Your IP : 172.28.240.42


Current Path : /usr/lib/python2.7/dist-packages/ufw/
Upload File :
Current File : //usr/lib/python2.7/dist-packages/ufw/common.pyc


}Oc@sdZddlZddlZddlZddlmZdZdZdZeZ	dZ
dZd	Zd
e
fdYZddd
YZdS(s!common.py: common classes for ufwiN(tdebugtufws/lib/ufws/usr/share/ufws/etcs/usrs/sbintUFWErrorcBs eZdZdZdZRS(s$This class represents ufw exceptionscCs
||_dS(N(tvalue(tselfR((s./usr/lib/python2.7/dist-packages/ufw/common.pyt__init__!scCs
t|jS(N(treprR(R((s./usr/lib/python2.7/dist-packages/ufw/common.pyt__str__$s(t__name__t
__module__t__doc__RR(((s./usr/lib/python2.7/dist-packages/ufw/common.pyRs	tUFWRulecBseZdZddddddZdZdZdZdZd	Zd
dZ	dZ
d
ZdZdZ
dZdZdZdZdZdZdZdZdZdZRS(s$This class represents firewall rulestanys	0.0.0.0/0tincCst|_t|_t|_d|_d|_d|_d|_d|_t|_	d|_
d|_d|_d|_
d|_d|_d|_d|_yb|j||j||j||j|d|j||j||j|Wntk
rnXdS(Ntitsrc(tFalsetremovetupdatedtv6tdstRtdporttsporttprotocoltmultitdapptsapptactiontpositiontlogtypetinterface_int
interface_outt	directiont
set_actiontset_protocoltset_porttset_srctset_dstt
set_directionR(RRRRRRRR ((s./usr/lib/python2.7/dist-packages/ufw/common.pyR*s6																	





cCs
|jS(N(tformat_rule(R((s./usr/lib/python2.7/dist-packages/ufw/common.pyRIscCs=d|}x,|jD]!}|d||j|f7}qW|S(sPrint rule to stdouts'%s's, %s=%s(t__dict__(Rtrestk((s./usr/lib/python2.7/dist-packages/ufw/common.pyt_get_attribLs
cCst|j|j}|j|_|j|_|j|_|j|_|j|_|j|_|j	|_	|j
|_
|j|_|j|_|j
|_
|j|_|j|_|j|_|j|_|S(sReturn a duplicate of a rule(RRRRRRRRRRRRRRRRRR (Rtrule((s./usr/lib/python2.7/dist-packages/ufw/common.pytdup_ruleSs"cCspd}|jdkr)|d|j7}n|jdkrL|d|j7}n|jdkrh|d7}n|d|j7}|jr"|d7}|jdkr|jdkr|d|j7}|d7}|d	|j7}q"|jdkr|d|j7}q"|jdkr"|d	|j7}q"n|jd
krT|jdkrT|d|j7}n|jr|jdkr|d
|j7}n|jd
kr|jdkr|d|j7}n|jr|jdkr|d|j7}nd}|jdkrd|j}n|j	dkr%|d|7}nj|j	dkra|d|7}|jdkr|d7}qn.|j	dkr|d|7}n|d|7}|j
dks|jdkrfd}tj
d}|j
dkr|d|jd|j
7}n|j
dkr|jdkr|d7}n|jdkrK|d|jd|j7}n|d 7}|d|7}n|jS(!sFormat rule for later parsingRs -i %ss -o %sRs -p alls -p s
 -m multiports
 --dports s
 --sports s	0.0.0.0/0s::/0s -d s	 --dport s -s s	 --sport t_tallows -j ACCEPT%strejects -j REJECT%sttcps --reject-with tcp-resettlimits -j LIMIT%ss
 -j DROP%ss-m comment --comment 't tdapp_s%20t,tsapp_t'(RRRRRRRRRRRRtretcompiletsubtstrip(Rtrule_strtlstrtcommentt	pat_space((s./usr/lib/python2.7/dist-packages/ufw/common.pyR'hsd
	

 
 
cCs|jjd}|ddksE|ddksE|ddkrU|d|_n	d|_d}t|dkr|d}n|j|d	S(
sSets action of the ruleR.iR/R0R2tdenyRiN(tlowertsplitRtlentset_logtype(RRttmpR((s./usr/lib/python2.7/dist-packages/ufw/common.pyR!s0	
Rc		Cstd|}|dkrn|dkr7|jr7nm|dkrO|jrOnUtjd|sstjd|rt|n"|jd|jdd	krt|n|jd}t|d
krt|nt|d
krt	|_
nd}x|D]}tjd|rt	|_
|jd}t|d
kr_t|nxA|D]9}t|d
kst|dkrft|qfqfWt|dt|d
krqt|qqntjd|rt|d
kst|dkrqt|qqnTtjd|reytj
|}Wqqtk
rat|qqXnt||r|dt|7}qt|}qW|}|dkrt||_nt||_dS(s:Sets port and location (destination or source) of the rules
Bad port '%s'RRRs^[,:]s[,:]$R5t:iiRs	^\d+:\d+$iiis^\d+$s
^\w[\w\-]+N(R.RRR8tmatchRtcountRBRCtTrueRtinttsockett
getservbynamet	ExceptiontstrRR(	Rtporttlocterr_msgtportsREtptrantq((s./usr/lib/python2.7/dist-packages/ufw/common.pyR#sX$"
	
$ $
cCst|dksH|dksH|dksH|dksH|dksH|dkrT||_ntd|}t|dS(	sSets protocol of the ruleR1tudptipv6tesptahRsUnsupported protocol '%s'N(RR.R(RRRQ((s./usr/lib/python2.7/dist-packages/ufw/common.pyR"scCs|jrr|jr<|jdks0|jdkr<d|_n|jr|jdksc|jdkrd|_qnf|jr|jdks|jdkrd|_n|jr|jdks|jdkrd|_ndS(sAdjusts src and dst based on v6Rs	0.0.0.0/0s::/0N(RRR(R((s./usr/lib/python2.7/dist-packages/ufw/common.pyt
_fix_anywheres	''''cCs||_|jdS(sXSets whether this is ipv6 rule, and adjusts src and dst
           accordingly.
        N(RRZ(RR((s./usr/lib/python2.7/dist-packages/ufw/common.pytset_v6s	cCs`|j}|dkrItjj|drItd}t|n||_|jdS(sSets source address of ruleRsBad source addressN(RARtutilt
valid_addressR.RRRZ(RtaddrRERQ((s./usr/lib/python2.7/dist-packages/ufw/common.pyR$s"	cCs`|j}|dkrItjj|drItd}t|n||_|jdS(s Sets destination address of ruleRsBad destination addressN(RARR\R]R.RRRZ(RR^RERQ((s./usr/lib/python2.7/dist-packages/ufw/common.pyR%s"	cCs|dkr3|dkr3td}t|ntjdt|sftd}t|ndt|krtd}t|n|dkr||_n	||_dS(	sSets an interface for ruleR
toutsBad interface types!^[a-zA-Z][a-zA-Z0-9:]*[a-zA-Z0-9]sBad interface nameRFs/Bad interface name: can't use interface aliasesN(R.RR8RGRNRR(Rtif_typetnameRQ((s./usr/lib/python2.7/dist-packages/ufw/common.pyt
set_interface&scCsJtjdt|s7td|}t|nt||_dS(sSets the position of the rules^[0-9]+s,Insert position '%s' is not a valid positionN(R8RGRNR.RRJR(RtnumRQ((s./usr/lib/python2.7/dist-packages/ufw/common.pytset_position9scCsb|jdks0|jdks0|dkrB|j|_ntd|}t|dS(sSets logtype of the ruletlogslog-allRsInvalid log type '%s'N(RARR.R(RRRQ((s./usr/lib/python2.7/dist-packages/ufw/common.pyRD@s
$cCsD|dks|dkr$||_ntd|}t|dS(sSets direction of the ruleR
R_sUnsupported direction '%s'N(R R.R(RR RQ((s./usr/lib/python2.7/dist-packages/ufw/common.pyR&IscCsYt}|jrQy(tjj|j|j\|_}WqQtk
rMqQXn|rc||_n|jry(tjj|j|j\|_}Wqtk
rt	d}t
|qXn|jr|jjd}tjj
|dj||_n|jrC|jjd}tjj
|dj||_n|rU||_ndS(s&Normalize src and dst to standard forms'Could not normalize destination addressR5N(RRRR\tnormalize_addressRRMRRR.RRRBt
human_sorttjoinR(RtchangedRQRR((s./usr/lib/python2.7/dist-packages/ufw/common.pyt	normalizeQs4	

	
		cCs|s|rtnd||f}|j|jkrJt|dS|j|jkrjt|dS|j|jkrt|dS|j|jkrt|dS|j|jkrt|dS|j|jkrt|dS|j|jkr
t|dS|j	|j	kr*t|dS|j
|j
krJt|dS|j|jkrjt|dS|j|jkrt|dS|j
|j
kr|j|jkrtd}t|dStdi|j
d6|j
d6|jd6|jd	6}t|d
S(s~Check if rules match
        Return codes:
          0  match
          1  no match
         -1  match all but action
        sNo match '%s' '%s'isFound exact matchis@Found non-action/non-logtype match (%(xa)s/%(ya)s %(xl)s/%(yl)s)txatyatxltyli(t
ValueErrorRRRRRRRRRRRR RRR.(txtytdbg_msg((s./usr/lib/python2.7/dist-packages/ufw/common.pyRGssZ










$
	
cCsd}|s|r#tn|j|dkr<dSd||j||jf}|jdkr}td|ddS|j|jkr|jdkrtd	|dS|jdkr||j|jrtd
|dS|jdkr|jdkr|j|j	rq%|j	|j	krMd|j	krMtd
|dS|j	|j	kr%d|j	kr%|j|jkr%t
jj|j	|j	|jr%td
|d|j	|j	fdSnZ|jdkr|j|jkrtd|d|j|jfdSyt
jj
|j|j}Wn>tk
r^td|d|jdStk
rqnX|j	|krd|j	krtd|d|j	|fdS|j	|kr%d|j	kr%|j|jkr%t
jj||j	|jr%td|d||j	fdS|j|jkr]td|d|j	|j	fdStd||j||jfdS(sThis will match if x is more specific than y. Eg, for protocol if x
	   is tcp and y is all or for address if y is a network and x is a
           subset of y (where x is either an address or network). Returns:

            0  match
            1  no match
           -1  fuzzy match

           This is a fuzzy destination match, so source ports or addresses
           are not considered, and (currently) only incoming.
        cSsx|jdD]n}||kr&tSd|kr|jd\}}t|t|kr~t|t|kr~tSqqWtS(s:Returns True if p is an exact match or within a multi ruleR5RF(RBRIRJR(ttest_ptto_matchROtlowthigh((s./usr/lib/python2.7/dist-packages/ufw/common.pyt_match_portss0is(No fuzzy match '%s (v6=%s)' '%s (v6=%s)'R
s(direction) s (not incoming)iRs(protocol) s(dport) Rt/s(dst) s ('%s' not in network '%s')s(interface) s (%s != %s)s %s does not exists(v6) s'(fuzzy match) '%s (v6=%s)' '%s (v6=%s)'i(RoRGRR RRRRt_is_anywhereRRR\t
in_networktget_ip_from_iftIOErrorRM(RpRqRwRrtif_ip((s./usr/lib/python2.7/dist-packages/ufw/common.pytfuzzy_dst_matchsj	!%!!3"
!




0
" cCs |dks|dkrtStS(sCheck if address is anywheres::/0s	0.0.0.0/0(RIR(RR^((s./usr/lib/python2.7/dist-packages/ufw/common.pyRyscCsd}|jdks$|jdkrd|j|j|j|jf}|jdkrzd|j|j|j|jf}n|jdkrd|j|j|j|jf}n|jdkr|d|j7}n|jdkr|d|j7}qn|S(s$Returns a tuple to identify an app rule. Tuple is:
             dapp dst sapp src
           or
             dport dst sapp src
           or
             dapp dst sport src

           All of these might have in_eth0 out_eth0 (or similar) if an
           interface is also defined.
        Rs%s %s %s %ss in_%ss out_%s(RRRRRRRR(Rttupl((s./usr/lib/python2.7/dist-packages/ufw/common.pyt
get_app_tuples"(RR	R
RRR+R-R'R!R#R"RZR[R$R%RbRdRDR&RjRGR~RyR(((s./usr/lib/python2.7/dist-packages/ufw/common.pyR(s.				C	
9	
	
		
	
						"	8	e	((R
R8RKtufw.utilRRtprogramNamet	state_dirt	share_dirt	trans_dirt
config_dirt
prefix_dirtiptables_dirRMRR(((s./usr/lib/python2.7/dist-packages/ufw/common.pyt<module>s