Current File : //lib/python3.9/site-packages/firewall/core/__pycache__/ebtables.cpython-39.pyc
a

���g�$�@sdgZddlZddlmZddlmZddlmZm	Z	m
Z
ddlmZddl
mZddlmZmZddlZd	ggd
�gd�d�ZiZiZiZe��D]pZgee<e�ee<eeD]PZee�d
e�ee�deef�ee�de�ee�de�q�q�Gdd�de�ZdS)�ebtables�N)�runProg)�log)�tempFile�readfile�	splitArgs)�COMMANDS)�	ipXtables��
FirewallError�INVALID_IPVZBROUTING)Z
PREROUTINGZPOSTROUTING�OUTPUT)ZINPUTr
ZFORWARD)ZbrouteZnat�filterz-N %s_directz-I %s 1 -j %s_directz-I %s_direct 1 -j RETURNz	%s_directc@s�eZdZdZdZdZdd�Zdd�Zdd�Zd	d
�Z	dd�Z
d
d�Zdd�Zdd�Z
dd�Zdd�Zdd�Zdd�Zdd�Zdd�Zd/d d!�Zd"d#�Zd$d%�Zd&d'�Zd(d)�Zd0d+d,�Zd-d.�ZdS)1rZebFcCsBt|j|_td|j|_|��|_|��|_|��g|_	dS)Nz
%s-restore)
r�ipv�_command�_restore_command�_detect_restore_noflush_optionZrestore_noflush_option�_detect_concurrent_option�concurrent_option�fill_exists�available_tables��self�r�:/usr/lib/python3.9/site-packages/firewall/core/ebtables.py�__init__9s

zebtables.__init__cCs$tj�|j�|_tj�|j�|_dS�N)�os�path�existsrZcommand_existsrZrestore_command_existsrrrrrAszebtables.fill_existscCs(d}t|jddg�}|ddkr$d}|S)N�z--concurrent�-Lr)rr)rr�retrrrrEs
z"ebtables._detect_concurrent_optioncCs.g}z|�|d�Wnty(YdS0dS)N�offFT)�	set_rules�
ValueError)r�rulesrrrrOsz'ebtables._detect_restore_noflush_optioncCs�g}|jr |j|vr |�|j�|dd�|D�7}t�d|j|jd�|��t|j|�\}}|dkr~td|jd�|�|f��|S)NcSsg|]}d|�qS)z%sr)�.0�itemrrr�
<listcomp>^�z"ebtables.__run.<locals>.<listcomp>�	%s: %s %s� r�'%s %s' failed: %s)	r�appendr�debug2�	__class__r�joinrr%)r�args�_args�statusr"rrrZ__runYs
�zebtables.__runcCs$dD]}||vrttd|��qdS)N)z
%%REJECT%%z%%ICMP%%z%%LOGTYPE%%z'%s' invalid for ebtablesr
)r�rule�strrrr�_rule_validatefs
�zebtables._rule_validatecCs|tvo|t|vSr)�BUILT_IN_CHAINS)rr�table�chainrrr�is_chain_builtinls
�zebtables.is_chain_builtinc	CsJg}|r4|�d|d|g�|�d|d|dddg�n|�d|d|g�|S)N�-tz-N�-I�1z-jZRETURN�-X)r.)r�addr9r:r&rrr�build_chain_rulespszebtables.build_chain_rulescCs8d|g}|r |d|t|�g7}n|d|g7}||7}|S)Nr<r=z-D)r6)rr@r9r:�indexr2r5rrr�
build_rule{szebtables.build_rulecCs
t�|�Sr)r	Zcommon_reverse_rule�rr2rrr�reverse_rule�szebtables.reverse_rulecCst�|�dSr)r	Zcommon_check_passthroughrDrrr�check_passthrough�szebtables.check_passthroughcCs
t�|�Sr)r	Zcommon_reverse_passthroughrDrrr�reverse_passthrough�szebtables.reverse_passthroughc
Cst�}d}i}|D]�}|dd�}|�|�dD]J}z|�|�}	WntyTYq00t|�|	dkr0|�|	�|�|	�}q0t|�D]<\}	}
tjD],}||
vr�|
�	d�r�|
�
d�s�d|
||	<q�q�|�|g��|�q|D]4}|�
d|�||D]}|�
d�|�d�q�q�|��t�|j�}t�d	|j|jd
|j|jf�g}
|
�d�t|j|
|jd�\}}t��d
k�r�t|j�}|du�r�d}	|D]@}tjd|	|fddd�|�
d��s�tjddd�|	d7}	�q�t�|j�|dk�rtd|jd�|
�|f��dS)Nr)r<z--table��"z"%s"z*%s
r,�
r+z%s: %dz	--noflush)�stdin�z%8d: %sr)�nofmt�nlr )rMr-)rr7rBr%�len�pop�	enumerate�stringZ
whitespace�
startswith�endswith�
setdefaultr.�writer1�closer�stat�namerr/r0r�st_sizerZgetDebugLogLevelrZdebug3�unlink)rr&�
log_deniedZ	temp_filer9Ztable_rulesZ_ruler5�opt�i�element�crXr2r4r"�lines�linerrrr$�sb


��
�




�zebtables.set_rulescCs|�|�|�|�Sr)r7�_ebtables__run)rr5r\rrr�set_rule�s
zebtables.set_ruleNc	Cs�g}|r|gnt��}|D]f}||jvr4|�|�qz*|�d|dg�|j�|�|�|�Wqty~t�d|�Yq0q|S)Nr<r!z#ebtables table '%s' does not exist.)r8�keysrr.rcr%rZdebug1)rr9r"Ztablesrrr�get_available_tables�s
zebtables.get_available_tablescCsiSrr)rr9rrr�get_zone_table_chains�szebtables.get_zone_table_chainscCs>g}t��D],}||��vrqdD]}|�d||g�q"q|S)N)z-Fr?z-Zr<�r8rerfr.)rr&r9�flagrrr�build_flush_rules�szebtables.build_flush_rulesc	CsVg}|dkrdn|}t��D]4}||��vr.qt|D]}|�d|d||g�q6q|S)NZPANICZDROPr<z-Prh)rZpolicyZpolicy_detailsr&Z_policyr9r:rrr�build_set_policy_rules�szebtables.build_set_policy_rulescCsgSrrrrrr�build_default_tables�szebtables.build_default_tablesr#cCs�g}tD]�}||��vrqt|dd�}|dkrH|tvrH|�t|�d|g}|D]2}t|�tkrt|�||�qT|�|t|��qTq|S)Nr#r<)�
DEFAULT_RULESrf�	LOG_RULES�extend�type�listr.r)rr\Z
default_rulesr9Z_default_rules�prefixr5rrr�build_default_rules�szebtables.build_default_rulescCs
||jkSr)r)rrrrr�is_ipv_supportedszebtables.is_ipv_supported)N)r#)�__name__�
__module__�__qualname__rrYZpolicies_supportedrrrrrcr7r;rArCrErFrGr$rdrfrgrjrkrlrsrtrrrrr4s0


	@


)�__all__Zos.pathrZfirewall.core.progrZfirewall.core.loggerrZfirewall.functionsrrrZfirewall.configrZ
firewall.corer	Zfirewall.errorsrrrRr8rmrnZ
OUR_CHAINSrer9�setr:r.r@�objectrrrrr�<module>s0�