def rules_remove(self, iterator, object): """Remove the specified rules requests.options = [{ 'object': <string>, }, ] """ # Try to load firewall configuration try: firewall = backend.Firewall() except backend.Error as e: message = _(u"Could not load firewall configuration") MODULE.error(u"%s: %s" % (message, str(e), )) raise umc.modules.UMC_CommandError(message) for (object, ) in iterator: try: firewall.remove_rule(object) except backend.Error as e: yield {u'object': object, u'success': False, u'details': str(e), } else: yield {u'object': object, u'success': True, } # Try to save firewall configuration try: firewall.save() except backend.Error as e: message = _(u"Could not save firewall configuration") MODULE.error(u"%s: %s" % (message, str(e), )) raise umc.modules.UMC_CommandError(message)
def query(self, category, pattern): def match(rule): if category != 'port': # Simple match for most cases: return pattern.match(getattr(rule, category)) # Special case 'port': Check every port number for port in range(*rule.port): match = pattern.match(str(port)) if match: return match else: return None firewall = backend.Firewall() rules = [] for rule in firewall.rules.values(): if not rule or not match(rule): # rule isn't complete (e.g. missing action) or # rule doesn't match the pattern continue entry = {} entry = { 'name': rule.name, 'address': rule.address, 'port': rule.port, 'protocol': rule.protocol, 'package': rule.package, 'action': rule.action, 'description': rule.description, } rules.append(entry) return rules
def rules_get(self, iterator): """Returns the specified rules requests.options = [ <string>, ] """ def get_address_type(address): if backend.REGEX_RULE_ADDRESS.match(address): return address else: return u'specific' def get_address_value(address): if backend.REGEX_RULE_ADDRESS.match(address): return None else: return address # Try to load firewall configuration try: firewall = backend.Firewall() except backend.Error as e: message = _(u"Could not load firewall configuration") MODULE.error(u"%s: %s" % ( message, str(e), )) raise umc.modules.UMC_CommandError(message) for identifier in iterator: try: rule = firewall.rules[identifier] entry = { u'identifier': rule.identifier, u'protocol': rule.protocol, u'portStart': rule.port[0], u'portEnd': (rule.port[1] - 1), u'addressType': get_address_type(rule.address), u'addressValue': get_address_value(rule.address), u'packageName': rule.package, u'action': rule.action.lower(), u'description': self._get_description(rule.description), } except (backend.Error, KeyError) as e: message = _(u"Could not get firewall rule") MODULE.error(u"%s: %s" % ( message, str(e), )) raise umc.modules.UMC_CommandError(message) else: yield entry
def add(self, address, port_start, port_end, protocol, action, description): try: rule = backend.Rule(address, ( port_start, port_end, ), protocol) rule.action = action # TODO: Add the description except backend.Error as e: return {'success': False, 'message': str(e.message)} # TODO: try-except firewall = backend.Firewall() firewall.add_rule(rule) firewall.save() return {'success': True}
def _add_or_edit(self, iterator, object, edit=False): def get_address(address_type, address_value): if address_type == u'specific': return address_value else: return address_type # Try to load firewall configuration try: firewall = backend.Firewall() except backend.Error as e: message = _(u"Could not load firewall configuration") MODULE.error(u"%s: %s" % (message, str(e), )) raise umc.modules.UMC_CommandError(message) for (object, ) in iterator: try: if edit: firewall.remove_rule(object[u'identifier']) port = (object[u'portStart'], (object[u'portEnd'] + 1), ) address = get_address(object[u'addressType'], object[u'addressValue']) rule = backend.Rule(object[u'protocol'], port, address, None, object[u'action'].lower()) firewall.add_rule(rule) except backend.Error as e: if edit: yield {u'object': object[u'identifier'], u'success': False, u'details': str(e), } else: yield {u'success': False, u'details': str(e), } else: yield {u'object': rule.identifier, u'success': True, } # Try to save firewall configuration try: firewall.save() except backend.Error as e: message = _(u"Could not save firewall configuration") MODULE.error(u"%s: %s" % (message, str(e), )) raise umc.modules.UMC_CommandError(message)
def rules_query(self, category, pattern): """Searches for firewall rules requests.options = [ 'category': 'protocol' | 'port' | 'address' | 'package' | 'description', 'pattern': <str>, ] """ def match(rule): if category == u'port': # Check every port number for port in range(*rule.port): match = pattern.match(str(port)) if match: return match else: return False elif category == u'packageName': if rule.package: return pattern.match(rule.package) else: return False elif category == u'description': for language in rule.description.values(): match = pattern.match(language) if match: return match else: return False else: # Simple match for most cases: return pattern.match(getattr(rule, category)) def get_address(address): if address == u'all': return _(u'All addresses') elif address == u'ipv4': return _(u'All IPv4 addresses') elif address == u'ipv6': return _(u'All IPv6 addresses') else: return address # Try to load firewall configuration try: firewall = backend.Firewall() except backend.Error as e: message = _(u"Could not load firewall configuration") MODULE.error(u"%s: %s" % ( message, str(e), )) raise umc.modules.UMC_CommandError(message) result = [] for rule in firewall.rules.values(): if not rule or not match(rule): # rule isn't complete (e.g. missing action) or # rule doesn't match the pattern continue entry = {} entry = { u'identifier': rule.identifier, u'protocol': rule.protocol, u'portStart': rule.port[0], u'portEnd': (rule.port[1] - 1), u'address': get_address(rule.address), u'packageName': rule.package, u'action': rule.action.lower(), u'description': self._get_description(rule.description), } result.append(entry) return result