def parse_file(fh): lineno=0 count=0 words=[] for i in fh: lineno+=1 lexer = shlex.shlex(i) lexer.infile=fh.name lexer.lineno=lineno lexer.whitespace_split=True lexer.wordchars += "._-" line = list(lexer) for j in line: if j=="{": count=count+1 elif j=="}": count=count-1 if words == []: words = line else: words += [";"]+line if count == 0: yield words words=[] if count != 0: error("Missing } in %r" % fh.fname) if words != []: yield words
def validate_chains(rules,table): for chain in rules[table]: for rule in rules[table][chain]: if rule[0].upper() == rule[0]: continue if rule[0] not in rules[table]: error("Unknown target %s" % rule[0])
def cmd_ruleset(table,chain,chainmapping,acceptmapping,rule): name = rule[0] if os.path.exists(os.path.join(fwall.iptables.MATCHES_DIR,name+".ruleset")): fh = open(os.path.join(fwall.iptables.MATCHES_DIR,name+".ruleset"),"r") elif os.path.exists(os.path.join(fwall.iptables.MATCHES_DIR,name+".sruleset")): fh = os.popen(os.path.join(fwall.iptables.MATCHES_DIR,name+".sruleset"),"r") else: error("Unknown ruleset %r" % name) for i in parse_file(fh): if i == []: continue cmd = i.pop(0) if cmd=="policy": cmd_policy(table,chain,chainmapping,acceptmapping,i) else: error("Only policy commands allowed in ruleset %r, not %r" % (rule[0],cmd))
def cmd_set(name,value): if name in fwall.expandos.loaded_expandos: error("Redefinition of expando %s" % name) fwall.expandos.loaded_expandos[name]=[value]
def parse_rulesfile(fname, ifname, chainmapping, acceptmapping): table,chain=None,None for i in parse_file(open(fname,"r")): if i==[]: continue cmd = i.pop(0) if cmd == "chain": try: table,chain = i except: error("Invalid chain command: %r" % " ".join(i)) elif cmd == 'policy': if table not in chainmapping: error("Unknown %r table %r" % (ifname,table)) if chain not in chainmapping[table]: error("Unknown %r chain %r in table %r" % (chain,table)) cmd_policy(table,chain,chainmapping,acceptmapping,i) elif cmd == 'ruleset': if table not in chainmapping: error("Unknown %r table %r" % (ifname,table)) if chain not in chainmapping[table]: error("Unknown %r chain %r in table %r" % (ifname,chain,table)) cmd_ruleset(table,chain,chainmapping,acceptmapping,i) elif cmd == "if4_feature": cmd_if4_feature(ifname,i[0],i[1]) elif cmd == "if6_feature": cmd_if6_feature(ifname,i[0],i[1]) elif cmd == "neigh4_feature": cmd_neigh4_feature(ifname,i[0],i[1]) elif cmd == "neigh6_feature": cmd_neigh6_feature(ifname,i[0],i[1]) elif cmd == "ip4_feature": cmd_ip4_feature(i[0],i[1]) elif cmd == "tcp_feature": cmd_tcp_feature(i[0],i[1]) elif cmd == "icmp_feature": cmd_icmp_feature(i[0],i[1]) elif cmd == "set": cmd_set(i[0],i[1:]) elif cmd == "ingress": cmd_ingress(ifname,i[1:]) elif cmd == "egress": cmd_egress(ifname,i[1:]) else: error("Unknown command %r in %r" % (cmd,fname))