def get_by_plugin(self, id):
plist = []
for x in ServerManager(self.app).get_all():
if x.plugin_id == id:
plist.append((x, int(self.app.gconfig.get('security', 'fw-%s-%s'
%(x.plugin_id, x.server_id)))))
return plist
def scan_servers(self):
# Scan active servers and create entries for them when necessary
for x in ServerManager(self.app).get_all():
if x.plugin_id == 'arkos' and x.server_id == 'beacon' and not self.app.gconfig.has_option('security', 'fw-%s-%s'
%(x.plugin_id, x.server_id)):
self.set(x, 1)
elif x.plugin_id == 'arkos' and x.server_id == 'genesis' and not self.app.gconfig.has_option('security', 'fw-%s-%s'
%(x.plugin_id, x.server_id)):
self.set(x, 2)
elif not self.app.gconfig.has_option('security', 'fw-%s-%s'
%(x.plugin_id, x.server_id)):
self.set(x, 2)
def clear_cache(self):
# Compares active firewall preferences stored in config
# to active servers, removes obsolete entries
s = ServerManager(self.app).get_all()
r = re.compile('fw-((?:[a-z][a-z]+))-((?:[a-z][a-z]+))',
re.IGNORECASE)
for o in self.app.gconfig.options('security'):
m = r.match(o)
if m:
pid, sid = m.group(1), m.group(2)
for x in s:
present = False
if x.plugin_id == pid and x.server_id == sid:
present = True
if present == False:
self.remove(o)
def scan(self):
# Update our local configs from what is in our iptables chain.
# This should probably never be used, but it looks pretty.
rm = RuleManager(self.app)
tb = iptc.Table(iptc.Table.FILTER)
c = iptc.Chain(tb, "genesis-apps")
if not tb.is_chain(c):
tb.create_chain(c)
return
for r in c.rules:
m = r.matches[0]
for s in ServerManager(self.app).get_by_port(m.dport):
srv = rm.get(s)
if 'anywhere' in r.src:
rm.set(s, 2)
else:
rm.set(s, 1)
def regen(self, range=[]):
# Regenerate our chain.
# If local ranges are not provided, get them.
self.flush()
if range == []:
range = ServerManager(self.app).get_ranges()
for x in RuleManager(self.app).get_all():
for p in x[0].ports:
if int(x[1]) == 2:
self.add(p[0], p[1], 'anywhere')
elif int(x[1]) == 1:
for r in range:
self.add(p[0], p[1], r)
else:
self.remove(p[0], p[1])
tb = iptc.Table(iptc.Table.FILTER)
c = iptc.Chain(tb, "genesis-apps")
r = iptc.Rule()
t = iptc.Target(r, 'RETURN')
r.target = t
c.append_rule(r)
def get_all(self):
rules = []
for x in ServerManager(self.app).get_all():
rules.append((x, int(self.app.gconfig.get('security', 'fw-%s-%s'
%(x.plugin_id, x.server_id)))))
return rules
def get_by_id(self, id):
for x in ServerManager(self.app).get_all():
if x.server_id == id:
return (x, int(self.app.gconfig.get('security', 'fw-%s-%s'
%(x.plugin_id, x.server_id))))
return False
def get(self, server):
for x in ServerManager(self.app).get_all():
if x == server:
return int(self.app.gconfig.get('security', 'fw-%s-%s'
%(x.plugin_id, x.server_id)))
return False