Navigation

← Previous Changeset
Next Changeset →

Changeset 118

Timestamp:

05/16/05 08:26:48 (4 years ago)

Author:

athomas

Message:

More fixes, made object stuff more generic.

Files:

fwc/trunk/fwc (modified) (10 diffs)
fwc/trunk/Object.py (modified) (1 diff)
fwc/trunk/Resolver.py (modified) (6 diffs)

Legend:

: Unmodified
: Added
: Removed
: Modified
: Copied
: Moved

fwc/trunk/fwc

r117	r118
34	34	# Help extractors
35	35
	36	def help_object(context, type):
	37	help = { '<%s>' % type : '%s object.' % type.title() }
	38	for o in resolver.get_objects(type):
	39	if o.description:
	40	help[o.name] = '%s (%s)' % (o.description, o.value)
	41	else:
	42	help[o.name] = '%s object (%s)' % (type.title(), o.value)
	43	return help
	44
36	45	def help_network(context):
37	46	help = { '<network>' : 'Network address.'}
…	…
60	69	def NETWORK(context, str):
61	70	return re.match(Object.NETWORK_PATTERN, str) \
62		or str in help_~~network(context~~)
	71	or str in help_object(context, 'network')
63	72
64	73	def PORT(context, str):
65	74	return re.match(Object.PORT_PATTERN, str) \
66		or str in help_~~port(context~~)
	75	or str in help_object(context, 'port')
67	76
68	77	def PORT_RANGE(context, str):
…	…
198	207
199	208	protocol_rules = {
200		lambda ctx, ~~foo: [x.name for x in resolver.get_objects('protocol')]~~ : {
	209	lambda ctx, token: resolver.have_object(Object.PROTOCOL, token) : {
201	210	GROUP : 30,
202	211	UNLESS_VAR : 'protocol',
…	…
323	332	JUMP : 'commands',
324	333	JUMP_TO : 'sport',
325		HELP : ~~help_port~~,
	334	HELP : lambda ctx: help_object(ctx, 'port'),
326	335	},
327	336	IF : check_port_protocol,
…	…
413	422	},
414	423	'object' : {
415		HELP : 'Ruleset ~~manipulation objects~~.',
	424	HELP : 'Ruleset object manipulation.',
416	425	'import' : {
417	426	LABEL : 'import',
418		'\|'.join(Resolver.get_object_types()) : {
	427	'all' : {
	428	RANGE : 1,
	429	GROUP : 10,
	430	HELP : 'Also import aliases.',
	431	VAR : 'aliases',
	432	JUMP : 'import',
	433	},
	434	's\|'.join(Resolver.get_object_types()) + 's' : {
	435	GROUP : 20,
419	436	VAR : 'import_types',
420		HELP : lambda ctx: [(x, 'Import system %s objects' % x) for x in Resolver.get_object_types()],
421		ACTION : lambda ~~x, import_types: resolver.populate_defaults(tolist(import_types)~~),
	437	HELP : lambda ctx: [(x + 's', 'Import system %s objects' % x) for x in Resolver.get_object_types()],
	438	ACTION : lambda ctx, import_types, **args: resolver.populate_defaults(tolist(import_types), with_aliases = 'aliases' in ctx),
422	439	},
423	440	HELP : 'Import system objects.',
424		ACTION : lambda ~~x: resolver.populate_defaults(~~),
	441	ACTION : lambda ctx, **args: resolver.populate_defaults(with_aliases = 'aliases' in ctx),
425	442	},
426	443	'create' : {
427	444	HELP : 'Create a ruleset object.',
428		~~Object.NETWORK~~ : {
	445	'\|'.join(Resolver.get_object_types()) : {
429	446	VAR : 'type',
430		HELP : ~~'Create network object.'~~,
	447	HELP : lambda ctx: [(x, 'Create %s object' % x) for x in Resolver.get_object_types()],
431	448	Object.NAME_PATTERN : {
432	449	VAR : 'name',
433	450	HELP : { '<name>' : 'Name of object to create.' },
434		Object.NETWORK_PATTERN : {
	451	LABEL : 'create',
	452	lambda ctx, token: resolver.have_object(ctx['type'], token) or re.match(Object.TYPE_PATTERNS[ctx['type']], token) : {
435	453	VAR : 'value',
436		HELP : { '<network>' : 'Network.' },
437		ACTION : create_object,
438		'.+' : {
439		VAR : 'description',
440		HELP : { '<description>' : 'Description of object.' },
	454	HELP : lambda ctx: help_object(ctx, ctx['type']),
	455	ACTION : {
	456	IF_VAR : 'value',
441	457	ACTION : create_object,
442	458	},
443		},
444		},
445		},
446		Object.PORT : {
447		VAR : 'type',
448		HELP : 'Create port object.',
449		Object.NAME_PATTERN : {
450		VAR : 'name',
451		HELP : { '<name>' : 'Name of object to create.' },
452		Object.PORT_PATTERN : {
453		VAR : 'value',
454		HELP : { '<port>' : 'Port.' },
455		ACTION : create_object,
456		'.+' : {
457		VAR : 'description',
458		HELP : { '<description>' : 'Description of object.' },
459		ACTION : create_object,
	459	JUMP : 'create',
	460	'description' : {
	461	'.+' : {
	462	VAR : 'description',
	463	HELP : { '<description>' : 'Description of object.' },
	464	JUMP : 'create',
	465	},
	466	HELP : 'Optional description of object.'
460	467	},
461	468	},
…	…
467	474	'\|'.join(Resolver.get_object_types()) : {
468	475	VAR : 'type',
469		HELP : {
470		'network' : 'Remove network object.',
471		'port' : 'Remove port object.',
472		},
	476	HELP : lambda ctx: [(x + 's', 'Remove %s objects' % x) for x in Resolver.get_object_types()],
473	477	},
474	478	},
…	…
479	483	ACTION : list_objects,
480	484	},
481		'~~\|'.join(Resolver.get_object_types())~~ : {
	485	's\|'.join(Resolver.get_object_types()) + 's' : {
482	486	VAR : 'type',
483		HELP : lambda ctx: [(x, 'List %s objects' % x) for x in Resolver.get_object_types()],
	487	HELP : lambda ctx: [(x + 's', 'List %s objects' % x) for x in Resolver.get_object_types()],
484	488	ACTION : list_objects,
485	489	},
…	…
487	491	},
488	492	'delete' : {
489		GROUP : 10,
	493	GROUP : 20,
490	494	IF : have_modifiable_firewall,
491	495	HELP : 'Remove rule(s) from the ruleset.',
…	…
499	503	},
500	504	'list' : {
501		GROUP : 10,
	505	GROUP : 20,
502	506	IF : have_firewall,
503	507	HELP : 'List ruleset.',
…	…
505	509	},
506	510	'move' : {
507		GROUP : 10,
	511	GROUP : 20,
508	512	IF : have_modifiable_firewall,
509	513	HELP : 'Move rule.',

fwc/trunk/Object.py

r117	r118
8	8	PORT_PATTERN = r'\d{1,5}'
9	9	PROTOCOL_PATTERN = r'\d{1,3}'
	10
	11	TYPE_PATTERNS = {
	12	'network' : NETWORK_PATTERN,
	13	'port' : PORT_PATTERN,
	14	'protocol' : PROTOCOL_PATTERN,
	15	}
10	16
11	17	# Regex matching a valid object name

fwc/trunk/Resolver.py

r117	r118
48	48	self.add_object(Object(Object.NETWORK, 'any', '0.0.0.0/0', 'Any network address'))
49	49	self.add_object(Object(Object.NETWORK, 'localhost', '127.0.0.1', 'Local host'))
50		self.add_object(Object(Object.PORT, 'any', '0~~-65535~~', 'Any port'))
	50	self.add_object(Object(Object.PORT, 'any', '0', 'Any port'))
51	51	# Default protocols
52	52	self.add_object(Object(Object.PROTOCOL, 'tcp', '6', 'Transmission Control Protocol'))
53	53	self.add_object(Object(Object.PROTOCOL, 'udp', '17', 'User Datagram Protocol'))
54	54	self.add_object(Object(Object.PROTOCOL, 'icmp', '1', 'Internet Control Message Protocol'))
	55
	56	def have_object(self, type, name):
	57	if type in self.__objects and name in self.__objects[type]:
	58	return self.__objects[type][name]
	59	return None
55	60
56	61	def resolve_object(self, type, name):
…	…
86	91	raise Resolver.InvalidObject("Object '%s:%s' not in ruleset" % (object.type, object.name))
87	92
88		def populate_defaults(self, types = get_object_types()):
	93	def populate_defaults(self, types = get_object_types(), with_aliases = False):
89	94	""" Populate object database from system. """
90	95	for type in types:
	96	if type[-1] == 's': type = type[0:-1]
91	97	objects = 0
92	98	if type == Object.PORT:
…	…
103	109	name = tokens.pop(0)
104	110	port, proto = tokens.pop(0).split('/')
105		tokens.insert(0, name)
	111	if with_aliases:
	112	tokens.insert(0, name)
	113	else:
	114	tokens = [ name ]
106	115	for token in tokens:
107	116	try:
…	…
127	136	ip, names = host.split(None, 1)
128	137	names = names.split()
	138	if not with_aliases:
	139	names = names[0:1]
129	140	for name in names:
130	141	try:
…	…
163	174	pass
164	175	info("added", objects, "protocol objects")
	176	else:
	177	raise Resolver.Error("can't import unknown object type '%s'" % type)
165	178
166	179	@staticmethod
…	…
170	183
171	184	def get_objects(self, type):
	185	if type[-1] == 's': type = type[0:-1]
172	186	return self.__objects[type].values()
173	187

Navigation

Changeset 118

Legend:

fwc/trunk/fwc

fwc/trunk/Object.py

fwc/trunk/Resolver.py

Download in other formats: