ó }”ÍZc%@skdddddddddd d d d d ddddddddddddddddddd d!d"d#d$g%Zd%d&lZd%d&lZd%d&lZd%d&lZd%d&lZd%d&lZd%d&lZd%d&lZd%d'l m Z d%d(l m Z d%d)l mZmZmZejd*kZd+„Zd,„Zd-d.„Zd/„Zd0„Zd1„Zd2„Zd3„Zd4„Zd5„Zd6„Zd7„Zd8„Zd9„Z d:„Z!d;„Z"d<„Z#d=„Z$d>„Z%d?„Z&d@„Z'dA„Z(dB„Z)dC„Z*dD„Z+dE„Z,dF„Z-dG„Z.dH„Z/dI„Z0dJ„Z1dK„Z2dL„Z3dM„Z4dN„Z5dO„Z6d&S(PtPY2t getPortIDt getPortRangetportStrtgetServiceNametcheckIPtcheckIP6t checkIPnMaskt checkIP6nMaskt checkProtocoltcheckInterfacet checkUINT32tfirewalld_is_activettempFiletreadfilet writefiletenable_ip_forwardingtget_nf_conntrack_helper_settingtset_nf_conntrack_helper_settingtget_nf_conntrack_helperstget_nf_nat_helperst check_portt check_addresstcheck_single_addresst check_mactuniqifyt ppid_of_pidtmax_zone_name_lent checkUsertcheckUidt checkCommandt checkContexttjoinArgst splitArgstb2utu2bt u2b_if_py2iÿÿÿÿN(tlog(trunProg(tFIREWALLD_TEMPDIRtFIREWALLD_PIDFILEtCOMMANDSt3cCst|tƒr|}nd|r-|jƒ}nyt|ƒ}Wn<tk r{ytj|ƒ}Wq|tjk rwdSXnX|dkrŒdS|S(sÎ Check and Get port id from port string or port id using socket.getservbyname @param port port string or port id @return Port id if valid, -1 if port can not be found and -2 if port is too big iÿÿÿÿiÿÿiþÿÿÿ(t isinstancetinttstript ValueErrortsockett getservbynameterror(tportt_id((s6/usr/lib/python2.7/site-packages/firewall/functions.pyR.s    c Cs>t|tƒs|jƒr>t|ƒ}|dkr:|fS|S|jdƒ}t|ƒdkrð|djƒrð|djƒrðt|dƒ}t|dƒ}|dkrð|dkrð||krÍ||fS||krã||fS|fSqðng}xtt|ƒddƒD]÷}tdj|| ƒƒ}dj||ƒ}t|ƒdkrÑt|ƒ}|dkr|dkr||kr™|j||fƒqÎ||kr»|j||fƒqÎ|j|fƒqq|dkr|j|fƒ|t|ƒkrPqqqWt|ƒdkr dSt|ƒdkr6dS|dS(sI Get port range for port range string or single port id @param ports an integer or port string or port range string @return Array containing start and end port id for a valid range or -1 if port can not be found and -2 if port is too big for integer input or -1 for invalid ranges or None if the range is ambiguous. it-iiiÿÿÿÿN( R+R,tisdigitRtsplittlentrangetjointappendtNone(tportstid1tsplitstid2tmatchedtitport2((s6/usr/lib/python2.7/site-packages/firewall/functions.pyREsH  2          t:cCsr|dkrdSt|ƒ}t|tƒr;|dkr;dSt|ƒdkrUd|Sd|d||dfSdS(s Create port and port range string @param port port or port range int or [int, int] @param delimiter of the output string for port ranges, default ':' @return Port or port range string, empty string if port isn't specified, None if port or port range is not valid tiis%ss%s%s%sN(RR+R,R;R7(R2t delimitert_range((s6/usr/lib/python2.7/site-packages/firewall/functions.pyR{s  cCs8ytjt|ƒ|ƒ}Wntjk r3dSX|S(sÞ Check and Get service name from port and proto string combination using socket.getservbyport @param port string or id @param protocol string @return Service name if port and protocol are valid, else None N(R/t getservbyportR,R1R;(R2tprototname((s6/usr/lib/python2.7/site-packages/firewall/functions.pyRs cCs3ytjtj|ƒWntjk r.tSXtS(sl Check IPv4 address. @param ip address string @return True if address is valid, else False (R/t inet_ptontAF_INETR1tFalsetTrue(tip((s6/usr/lib/python2.7/site-packages/firewall/functions.pyR›s cCs3ytjtj|ƒWntjk r.tSXtS(sl Check IPv6 address. @param ip address string @return True if address is valid, else False (R/RJtAF_INET6R1RLRM(RN((s6/usr/lib/python2.7/site-packages/firewall/functions.pyR¨s cCsád|kra||jdƒ }||jdƒd}t|ƒdksZt|ƒdkrmtSn |}d}t|ƒs}tS|rÝd|kr™t|ƒSyt|ƒ}Wntk r½tSX|dksÖ|dkrÝtSntS(Nt/it.ii (tindexR7RLR;RR,R.RM(RNtaddrtmaskRA((s6/usr/lib/python2.7/site-packages/firewall/functions.pyRµs& $    cCsËd|kra||jdƒ }||jdƒd}t|ƒdksZt|ƒdkrmtSn |}d}t|ƒs}tS|rÇyt|ƒ}Wntk r§tSX|dksÀ|dkrÇtSntS(NRPiii€(RRR7RLR;RR,R.RM(RNRSRTRA((s6/usr/lib/python2.7/site-packages/firewall/functions.pyRÌs" $  cCsmyt|ƒ}Wn:tk rLytj|ƒWqitjk rHtSXnX|dkse|dkritStS(Niiÿ(R,R.R/tgetprotobynameR1RLRM(tprotocolRA((s6/usr/lib/python2.7/site-packages/firewall/functions.pyR ás  cCsN| st|ƒdkrtSx*ddddgD]}||kr0tSq0WtS(s¬ Check interface string @param interface string @return True if interface is valid (maximum 16 chars and does not contain ' ', '/', '!', ':', '*'), else False it RPt!t*(R7RLRM(tifacetch((s6/usr/lib/python2.7/site-packages/firewall/functions.pyR ðs  cCsHyt|dƒ}Wntk r'tSX|dkrD|dkrDtStS(NiIÿÿÿÿ(R,R.RLRM(tvaltx((s6/usr/lib/python2.7/site-packages/firewall/functions.pyR s cCsÂtjjtƒstSy(ttdƒ}|jƒ}WdQXWntk rRtSXtjjd|ƒsmtSy,td|dƒ}|jƒ}WdQXWntk r­tSXd|kr¾tStS(sv Check if firewalld is active @return True if there is a firewalld pid file and the pid is used by firewalld trNs/proc/%ss/proc/%s/cmdlinet firewalld( tostpathtexistsR(RLtopentreadlinet ExceptionRM(tfdtpidtcmdline((s6/usr/lib/python2.7/site-packages/firewall/functions.pyR s"   c CsyyKtjjtƒs(tjtdƒntjdddddtdtƒSWn'tk rt}t j d|ƒ‚nXdS( Niètmodetwttprefixstemp.tdirtdeletes#Failed to create temporary file: %s( R`RaRbR'tmkdirttempfiletNamedTemporaryFileRLReR%R1R;(tmsg((s6/usr/lib/python2.7/site-packages/firewall/functions.pyR *scCsWy&t|dƒ}|jƒSWdQXWn*tk rR}tjd||fƒnXdS(NR^sFailed to read file "%s": %s(Rct readlinesReR%R1R;(tfilenametfte((s6/usr/lib/python2.7/site-packages/firewall/functions.pyR6s cCs[y)t|dƒ}|j|ƒWdQXWn+tk rV}tjd||fƒtSXtS(Ntws Failed to write to file "%s": %s(RctwriteReR%R1RLRM(RstlineRtRu((s6/usr/lib/python2.7/site-packages/firewall/functions.pyR>scCs6|dkrtddƒS|dkr2tddƒStS(Ntipv4s/proc/sys/net/ipv4/ip_forwards1 tipv6s&/proc/sys/net/ipv6/conf/all/forwarding(RRL(tipv((s6/usr/lib/python2.7/site-packages/firewall/functions.pyRGs     c Cs=tjƒd}d|}i}tjj|ƒr9xttj|ƒƒD]ê}|jdƒscqHn|jdƒd}tt d|gƒ\}}|dkr¤qHnx‹|jdƒD]z}|jdƒr´d |kr´|jd ƒd j ƒ}|j d d ƒ}|j ddƒ}|j |gƒj |ƒq´q´WqHWn|S(Nis%/lib/modules/%s/kernel/net/netfilter/t nf_conntrack_RQitmodinfos salias:s-helper-RCis nfct-helper-RDt_R4(R`tunameRatisdirtsortedtlistdirt startswithR6R&R)R-treplacet setdefaultR:( tkverRathelpersRstmoduletstatustretRxthelper((s6/usr/lib/python2.7/site-packages/firewall/functions.pyRNs$  'c Cs*tjƒd}d|}i}tjj|ƒr&xñttj|ƒƒD]×}|jdƒscqHn|jdƒd}tt d|gƒ\}}|dkr¤qHnd}xr|jdƒD]a}|jdƒrºd |krº|j dd ƒ} | j d d ƒ} |j |gƒj | ƒqºqºWqHWn|S( Nis%/lib/modules/%s/kernel/net/netfilter/tnf_nat_RQiR}s s description:s NAT helperRDR~R4(R`RRaR€RR‚RƒR6R&R)R;R„R…R:( R†RaR‡RsRˆR‰RŠtaliasRxR‹((s6/usr/lib/python2.7/site-packages/firewall/functions.pyRbs$  'cCs>yttdƒdƒSWntk r9tjdƒdSXdS(Ns+/proc/sys/net/netfilter/nf_conntrack_helperis3Failed to get and parse nf_conntrack_helper setting(R,RReR%twarning(((s6/usr/lib/python2.7/site-packages/firewall/functions.pyRvs   cCstd|rdndƒS(Ns+/proc/sys/net/netfilter/nf_conntrack_helpers1 s0 (R(tflag((s6/usr/lib/python2.7/site-packages/firewall/functions.pyR}scCsøt|ƒ}|dksV|dksV|dksVt|ƒdkrô|d|dkrô|dkrvtjd|ƒnz|dkr–tjd|ƒnZ|dkr¶tjd|ƒn:t|ƒdkrð|d|dkrðtjd |ƒntStS( Niþÿÿÿiÿÿÿÿiiis'%s': port > 65535s'%s': port is invalids'%s': port is ambiguouss'%s': range start >= end(RR;R7R%tdebug2RLRM(R2RF((s6/usr/lib/python2.7/site-packages/firewall/functions.pyRs $&   &cCs4|dkrt|ƒS|dkr,t|ƒStSdS(NRyRz(RRRL(R{tsource((s6/usr/lib/python2.7/site-packages/firewall/functions.pyRs     cCs4|dkrt|ƒS|dkr,t|ƒStSdS(NRyRz(RRRL(R{R‘((s6/usr/lib/python2.7/site-packages/firewall/functions.pyR˜s     c Csgt|ƒdkrcx"dD]}||dkrtSqWx%dD]}||tjkr>tSq>WtStS(Ni iiii iRCiiiiiii i i iii(iiii i( iiiiiii i i i ii(R7RLtstringt hexdigitsRM(tmacRA((s6/usr/lib/python2.7/site-packages/firewall/functions.pyR s  cCs7g}x*|D]"}||kr |j|ƒq q W|S(N(R:(t_listtoutputR]((s6/usr/lib/python2.7/site-packages/firewall/functions.pyR¬s   cCsVy=tjd|ƒ}t|jƒdjƒƒ}|jƒWntk rQdSX|S(s Get parent for pid sps -o ppid -h -p %d 2>/dev/nulliN(R`tpopenR,RrR-tcloseReR;(RgRt((s6/usr/lib/python2.7/site-packages/firewall/functions.pyR´s cCs=ddlm}ttt|jƒƒƒ}d|tdƒS(s© Netfilter limits length of chain to (currently) 28 chars. The longest chain we create is FWDI__allow, which leaves 28 - 11 = 17 chars for . iÿÿÿÿ(t SHORTCUTSit__allow(tfirewall.core.baseR™tmaxtmapR7tvalues(R™tlongest_shortcut((s6/usr/lib/python2.7/site-packages/firewall/functions.pyR¾sc Cstt|ƒdks-t|ƒtjdƒkr1tSx<|D]4}|tjkr8|tjkr8|dkr8tSq8WtS(NitSC_LOGIN_NAME_MAXRQR4R~t$(RQR4R~R¡(R7R`tsysconfRLR’t ascii_letterstdigitsRM(tusertc((s6/usr/lib/python2.7/site-packages/firewall/functions.pyRÈs-  cCsWt|tƒr7yt|ƒ}Wq7tk r3tSXn|dkrS|dkrStStS(NiiiiI€iÿÿÿ(R+tstrR,R.RLRM(tuid((s6/usr/lib/python2.7/site-packages/firewall/functions.pyRÒs cCsjt|ƒdks$t|ƒdkr(tSx'dddgD]}||kr8tSq8W|ddkrftStS(Niit|s tiRP(R7RLRM(tcommandR[((s6/usr/lib/python2.7/site-packages/firewall/functions.pyRÜs$ cCs›|jdƒ}t|ƒd kr%tS|ddkrM|dddkrMtS|ddd kretS|d dd kr}tSt|d ƒdkr—tStS(NRCiiitrootiþÿÿÿt_uit_rit_ti(ii(R6R7RLRM(tcontextR>((s6/usr/lib/python2.7/site-packages/firewall/functions.pyRæs$cCsDdttƒkr)djd„|DƒƒSdjd„|DƒƒSdS(NtquoteRWcss|]}tj|ƒVqdS(N(tshlexR±(t.0ta((s6/usr/lib/python2.7/site-packages/firewall/functions.pys úscss|]}tj|ƒVqdS(N(tpipesR±(R³R´((s6/usr/lib/python2.7/site-packages/firewall/functions.pys üs(RlR²R9(targs((s6/usr/lib/python2.7/site-packages/firewall/functions.pyR øscCsNtr=t|tƒr=t|ƒ}tj|ƒ}tt|ƒStj|ƒSdS(N(RR+tunicodeR#R²R6RR"(t_stringR>((s6/usr/lib/python2.7/site-packages/firewall/functions.pyR!þs   cCs#t|tƒr|jddƒS|S(s bytes to unicode sUTF-8R„(R+tbytestdecode(R¸((s6/usr/lib/python2.7/site-packages/firewall/functions.pyR"scCs#t|tƒs|jddƒS|S(s unicode to bytes sUTF-8R„(R+R¹tencode(R¸((s6/usr/lib/python2.7/site-packages/firewall/functions.pyR# scCs)tr%t|tƒr%|jddƒS|S(s" unicode to bytes only if Python 2sUTF-8R„(RR+R·R»(R¸((s6/usr/lib/python2.7/site-packages/firewall/functions.pyR$s(7t__all__R/R`tos.pathR²RµR’tsysRotfirewall.core.loggerR%tfirewall.core.progR&tfirewall.configR'R(R)tversionRRRRRRRRRR R R R R RRRRRRRRRRRRRRRRRRR R!R"R#R$(((s6/usr/lib/python2.7/site-packages/firewall/functions.pytsp             6