def _get_rules(self, path, dev, clear): """Recursively retrieve rules from the specified ruleset.""" if path.endswith("/*"): path = path[:-2] pr = pfioc_rule(anchor=path) if clear: pr.action = PF_GET_CLR_CNTR pr.rule.action = PF_PASS ioctl(dev, DIOCGETRULES, pr) tables = list(self.get_tables(PFTable(anchor=path))) rules = [] for nr in range(pr.nr): pr.nr = nr ioctl(dev, DIOCGETRULE, pr) if pr.anchor_call: path = os.path.join(pr.anchor, pr.anchor_call) rs = PFRuleset(pr.anchor_call, pr.rule) rs.append(*self._get_rules(path, dev, clear)) rules.append(rs) else: rules.append(PFRule(pr.rule)) return tables + rules
def get_ruleset(self, path="", clear=False): """Return a PFRuleset object containing the active ruleset. 'path' is the path of the anchor to retrieve rules from. If 'clear' is True, per-rule statistics will be cleared. """ rs = PFRuleset(os.path.basename(path)) with open(self.dev, 'r') as d: rs.append(*self._get_rules(path, d, clear)) return rs
def get_ruleset(self, path="", clear=False, **kw): """Return a PFRuleset object containing the active ruleset. 'path' is the path of the anchor to retrieve rules from. If 'clear' is True, per-rule statistics will be cleared. Keyword arguments can be passed for returning only matching rules. """ rs = PFRuleset(os.path.basename(path)) with open(self.dev, 'r') as d: for rule in self._get_rules(path, d, clear): if isinstance(rule, PFRule): if not all((getattr(rule, attr) == value) for (attr, value) in kw.iteritems()): continue rs.append(rule) return rs
def clear_rules(self, path=""): """Clear all rules contained in the anchor 'path'.""" self.load_ruleset(PFRuleset(), path, PF_TRANS_RULESET)