def unfilter_ports(device): """Removes from iptables the ports related with gluster on the given device.""" input_filter = 'gluster-input' output_filter = 'gluster-output' print "Removing Gluster port filtering..." table = Table('filter') chains = table.list_chains() if input_filter in chains: in_rule = Rule(in_interface=device, jump=input_filter) try: table.delete_rule('INPUT', in_rule) except IptablesError: pass table.flush_chain(input_filter) table.delete_chain(input_filter) else: print "Gluster input ports are not filtered. Ignoring request..." if output_filter in chains: out_rule = Rule(out_interface=device, jump=output_filter) table.delete_rule('OUTPUT', out_rule) table.flush_chain(output_filter) table.delete_chain(output_filter) else: print "Gluster output ports are not filtered. Ignoring request..."
def filter_ports(device, ports): """Adds to iptables the ports to filter for the given device.""" input_filter = 'gluster-input' output_filter = 'gluster-output' table = Table('filter') if input_filter in table.list_chains(): print "Gluster ports are already filtered out. Ignoring request..." return # Create and prepare the chains that will hold gluster rules. table.create_chain(input_filter) in_rule = Rule( in_interface=device, jump=input_filter) table.append_rule('INPUT', in_rule) table.create_chain(output_filter) out_rule = Rule( out_interface=device, jump=output_filter) table.append_rule('OUTPUT', out_rule) # Now we actually do the filtering. for protocol in ports['input'].keys(): for port in ports['input'][protocol]: in_rule = Rule( in_interface=device, protocol=protocol, matches=[Match(protocol, '--dport %s' % port)], jump='DROP') print "Filtering port %s from INPUT on device %s..." % (port, device) table.append_rule(input_filter, in_rule) for protocol in ports['output'].keys(): for port in ports['output'][protocol]: out_rule = Rule( out_interface=device, protocol=protocol, matches=[Match(protocol, '--dport %s' % port)], jump='DROP') print "Filtering port %s from OUTPUT on device %s..." % (port, device) table.append_rule(output_filter, out_rule)
def get(self, request): try: from netfilter.table import Table table = Table('raw') print(table.list_chains()) except netfilter.table.IptablesError as e: return ('error', { 'title': 'IPTables', 'error': 'Unable to initialize IPTables. Do you need to insmod?', 'fixes': [{ 'text': 'IPTables must be inserted as a module into the linux kernel.', 'command': 'modprobe ip_tables' }, { 'text': 'Update your installed packages.', 'command': 'yum -y update' }, { 'text': 'Update your kernel. Then, restart your system.', 'command': 'yum -y update kernel' }] }) return ('overview.html')
if debug_option: option.display() print "debug cleanup ", debug_cleanup print "debug database", debug_database print "+" * 80 if debug_cleanup: cleanup_time = 5 else: cleanup_time = 60 # setup/check of netfilter try: _table = Table(option['table']) if option['chain'] not in _table.list_chains(): print 'can not find the chain name provided:', option['chain'] sys.exit(1) except IptablesError, e: print 'can not find the table specified:', option['table'] sys.exit(1) # connection to database from scavenger.tools.database.connection import Connection class Database(object): _create = """ create table if not exists tracking (
if debug_option: option.display() print "debug cleanup ", debug_cleanup print "debug database", debug_database print "+"*80 if debug_cleanup: cleanup_time=5 else: cleanup_time=60 # setup/check of netfilter try: _table = Table(option['table']) if option['chain'] not in _table.list_chains(): print 'can not find the chain name provided:', option['chain'] sys.exit(1) except IptablesError,e: print 'can not find the table specified:', option['table'] sys.exit(1) # connection to database from scavenger.tools.database.connection import Connection class Database (object): _create = """ create table if not exists tracking ( start integer,