404

�
�c�`c@s�ddlZddlZddlmZmZddlmZddlm	Z	ddl
mZmZm
Z
mZmZmZmZmZddlmZddlmZmZmZddlmZmZmZmZddlZid	d
dgd6d
d
gd6d
dd	d
dgd6d
dd
gd6d	d
dgd6Zidd6dd6Z idd6dd6Z!d�Z"d�Z#d�Z$de%fd��YZ&de&fd��YZ'dS( i����N(t	SHORTCUTStDEFAULT_ZONE_TARGET(trunProg(tlog(ttempFiletreadfilet	splitArgst	check_mactportStrtcheck_single_addresst
check_addresstnormalizeIP6(tconfig(t
FirewallErrortINVALID_PASSTHROUGHtINVALID_RULE(tRich_AccepttRich_Rejectt	Rich_Dropt	Rich_MarktINPUTtOUTPUTtFORWARDtsecurityt
PREROUTINGtrawtPOSTROUTINGtmangletnattfiltersicmp-host-prohibitedtipv4sicmp6-adm-prohibitedtipv6ticmps	ipv6-icmpcCs�idd6dd6dd6dd6dd6d	d
6}|}x�|D]�}y|j|�}Wntk
rmq>nX|dkr�yt||d�Wntk
r�q�X|j|d�n||||<q>W|S(
s Inverse valid rule s-Ds-As--deletes--appends-Is--inserts-Xs-Ns--delete-chains--new-chaini(s-Is--insert(tindext	Exceptiontinttpop(targstreplace_argstret_argstargtidx((s;/usr/lib/python2.7/site-packages/firewall/core/ipXtables.pytcommon_reverse_rule7s*



cCs�idd6dd6dd6dd6dd6d	d
6}|}x�|D]�}y|j|�}Wntk
rmq>nX|dkr�yt||d�Wntk
r�q�X|j|d�n||||<|SWttd��d
S(s Reverse valid passthough rule s-Ds-As--deletes--appends-Is--inserts-Xs-Ns--delete-chains--new-chainisno '-A', '-I' or '-N' argN(s-Is--insert(R!t
ValueErrorR#R$R
R(R%R&R'txR)((s;/usr/lib/python2.7/site-packages/firewall/core/ipXtables.pytcommon_reverse_passthrough\s.



cCs�t|�}tddddddddd	d
ddd
dddddddg�}t||@�dkr�ttdt||@�d��ntddddddg�}t||@�dkr�ttd��ndS(sZ Check if passthough rule is valid (only add, insert and new chain
    rules are allowed) s-Cs--checks-Ds--deletes-Rs	--replaces-Ls--lists-Ss--list-ruless-Fs--flushs-Zs--zeros-Xs--delete-chains-Ps--policys-Es--rename-chainisarg '%s' is not alloweds-As--appends-Is--inserts-Ns--new-chainsno '-A', '-I' or '-N' argN(tsettlenR
Rtlist(R%tnot_allowedtneeded((s;/usr/lib/python2.7/site-packages/firewall/core/ipXtables.pytcommon_check_passthrough�s*		t	ip4tablescBs�eZdZdZeZd�Zd�Zd�Zd.d�Z
d�Zd�Zd�Z
d	�Zd
�Zd�Zd�Zd
�Zd�Zd�Zd�Zd.d�Zd�Zd�Zd�Zd�Zd�Zd�Zdd�Zd�Zed�Z d�Z!d�Z"d�Z#d�Z$d �Z%d!�Z&d"�Z'd#�Z(d.d.d$�Z)d.d.d%�Z*d.d.d&�Z+d'�Z,d.d(�Z-d.d)�Z.d.d*�Z/d+�Z0d,�Z1d-�Z2RS(/RR4cCsz||_tj|j|_tjd|j|_|j�|_|j�|_	|j
�g|_g|_i|_
dS(Ns
%s-restore(t_fwRtCOMMANDStipvt_commandt_restore_commandt_detect_wait_optiontwait_optiont_detect_restore_wait_optiontrestore_wait_optiontfill_existstavailable_tablestzone_source_index_cachet
our_chains(tselftfw((s;/usr/lib/python2.7/site-packages/firewall/core/ipXtables.pyt__init__�s	
		cCs4tjj|j�|_tjj|j�|_dS(N(tostpathtexistsR8tcommand_existsR9trestore_command_exists(RB((s;/usr/lib/python2.7/site-packages/firewall/core/ipXtables.pyR>�scCs�|jrB|j|krB|jgg|D]}d|^q(}ng|D]}d|^qI}tjd|j|jdj|��t|j|�\}}|dkr�td|jdj|�|f��n|S(Ns%ss	%s: %s %st is'%s %s' failed: %s(R;Rtdebug2t	__class__R8tjoinRR+(RBR%titemt_argststatustret((s;/usr/lib/python2.7/site-packages/firewall/core/ipXtables.pyt__run�s*%cCs�|dkr|Sg}x�|D]�}t}x�|D]�}y|j|�}Wntk
r\q0Xt|�|kr0d||dkr0t}||djd�}x3|D](}	|}
|	|
|d<|j|
�q�Wq0q0W|s|j|�qqW|S(s5Split values combined with commas for options in optst,iN(tNonetFalseR!R+R/tTruetsplittappend(RBtrulestoptst	out_rulestrulet	processedtopttititemsRNt_rule((s;/usr/lib/python2.7/site-packages/firewall/core/ipXtables.pytsplit_value�s(


&
cCsAy|j|�}Wntk
r'tSX||||d+tSdS(Ni(R!R+RURV(RBR\tpatterntreplacementR_((s;/usr/lib/python2.7/site-packages/firewall/core/ipXtables.pyt
_rule_replace�s
cCs|tko|t|kS(N(tBUILT_IN_CHAINS(RBR7ttabletchain((s;/usr/lib/python2.7/site-packages/firewall/core/ipXtables.pytis_chain_builtin�scCsCd|g}|r"|jd�n
|jd�|j|�|gS(Ns-ts-Ns-X(RX(RBtaddRgRhR\((s;/usr/lib/python2.7/site-packages/firewall/core/ipXtables.pytbuild_chain_rules�s

cCsLd|g}|r.|d|t|�g7}n|d|g7}||7}|S(Ns-ts-Is-D(tstr(RBRjRgRhR!R%R\((s;/usr/lib/python2.7/site-packages/firewall/core/ipXtables.pyt
build_rule�s
cCs
t|�S(N(R*(RBR%((s;/usr/lib/python2.7/site-packages/firewall/core/ipXtables.pytreverse_rulescCst|�dS(N(R3(RBR%((s;/usr/lib/python2.7/site-packages/firewall/core/ipXtables.pytcheck_passthroughscCs
t|�S(N(R-(RBR%((s;/usr/lib/python2.7/site-packages/firewall/core/ipXtables.pytreverse_passthrough
scCs�d}y|jd�}Wntk
r,n(Xt|�|dkrT||d}nd}xndddddd	gD]T}y|j|�}Wntk
r�qsXt|�|dkrs||d}qsqsW||fS(
NRs-tis-As--appends-Is--inserts-Ns--new-chain(R!R+R/RT(RBR%RgR_RhR^((s;/usr/lib/python2.7/site-packages/firewall/core/ipXtables.pytpassthrough_parse_table_chain
s$
	
cCs�yb|jd�}|j|�|j|�}d|dkrQ||df}n||df}WnLtk
r�y&|jd�}|j|�d}Wq�tk
r�dSXnXt}|ddkr�t}n|r�|r�||kr�|j|�q�n�|r�|rI||kr7|j|�|jd
d��n|j|�}n!|j	j
r^d}nt|�}d|d<|jd
d|d�ndS(Ns%%ZONE_SOURCE%%s-miiis%%ZONE_INTERFACE%%is-Ds--deletetkeycSs|dS(Ni((R,((s;/usr/lib/python2.7/site-packages/firewall/core/ipXtables.pyt<lambda>@ss-Iis%di(s-Ds--delete(
R!R$R+RTRVRUtremoveRXtsortR5t_allow_zone_driftingR/tinsert(RBR\R@R_tzonetzone_sourcetrule_addR!((s;/usr/lib/python2.7/site-packages/firewall/core/ipXtables.pyt_run_replace_zone_source#s>



		

	
cCs#t�}i}tj|j�}x�|D]�}|}|j|dddt|jg�|j|dt|jg�y|jd�}Wnt	k
r�nLX|dkr�q(n|d&kr�d
dd|g|||d
+n
|j
|�|j||�d}	xpddgD]b}
y|j|
�}Wnt	k
r6q
Xt|�|d
kr
|j
|�|j
|�}	q
q
Wxzt
t|��D]f}x]tjD]R}|||kr�||jd�o�||jd�r�d||||<q�q�Wq�W|j|	g�j|�q(Wx�|D]�}	||	}|j|ddg�}|j|ddg�}|jd|	�x(|D] }|jdj|�d�qiW|jd�qW|j�tj|j�}tjd|j|jd|j|jf�g}
|j r|
j|j �n|
jd�t!|j|
d|j�\}}tj"�dkr�t#|j�}|dk	r�d
}xc|D]X}tj%d ||fd!d
d"d#�|jd�s�tj%d$d!d
�n|d
7}qpWq�ntj&|j�|d#krt	d%|jdj|
�|f��n||_|S('Ns
%%REJECT%%tREJECTs
--reject-withs%%ICMP%%s%%LOGTYPE%%tofftunicastt	broadcastt	multicasts-mtpkttypes
--pkt-typeiRs-ts--tablet"s"%s"s-ss--sources-ds
--destinations*%s
RJs
sCOMMIT
s	%s: %s %ss%s: %ds-ntstdinis%8d: %stnofmttnlits'%s %s' failed: %s(R~RR�('RtcopytdeepcopyR@RetDEFAULT_REJECT_TYPER7tICMPR!R+R$R{R/trangetstringt
whitespacet
startswithtendswitht
setdefaultRXRbtwriteRMtcloseREtstattnameRRKRLR9tst_sizeR=RtgetDebugLogLevelRRTtdebug3tunlink(RBRYt
log_deniedt	temp_filettable_rulesR@RaR\R_RgR^tcR�R%RPRQtlinestline((s;/usr/lib/python2.7/site-packages/firewall/core/ipXtables.pyt	set_rulesLs�	

 


#


	

#	cCs�|j|dddt|jg�|j|dt|jg�y|jd�}Wntk
rfnJX|dkrwdS|dkr�ddd
|g|||d+n
|j|�tj|j	�}|j
||�|j|�}||_	|S(Ns
%%REJECT%%R|s
--reject-withs%%ICMP%%s%%LOGTYPE%%R}R�R~RR�s-mR�s
--pkt-typei(sunicasts	broadcasts	multicast(ReR�R7R�R!R+R$R�R�R@R{t_ip4tables__run(RBR\R�R_R@toutput((s;/usr/lib/python2.7/site-packages/firewall/core/ipXtables.pytset_rule�s"
 
	cCs�g}|r|gn	tj�}x�|D]�}||jkrM|j|�q(y:|jd|ddg�|jj|�|j|�Wq(tk
r�tjd|j|f�q(Xq(W|S(Ns-ts-Ls-nsA%s table '%s' does not exist (or not enough permission to check).(	RftkeysR?RXR�R+Rtdebug1R7(RBRgRQttables((s;/usr/lib/python2.7/site-packages/firewall/core/ipXtables.pytget_available_tables�s

"cCs�d}t|jdddg�}|ddkr�d}t|jdddg�}|ddkrkd}ntjd|j|j|�n|S(NR�s-ws-Ls-nis-w10s%s: %s will be using %s option.(RR8RRKRL(RBR;RQ((s;/usr/lib/python2.7/site-packages/firewall/core/ipXtables.pyR:�s	cCs�t�}|jd�|j�d}xlddgD]^}t|j|gd|j�}|ddkr3d|dkr3d	|dkr3|}Pq3q3Wtjd
|j|j|�t	j
|j�|S(Ns#fooR�s-ws--wait=2R�isinvalid optionisunrecognized options%s: %s will be using %s option.(RR�R�RR9R�RRKRLRER�(RBR�R;ttest_optionRQ((s;/usr/lib/python2.7/site-packages/firewall/core/ipXtables.pyR<�s	
 cCsog|_g}xYtj�D]K}|j|�s7qnx-dddgD]}|jd||g�qGWqW|S(Ns-Fs-Xs-Zs-t(R@RfR�R�RX(RBRYRgtflag((s;/usr/lib/python2.7/site-packages/firewall/core/ipXtables.pytbuild_flush_rules�s	cCsyg}xltj�D]^}|j|�s.qn|dkr@qnx.t|D]"}|jd|d||g�qKWqW|S(NRs-ts-P(RfR�R�RX(RBtpolicyRYRgRh((s;/usr/lib/python2.7/site-packages/firewall/core/ipXtables.pytbuild_set_policy_ruless$c
Cs{g}d}y1|jd|jdkr-dnddg�}WnGtk
r�}|jdkrrtjd|�q�tjd|�nX|j�}t}x�|D]�}|r.|j�j�}|j	�}xa|D]V}|j
d	�r|jd
�r|dd!}	n|}	|	|kr�|j|	�q�q�Wn|jdkrL|j
d
�sj|jdkr�|j
d�r�t
}q�q�W|S(sQReturn ICMP types that are supported by the iptables/ip6tables command and kernelR�s-pRR s	ipv6-icmps--helpsiptables error: %ssip6tables error: %st(t)ii����sValid ICMP Types:RsValid ICMPv6 Types:(R�R7R+RR�t
splitlinesRUtstriptlowerRWR�R�RXRV(
RBRQR�texR�tin_typesR�tsplitsRWR,((s;/usr/lib/python2.7/site-packages/firewall/core/ipXtables.pytsupported_icmp_typess4	


cCsgS(N((RB((s;/usr/lib/python2.7/site-packages/firewall/core/ipXtables.pytbuild_default_tables/sR}c	Cs>i}|jd�r�g|d<t�|jd<x]tdD]N}|djd|�|djd||f�|jdjd|�q:Wn|jd�r�g|d<t�|jd<x�tdD]�}|djd|�|djd||f�|jdjd|�|dkr�x�|jjr8ddgndgD]f}|djd	||f�|djd
|||f�|jdjtd||fg��q?Wq�q�Wn|jd�r�g|d<t�|jd<x�tdD]�}|djd|�|djd||f�|jdjd|�|dkr�x�|jjr\ddgndgD]f}|djd	||f�|djd
|||f�|jdjtd||fg��qcWq�q�Wn|jd
�r�g|d
<t�|jd
<x�td
D]�}|d
jd|�|d
jd||f�|jd
jd|�|d0krx�|jjr�ddgndgD]f}|d
jd	||f�|d
jd
|||f�|jd
jtd||fg��q�WqqWng|d<t�|jd<|djd�|djd�|djd�|djd�|jdjtd��xq|jjr�ddgndgD]N}|djd|�|djd|�|jdjtd|��q�W|dkr|djd�n|djd�|dkr8|djd�n|djd�|djd�|djd�|djd�|djd �|jdjtd!��x�d"d#gD]�}x�|jjr�ddgndgD]`}|djd$||f�|djd%||f�|jdjtd&||f��q�Wq�W|dkrd|djd'�n|djd(�|dkr�|djd)�n|djd*�|dcd+d,d-g7<|jdjtd.��g}xX|D]P}||j�krq�nx/||D]#}|jd/|gt	|��qWq�W|S(1NRs-N %s_directs-A %s -j %s_directs	%s_directRRtZONES_SOURCEtZONESs-N %s_%ss-A %s -j %s_%ss%s_%sRRRRs=-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPTs-A INPUT -i lo -j ACCEPTs-N INPUT_directs-A INPUT -j INPUT_directtINPUT_directs-N INPUT_%ss-A INPUT -j INPUT_%ssINPUT_%sR}s^-A INPUT -m conntrack --ctstate INVALID %%LOGTYPE%% -j LOG --log-prefix 'STATE_INVALID_DROP: 's/-A INPUT -m conntrack --ctstate INVALID -j DROPs9-A INPUT %%LOGTYPE%% -j LOG --log-prefix 'FINAL_REJECT: 's-A INPUT -j %%REJECT%%s?-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPTs-A FORWARD -i lo -j ACCEPTs-N FORWARD_directs-A FORWARD -j FORWARD_directtFORWARD_directtINtOUTs-N FORWARD_%s_%ss-A FORWARD -j FORWARD_%s_%ss
FORWARD_%s_%ss`-A FORWARD -m conntrack --ctstate INVALID %%LOGTYPE%% -j LOG --log-prefix 'STATE_INVALID_DROP: 's1-A FORWARD -m conntrack --ctstate INVALID -j DROPs;-A FORWARD %%LOGTYPE%% -j LOG --log-prefix 'FINAL_REJECT: 's-A FORWARD -j %%REJECT%%s-N OUTPUT_directs-A OUTPUT -o lo -j ACCEPTs-A OUTPUT -j OUTPUT_directt
OUTPUT_directs-t(RR(
R�R.RARfRXRjR5RvtupdateR(	RBR�t
default_rulesRhtdispatch_suffixt	directiontfinal_default_rulesRgR\((s;/usr/lib/python2.7/site-packages/firewall/core/ipXtables.pytbuild_default_rules3s�

(5
(5
(5
("(,
	
%cCs�|dkrdddhS|dkrSd|j�krSd|j�krSdhSn|dkr~d|j�kr~ddhSn|d	kr�d	|j�kr�dhSniS(
NRRt
FORWARD_INtFORWARD_OUTRRRRR(R�(RBRg((s;/usr/lib/python2.7/site-packages/firewall/core/ipXtables.pytget_zone_table_chains�s



cCs�idd6dd6dd6dd6dd6dd6|}tjd	t|d
|�}d}	|ry|rydd
|dg}
n?|r�dd
|g}
n&dd
|g}
|s�|
dg7}
n|
d||||	|g7}
|
gS(Ns-iRs-oRRR�R�RRhRxs-gs-Is%s_ZONESs%%ZONE_INTERFACE%%s-As-Ds-t(RtformatR(RBtenableRxt	interfaceRgRhRXR^ttargettactionR\((s;/usr/lib/python2.7/site-packages/firewall/core/ipXtables.pyt!build_zone_source_interface_rules�s&
c
Cs�idt6dt6|}idd6dd6dd6dd6dd	6dd
6|}|jjred|}n
d|}tjd
t|d|�}	d}
|jd�r|d}|dkr�d}nd}dj|g|jj	j
|��}||d|d|ddd|||
|	g
}
n�t|�ri|dkr6dS||d|d|ddd|j�|
|	g}
nt
d|�r�t|�}n=td|�r�|jd�}t|d�d|d }n||d|d||||
|	g
}
|
gS(!Ns-Is-Ds-sRs-dRRR�R�Rs%s_ZONES_SOURCEs%s_ZONESRhRxs-gsipset:itdsttsrcRSs%%ZONE_SOURCE%%s-ts-mR.s--match-setR�tmacs--mac-sourceRt/ii(RVRUR5RvRR�RR�RMtipsett
get_dimensionRtupperR	RR
RW(RBR�RxtaddressRgRhtadd_delR^tzone_dispatch_chainR�R�R�tflagsR\t
addr_split((s;/usr/lib/python2.7/site-packages/firewall/core/ipXtables.pytbuild_zone_source_address_rules�sV

	%cCs6tjdt|d|�}|j|jt|d|d|d|g��g}|jd|d|g�|jdd|d|g�|jdd|d|g�|jdd|d|g�|jd|d|d	d|g�|jd|d|d	d|g�|jd|d|d	d|g�|jjj	|j
}|jj�d
kr�|dkr�|dkr�|dkr�|jd|d|dd	ddd|g	�n|dkr�|jd|d|dd	ddd|g	�q�q�n|dkr2|dkr2|dkr2|jd|d|d	|g�n|S(NRhRxs%s_logs%s_denys%s_allows-Ns-ts-As-jR}RRR�R�RR|s
%%REJECT%%s%%LOGTYPE%%tLOGs--log-prefixs
"%s_REJECT: "tDROPs"%s_DROP: "tACCEPT(sINPUTs
FORWARD_INsFORWARD_OUTsOUTPUT(sREJECTs
%%REJECT%%(R�sREJECTs
%%REJECT%%R�(sINPUTs
FORWARD_INsFORWARD_OUTsOUTPUT(RR�RRAR�R.RXR5Rxt_zonesR�tget_log_denied(RBRxRgRht_zoneRYR�((s;/usr/lib/python2.7/site-packages/firewall/core/ipXtables.pytbuild_zone_chain_rules�s<###		"cCs|rddd|jgSgS(Ns-mtlimits--limit(tvalue(RBR�((s;/usr/lib/python2.7/site-packages/firewall/core/ipXtables.pyt_rule_limit*scCs�|js
gSidt6dt6|}|d|d|g}||ddg7}|jjrx|dd|jjg7}n|jjr�|d	d
|jjg7}n||j|jj�7}|S(Ns-As-Ds%s_logs-ts-jR�s--log-prefixs'%s's--log-levels%s(RRVRUtprefixtlevelR�R�(RBt	rich_ruleR�RgR�t
rule_fragmentR�R\((s;/usr/lib/python2.7/site-packages/firewall/core/ipXtables.pyt_rich_rule_log/s	c	Cs�|js
gSidt6dt6|}|d|d|g|}t|j�tkr]d}nBt|j�tkr{d}n$t|j�tkr�d}nd}|d	d
d|g7}||j|jj	�7}|S(Ns-As-Ds%s_logs-ttaccepttrejecttdroptunknowns-jtAUDITs--type(
tauditRVRUttypeR�RRRR�R�(	RBR�R�RgR�R�R�R\t_type((s;/usr/lib/python2.7/site-packages/firewall/core/ipXtables.pyt_rich_rule_audit?s				cCs�|js
gSidt6dt6|}t|j�tkrSd|}ddg}	n�t|j�tkr�d|}ddg}	|jjrL|	d|jjg7}	qLn�t|j�tkr�d|}dd	g}	nxt|j�tkr0tj	d
t
dd|�}d
}d|}ddd|jjg}	ntt
dt|j���||d|g}
|
||	7}
|
|j|jj�7}
|
S(Ns-As-Ds%s_allows-jR�s%s_denyR|s
--reject-withR�RhRRxRtMARKs--set-xmarksUnknown action %ss-t(R�RVRUR�RRRRRR�RR.R
RR�R�(RBRxR�R�RgR�R�R�Rhtrule_actionR\((s;/usr/lib/python2.7/site-packages/firewall/core/ipXtables.pyt_rich_rule_actionSs4	


	
cCs�|s
gSg}|jr)|jd�ntd|j�rW|dt|j�g7}n`td|j�r�|jjd�}|dt|d�d|dg7}n|d|jg7}|S(Nt!Rs-dR�ii(tinvertRXR	taddrRR
RW(RBt	rich_destR�R�((s;/usr/lib/python2.7/site-packages/firewall/core/ipXtables.pyt_rich_rule_destination_fragmentts	)cCs�|s
gSg}|jr�|jr2|jd�ntd|j�r`|dt|j�g7}q�td|j�r�|jjd�}|dt|d�d|dg7}q�|d|jg7}n�t|d�r|jr|ddg7}|jr|jd�n|d	|jg7}nut|d
�r�|j	r�|ddg7}|jr[|jd�n|j
jj|j	d�}|d
|j	|g7}n|S(NR�Rs-sR�iiR�s-ms--mac-sourceR�R.R�s--match-set(
R�R�RXR	RR
RWthasattrR�R�R5Rxt_ipset_match_flags(RBtrich_sourceR�R�R�((s;/usr/lib/python2.7/site-packages/firewall/core/ipXtables.pyt_rich_rule_source_fragment�s0		)		c	Cs�idt6dt6|}d}tjdtdd|�}	d|g}
|ri|
dd	t|�g7}
n|r�|
d
|g7}
n|r�|
|j|j�7}
|
|j|j	�7}
n|s�t
|j�tkr�|
ddd
dg7}
ng}|rd|j
|j||||	|
��|j
|j||||	|
��|j
|j|||||	|
��n+|j
|d|	d|g|
ddg�|S(Ns-As-DRRhRRxs-ps--dports%ss-ds-mt	conntracks	--ctstates
NEW,UNTRACKEDs%s_allows-ts-jR�(RVRURR�RRR�tdestinationR�tsourceR�R�RRXR�R�R�(RBR�RxtprototportR�R�R�RgR�R�RY((s;/usr/lib/python2.7/site-packages/firewall/core/ipXtables.pytbuild_zone_ports_rules�s,	""(%c	Cspidt6dt6|}d}tjdtdd|�}d|g}	|r_|	d|g7}	n|r�|	|j|j�7}	|	|j|j�7}	n|s�t	|j
�tkr�|	d	d
ddg7}	ng}
|rA|
j|j
|||||	��|
j|j|||||	��|
j|j||||||	��n+|
j|d
|d|g|	ddg�|
S(Ns-As-DRRhRRxs-ps-ds-mR�s	--ctstates
NEW,UNTRACKEDs%s_allows-ts-jR�(RVRURR�RR�R�R�R�R�R�RRXR�R�R�(RBR�RxtprotocolR�R�R�RgR�R�RY((s;/usr/lib/python2.7/site-packages/firewall/core/ipXtables.pytbuild_zone_protocol_rules�s&""(%c	Cs�idt6dt6|}d}tjdtdd|�}	d|g}
|ri|
dd	t|�g7}
n|r�|
d
|g7}
n|r�|
|j|j�7}
|
|j|j	�7}
n|s�t
|j�tkr�|
ddd
dg7}
ng}|rd|j
|j||||	|
��|j
|j||||	|
��|j
|j|||||	|
��n+|j
|d|	d|g|
ddg�|S(Ns-As-DRRhRRxs-ps--sports%ss-ds-mR�s	--ctstates
NEW,UNTRACKEDs%s_allows-ts-jR�(RVRURR�RRR�R�R�R�R�R�RRXR�R�R�(RBR�RxRRR�R�R�RgR�R�RY((s;/usr/lib/python2.7/site-packages/firewall/core/ipXtables.pytbuild_zone_source_ports_rules�s*""(%cCs�idt6dt6|}tjdtdd|�}	|d|	ddd	|g}
|rs|
d
dt|�g7}
n|r�|
d|g7}
n|
d
dd|g7}
|
gS(Ns-As-DRhRRxs%s_allows-tRs-ps--dports%ss-ds-jtCTs--helper(RVRURR�RR(RBR�RxRRR�thelper_nametmodule_short_nameR�R�R\((s;/usr/lib/python2.7/site-packages/firewall/core/ipXtables.pytbuild_zone_helper_ports_rules�s	cCs;idt6dt6|}tjdtdd|�}g}|ro||j|j�7}||j|j�7}ng}|j	|d|ddg|d	d
ddd
g�tjdtdd|�}g}|r||j|j�7}||j|j�7}n|j	|d|ddg|ddddddg�|S(Ns-As-DRhRRxs%s_allows-tRR�s-otlos-jt
MASQUERADER�Rs-mR�s	--ctstates
NEW,UNTRACKEDR�(
RVRURR�RR�R�R�R�RX(RBR�RxR�R�R�R�RY((s;/usr/lib/python2.7/site-packages/firewall/core/ipXtables.pytbuild_zone_masquerade_ruless*		c

Cs�idt6dt6|}
d|}ddd|g}d}
|rstd|�rf|
d	t|�7}
qs|
|7}
n|r�|dkr�|
d
t|d�7}
ntjdtd
d|�}d|dt|�g}|	r||j|	j	�7}||j
|	j�7}ng}|	r9|j|j
|	|d||��n|j|
d|ddg|ddd|g�|j|
d|ddd|g|ddd|
g�tjdt|d|�}|j|
d|ddddddg|ddg�|S(Ns-As-Ds0x%xs-mtmarks--markR�Rs[%s]s:%st-RhRRxs-ps--dportRs%s_allows-ts-jR�s
--set-markRtDNATs--to-destinationRR�s	--ctstates
NEW,UNTRACKEDR�(RVRUR	RRRR�RR�R�R�R�RXR�(RBR�Rxtfilter_chainRRttoportttoaddrtmark_idR�R�tmark_strR
ttoR�R�RY((s;/usr/lib/python2.7/site-packages/firewall/core/ipXtables.pytbuild_zone_forward_port_ruless<

	%	1c
CsXd}idt6dt6|}|jdkrQddg}ddd|jg}n!dd	g}dd
d|jg}g}	x�dd
gD]�}
tjdt|
d|�}|jjj	|�r�d|}d}
nd|}d}
g}|r||j
|j�7}||j|j
�7}n|||7}|r�|	j|j|||||��|	j|j|||||��|jr�|	j|j||||||��qP|	j|d|d|g|ddg�q�|jj�dkr)|
dkr)|	j||d|g|ddddd|g�n|	j||d|g|d|
g�q�W|	S(NRs-As-DRs-pR s-ms--icmp-types	ipv6-icmpticmp6s
--icmpv6-typeRR�RhRxs%s_allowR�s%s_denys
%%REJECT%%s-ts-jR}s%%LOGTYPE%%R�s--log-prefixs"%s_ICMP_BLOCK: "(RVRUR7R�RR�RR5Rxtquery_icmp_block_inversionR�R�R�R�RXR�R�R�R�R�(RBR�RxtictR�RgR�RtmatchRYRhR�tfinal_chaintfinal_targetR�((s;/usr/lib/python2.7/site-packages/firewall/core/ipXtables.pytbuild_zone_icmp_block_rulesIsL	
	
""	(!	c
CsBd}g}x/ddgD]!}d}tjdt|d|�}|jjj|�r�d}|jj�dkr�|r�d	|t|�g}	nd
|g}	|	d|dd
ddddd|g	}	|j|	�|d7}q�nd}|rd	|t|�g}	nd
|g}	|	d|dd
d|g}	|j|	�qW|S(NRRR�iRhRxs
%%REJECT%%R}s-Is-Ds-ts-ps%%ICMP%%s%%LOGTYPE%%s-jR�s--log-prefixs"%s_ICMP_BLOCK: "iR�(	RR�RR5RxRR�RlRX(
RBR�RxRgRYRhtrule_idxR�t
ibi_targetR\((s;/usr/lib/python2.7/site-packages/firewall/core/ipXtables.pyt%build_zone_icmp_block_inversion_ruleszs2		
cCs�d}tjdtdd|�}g}||j|j�7}||j|j�7}g}|j|j|||||��|j|j	|||||��|j|j
||||||��|S(NRRhRRx(RR�RR�R�R�R�RXR�R�R�(RBR�RxR�RgR�R�RY((s;/usr/lib/python2.7/site-packages/firewall/core/ipXtables.pyt(build_zone_rich_source_destination_rules�s	""%cCs
||jkS(N(R7(RBR7((s;/usr/lib/python2.7/site-packages/firewall/core/ipXtables.pytis_ipv_supported�sN(3t__name__t
__module__R7R�RVtzones_supportedRDR>R�RTRbReRiRkRmRnRoRpRqR{R�R�R�R:R<R�R�R�R�R�R�RUR�R�R�R�R�R�R�R�R�RRRR	RRRR R!R"(((s;/usr/lib/python2.7/site-packages/firewall/core/ipXtables.pyR4�s\			
												)	^				
		!	i		7	,				!			,1	#	t	ip6tablescBs eZdZdZed�ZRS(RR&cCs�g}|jddddddddd	g	�|d
krk|jddddddddddd
g�n|jdddddddddg	�|jdddddddddg	�|S(Ns-IRs-tRs-mtrpfilters--inverts-jR�R}R�s--log-prefixsrpfilter_DROP: s-ps	ipv6-icmps$--icmpv6-type=neighbour-solicitationR�s"--icmpv6-type=router-advertisement(RX(RBR�RY((s;/usr/lib/python2.7/site-packages/firewall/core/ipXtables.pytbuild_rpfilter_rules�s"	

(R#R$R7R�RUR((((s;/usr/lib/python2.7/site-packages/firewall/core/ipXtables.pyR&�s((tos.pathRER�tfirewall.core.baseRRtfirewall.core.progRtfirewall.core.loggerRtfirewall.functionsRRRRRR	R
RtfirewallRtfirewall.errorsR
RRtfirewall.core.richRRRRR�RfR�R�R*R-R3tobjectR4R&(((s;/usr/lib/python2.7/site-packages/firewall/core/ipXtables.pyt<module>s<:"


	%	*	 ����

Name	Type	Size	Permission
io	Folder		0755
.__init__.pyo.40009	File	145 B	0644
.base.pyo.40009	File	1.29 KB	0644
.ebtables.pyo.40009	File	9.04 KB	0644
.fw.pyo.40009	File	30.67 KB	0644
.fw_config.pyo.40009	File	30.69 KB	0644
.fw_direct.pyo.40009	File	14.77 KB	0644
.fw_helper.pyo.40009	File	2.57 KB	0644
.fw_icmptype.pyo.40009	File	3 KB	0644
.fw_ifcfg.pyo.40009	File	1.84 KB	0644
.fw_ipset.pyo.40009	File	9.02 KB	0644
.fw_nm.pyo.40009	File	5.93 KB	0644
.fw_policies.pyo.40009	File	2.94 KB	0644
.fw_service.pyo.40009	File	2.14 KB	0644
.fw_test.pyo.40009	File	17.45 KB	0644
.fw_transaction.pyo.40009	File	10.96 KB	0644
.fw_zone.pyo.40009	File	57.31 KB	0644
.helper.pyo.40009	File	222 B	0644
.icmp.pyo.40009	File	2.89 KB	0644
.ipXtables.pyo.40009	File	34.8 KB	0644
.ipset.pyo.40009	File	9.15 KB	0644
.logger.pyo.40009	File	27.43 KB	0644
.modules.pyo.40009	File	3.56 KB	0644
.nftables.pyo.40009	File	38.56 KB	0644
.prog.pyo.40009	File	988 B	0644
.rich.pyo.40009	File	23.73 KB	0644
.watcher.pyo.40009	File	3.55 KB	0644
__init__.py	File	0 B	0644
__init__.pyc	File	145 B	0644
__init__.pyo	File	145 B	0644
base.py	File	1.94 KB	0644
base.pyc	File	1.29 KB	0644
base.pyo	File	1.29 KB	0644
ebtables.py	File	9.13 KB	0644
ebtables.pyc	File	9.04 KB	0644
ebtables.pyo	File	9.04 KB	0644
fw.py	File	43.71 KB	0644
fw.pyc	File	30.67 KB	0644
fw.pyo	File	30.67 KB	0644
fw_config.py	File	35.99 KB	0644
fw_config.pyc	File	30.69 KB	0644
fw_config.pyo	File	30.69 KB	0644
fw_direct.py	File	20.12 KB	0644
fw_direct.pyc	File	14.77 KB	0644
fw_direct.pyo	File	14.77 KB	0644
fw_helper.py	File	1.79 KB	0644
fw_helper.pyc	File	2.57 KB	0644
fw_helper.pyo	File	2.57 KB	0644
fw_icmptype.py	File	2.77 KB	0644
fw_icmptype.pyc	File	3 KB	0644
fw_icmptype.pyo	File	3 KB	0644
fw_ifcfg.py	File	2.5 KB	0644
fw_ifcfg.pyc	File	1.84 KB	0644
fw_ifcfg.pyo	File	1.84 KB	0644
fw_ipset.py	File	8.96 KB	0644
fw_ipset.pyc	File	9.02 KB	0644
fw_ipset.pyo	File	9.02 KB	0644
fw_nm.py	File	6.49 KB	0644
fw_nm.pyc	File	5.93 KB	0644
fw_nm.pyo	File	5.93 KB	0644
fw_policies.py	File	2.74 KB	0644
fw_policies.pyc	File	2.94 KB	0644
fw_policies.pyo	File	2.94 KB	0644
fw_service.py	File	1.6 KB	0644
fw_service.pyc	File	2.14 KB	0644
fw_service.pyo	File	2.14 KB	0644
fw_test.py	File	22.06 KB	0644
fw_test.pyc	File	17.45 KB	0644
fw_test.pyo	File	17.45 KB	0644
fw_transaction.py	File	10.54 KB	0644
fw_transaction.pyc	File	10.96 KB	0644
fw_transaction.pyo	File	10.96 KB	0644
fw_zone.py	File	75.6 KB	0644
fw_zone.pyc	File	57.31 KB	0644
fw_zone.pyo	File	57.31 KB	0644
helper.py	File	804 B	0644
helper.pyc	File	222 B	0644
helper.pyo	File	222 B	0644
icmp.py	File	3.03 KB	0644
icmp.pyc	File	2.89 KB	0644
icmp.pyo	File	2.89 KB	0644
ipXtables.py	File	47.68 KB	0644
ipXtables.pyc	File	34.8 KB	0644
ipXtables.pyo	File	34.8 KB	0644
ipset.py	File	9.1 KB	0644
ipset.pyc	File	9.15 KB	0644
ipset.pyo	File	9.15 KB	0644
logger.py	File	30.31 KB	0644
logger.pyc	File	27.43 KB	0644
logger.pyo	File	27.43 KB	0644
modules.py	File	3.63 KB	0644
modules.pyc	File	3.56 KB	0644
modules.pyo	File	3.56 KB	0644
nftables.py	File	60.55 KB	0644
nftables.pyc	File	38.56 KB	0644
nftables.pyo	File	38.56 KB	0644
prog.py	File	1.47 KB	0644
prog.pyc	File	988 B	0644
prog.pyo	File	988 B	0644
rich.py	File	29.34 KB	0644
rich.pyc	File	23.73 KB	0644
rich.pyo	File	23.73 KB	0644
watcher.py	File	3.15 KB	0644
watcher.pyc	File	3.55 KB	0644
watcher.pyo	File	3.55 KB	0644

[ Avaa Bypassed ]

Upload:

Command:

Filemanager

Server Info

System Info