a «°iÜYã@sndgZddlmZddlmZddlmZddlmZddlm Z ddl mZddlm Z Gd d„deƒZd S)ÚFirewallDirecté)ÚLastUpdatedOrderedDict)Ú ipXtables)Úebtables)ÚFirewallTransaction)Úlog)Úerrors)Ú FirewallErrorc@sLeZdZdd„Zdd„Zdd„Zdd„Zd d „Zdd„Zd d„Z dd„Z dNdd„Zdd„Zdd„Z dOdd„Zdd„Zdd„Zdd„Zd d!„ZdPd"d#„ZdQd$d%„Zd&d'„Zd(d)„Zd*d+„ZdRd,d-„ZdSd.d/„Zd0d1„Zd2d3„Zd4d5„Zd6d7„Zd8d9„Zd:d;„ZdTdd?„Z!d@dA„Z"dBdC„Z#dDdE„Z$dFdG„Z%dHdI„Z&dJdK„Z'dLdM„Z(dS)VrcCs||_| ¡dS©N)Ú_fwÚ_FirewallDirect__init_vars)ÚselfÚfw©rú;/usr/lib/python3.9/site-packages/firewall/core/fw_direct.pyÚ__init__'szFirewallDirect.__init__cCsd|j|j|j|jfS)Nz%s(%r, %r, %r))Ú __class__Ú_chainsÚ_rulesÚ_rule_priority_positions©r rrrÚ__repr__+sÿzFirewallDirect.__repr__cCs"i|_i|_i|_i|_d|_dSr )rrrÚ _passthroughsÚ_objrrrrZ__init_vars/s zFirewallDirect.__init_varscCs| ¡dSr )rrrrrÚcleanup6szFirewallDirect.cleanupcCs t|jƒSr )rrrrrrÚnew_transaction;szFirewallDirect.new_transactioncCs ||_dSr )r)r ÚobjrrrÚset_permanent_config@sz#FirewallDirect.set_permanent_configcCs*t|jƒt|jƒt|jƒdkr&dSdS)NrTF)ÚlenrrrrrrrÚhas_runtime_configurationCs"z(FirewallDirect.has_runtime_configurationcCsB| ¡rdSt|j ¡ƒt|j ¡ƒt|j ¡ƒdkr>dSdS)NTrF)rrrÚget_all_chainsÚ get_all_rulesÚget_all_passthroughsrrrrÚhas_configurationHsÿþþz FirewallDirect.has_configurationNcCsP|dur| ¡}n|}| |j ¡|j ¡|j ¡f|¡|durL| d¡dS©NT)rÚ set_configrr r!r"Úexecute)r Úuse_transactionÚtransactionrrrÚapply_directQs þýzFirewallDirect.apply_directc Csi}i}i}|jD]>}|\}}|j|D]&}|j |||¡s(| |g¡ |¡q(q|jD]X}|\}}}|j|D]>\} } |j |||| | ¡sp||vržtƒ||<| ||| | f<qpqX|jD]@}|j|D]0} |j || ¡sÆ||vrèg||<|| | ¡qÆq¸|||fSr ) rrÚquery_chainÚ setdefaultÚappendrÚ query_rulerrÚquery_passthrough)r ZchainsÚrulesZpassthroughsÚtable_idÚipvÚtableÚchainÚchain_idÚpriorityÚargsrrrÚget_runtime_configbs, z!FirewallDirect.get_runtime_configcCs|j|j|jfSr )rrrrrrrÚ get_configszFirewallDirect.get_configcCs¬|dur| ¡}n|}|\}}}|D]r}|\}} ||D]\} | || | ¡s8z|j|| | |dWq8ty’}zt t|ƒ¡WYd}~q8d}~00q8q$|D]‚}|\}} } ||D]j\} }| || | | |¡s²z|j|| | | ||dWq²ty}zt t|ƒ¡WYd}~q²d}~00q²qœ|D]n}||D]^}| ||¡s0z|j |||dWn4tyŠ}zt t|ƒ¡WYd}~n d}~00q0q$|dur¨| d¡dS)N)r'T)rr*Ú add_chainr rZwarningÚstrr-Úadd_ruler.Úadd_passthroughr&)r Zconfr'r(rrrr0r1r2r3Úerrorr4r5r6rrrr%„sF ÿ ( ÿ (ÿ , zFirewallDirect.set_configcCs(gd¢}||vr$ttjd||fƒ‚dS)N)Úipv4Úipv6Zebú'%s' not in '%s')r rZINVALID_IPV)r r1ZipvsrrrÚ _check_ipv«s ÿzFirewallDirect._check_ipvcCsF| |¡|dvrtj ¡ntj ¡}||vrBttjd||fƒ‚dS)N©r>r?r@)rArÚBUILT_IN_CHAINSÚkeysrr rZ INVALID_TABLE)r r1r2ZtablesrrrÚ_check_ipv_table±s ÿ ÿzFirewallDirect._check_ipv_tablecCs¦|dvr4tj|}|jjr i}qH|j |¡j|}ntj|}tj|}||vr`tt j d|ƒ‚||vrxtt j d|ƒ‚|dvr¢|jj |¡dur¢tt j d|ƒ‚dS)NrBzchain '%s' is built-in chainzchain '%s' is reservedzChain '%s' is reserved)rrCrÚnftables_enabledÚget_direct_backend_by_ipvÚ our_chainsrZ OUR_CHAINSr rZ BUILTIN_CHAINÚzoneZzone_from_chainZ INVALID_CHAIN)r r1r2r3Zbuilt_in_chainsrHrrrÚ_check_builtin_chainºs( ÿÿÿz#FirewallDirect._check_builtin_chaincCsH|r|j |g¡ |¡n*|j| |¡t|j|ƒdkrD|j|=dS©Nr)rr+r,Úremover)r r0r3ÚaddrrrÚ_register_chainÐs zFirewallDirect._register_chaincCs‚|dur| ¡}n|}|j ¡r.| |jj¡|jjrZ|jj ¡rZ| |jjj|jj g¡| d||||¡|dur~| d¡dSr$)rrÚmay_skip_flush_direct_backendsÚadd_preÚflush_direct_backendsÚ ipset_enabledÚipsetÚomit_native_ipsetÚapply_ipsetsÚ ipset_backendÚ_chainr&©r r1r2r3r'r(rrrr9Øs zFirewallDirect.add_chaincCs>|dur| ¡}n|}| d||||¡|dur:| d¡dS©NFT)rrWr&rXrrrÚremove_chainês zFirewallDirect.remove_chaincCs:| ||¡| |||¡||f}||jvo8||j|vSr )rErJr)r r1r2r3r0rrrr*õs ÿzFirewallDirect.query_chaincCs,| ||¡||f}||jvr(|j|SgSr )rEr)r r1r2r0rrrÚ get_chainsüs zFirewallDirect.get_chainscCs<g}|jD],}|\}}|j|D]}| |||f¡q q |Sr )rr,)r ÚrÚkeyr1r2r3rrrr s zFirewallDirect.get_all_chainsc Cs†|dur| ¡}n|}|j ¡r.| |jj¡|jjrZ|jj ¡rZ| |jjj|jj g¡| d||||||¡|dur‚| d¡dSr$)rrrOrPrQrRrSrTrUrVÚ_ruler&©r r1r2r3r5r6r'r(rrrr;s zFirewallDirect.add_rulec CsB|dur| ¡}n|}| d||||||¡|dur>| d¡dSrY)rr^r&r_rrrÚremove_rules zFirewallDirect.remove_rulecCs2| ||¡|||f}||jvo0||f|j|vSr )rEr)r r1r2r3r5r6r4rrrr-)s ÿzFirewallDirect.query_rulecCs6| ||¡|||f}||jvr2t|j| ¡ƒSgSr )rErÚlistrD)r r1r2r3r4rrrÚ get_rules/s zFirewallDirect.get_rulesc CsJg}|jD]:}|\}}}|j|D] \}}| ||||t|ƒf¡q"q |Sr )rr,ra)r r\r]r1r2r3r5r6rrrr!6s zFirewallDirect.get_all_rulescCs²|rr||jvrtƒ|j|<||j||<||jvrs zFirewallDirect._register_rulec CsZz|j |j |¡j|¡WStyT}z"t |¡ttj |ƒ‚WYd}~n d}~00dSr ) rÚrulerGÚnameÚ ExceptionrZdebug2r rZCOMMAND_FAILED)r r1r6ÚmsgrrrÚpassthroughRs zFirewallDirect.passthroughcCsX|r*||jvrg|j|<|j| |¡n*|j| |¡t|j|ƒdkrT|j|=dSrK)rr,rLr)r r1r6rdrrrÚ_register_passthroughZs z$FirewallDirect._register_passthroughcCs„|dur| ¡}n|}|j ¡r.| |jj¡|jjrZ|jj ¡rZ| |jjj|jj g¡| d|t|ƒ|¡|dur€| d¡dSr$) rrrOrPrQrRrSrTrUrVÚ_passthroughrar&©r r1r6r'r(rrrr<ds zFirewallDirect.add_passthroughcCs@|dur| ¡}n|}| d|t|ƒ|¡|dur<| d¡dSrY)rrmrar&rnrrrÚremove_passthroughus z!FirewallDirect.remove_passthroughcCs||jvot|ƒ|j|vSr )rÚtuple)r r1r6rrrr.€s ÿz FirewallDirect.query_passthroughcCs6g}|jD]&}|j|D]}| |t|ƒf¡qq |Sr ©rr,ra)r r\r1r6rrrr"„s z#FirewallDirect.get_all_passthroughscCs0g}||jvr,|j|D]}| t|ƒ¡q|Sr rq)r r1r\r6rrrÚget_passthroughs‹s zFirewallDirect.get_passthroughsc Cs®g}|D] }d}|D]„}z| |¡}Wnty8Yq0t|ƒ|krd||dvrd}||d d¡}|D]&} |dd…} | | |d<| | ¡qpq|s| |¡q|S)z5Split values combined with commas for options in optsFú,éTN)ÚindexÚ ValueErrorrÚsplitr,)r r/ZoptsZ out_rulesrgZ processedÚoptÚiÚitemsÚitemr^rrrÚsplit_value’s$zFirewallDirect.split_valuecCs| ||¡|jjs0|dvr0|jj ||||¡|}|j |¡} |jjs`| |||¡r`d|}n:|jjrš|dd…dkrš| |||dd…¡rš|dd…}|||f} ||f}|râ| |jvrà||j| vràtt j d||||fƒ‚n@| |jvsü||j| vrtt jd||||fƒ‚|j| |}d}d} | |jvrŠt |j| ¡ƒ}d}|t|ƒkrŠ|||krŠ||j| ||7}|d7}qLt|ƒg}| |d d g¡}| |ddg¡}|D]4}| | | ||||t|ƒ¡¡|d7}| d7} q¸| || ||| ¡| |j|| ||| ¡dS) NrBz %s_directiùÿÿÿZ_directz"rule '%s' already is in '%s:%s:%s'zrule '%s' is not in '%s:%s:%s'rtrz-sz--sourcez-dz --destination)rErrFrIÚcreate_zone_base_by_chainrGZis_chain_builtinrr rÚALREADY_ENABLEDÚNOT_ENABLEDrÚsortedrDrrar|r;Z build_rulerprfÚadd_fail)r rdr1r2r3r5r6r(rWÚbackendr4rcrureZ positionsÚjZ args_listÚ_argsrrrr^®spÿÿÿ ÿ ÿ ÿÿ ÿ ÿÿ( ÿzFirewallDirect._rulecCsÌ| ||¡| |||¡||f}|rV||jvr„||j|vr„ttjd|||fƒ‚n.||jvsn||j|vr„ttjd|||fƒ‚|j |¡}| || |||¡¡| |||¡| |j|||¡dS)Nz chain '%s' already is in '%s:%s'zchain '%s' is not in '%s:%s') rErJrr rr~rrrGZ add_rulesZbuild_chain_rulesrNr)r rMr1r2r3r(r0r‚rrrrWs0 ÿÿÿ ÿÿÿzFirewallDirect._chainc Csü| |¡t|ƒ}|rD||jvrp||j|vrpttjd||fƒ‚n,||jvs\||j|vrpttjd||fƒ‚|j |¡}|rÀ| |¡|dvrº| |¡\}}|rº|rº|jj |||¡|} n | |¡} | || ¡| |||¡| |j|||¡dS)Nzpassthrough '%s', '%s'rB)rArprr rr~rrrGZcheck_passthroughZpassthrough_parse_table_chainrIr}Zreverse_passthroughr;rlr) r rdr1r6r(Z tuple_argsr‚r2r3r„rrrrm0s: ÿ ÿ ÿ ÿ ÿzFirewallDirect._passthrough)N)N)N)N)N)N)N)N))Ú__name__Ú __module__Ú__qualname__rrrrrrrr#r)r7r8r%rArErJrNr9rZr*r[r r;r`r-rbr!rfrkrlr<ror.r"rrr|r^rWrmrrrrr&sN ' ÿ jN)Ú__all__Zfirewall.fw_typesrZ firewall.corerrZfirewall.core.fw_transactionrZfirewall.core.loggerrZfirewallrZfirewall.errorsr ÚobjectrrrrrÚs