golden hour
/lib/python2.7/site-packages/firewall/core
⬆️ Go Up
Upload
File/Folder
Size
Actions
__init__.py
0 B
Del
OK
__init__.pyc
145 B
Del
OK
__init__.pyo
145 B
Del
OK
base.py
1.94 KB
Del
OK
base.pyc
1.29 KB
Del
OK
base.pyo
1.29 KB
Del
OK
ebtables.py
9.13 KB
Del
OK
ebtables.pyc
9.04 KB
Del
OK
ebtables.pyo
9.04 KB
Del
OK
fw.py
43.71 KB
Del
OK
fw.pyc
30.67 KB
Del
OK
fw.pyo
30.67 KB
Del
OK
fw_config.py
35.99 KB
Del
OK
fw_config.pyc
30.69 KB
Del
OK
fw_config.pyo
30.69 KB
Del
OK
fw_direct.py
20.12 KB
Del
OK
fw_direct.pyc
14.77 KB
Del
OK
fw_direct.pyo
14.77 KB
Del
OK
fw_helper.py
1.79 KB
Del
OK
fw_helper.pyc
2.57 KB
Del
OK
fw_helper.pyo
2.57 KB
Del
OK
fw_icmptype.py
2.77 KB
Del
OK
fw_icmptype.pyc
3 KB
Del
OK
fw_icmptype.pyo
3 KB
Del
OK
fw_ifcfg.py
2.5 KB
Del
OK
fw_ifcfg.pyc
1.84 KB
Del
OK
fw_ifcfg.pyo
1.84 KB
Del
OK
fw_ipset.py
8.96 KB
Del
OK
fw_ipset.pyc
9.02 KB
Del
OK
fw_ipset.pyo
9.02 KB
Del
OK
fw_nm.py
6.49 KB
Del
OK
fw_nm.pyc
5.93 KB
Del
OK
fw_nm.pyo
5.93 KB
Del
OK
fw_policies.py
2.74 KB
Del
OK
fw_policies.pyc
2.94 KB
Del
OK
fw_policies.pyo
2.94 KB
Del
OK
fw_service.py
1.6 KB
Del
OK
fw_service.pyc
2.14 KB
Del
OK
fw_service.pyo
2.14 KB
Del
OK
fw_test.py
22.06 KB
Del
OK
fw_test.pyc
17.45 KB
Del
OK
fw_test.pyo
17.45 KB
Del
OK
fw_transaction.py
10.54 KB
Del
OK
fw_transaction.pyc
10.96 KB
Del
OK
fw_transaction.pyo
10.96 KB
Del
OK
fw_zone.py
75.6 KB
Del
OK
fw_zone.pyc
57.31 KB
Del
OK
fw_zone.pyo
57.31 KB
Del
OK
helper.py
804 B
Del
OK
helper.pyc
222 B
Del
OK
helper.pyo
222 B
Del
OK
icmp.py
3.03 KB
Del
OK
icmp.pyc
2.89 KB
Del
OK
icmp.pyo
2.89 KB
Del
OK
io
-
Del
OK
ipXtables.py
47.68 KB
Del
OK
ipXtables.pyc
34.8 KB
Del
OK
ipXtables.pyo
34.8 KB
Del
OK
ipset.py
9.1 KB
Del
OK
ipset.pyc
9.15 KB
Del
OK
ipset.pyo
9.15 KB
Del
OK
logger.py
30.31 KB
Del
OK
logger.pyc
27.43 KB
Del
OK
logger.pyo
27.43 KB
Del
OK
modules.py
3.63 KB
Del
OK
modules.pyc
3.56 KB
Del
OK
modules.pyo
3.56 KB
Del
OK
nftables.py
60.55 KB
Del
OK
nftables.pyc
38.56 KB
Del
OK
nftables.pyo
38.56 KB
Del
OK
prog.py
1.47 KB
Del
OK
prog.pyc
988 B
Del
OK
prog.pyo
988 B
Del
OK
rich.py
29.34 KB
Del
OK
rich.pyc
23.73 KB
Del
OK
rich.pyo
23.73 KB
Del
OK
watcher.py
3.15 KB
Del
OK
watcher.pyc
3.55 KB
Del
OK
watcher.pyo
3.55 KB
Del
OK
Edit: fw_transaction.py
# -*- coding: utf-8 -*- # # Copyright (C) 2016 Red Hat, Inc. # # Authors: # Thomas Woerner <twoerner@redhat.com> # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. # """Transaction classes for firewalld""" __all__ = [ "FirewallTransaction", "FirewallZoneTransaction" ] from firewall.core.logger import log from firewall import errors from firewall.errors import FirewallError from firewall.fw_types import LastUpdatedOrderedDict class SimpleFirewallTransaction(object): """Base class for FirewallTransaction and FirewallZoneTransaction""" def __init__(self, fw): self.fw = fw self.rules = { } # [ ( backend.name, [ rule,.. ] ),.. ] self.pre_funcs = [ ] # [ (func, args),.. ] self.post_funcs = [ ] # [ (func, args),.. ] self.fail_funcs = [ ] # [ (func, args),.. ] def clear(self): self.rules.clear() del self.pre_funcs[:] del self.post_funcs[:] del self.fail_funcs[:] def add_rule(self, backend, rule): self.rules.setdefault(backend.name, [ ]).append(rule) def add_rules(self, backend, rules): for rule in rules: self.add_rule(backend, rule) def query_rule(self, backend, rule): return backend.name in self.rules and rule in self.rules[backend.name] def remove_rule(self, backend, rule): if backend.name in self.rules and rule in self.rules[backend.name]: self.rules[backend.name].remove(rule) def add_pre(self, func, *args): self.pre_funcs.append((func, args)) def add_post(self, func, *args): self.post_funcs.append((func, args)) def add_fail(self, func, *args): self.fail_funcs.append((func, args)) def prepare(self, enable, rules=None, modules=None): log.debug4("%s.prepare(%s, %s)" % (type(self), enable, "...")) if rules is None: rules = { } if modules is None: modules = [ ] if not enable: # reverse rule order for cleanup for backend_name in self.rules: for rule in reversed(self.rules[backend_name]): rules.setdefault(backend_name, [ ]).append( self.fw.get_backend_by_name(backend_name).reverse_rule(rule)) else: for backend_name in self.rules: rules.setdefault(backend_name, [ ]).extend(self.rules[backend_name]) return rules, modules def execute(self, enable): log.debug4("%s.execute(%s)" % (type(self), enable)) rules, modules = self.prepare(enable) # pre self.pre() # stage 1: apply rules error = False errorMsg = "" done = [ ] for backend_name in rules: try: self.fw.rules(backend_name, rules[backend_name]) except Exception as msg: error = True errorMsg = msg log.error(msg) else: done.append(backend_name) # stage 2: load modules if not error: module_return = self.fw.handle_modules(modules, enable) if module_return: # Debug log about issues loading modules, but don't error. The # modules may be builtin or CONFIG_MODULES=n, in which case # modprobe will fail. Or we may be running inside a container # that doesn't have sufficient privileges. Unfortunately there # is no way for us to know. (status, msg) = module_return if status: log.debug1(msg) # error case: revert rules if error: undo_rules = { } for backend_name in done: undo_rules[backend_name] = [ ] for rule in reversed(rules[backend_name]): undo_rules[backend_name].append( self.fw.get_backend_by_name(backend_name).reverse_rule(rule)) for backend_name in undo_rules: try: self.fw.rules(backend_name, undo_rules[backend_name]) except Exception as msg: log.error(msg) # call failure functions for (func, args) in self.fail_funcs: try: func(*args) except Exception as msg: log.error("Calling fail func %s(%s) failed: %s" % \ (func, args, msg)) raise FirewallError(errors.COMMAND_FAILED, errorMsg) # post self.post() def pre(self): log.debug4("%s.pre()" % type(self)) for (func, args) in self.pre_funcs: try: func(*args) except Exception as msg: log.error("Calling pre func %s(%s) failed: %s" % \ (func, args, msg)) def post(self): log.debug4("%s.post()" % type(self)) for (func, args) in self.post_funcs: try: func(*args) except Exception as msg: log.error("Calling post func %s(%s) failed: %s" % \ (func, args, msg)) # class FirewallTransaction class FirewallTransaction(SimpleFirewallTransaction): """General FirewallTransaction, contains also zone transactions""" def __init__(self, fw): super(FirewallTransaction, self).__init__(fw) self.zone_transactions = LastUpdatedOrderedDict() # { zone: transaction, .. } def clear(self): super(FirewallTransaction, self).clear() self.zone_transactions.clear() def zone_transaction(self, zone): if zone not in self.zone_transactions: self.zone_transactions[zone] = FirewallZoneTransaction( self.fw, zone, self) return self.zone_transactions[zone] def prepare(self, enable, rules=None, modules=None): log.debug4("%s.prepare(%s, %s)" % (type(self), enable, "...")) rules, modules = super(FirewallTransaction, self).prepare( enable, rules, modules) for zone in self.zone_transactions: try: self.zone_transactions[zone].prepare(enable, rules) for module in self.zone_transactions[zone].modules: if module not in modules: modules.append(module) except FirewallError as msg: log.error("Failed to prepare transaction rules for zone '%s'", str(msg)) return rules, modules def pre(self): log.debug4("%s.pre()" % type(self)) super(FirewallTransaction, self).pre() for zone in self.zone_transactions: self.zone_transactions[zone].pre() def post(self): log.debug4("%s.post()" % type(self)) super(FirewallTransaction, self).post() for zone in self.zone_transactions: self.zone_transactions[zone].post() # class FirewallZoneTransaction class FirewallZoneTransaction(SimpleFirewallTransaction): """Zone transaction with additional chain and module interface""" def __init__(self, fw, zone, fw_transaction=None): super(FirewallZoneTransaction, self).__init__(fw) self.zone = zone self.fw_transaction = fw_transaction self.chains = [ ] # [ (table, chain),.. ] self.modules = [ ] # [ module,.. ] def clear(self): # calling clear on a zone_transaction that was spawned from a # FirewallTransaction needs to clear the fw_transaction and all the # other zones otherwise we end up with a partially cleared transaction. if self.fw_transaction: super(FirewallTransaction, self.fw_transaction).clear() for zone in self.fw_transaction.zone_transactions.keys(): super(FirewallZoneTransaction, self.fw_transaction.zone_transactions[zone]).clear() del self.fw_transaction.zone_transactions[zone].chains[:] del self.fw_transaction.zone_transactions[zone].modules[:] else: super(FirewallZoneTransaction, self).clear() del self.chains[:] del self.modules[:] def prepare(self, enable, rules=None, modules=None): log.debug4("%s.prepare(%s, %s)" % (type(self), enable, "...")) rules, modules = super(FirewallZoneTransaction, self).prepare( enable, rules, modules) for module in self.modules: if module not in modules: modules.append(module) return rules, modules def execute(self, enable): # calling execute on a zone_transaction that was spawned from a # FirewallTransaction should execute the FirewallTransaction as it may # have prerequisite rules if self.fw_transaction: self.fw_transaction.execute(enable) else: super(FirewallZoneTransaction, self).execute(enable) def add_chain(self, table, chain): table_chain = (table, chain) if table_chain not in self.chains: self.fw.zone.gen_chain_rules(self.zone, True, [table_chain], self) self.chains.append(table_chain) def remove_chain(self, table, chain): table_chain = (table, chain) if table_chain in self.chains: self.chains.remove(table_chain) def add_chains(self, chains): for table_chain in chains: if table_chain not in self.chains: self.add_chain(table_chain[0], table_chain[1]) def remove_chains(self, chains): for table_chain in chains: if table_chain in self.chains: self.chains.remove(table_chain) def add_module(self, module): if module not in self.modules: self.modules.append(module) def remove_module(self, module): if module in self.modules: self.modules.remove(module) def add_modules(self, modules): for module in modules: self.add_module(module) def remove_modules(self, modules): for module in modules: self.remove_module(module)
Save