MINI MINI MANI MO

Path : /usr/lib/python2.7/site-packages/firewall/core/
File Upload :
Current File : //usr/lib/python2.7/site-packages/firewall/core/fw_zone.pyc


d[c@sZddlZddlmZmZmZddlmZddlmZm	Z	m
Z
mZmZm
Z
mZddlmZmZmZmZmZmZmZmZmZmZmZmZmZddlmZddlm Z m!Z!ddl"m#Z#dd	l$m%Z%dd
l&m'Z'ddl(m)Z)de*fd
YZ+de+fdYZ,dS(iN(t	SHORTCUTStDEFAULT_ZONE_TARGETtZONE_SOURCE_IPSET_TYPES(tlog(tportStrtcheckIPnMaskt
checkIP6nMaskt
checkProtocoltenable_ip_forwardingtcheck_single_addresst	check_mac(
t	Rich_RuletRich_AccepttRich_Rejectt	Rich_Dropt	Rich_MarktRich_Servicet	Rich_Portt
Rich_ProtocoltRich_MasqueradetRich_ForwardPorttRich_SourcePorttRich_IcmpBlockt
Rich_IcmpType(t
OUR_CHAINS(tFirewallTransactiontFirewallZoneTransaction(tifcfg_set_zone_of_interface(terrors(t
FirewallError(tLastUpdatedOrderedDicttFirewallZonecBseZdZdZdZdZdZdZdZdZ	dZ
d	Zd
ZdtdZdZd
ZdtdZdZdtdZdZdZdtdZdtdZdtdZdZdZdZdZdZdtdtdZdZdtdZ dtdZ!dtdZ"d Z#d!Z$d"Z%d#Z&d$Z'dtdtd%Z(d&Z)dtd'Z*dtd(Z+d)Z,d*Z-d+Z.d,Z/d-Z0d.Z1d/Z2d0dtdtd1Z3d2Z4dtd3Z5d4Z6d5Z7d6Z8d7Z9d8Z:d0dtdtd9Z;d:Z<dtd;Z=d<Z>d=Z?d>Z@d?ZAd@ZBdAZCd0dtdtdBZDdCZEdtdDZFdEZGdFZHdGZIdHZJdIZKd0dtdtdJZLdKZMdtdLZNdMZOdNZPdOZQdPZRd0dtdtdQZSdRZTdtdSZUdTZVdUZWdVZXdWZYd0dtdtdXZZdYZ[dtdZZ\d[Z]d\Z^dtdtd]Z_dtdtd^Z`dtdtd0dtdtd_Zad`ZbdtdtdtdaZcdbZddtdtdcZeddZfdeZgdfZhd0dtdtdgZidhZjdtdiZkdjZldkZmdlZndmZodtdtdnZpdoZqdpZrdtdqZsdrZtdsZuRS(ucCsd|j|j|jfS(Ns
%s(%r, %r)(t	__class__t_chainst_zones(tself((s9/usr/lib/python2.7/site-packages/firewall/core/fw_zone.pyt__repr__)scCs|jj|jjdS(N(R!tclearR"(R#((s9/usr/lib/python2.7/site-packages/firewall/core/fw_zone.pytcleanup,s
cCs
t|jS(N(Rt_fw(R#((s9/usr/lib/python2.7/site-packages/firewall/core/fw_zone.pytnew_transaction2scCst|j|S(N(RR'(R#tzone((s9/usr/lib/python2.7/site-packages/firewall/core/fw_zone.pytnew_zone_transaction5scCst|jjS(N(tsortedR"tkeys(R#((s9/usr/lib/python2.7/site-packages/firewall/core/fw_zone.pyt	get_zones:scCsE|j|}x/|jD]$}||j|jdkr|SqWdS(Nt
interfaces(t_FirewallZone__interface_idR"tsettingstNone(R#t	interfacetinterface_idR)((s9/usr/lib/python2.7/site-packages/firewall/core/fw_zone.pytget_zone_of_interface=s
cCsE|j|}x/|jD]$}||j|jdkr|SqWdS(Ntsources(t_FirewallZone__source_idR"R0R1(R#tsourcet	source_idR)((s9/usr/lib/python2.7/site-packages/firewall/core/fw_zone.pytget_zone_of_sourceEs
cCs|jj|}|j|S(N(R't
check_zoneR"(R#R)tz((s9/usr/lib/python2.7/site-packages/firewall/core/fw_zone.pytget_zoneMscOsQy||||Wn6tk
rL}t|}tjd||fnXdS(Ns%s: %s(RtstrRtwarning(R#tftnametargstkwargsterrortmsg((s9/usr/lib/python2.7/site-packages/firewall/core/fw_zone.pyt_error2warningQs
cCsHddddddddd	d
ddgD|_||j|j<dS(
NcSsi|]}t|qS((R(t.0tx((s9/usr/lib/python2.7/site-packages/firewall/core/fw_zone.pys
<dictcomp>Zs	R.R5tservicestportst
masqueradet
forward_portstsource_portsticmp_blockstrulest	protocolsticmp_block_inversion(R0R"R@(R#tobj((s9/usr/lib/python2.7/site-packages/firewall/core/fw_zone.pytadd_zoneYscCsA|j|}|jr&|j|n|jj|j|=dS(N(R"tappliedtunapply_zone_settingsR0R%(R#R)RQ((s9/usr/lib/python2.7/site-packages/firewall/core/fw_zone.pytremove_zoneds

	
c	Cs|dkr|j}n|}x|jD]}|j|}|j|}|jrx|j|j|jd|nt	|j
dkst	|jdkrt|_
ntjd|jx0|jD]%}|j|j|j|d|qWx0|jD]%}|j|j|jd||qWx0|jD]%}|j|j|j|d|q1Wx0|jD]%}|j|j|jd||qdWx0|jD]%}|j|j|j|d|qWx0|jD]%}|j|j|jd||qW|jr|j|j|jd|nx0|jD]%}|j|j|j|d|q%Wx0|j
D]%}|j|j |j|d|qXWx0|jD]%}|j|j!|j|d|qW|j
r.|j|j"t|j|q.q.W|dkr|j#tndS(Ntuse_zone_transactionisApplying zone '%s'($R1R(R-R"tzone_transactionRPREtadd_icmp_block_inversionR@tlenR.R5tTrueRSRtdebug1RMtadd_icmp_blockRKtadd_forward_portRHtadd_serviceRItadd_portROtadd_protocolRLtadd_source_portRJtadd_masqueradeRNtadd_rulet
add_interfacet
add_sourcet_icmp_block_inversiontexecute(R#tuse_transactionttransactionR)RQRWRA((s9/usr/lib/python2.7/site-packages/firewall/core/fw_zone.pytapply_zonesks^
	
*	
	cCs|j|}||_dS(N(R"RS(R#R)RSRQ((s9/usr/lib/python2.7/site-packages/firewall/core/fw_zone.pytset_zone_applieds
cCsd|krdS|jd}t|dkr5dSd}x+tD]#}|dt|krB|}qBqBW|dk	r|d|jkrdSt|dkst|dkr|dd	kr|d|fSndS(
Nt_iiiiRtdenytallow(slogRmRn(R1tsplitRYRR-(R#tchaintsplitst_chainRG((s9/usr/lib/python2.7/site-packages/firewall/core/fw_zone.pytzone_from_chains 

"c	Cs|dkr|j|}|dk	r|\}}|dkrN|j}n|}|j|t||fg||dkr|jtqqndS(Ntipv4tipv6(RtRu(RsR1R(tgen_chain_rulesRZRg(	R#tipvttableRpRhRGt_zoneRrRi((s9/usr/lib/python2.7/site-packages/firewall/core/fw_zone.pytcreate_zone_base_by_chainscCsx|D]\}}|rD|jj|ij|gj|q|j||j|t|j||dkr|j||=nt|j|dkr|j|=qqWdS(Ni(R!t
setdefaulttappendtremoveRY(R#R)tcreatetchainsRxRp((s9/usr/lib/python2.7/site-packages/firewall/core/fw_zone.pyt_register_chainss+cCs8itjd6|d6|d6}|r4||d<n|S(Ntdatetsenderttimeouttmark(ttime(R#RRRtret((s9/usr/lib/python2.7/site-packages/firewall/core/fw_zone.pyt__gen_settingss


cCs|j|jS(N(R<R0(R#R)((s9/usr/lib/python2.7/site-packages/firewall/core/fw_zone.pytget_settingsscCs|j|}yx|D]}x||D]}||j|krIq*n|dkrh|j||n3|dkr|j||n|dkr|j||n|dkr|j||n|dkr|j||n|dkr|j||n|dkr|j|n||dkrG|j	|t
d	|nT|d
krf|j||n5|dkr|j||nt
jd|||||j|kr*||||j||<q*q*WqWWn&tk
r}t
jt|nXdS(
NRMRKRHRIRORLRJRNtrule_strR.R5s6Zone '%s': Unknown setting '%s:%s', unable to restore.(R<R0R\R]R^R_R`RaRbRcRtchange_zone_of_interfacetchange_zone_of_sourceRR>RR=(R#R)R0t_objtkeyRARD((s9/usr/lib/python2.7/site-packages/firewall/core/fw_zone.pytset_settingss@
	
(cCs|jj|}|j|}|r.|js?|rC|jrCdS|rUt|_n|dkrs|j|}n|}|j|}x/|D]'}x||D]}	y|dkr|j|||	|n|dkrwn|dkr |j	d|	d}
|j
|||d|
|	nh|dkrE|j|||	|nC|dkru|j|||	d|	d	|n|d
kr|j
|||	|n|dkr|j|||	d|	d	|n|dkr|j|||n|d
kr|j||td|	d|nk|dkrB|j|||	|nF|dkrr|j|||	d|	d	|ntjd|||	Wqtk
r}tjt|qXqWqW|r|jt|j|n|dkr|j|ndS(NRMRPRKRtmark_idRHRIiiRORLRJRNRR.R5s3Zone '%s': Unknown setting '%s:%s', unable to apply(R'R:R"RSRZR1R*Rt_icmp_blockR0t
_forward_portt_servicet_portt	_protocolt_source_portt_masqueradet_FirewallZone__ruleRt
_interfacet_sourceRR>RR=RfR@Rg(R#tenableR)RVRyRQRWR0RRARRD((s9/usr/lib/python2.7/site-packages/firewall/core/fw_zone.pyt__zone_settingssd
 





	cCs|jt||dS(N(t_FirewallZone__zone_settingsRZ(R#R)RV((s9/usr/lib/python2.7/site-packages/firewall/core/fw_zone.pytapply_zone_settingsWscCs|jt||dS(N(RtFalse(R#R)RV((s9/usr/lib/python2.7/site-packages/firewall/core/fw_zone.pyRTZscCsK|j|}t|jdkrGt|jdkrG|j|ndS(Ni(R"RYR.R5RT(R#R)RQ((s9/usr/lib/python2.7/site-packages/firewall/core/fw_zone.pytunapply_zone_settings_if_unused]s
*cCst|j|j}|dtkr8d|d<n|j||d<|j||d<|j||d<|j||d<|j||d<|j	||d<|j
||d	<|j||d
<|j||d<|j
||d<|j||d
<t|S(sH
        :return: exported config updated with runtime settings
        itdefaultiiiii	i
iii
ii(tlistR<t
export_configRt
list_servicest
list_portstlist_icmp_blockstquery_masqueradetlist_forward_portstlist_interfacestlist_sourcest
list_rulestlist_protocolstlist_source_portstquery_icmp_block_inversionttuple(R#R)tconf((s9/usr/lib/python2.7/site-packages/firewall/core/fw_zone.pytget_config_with_settingsbs
cCs|jj|dS(N(R'tcheck_interface(R#R2((s9/usr/lib/python2.7/site-packages/firewall/core/fw_zone.pyRxscCs}|jj|}|j|}|j|}||jdkry|jd|}d|kry|ddk	ry|dSndS(NR.R(R'R:R"R/R0R1(R#R)R2RyRR3R0((s9/usr/lib/python2.7/site-packages/firewall/core/fw_zone.pytinterface_get_sender{s
cCs|j||S(N(R(R#R2((s9/usr/lib/python2.7/site-packages/firewall/core/fw_zone.pyt__interface_ids
c	Cs|jj|jj|}|j|}|j|}||jdkrmttjd||fn|j	|dk	rttjd|ntj
d||f|dkr|j|}n|}|js|j|d||j|j|tn|jt||||j|||||j|j|||jt|||dkr||jtn|S(NR.s'%s' already bound to '%s's'%s' already bound to a zones&Setting zone of interface '%s' to '%s'RV(R'tcheck_panicR:R"R/R0RRtZONE_ALREADY_SETR4R1t
ZONE_CONFLICTRR[R*RSRtadd_failRkRRRZt!_FirewallZone__register_interfacet#_FirewallZone__unregister_interfacetadd_postRRg(	R#R)R2RRVRyRR3RW((s9/usr/lib/python2.7/site-packages/firewall/core/fw_zone.pyRds8

			cCsC|jd||jd|<|p-|dk|jd|d<dS(NiR.tt__default__(t_FirewallZone__gen_settingsR0(R#RR3R)R((s9/usr/lib/python2.7/site-packages/firewall/core/fw_zone.pyt__register_interfacescCsv|jj|j|}|jj|}||kr>|S|dk	r]|j||n|j|||}|S(N(R'RR4R:R1tremove_interfaceRd(R#R)R2Rt	_old_zonet	_new_zoneRy((s9/usr/lib/python2.7/site-packages/firewall/core/fw_zone.pyRs
cCs|jj|dkr(|j}n|}|j|}|j|||jt|d|dt|dk	r|dkr|j|}|jt|d|dtn|dkr|j	tndS(Nt+R|R(
R'RR1R(RWRRRZRRg(R#told_zonetnew_zoneRhRiRW((s9/usr/lib/python2.7/site-packages/firewall/core/fw_zone.pytchange_default_zones
c	Cs|jj|j|}|dkrAttjd|n|dkrS|n|jj|}||krttjd|||fn|dkr|j	|}n|}|j
|}|j|}|jt
||||j|j|||dkr|jtn|S(Ns'%s' is not in any zoneRs"remove_interface(%s, %s): zoi='%s'(R'RR4R1RRtUNKNOWN_INTERFACER:RR*R"R/RRRRRgRZ(	R#R)R2RVtzoiRyRWRR3((s9/usr/lib/python2.7/site-packages/firewall/core/fw_zone.pyRs*
	$	
cCs(||jdkr$|jd|=ndS(NR.(R0(R#RR3((s9/usr/lib/python2.7/site-packages/firewall/core/fw_zone.pyt__unregister_interfacescCs |j||j|dkS(NR.(R/R(R#R)R2((s9/usr/lib/python2.7/site-packages/firewall/core/fw_zone.pytquery_interfacescCs|j|djS(NR.(RR,(R#R)((s9/usr/lib/python2.7/site-packages/firewall/core/fw_zone.pyR	scCst|rdSt|r dSt|r0dS|jdrr|j|d|j|d|j|dSttj	|dS(NRtRuRsipset:i(
RRR
t
startswitht_check_ipset_type_for_sourcet_check_ipset_appliedt
_ipset_familyRRtINVALID_ADDR(R#R7((s9/usr/lib/python2.7/site-packages/firewall/core/fw_zone.pytcheck_sourcescCs|j|}||fS(N(R(R#R7Rw((s9/usr/lib/python2.7/site-packages/firewall/core/fw_zone.pyt__source_idsc	Cs||jj|jj|}|j|}t|rG|j}n|j|}||jdkrtt	j
d||fn|j|dk	rtt	j
d|n|dkr|j|}n|}|js|j|d||j|j|tn|jt||d|d||j|||||j|j|||dkrx|jtn|S(NR5s'%s' already bound to '%s's'%s' already bound to a zoneRVii(R'RR:R"R
tupperR6R0RRRR9R1RR*RSRRRkRRRZt_FirewallZone__register_sourcet _FirewallZone__unregister_sourceRg(	R#R)R7RRVRyRR8RW((s9/usr/lib/python2.7/site-packages/firewall/core/fw_zone.pyRe s4

			!cCsC|jd||jd|<|p-|dk|jd|d<dS(NiR5RR(RR0(R#RR8R)R((s9/usr/lib/python2.7/site-packages/firewall/core/fw_zone.pyt__register_sourceFscCs|jj|j|}|jj|}||kr>|St|rY|j}n|dk	rx|j||n|j|||}|S(N(	R'RR9R:R
RR1t
remove_sourceRe(R#R)R7RRRRy((s9/usr/lib/python2.7/site-packages/firewall/core/fw_zone.pyRLs
c	CsE|jjt|r(|j}n|j|}|dkr\ttjd|n|dkrn|n|jj	|}||krttj
d|||fn|dkr|j|}n|}|j|}|j
|}|jt||d|d||j|j|||dkrA|jtn|S(Ns'%s' is not in any zoneRsremove_source(%s, %s): zos='%s'ii(R'RR
RR9R1RRtUNKNOWN_SOURCER:RR*R"R6RRRRRgRZ(	R#R)R7RVtzosRyRWRR8((s9/usr/lib/python2.7/site-packages/firewall/core/fw_zone.pyR^s.
	$	
!cCs(||jdkr$|jd|=ndS(NR5(R0(R#RR8((s9/usr/lib/python2.7/site-packages/firewall/core/fw_zone.pyt__unregister_sourcescCs;t|r|j}n|j||j|dkS(NR5(R
RR6R(R#R)R7((s9/usr/lib/python2.7/site-packages/firewall/core/fw_zone.pytquery_sourcescCs.g|j|djD]}|d^qS(NR5i(RR,(R#R)tk((s9/usr/lib/python2.7/site-packages/firewall/core/fw_zone.pyRscCs|jdS(N(tcheck(R#trule((s9/usr/lib/python2.7/site-packages/firewall/core/fw_zone.pyt
check_rulescCs|j|t|S(N(RR=(R#R((s9/usr/lib/python2.7/site-packages/firewall/core/fw_zone.pyt	__rule_ids
cCs|s
dS|jr<t|jr&dSt|jrdSndt|drX|jrXdSt|dr|jr|j|j|j|j|j	|jSdS(NRtRutmacRtipset(
R1taddrRRthasattrRRRRR(R#R7((s9/usr/lib/python2.7/site-packages/firewall/core/fw_zone.pyt_rule_source_ipvs	cCsRy|j|||||}Wn,tk
rM}tjt|d}nX|S(N(t
_rule_prepareRRR>R=R1(R#RR)RRRWRRD((s9/usr/lib/python2.7/site-packages/firewall/core/fw_zone.pyt__rules

icCs|jj|}|jj||jj|j|}|j|}||jdkr}ttj	d||fn|dkr|j|}	n|}	|jr|j
t||d|	}
nd}
|j|||
|||	j|j|||dkr|	jtn|S(NRNs'%s' already in '%s'(R'R:t
check_timeoutRR"t_FirewallZone__rule_idR0RRtALREADY_ENABLEDR1R*RSRRZt_FirewallZone__register_ruleRt_FirewallZone__unregister_ruleRg(R#R)RRRRVRyRtrule_idRWR((s9/usr/lib/python2.7/site-packages/firewall/core/fw_zone.pyRcs&

		cCs'|j||d||jd|<dS(NRRN(RR0(R#RRRRR((s9/usr/lib/python2.7/site-packages/firewall/core/fw_zone.pyt__register_rulesc	Cs!|jj|}|jj|j|}|j|}||jdkrmttjd||fn|dkr|j
|}n|}d|jd|kr|jd|d}nd}|jr|jt
||||n|j|j|||dkr|jtn|S(NRNs'%s' not in '%s'R(R'R:RR"RR0RRtNOT_ENABLEDR1R*RSRRRRRgRZ(	R#R)RRVRyRRRWR((s9/usr/lib/python2.7/site-packages/firewall/core/fw_zone.pytremove_rules&

		cCs(||jdkr$|jd|=ndS(NRN(R0(R#RR((s9/usr/lib/python2.7/site-packages/firewall/core/fw_zone.pyt__unregister_rulescCs |j||j|dkS(NRN(RR(R#R)R((s9/usr/lib/python2.7/site-packages/firewall/core/fw_zone.pyt
query_rulescCst|j|djS(NRN(RRR,(R#R)((s9/usr/lib/python2.7/site-packages/firewall/core/fw_zone.pyRscCs|jj|dS(N(R't
check_service(R#tservice((s9/usr/lib/python2.7/site-packages/firewall/core/fw_zone.pyRscCs|j||S(N(R(R#R((s9/usr/lib/python2.7/site-packages/firewall/core/fw_zone.pyt__service_ids
c
Cs|jj|}|jj||jj|j|}|j|}||jdkr}ttj	d||fn|dkr|j|}	n|}	|jr|j
t|||	n|j|||||	j|j|||dkr|	jtn|S(NRHs'%s' already in '%s'(R'R:RRR"t_FirewallZone__service_idR0RRRR1R*RSRRZt_FirewallZone__register_serviceRt!_FirewallZone__unregister_serviceRg(
R#R)RRRRVRyRt
service_idRW((s9/usr/lib/python2.7/site-packages/firewall/core/fw_zone.pyR^s$

		cCs!|j|||jd|<dS(NRH(RR0(R#RRRR((s9/usr/lib/python2.7/site-packages/firewall/core/fw_zone.pyt__register_servicescCs|jj|}|jj|j|}|j|}||jdkrmttjd||fn|dkr|j
|}n|}|jr|jt
|||n|j|j|||dkr|jtn|S(NRHs'%s' not in '%s'(R'R:RR"RR0RRRR1R*RSRRRRRgRZ(R#R)RRVRyRRRW((s9/usr/lib/python2.7/site-packages/firewall/core/fw_zone.pytremove_service#s"

		cCs(||jdkr$|jd|=ndS(NRH(R0(R#RR((s9/usr/lib/python2.7/site-packages/firewall/core/fw_zone.pyt__unregister_service>scCs |j||j|dkS(NRH(RR(R#R)R((s9/usr/lib/python2.7/site-packages/firewall/core/fw_zone.pyt
query_serviceBscCs|j|djS(NRH(RR,(R#R)((s9/usr/lib/python2.7/site-packages/firewall/core/fw_zone.pyREscCs7g}x*|D]"}y|jjj|}Wn#tk
rQttj|nX|j|jjkrttjd|jn|jjdkr"t	|j
dkr"x|jj|jD]]}y|jjj|}Wn.tk
r
|rtjd|qqnX|j
|qWq
|j
|q
W|S(Ns'%s' is not availableiisHelper '%s' is not available(R'thelpert
get_helperRRtINVALID_HELPERtmoduletnf_conntrack_helperstnf_conntrack_helper_settingRYRIRR>R|(R#tmodulesRt_helpersRRtmodt_helper((s9/usr/lib/python2.7/site-packages/firewall/core/fw_zone.pytget_helpers_for_service_modulesHs,


cCs$|jj||jj|dS(N(R't
check_porttcheck_tcpudp(R#tporttprotocol((s9/usr/lib/python2.7/site-packages/firewall/core/fw_zone.pyRfscCs#|j||t|d|fS(Nt-(RR(R#R	R
((s9/usr/lib/python2.7/site-packages/firewall/core/fw_zone.pyt	__port_idjscCs|jj|}|jj||jj|j|}|j||}	|	|jdkrttj	d|||fn|dkr|j|}
n|}
|jr|j
t||||
n|j||	|||
j|j||	|dkr|
jtn|S(NRIs'%s:%s' already in '%s'(R'R:RRR"t_FirewallZone__port_idR0RRRR1R*RSRRZt_FirewallZone__register_portRt_FirewallZone__unregister_portRg(R#R)R	R
RRRVRyRtport_idRW((s9/usr/lib/python2.7/site-packages/firewall/core/fw_zone.pyR_ns&

			cCs!|j|||jd|<dS(NRI(RR0(R#RRRR((s9/usr/lib/python2.7/site-packages/firewall/core/fw_zone.pyt__register_portsc	Cs|jj|}|jj|j|}|j||}||jdkrsttjd|||fn|dkr|j
|}n|}|jr|jt
||||n|j|j|||dkr|jtn|S(NRIs'%s:%s' not in '%s'(R'R:RR"R
R0RRRR1R*RSRRRRRgRZ(	R#R)R	R
RVRyRRRW((s9/usr/lib/python2.7/site-packages/firewall/core/fw_zone.pytremove_ports"

		cCs(||jdkr$|jd|=ndS(NRI(R0(R#RR((s9/usr/lib/python2.7/site-packages/firewall/core/fw_zone.pyt__unregister_portscCs#|j|||j|dkS(NRI(R
R(R#R)R	R
((s9/usr/lib/python2.7/site-packages/firewall/core/fw_zone.pyt
query_portscCst|j|djS(NRI(RRR,(R#R)((s9/usr/lib/python2.7/site-packages/firewall/core/fw_zone.pyRscCs%t|s!ttj|ndS(N(RRRtINVALID_PROTOCOL(R#R
((s9/usr/lib/python2.7/site-packages/firewall/core/fw_zone.pytcheck_protocolscCs|j||S(N(R(R#R
((s9/usr/lib/python2.7/site-packages/firewall/core/fw_zone.pyt
__protocol_ids
c
Cs|jj|}|jj||jj|j|}|j|}||jdkr}ttj	d||fn|dkr|j|}	n|}	|jr|j
t|||	n|j|||||	j|j|||dkr|	jtn|S(NROs'%s' already in '%s'(R'R:RRR"t_FirewallZone__protocol_idR0RRRR1R*RSRRZt _FirewallZone__register_protocolRt"_FirewallZone__unregister_protocolRg(
R#R)R
RRRVRyRtprotocol_idRW((s9/usr/lib/python2.7/site-packages/firewall/core/fw_zone.pyR`s$

		cCs!|j|||jd|<dS(NRO(RR0(R#RRRR((s9/usr/lib/python2.7/site-packages/firewall/core/fw_zone.pyt__register_protocolscCs|jj|}|jj|j|}|j|}||jdkrmttjd||fn|dkr|j
|}n|}|jr|jt
|||n|j|j|||dkr|jtn|S(NROs'%s' not in '%s'(R'R:RR"RR0RRRR1R*RSRRRRRgRZ(R#R)R
RVRyRRRW((s9/usr/lib/python2.7/site-packages/firewall/core/fw_zone.pytremove_protocols"

		cCs(||jdkr$|jd|=ndS(NRO(R0(R#RR((s9/usr/lib/python2.7/site-packages/firewall/core/fw_zone.pyt__unregister_protocolscCs |j||j|dkS(NRO(RR(R#R)R
((s9/usr/lib/python2.7/site-packages/firewall/core/fw_zone.pytquery_protocolscCst|j|djS(NRO(RRR,(R#R)((s9/usr/lib/python2.7/site-packages/firewall/core/fw_zone.pyRscCs#|j||t|d|fS(NR(RR(R#R	R
((s9/usr/lib/python2.7/site-packages/firewall/core/fw_zone.pyt__source_port_idscCs|jj|}|jj||jj|j|}|j||}	|	|jdkrttj	d|||fn|dkr|j|}
n|}
|jr|j
t||||
n|j||	|||
j|j||	|dkr|
jtn|S(NRLs'%s:%s' already in '%s'(R'R:RRR"t_FirewallZone__source_port_idR0RRRR1R*RSRRZt#_FirewallZone__register_source_portRt%_FirewallZone__unregister_source_portRg(R#R)R	R
RRRVRyRRRW((s9/usr/lib/python2.7/site-packages/firewall/core/fw_zone.pyRa	s&

			cCs!|j|||jd|<dS(NRL(RR0(R#RRRR((s9/usr/lib/python2.7/site-packages/firewall/core/fw_zone.pyt__register_source_port&sc	Cs|jj|}|jj|j|}|j||}||jdkrsttjd|||fn|dkr|j
|}n|}|jr|jt
||||n|j|j|||dkr|jtn|S(NRLs'%s:%s' not in '%s'(R'R:RR"R!R0RRRR1R*RSRRRR#RgRZ(	R#R)R	R
RVRyRRRW((s9/usr/lib/python2.7/site-packages/firewall/core/fw_zone.pytremove_source_port*s"

		cCs(||jdkr$|jd|=ndS(NRL(R0(R#RR((s9/usr/lib/python2.7/site-packages/firewall/core/fw_zone.pyt__unregister_source_portEscCs#|j|||j|dkS(NRL(R!R(R#R)R	R
((s9/usr/lib/python2.7/site-packages/firewall/core/fw_zone.pytquery_source_portIscCst|j|djS(NRL(RRR,(R#R)((s9/usr/lib/python2.7/site-packages/firewall/core/fw_zone.pyRMscCstS(N(RZ(R#((s9/usr/lib/python2.7/site-packages/firewall/core/fw_zone.pyt__masquerade_idRsc	Cs|jj|}|jj||jj|j|}|j}||jdkrtttj	d|n|dkr|j|}n|}|jr|j
t||n|j|||||j|j|||dkr|jtn|S(NRJs"masquerade already enabled in '%s'(R'R:RRR"t_FirewallZone__masquerade_idR0RRRR1R*RSRRZt"_FirewallZone__register_masqueradeRt$_FirewallZone__unregister_masqueradeRg(	R#R)RRRVRyRt
masquerade_idRW((s9/usr/lib/python2.7/site-packages/firewall/core/fw_zone.pyRbUs&

		cCs!|j|||jd|<dS(NRJ(RR0(R#RR,RR((s9/usr/lib/python2.7/site-packages/firewall/core/fw_zone.pyt__register_masqueraderscCs|jj|}|jj|j|}|j}||jdkrdttjd|n|dkr|j
|}n|}|jr|jt
||n|j|j|||dkr|jtn|S(NRJsmasquerade not enabled in '%s'(R'R:RR"R)R0RRRR1R*RSRRRR+RgRZ(R#R)RVRyRR,RW((s9/usr/lib/python2.7/site-packages/firewall/core/fw_zone.pytremove_masqueradevs"

		cCs(||jdkr$|jd|=ndS(NRJ(R0(R#RR,((s9/usr/lib/python2.7/site-packages/firewall/core/fw_zone.pyt__unregister_masqueradescCs|j|j|dkS(NRJ(R)R(R#R)((s9/usr/lib/python2.7/site-packages/firewall/core/fw_zone.pyRscCs|jj||jj||r9|jj|n|rft||sfttj|qfn|r|rttjdndS(Ns.port-forwarding is missing to-port AND to-addr(R'RRR	RRRtINVALID_FORWARD(R#RwR	R
ttoportttoaddr((s9/usr/lib/python2.7/site-packages/firewall/core/fw_zone.pytcheck_forward_portscCsltd|r+|jd||||n|jd||||t|d|t|dt|fS(NRuRtR(R	R3RR=(R#R	R
R1R2((s9/usr/lib/python2.7/site-packages/firewall/core/fw_zone.pyt__forward_port_ids
c	
CsE|jj|}	|jj||jj|j|	}
|j||||}||
jdkrttj	d|||||	fn|jj
}|dkr|j|	}
n|}
|
j
r|jt|	|
||||d|n|j|
|||||
j|j|
|||dkrA|
jtn|	S(NRKs'%s:%s:%s:%s' already in '%s'R(R'R:RRR"t_FirewallZone__forward_port_idR0RRRtnew_markR1R*RSRRZt$_FirewallZone__register_forward_portRt&_FirewallZone__unregister_forward_portRg(R#R)R	R
R1R2RRRVRyRt
forward_idRRW((s9/usr/lib/python2.7/site-packages/firewall/core/fw_zone.pyR]s,

		
cCs'|j||d||jd|<dS(NRRK(RR0(R#RR9RRR((s9/usr/lib/python2.7/site-packages/firewall/core/fw_zone.pyt__register_forward_portsc
Cs"|jj|}|jj|j|}|j||||}	|	|jdkrttjd|||||fn|jd|	d}
|dkr|j
|}n|}|jr|jt
||||||d|
n|j|j||	|
|dkr|jtn|S(NRKs'%s:%s:%s:%s' not in '%s'RR(R'R:RR"R5R0RRRR1R*RSRRRR8RgRZ(R#R)R	R
R1R2RVRyRR9RRW((s9/usr/lib/python2.7/site-packages/firewall/core/fw_zone.pytremove_forward_ports(

		
cCs8||jdkr$|jd|=n|jj|dS(NRK(R0R'tdel_mark(R#RR9R((s9/usr/lib/python2.7/site-packages/firewall/core/fw_zone.pyt__unregister_forward_portscCs/|j||||}||j|dkS(NRK(R5R(R#R)R	R
R1R2R9((s9/usr/lib/python2.7/site-packages/firewall/core/fw_zone.pytquery_forward_portscCst|j|djS(NRK(RRR,(R#R)((s9/usr/lib/python2.7/site-packages/firewall/core/fw_zone.pyRscCs|jj|dS(N(R'tcheck_icmptype(R#ticmp((s9/usr/lib/python2.7/site-packages/firewall/core/fw_zone.pytcheck_icmp_blockscCs|j||S(N(RA(R#R@((s9/usr/lib/python2.7/site-packages/firewall/core/fw_zone.pyt__icmp_block_ids
c
Cs|jj|}|jj||jj|j|}|j|}||jdkr}ttj	d||fn|dkr|j|}	n|}	|jr|j
t|||	n|j|||||	j|j|||dkr|	jtn|S(NRMs'%s' already in '%s'(R'R:RRR"t_FirewallZone__icmp_block_idR0RRRR1R*RSRRZt"_FirewallZone__register_icmp_blockRt$_FirewallZone__unregister_icmp_blockRg(
R#R)R@RRRVRyRticmp_idRW((s9/usr/lib/python2.7/site-packages/firewall/core/fw_zone.pyR\	s$

		cCs!|j|||jd|<dS(NRM(RR0(R#RRFRR((s9/usr/lib/python2.7/site-packages/firewall/core/fw_zone.pyt__register_icmp_block%scCs|jj|}|jj|j|}|j|}||jdkrmttjd||fn|dkr|j
|}n|}|jr|jt
|||n|j|j|||dkr|jtn|S(NRMs'%s' not in '%s'(R'R:RR"RCR0RRRR1R*RSRRRRERgRZ(R#R)R@RVRyRRFRW((s9/usr/lib/python2.7/site-packages/firewall/core/fw_zone.pytremove_icmp_block)s"

		cCs(||jdkr$|jd|=ndS(NRM(R0(R#RRF((s9/usr/lib/python2.7/site-packages/firewall/core/fw_zone.pyt__unregister_icmp_blockCscCs |j||j|dkS(NRM(RCR(R#R)R@((s9/usr/lib/python2.7/site-packages/firewall/core/fw_zone.pytquery_icmp_blockGscCs|j|djS(NRM(RR,(R#R)((s9/usr/lib/python2.7/site-packages/firewall/core/fw_zone.pyRJscCstS(N(RZ(R#((s9/usr/lib/python2.7/site-packages/firewall/core/fw_zone.pyt__icmp_block_inversion_idOsc	Csz|jj|}|jj|j|}|j}||jdkrdttjd|n|dkr|j
|}n|}|jrx1|j|dD]}|j
t|||qW|jt||n|j||||j|j||||jrZx1|j|dD]}|j
t|||q$W|jt||n|dkrv|jtn|S(NRPs,icmp-block-inversion already enabled in '%s'RM(R'R:RR"t&_FirewallZone__icmp_block_inversion_idR0RRRR1R*RSRRRRft,_FirewallZone__register_icmp_block_inversionRt(_FirewallZone__undo_icmp_block_inversionRZRg(	R#R)RRVRyRticmp_block_inversion_idRWRA((s9/usr/lib/python2.7/site-packages/firewall/core/fw_zone.pyRXRs4

		cCs!|jd||jd|<dS(NiRP(RR0(R#RROR((s9/usr/lib/python2.7/site-packages/firewall/core/fw_zone.pyt__register_icmp_block_inversion{scCs|j|}|jrOx4|j|dD]}|jt|||q,Wn||jdkrs|jd|=n|jrx4|j|dD]}|jt|||qWn|jtdS(NRMRP(R*RSRRRR0RZRg(R#RyRRORWRA((s9/usr/lib/python2.7/site-packages/firewall/core/fw_zone.pyt__undo_icmp_block_inversions		cCsw|jj|}|jj|j|}|j}||jdkrdttjd|n|dkr|j
|}n|}|jrx1|j|dD]}|j
t|||qW|jt||n|j|||j|j||d|jrWx1|j|dD]}|j
t|||q!W|jt||n|dkrs|jtn|S(NRPs(icmp-block-inversion not enabled in '%s'RM(R'R:RR"RLR0RRRR1R*RSRRRRft._FirewallZone__unregister_icmp_block_inversionRRMRZRg(R#R)RVRyRRORWRA((s9/usr/lib/python2.7/site-packages/firewall/core/fw_zone.pytremove_icmp_block_inversions4

		
	cCs(||jdkr$|jd|=ndS(NRP(R0(R#RRO((s9/usr/lib/python2.7/site-packages/firewall/core/fw_zone.pyt!__unregister_icmp_block_inversionscCs|j|j|dkS(NRP(RLR(R#R)((s9/usr/lib/python2.7/site-packages/firewall/core/fw_zone.pyRs	N(vt__name__t
__module__R$R&R(R*R-R4R9R<RERRRUR1RjRkRsRzRRRRRRRTRRRRR/RdRRRRRRRRR6ReRRRRRRRRRRRcRRRRRRRR^RRRRRRRR
R_RRRRRRRR`RRRRRR!RaR"R%R#R'RR)RbR*R.R+RR3R5R]R7R;R8R>RRARCR\RDRHRERJRRLRXRMRNRSRRR(((s9/usr/lib/python2.7/site-packages/firewall/core/fw_zone.pyR(s											<			
		);					)	$					&	 							
																																
	 										(		(	tFirewallZoneIPTablescBseZdZdZedZdZdZdZdZ	dZ
dZd	Zd
Z
dZdZd
ZdZdZdZdZdZdZdZeeedZdZdZRS(cs||_i|_i|_|jjd}|jjd}g}d|kra|jdnd|kr}|jdng}d|kr|jdnd|kr|jdng}d|kr|jdnd|kr|jdnd|kr|jdnd|kr1|jdniiddgd6ddgd6ddgd6d	6i|d
6|d6d6i|d
6d6i|d
6d6|_idd
6d
d6dd6dd6d
d6d
d6|_idd6dd
6fd|jjD|_	dS(NRtRutmangletrawtnattINPUTt
FORWARD_INtFORWARD_OUTtfiltert
PREROUTINGtPOSTROUTINGs-is-otOUTPUTs-ss-dcs#i|]\}}||qS(((RFRtval(ttbl(s9/usr/lib/python2.7/site-packages/firewall/core/fw_zone.pys
<dictcomp>s	(
R'R!R"tget_available_tablesR|R}tzone_chainstinterface_zone_optstitemstsource_zone_opts(R#tfwtip4tables_tablestip6tables_tablesRXRYRZ((Rcs9/usr/lib/python2.7/site-packages/firewall/core/fw_zone.pyt__init__s\			




cCsx|D]y\}}|r[||jkr||j|kr||j||krqqn?||jks||j|ks||j||krqntjdt|d|}g}||jjdkr|jdn||jjdkr|jdnxE|D]=}	t|jt	|d|d|d|g|j
|	d|d	|g|j
|	dd|d	|g|j
|	dd|d	|g|j
|	dd|d	|g|j
|	d
|dd	|dd|g|j
|	d
|d
d	|dd|g|j
|	d
|dd	|dd|g|j|j}
|dkr|
dkr|d kr|j
|	d
|dd	|d|
gn|jj
dkr|dkrP|d!krP|
d"kr	|j
|	d
|dd	|ddddd|g
n|
dkrM|j
|	d
|dd	|ddddd|g
qMqPqqW|j||||j|j|||qWdS(#NRpR)RtRus%s_logs%s_denys%s_allows-Ns-ts-It1s-jt2t3R^tACCEPTtREJECTs
%%REJECT%%tDROPR[R\R]Rat4toffs%%LOGTYPE%%tLOGs--log-prefixs
"%s_REJECT: "s"%s_DROP: "(RpRqs
%%REJECT%%Rr(sINPUTs
FORWARD_INsFORWARD_OUTsOUTPUT(sINPUTs
FORWARD_INsFORWARD_OUTsOUTPUT(Rqs
%%REJECT%%(R!RtformatRR'RdR|RtupdatetsetRcR"ttargettget_log_deniedRR(R#R)R~RRiRxRpRytipvsRwRy((s9/usr/lib/python2.7/site-packages/firewall/core/fw_zone.pyRv	sn		
   		c
Cs+x$|jD]}x|j|D]}|r=|j||nx|j||D]}|j|}	tjdt|d|}
|j|jtkrd}nd}|r|rdd|dg}n)|rdd|g}nd	d|g}|d
||	|||
g7}|j||qOWqWq
WdS(NRpR)s-gs-js-Is%s_ZONESRms-As-Ds-t(	Ret	add_chainRfRRvRR"RyRc(
R#RR)R2RWR|RxRpRwtoptRytactionR((s9/usr/lib/python2.7/site-packages/firewall/core/fw_zone.pyROs$
		
cCs2|jjj|dkrdS|jjj|S(Nshash:mac(R'Rtget_typeR1t
get_family(R#R@((s9/usr/lib/python2.7/site-packages/firewall/core/fw_zone.pyRlscCs|jjj|S(N(R'RR(R#R@((s9/usr/lib/python2.7/site-packages/firewall/core/fw_zone.pyt__ipset_typeqscCs#dj|g|jjj|S(Nt,(tjoinR'Rt
get_dimension(R#R@tflag((s9/usr/lib/python2.7/site-packages/firewall/core/fw_zone.pyt__ipset_match_flagswscCs|jjj|S(N(R'Rt
check_applied(R#R@((s9/usr/lib/python2.7/site-packages/firewall/core/fw_zone.pyRzscCs>|j|}|tkr:ttjd||fndS(Ns.ipset '%s' with type '%s' not usable as source(t!_FirewallZoneIPTables__ipset_typeRRRt
INVALID_IPSET(R#R@t_type((s9/usr/lib/python2.7/site-packages/firewall/core/fw_zone.pyR}scCs	t|r|j}nidt6dt6|}|dksK|dkrxddgD]W}xN|jD]C}x:|j|D]+}|r|j||n|j|jt	krd}	nd}	t	j
dt|d	|}
|j|}|j
d
r]|d}|dkrd
}nd}|j||}
|d|d|ddd||
|	|
g}n:|dkroq|n|d|d|ddd||	|
g
}|j||q|WqhWqXWnOxL|jD]A}x8|j|D])}|r|j||n|j|jt	krd}	nd}	t	j
dt|d	|}
|j|}|d|d|g}|j
d
r|d}|dkrd
}nd}|j||}
|d|d|ddd||
|	|
g}n"|d|d||||	|
g}|j||qWqWdS(Ns-As-DRRtRus-gs-jRpR)sipset:is-dtdsttsrcs%s_ZONES_SOURCEs-ts-mRxs--match-setRs--mac-source(R
RRZRR1ReR|R"RyRRvRRhRt(_FirewallZoneIPTables__ipset_match_flagsRc(R#RR)RwR7RWtadd_delRxRpR~RyR}t_nametflagsR((s9/usr/lib/python2.7/site-packages/firewall/core/fw_zone.pyRsr		

	

		

	

cCs|r|jr>|jr(|jdn|d|jg7}qt|dr|jr|ddg7}|jr|jdn|d|jg7}qt|dr|jr|ddg7}|jr|jdn|j|jd}|d	|j|g7}qndS(
Nt!s-sRs-ms--mac-sourceRRxRs--match-set(RtinvertR|RRRR(R#R7tcommandR((s9/usr/lib/python2.7/site-packages/firewall/core/fw_zone.pyt
__rule_sources 				cCs9|r5|jr|jdn|d|jg7}ndS(NRs-d(RR|R(R#tdestinationR((s9/usr/lib/python2.7/site-packages/firewall/core/fw_zone.pyt__rule_destinations	cCs|rddd|jgSgS(Ns-mtlimits--limit(tvalue(R#R((s9/usr/lib/python2.7/site-packages/firewall/core/fw_zone.pyt__rule_limitscCs|js
dSd|}|}	|	ddg7}	|jjrW|	dd|jjg7}	n|jjr|	dd|jjg7}	n|	|j|jj7}	idt6dt6|}
|
|d	|g}||	7}|j||dS(
Ns%s_logs-jRus--log-prefixs"%s"s--log-levels-As-Ds-t(Rtprefixtlevelt!_FirewallZoneIPTables__rule_limitRRZRRc(R#RRwRxRyRRRWRpt_commandRt_rule((s9/usr/lib/python2.7/site-packages/firewall/core/fw_zone.pyt
__rule_logs	

c
Cs|js
dSd|}|}	t|jtkr<d}
nBt|jtkrZd}
n$t|jtkrxd}
nd}
|	ddd|
g7}	|	|j|jj7}	id	t6d
t	6|}||d|g}||	7}|j
||dS(Ns%s_logtaccepttrejecttdroptunknowns-jtAUDITs--types-As-Ds-t(tauditttypeR~RR
RRRRZRRc(
R#RRwRxRyRRRWRpRRRR((s9/usr/lib/python2.7/site-packages/firewall/core/fw_zone.pyt__rule_audits"	
			
c	
Cs|js
dS|}	t|jtkrFd|}
|	ddg7}	n!t|jtkrd|}
|	ddg7}	|jjrg|	d|jjg7}	qgnt|jtkrd|}
|	ddg7}	nt|jtkrH|r|jdd	nd}tjd
t	d	d|}d|}
|	ddd
|jj
g7}	nttj
dt|j|	|j|jj7}	idt6dt6|}||
d|g}||	7}|j||dS(Ns%s_allows-jRps%s_denyRqs
--reject-withRrRXR_RpR)tMARKs--set-xmarksUnknown action %ss-As-Ds-t(R~RRR
RRR|RRvRRxRRtINVALID_RULERRRZRRc(
R#RR)RwRxRyRRRWRRpRR((s9/usr/lib/python2.7/site-packages/firewall/core/fw_zone.pyt
__rule_action!s:	


	
	
c Cs|jdk	r|jg}nddg}idt6dt6|}|j|j}|dk	r|dkr|jdk	r|j|krttjd||jfqq|g}nx|D]}	t	|j
tkr|jj
j|j
j}
t|
jdkru|	|
jkrAttjd|j
j|	fn|
j|	dkru|jruttjd	qund
}|r|j|d|jjdkr|jdd
qnt	|jtkr|j|
j|}g}
x!|D]}|j}|jjdkr|j|jj|krCttjd|n|jdkrg|j|	krgqnt|jdkr|
j|q	xz|jD]\}}tjdtd
d|}|d|ddd|g}|r|ddt |g7}n|	|
jkr9|
j|	dkr9|d|
j|	g7}n|ddd|jg7}|j!|j||j"|	||j#dd}||jj$kr|
j|qqWq|j|
kr|
j|j|jj#dd}||jj$kr	|
j|q	qqW|j%|
ntjdtdd|}x@|
jD]5\}}g}|j!|j||j&|j||d|g7}|r|ddt |g7}n|	|
jkr|
j|	dkr|d|
j|	g7}nt	|jt'kr|ddddg7}n|j(||	||||||j)||	||||||j*|||	|||||qCWx|
j+D]}g}|j!|j||j&|j||d|g7}|	|
jkr|
j|	dkr|d|
j|	g7}nt	|jt'kr2|ddddg7}n|j(||	||||||j)||	||||||j*|||	|||||qWx!|
j,D]5\}}g}|j!|j||j&|j||d|g7}|r|d dt |g7}n|	|
jkrG|
j|	dkrG|d|
j|	g7}nt	|jt'kru|ddddg7}n|j(||	||||||j)||	||||||j*|||	|||||qWqt	|j
t-kr3	|j
j.}|j
j/}|j0||d
}|r8|j|dntjdtdd|}g}|j!|j||j&|j||d|d|dt |g7}t	|jt'kr|ddddg7}n|j(||	||||||j)||	||||||j*|||	|||||qt	|j
t1kri
|j
j2}|j3|d
}|r	|j|dntjdtdd|}g}|j!|j||j&|j||d|g7}t	|jt'kr
|ddddg7}n|j(||	||||||j)||	||||||j*|||	|||||qt	|j
t4kr|r
|jdd!|jd
d"|j5t6|	ntjdtd!d|}g}|j!|j||j&|j||d#d$d%dd&g7}|d|ddg}||7}|j"|	|tjdtd"d|}g}|j!|j||j&|j||dddddd'g7}|d|dd
g}||7}|j"|	|qt	|j
t7kr|j
j.}|j
j/}|j
j8}|j
j9}|j:|	|||||re|j5t6|	|jj;}n|sqdnd(}|r|jd)d
|jdd
|jd
|nd*|}t |}d}|r|	dkr|d+|7}q||7}n|r(
|dkr(
|d,t |d-7}ndd.d/|g}tjdtd
d|}g}|j!|j||j&|j||d|d|g7}|j(||	d)|||||dd0d1|g7}|d|dd)g}||7}|j"|	|d|g|dd2d3|g}|d|ddg}||7}|j"|	|tjdt|d|}ddddg|dd'g}|d|dd
g}||7}|j"|	||s|j5|jj<|d}qqt	|j
t=kr8|j
j.}|j
j/}|j0||d
}|r=|j|dntjdtdd|}g}|j!|j||j&|j||d|d|d t |g7}t	|jt'kr|ddddg7}n|j(||	||||||j)||	||||||j*|||	|||||qt	|j
t>ksbt	|j
t?kr|jj@jA|j
j}t	|j
t>kr|jrt	|jtkrttjd4n|jr5|	|jkr5|jdkrqnttjd5t	|j
t>krd6nd7|j
j|	fnd
}|rd|j|d|j|d(n|	dkrdd8g}dd8d9|j
jg}n$dd:g}dd;d<|j
jg}tjdtdd|}g}|j!|j||j&|j||||7}|j(||	||||||j)||	||||||jr}|j*|||	|||||n@|dd=g7}|d>|d|g}||7}|j"|	|tjdtd(d|}g}|j!|j||j&|j||||7}|j(||	||||||j)||	||||||jr|j*|||	|||||q|dd=g7}|d>|d|g}||7}|j"|	|q|j
dkrd
}|r|j|dntjdtdd|}g}|j!|j||j&|j||j(||	||||||j)||	||||||j*|||	|||||qttjd?t	|j
qW|S(@NRtRus-As-DRs;Source address family '%s' conflicts with rule family '%s'.is Service %s is not usable with %ss"Destination conflict with service.R^R[RYR_s'%s' not available in kerneliRpR)s%s_allows-ts-ps--dports%ss-ds-jtCTs--helpert	conntrackRZs-ms	--ctstatetNEWs--sportR`R]Rs-otlot
MASQUERADERpR\RXs0x%xs[%s]s:%sRRs--markRs
--set-marktDNATs--to-destinations'IcmpBlock not usable with accept actionsIcmp%s %s not usable with %stBlocktTypeR@s--icmp-types	ipv6-icmpticmp6s
--icmpv6-types
%%REJECT%%s%s_denysUnknown element %s(BtfamilyR1RZRRR7RRRRtelementRR'Rtget_serviceR@RYRR|RR~RRRRRRRIR|RRvRRt"_FirewallZoneIPTables__rule_sourceRctreplacetnf_nat_helperstadd_modulest'_FirewallZoneIPTables__rule_destinationRt_FirewallZoneIPTables__rule_logt!_FirewallZoneIPTables__rule_auditt"_FirewallZoneIPTables__rule_actionRORLRR	R
RRRRRRRRtto_portt
to_addressR3R6R<RRRticmptypetget_icmptype( R#RR)RRRWR{Rt
source_ipvRwtsvcRxthelpersRRRR	tprotoRyRt
nat_moduleRR
R1R2tfilter_chaintmark_strtport_strttoRticttmatch((s9/usr/lib/python2.7/site-packages/firewall/core/fw_zone.pyRCs	
			
		
	"""	

	
	
	



	


	 
	
			

		

	
cCs'|jjj|}|j|j|}|r|jjdkrU|jddnkg}xU|D]M}|j|j|jj	dd}	|	|jj
krb|j|	qbqbW|j||jddnidt6d	t
6|}
x5d
dgD]'}t|jdkr(||jkr(qn|jjdkrx|D]}|j}|j|jj|krttjd|n|jj	dd}	|	|jj
kr|j|	n|jd
kr|j|krqAnt|jdkr|j|qAx|jD]\}
}tjdtdd|}|
d|ddd|g}|
rs|ddt|
g7}n||jkr|j|d
kr|d|j|g7}n|ddd|jg7}|j||qWqAWnx|jD]\}
}tjdtdd|}|
d|ddd|g}|
rT|ddt|
g7}n||jkr|j|d
kr|d|j|g7}n|ddddg7}|ddg7}|j||qWxk|jD]`}tjdtdd|}|
d|ddd|ddddddg}|j||qWx|jD]\}
}tjdtdd|}|
d|ddd|g}|
r|ddt|
g7}n||jkr|j|d
kr|d|j|g7}n|ddddg7}|ddg7}|j||qBWqWdS(NiRYR_RRZR^R[s-As-DRtRus'%s' is not available in kernelRiRpR)s%s_allows-ts-ps--dports%ss-ds-jRs--helpers-ms	--ctstateRRps--sport(R'RRRRRR|R|RRRRRZRRYRR@RRRRt
add_moduleRRIRRvRRRcRORL(R#RR)RRWRRRRRRRwRR	RRyRR
((s9/usr/lib/python2.7/site-packages/firewall/core/fw_zone.pyRs

$
			"	
	"c	Cs|r|jddnidt6dt6|}xzddgD]l}tjdtdd|}|j||d	|d
dd|d|d
t|ddddddgq>WdS(NR^R[s-As-DRtRuRpR)s%s_allows-ts-ms-ps--dportRs	--ctstateRs-jRp(R|RZRRRvRRcR(	R#RR)R	R
RWRRwRy((s9/usr/lib/python2.7/site-packages/firewall/core/fw_zone.pyRJ	s		
cCs|r|jddnidt6dt6|}xhddgD]Z}tjdtdd|}|j||d	|d
dd|dd
ddddgq>WdS(NR^R[s-As-DRtRuRpR)s%s_allows-ts-ps-mRs	--ctstateRs-jRp(R|RZRRRvRRc(R#RR)R
RWRRwRy((s9/usr/lib/python2.7/site-packages/firewall/core/fw_zone.pyRZ	s		
c	Cs|r|jddnidt6dt6|}xzddgD]l}tjdtdd|}|j||d	|d
dd|d|d
t|ddddddgq>WdS(NR^R[s-As-DRtRuRpR)s%s_allows-ts-ms-ps--sportRs	--ctstateRs-jRp(R|RZRRRvRRcR(	R#RR)R	R
RWRRwRy((s9/usr/lib/python2.7/site-packages/firewall/core/fw_zone.pyRh	s		
c
Cs|r)|jdd|jddnidt6dt6|}xddgD]}|jt|tjd	tdd
|}|j||d|dd
dddddg	tjd	tdd
|}|j||d|ddddddddg
qNWdS(NRZR`R^R]s-As-DRtRuRpR)s%s_allowRs-oRs-ts-jRs-mRs	--ctstateRRp(	R|RZRRRRRvRRc(R#RR)RWRRwRy((s9/usr/lib/python2.7/site-packages/firewall/core/fw_zone.pyRx	s$			c	Cs>g}	td|r%|	jdn
|	jdd|}
t|}|sTdnd}ddd|
g}
|r|jd	d
|jdd
|jd|nid
t6dt6|}xd|	D]\}d}|r|dkr|d|7}q||7}n|r,|dkr,|dt|d7}n|jt|tj	dt
d
d|}|j||d|dd	d|d|ddd|
g|j||d|ddd|g|
ddd|gtj	dt
|d|}|j||d|dddddd g|
dd!gqW|j|j
j|dS("NRuRts0x%xR[R\s-mRs--markRXR_RZR^s-As-DRs[%s]s:%sRRpR)s%s_allows-ts-ps--dports-jRs
--set-markRs--to-destinationRs	--ctstateRRp(R	R|RR|RZRRRRRvRRcRR'R<(R#RR)RWR	R
R1R2RR{RRRRRRwRRy((s9/usr/lib/python2.7/site-packages/firewall/core/fw_zone.pyR	sJ



		
			5c

Cs|jjj|}|r>|jdd|jddnidt6dt6|}x'ddgD]}|jr||jkrqcn|dkrdd	g}d
d	d|g}	nddg}d
d
d|g}	tjdt	dd|}
|j
|rd|
}d}nd|
}d}|jjdkr|dkr|j|||ddg||	ddddd|gn|j|||ddg||	d|gtjdt	dd|}
|j
|rd|
}n
d|
}|jjdkrN|dkrN|j|||ddg||	ddddd|gn|j|||ddg||	d|gqcWdS(NR^R[R\s-As-DRtRus-pR@s-ms--icmp-types	ipv6-icmpRs
--icmpv6-typeRpR)s%s_allowRps%s_denys
%%REJECT%%Rts-ts%%LOGTYPE%%s-jRus--log-prefixs"%s_ICMP_BLOCK: "(
R'RRR|RZRRRRvRRRzRc(
R#RR)R@RWRRRwRRRytfinal_chaintfinal_target((s9/usr/lib/python2.7/site-packages/firewall/core/fw_zone.pyR	sR	
	
!		%	

!		cCs|j|j}|dkr dS|j|r@|dkr@dS|jdd|jddx@dd	gD]2}d
}d}xddgD]}tjdt|d|}	|j|rEd}
|jjd
krK|rd|	t	|g}nd|	g}|j
||d|ddddddd|	g	|d7}qKnd}
|rid|	t	|g}nd|	g}|j
||d|ddd|
gqWqmWdS(NRrs
%%REJECT%%RqRpR^R[R\RtRuiRpR)Rts-Is-Ds-ts-ps%%ICMP%%s%%LOGTYPE%%s-jRus--log-prefixs"%s_ICMP_BLOCK: "i(sDROPs
%%REJECT%%sREJECT(R"RyRR|RRvRR'RzR=Rc(R#RR)RWRyRwtrule_idxRxRpRyt
ibi_targetR((s9/usr/lib/python2.7/site-packages/firewall/core/fw_zone.pyRf	sD			(RURVRlRvRRRRRRRRRRRRRRRRRRRRR1RRRf(((s9/usr/lib/python2.7/site-packages/firewall/core/fw_zone.pyRWs2	F	G						U						"		Y				8	4(-Rtfirewall.core.baseRRRtfirewall.core.loggerRtfirewall.functionsRRRRRR	R
tfirewall.core.richRRR
RRRRRRRRRRtfirewall.core.ipXtablesRtfirewall.core.fw_transactionRRtfirewall.core.fw_ifcfgRtfirewallRtfirewall.errorsRtfirewall.fw_typesRtobjectRRW(((s9/usr/lib/python2.7/site-packages/firewall/core/fw_zone.pyt<module>s"4X

OHA YOOOO