.type != active[name][0] or \
rm_def_cr_opts(obj.options) != \
active[name][1]):
try:
backend.set_destroy(name)
except Exception as msg:
log.error("Failed to destroy ipset '%s'" % name)
log.error(msg)
if self._fw.individual_calls() \
or backend.name == "nftables":
try:
backend.set_create(obj.name, obj.type, obj.options)
except Exception as msg:
log.error("Failed to create ipset '%s'" % obj.name)
log.error(msg)
else:
obj.applied = True
if "timeout" not in obj.options or \
obj.options["timeout"] != "0":
# no entries visible for ipsets with timeout
continue
for entry in obj.entries:
try:
backend.set_add(obj.name, entry)
except Exception as msg:
log.error("Failed to add entry '%s' to ipset '%s'" % \
(entry, obj.name))
log.error(msg)
else:
try:
backend.set_restore(obj.name, obj.type, obj.entries,
obj.options, None)
except Exception as msg:
log.error("Failed to create ipset '%s'" % obj.name)
log.error(msg)
else:
obj.applied = True
def apply_ipset(self, name):
obj = self._ipsets[name]
for backend in self.backends():
if backend.name == "ipset":
active = backend.set_get_active_terse()
if name in active and ("timeout" not in obj.options or \
obj.options["timeout"] == "0" or \
obj.type != active[name][0] or \
rm_def_cr_opts(obj.options) != \
active[name][1]):
try:
backend.set_destroy(name)
except Exception as msg:
raise FirewallError(errors.COMMAND_FAILED, msg)
if self._fw._individual_calls:
try:
backend.set_create(obj.name, obj.type, obj.options)
except Exception as msg:
raise FirewallError(errors.COMMAND_FAILED, msg)
else:
obj.applied = True
if "timeout" in obj.options and \
obj.options["timeout"] != "0":
# no entries visible for ipsets with timeout
continue
try:
backend.set_flush(obj.name)
except Exception as msg:
raise FirewallError(errors.COMMAND_FAILED, msg)
for entry in obj.entries:
try:
backend.set_add(obj.name, entry)
except Exception as msg:
raise FirewallError(errors.COMMAND_FAILED, msg)
else:
try:
backend.set_restore(obj.name, obj.type,
obj.entries, obj.options,
None)
except Exception as msg:
raise FirewallError(errors.COMMAND_FAILED, msg)
else:
obj.applied = True
def apply_ipsets(self):
active = self._fw.ipset_backend.get_active_terse()
for name in self.get_ipsets():
obj = self._ipsets[name]
obj.applied = False
if name in active and ("timeout" not in obj.options or \
obj.type != active[name][0] or \
rm_def_cr_opts(obj.options) != \
active[name][1]):
try:
self._fw.ipset_backend.destroy(name)
except Exception as msg:
log.error("Failed to destroy ipset '%s'" % name)
log.error(msg)
if self._fw.individual_calls():
try:
self._fw.ipset_backend.create(obj.name, obj.type,
obj.options)
except Exception as msg:
log.error("Failed to create ipset '%s'" % obj.name)
log.error(msg)
else:
obj.applied = True
if "timeout" not in obj.options:
# no entries visible for ipsets with timeout
continue
for entry in obj.entries:
try:
self._fw.ipset_backend.add(obj.name, entry)
except Exception as msg:
log.error("Failed to add entry '%s' to ipset '%s'" % \
(entry, obj.name))
log.error(msg)
else:
try:
self._fw.ipset_backend.restore(obj.name, obj.type,
obj.entries, obj.options,
None)
except Exception as msg:
log.error("Failed to create ipset '%s'" % obj.name)
log.error(msg)
else:
obj.applied = True
def apply_ipsets(self):
active = self._fw.ipset_backend.get_active_terse()
for name in self.get_ipsets():
obj = self._ipsets[name]
obj.applied = False
if name in active and \
("timeout" not in obj.options or \
obj.type != active[name][0] or \
rm_def_cr_opts(obj.options) != active[name][1]):
try:
self._fw.ipset_backend.destroy(name)
except Exception as msg:
log.error("Failed to destroy ipset '%s'" % name)
log.error(msg)
if self._fw.individual_calls():
try:
self._fw.ipset_backend.create(obj.name, obj.type, obj.options)
except Exception as msg:
log.error("Failed to create ipset '%s'" % obj.name)
log.error(msg)
else:
obj.applied = True
if "timeout" not in obj.options:
# no entries visible for ipsets with timeout
continue
for entry in obj.entries:
try:
self._fw.ipset_backend.add(obj.name, entry)
except Exception as msg:
log.error("Failed to add entry '%s' to ipset '%s'" % \
(entry, obj.name))
log.error(msg)
else:
try:
self._fw.ipset_backend.restore(obj.name, obj.type,
obj.entries, obj.options,
None)
except Exception as msg:
log.error("Failed to create ipset '%s'" % obj.name)
log.error(msg)
else:
obj.applied = True
