Navigation

← Previous Changeset
Next Changeset →

Changeset 125

Timestamp:

06/15/05 20:01:56 (3 years ago)

Author:

athomas

Message:

Added a dedicated Config class with read only attributes, descriptions, etc.
Added LinuxIPTables. Acquisition of Linux firewalls is working.
Firewall grammar merging is now working.

Files:

fwc/trunk/Config.py (added)
fwc/trunk/ConfigReader.py (deleted)
fwc/trunk/Engine.py (modified) (26 diffs)
fwc/trunk/Firewall.py (modified) (6 diffs)
fwc/trunk/fwc (modified) (2 diffs)
fwc/trunk/LinuxIPTables.py (moved) (moved from fwc/trunk/IPTables.py) (6 diffs)
fwc/trunk/Resolver.py (modified) (1 diff)
fwc/trunk/Rule.py (deleted)
fwc/trunk/util.py (modified) (1 diff)

Legend:

: Unmodified
: Added
: Removed
: Modified
: Copied
: Moved

fwc/trunk/Engine.py

r124	r125
3	3	import socket
4	4	from ConfigParser import RawConfigParser
	5	from Config import Config
5	6	from string import Template
6	7	from CLY.Parser import Parser
7	8	from CLY.Symbols import *
8	9	from util import *
9		~~from Rule import Rule~~
10	10	from Resolver import Resolver
11	11	from Firewall import Firewall
12		from ~~IPTables import~~ IPTables
	12	from LinuxIPTables import LinuxIPTables
13	13	from Object import Object
14	14	from Singleton import Singleton
…	…
17	17	class Engine(Singleton):
18	18	version = '0.1'
19		firewall_types = ~~('IPTables',)~~
	19	firewall_types = {'linux' : 'LinuxIPTables'}
20	20
21	21	class Error(Exception): pass
…	…
24	24	self.__config = RawConfigParser()
25	25	self.__config.read(['/etc/fwcrc', os.path.expanduser('~/.fwcrc')])
	26	self.config = Config()
	27	self.config.define('prompt', 'fwc> ', 'FWC prompt')
	28	# TODO: Merge loaded config into self.config
26	29	self.__firewalls = {}
27	30	# Grammar hooks.
…	…
54	57	VAR : 'where',
55	58	HELP : {
56		'top' : 'Insert rule at top of ~~ruleset~~.',
57		'bottom' : 'Insert rule at bottom of ~~ruleset~~ (default).',
	59	'top' : 'Insert rule at top of policy.',
	60	'bottom' : 'Insert rule at bottom of policy (default).',
58	61	},
59	62	JUMP : RETURN,
…	…
122	125	IF : have_firewall,
123	126	GLOBAL_LABEL : 'commands',
124		MERGE : [ self.__placement_rules, self.__protocol_rules ],
	127	MERGE : [ self.__placement_rules, self.__protocol_rules, self.__hooks['match'] ],
125	128	VAR : 'action',
126	129	ACTION : {
…	…
168	171	},
169	172
	173	},
	174	'in' : {
	175	GROUP : 20,
	176	HELP : 'Match packets coming in an interface.',
	177	lambda ctx, arg: INTERFACE(ctx, arg) and 'in_if' not in ctx or arg not in ctx['in_if'] : {
	178	HELP : lambda ctx: [(k, v) for k, v in help_interface(ctx).iteritems() if 'in_if' not in ctx or k not in ctx['in_if']],
	179	VAR : 'in_if',
	180	LABEL : 'in-if',
	181	JUMP_TO : 'in-if',
	182	JUMP : 'commands',
	183	},
	184	},
	185	'out' : {
	186	GROUP : 20,
	187	HELP : 'Match packets going out an interface.',
	188	INTERFACE : {
	189	HELP : help_interface,
	190	VAR : 'out_if',
	191	LABEL : 'out-if',
	192	JUMP_TO : 'out-if',
	193	JUMP : 'commands',
	194	},
170	195	},
171	196	'from' : {
…	…
279	304	'object' : {
280	305	IF : have_firewall,
281		HELP : '~~Ruleset~~ object manipulation.',
	306	HELP : 'Firewall object manipulation.',
282	307	'import' : {
283	308	LABEL : 'import',
…	…
299	324	},
300	325	'create' : {
301		HELP : 'Create a ~~ruleset~~ object.',
	326	HELP : 'Create a policy object.',
302	327	'\|'.join(Resolver.get_object_types()) : {
303	328	VAR : 'type',
…	…
334	359	},
335	360	'delete' : {
336		HELP : 'Delete a ~~ruleset~~ object.',
	361	HELP : 'Delete a policy object.',
337	362	's\|'.join(Resolver.get_object_types()) + 's' : {
338	363	VAR : 'type',
…	…
375	400	GROUP : 20,
376	401	IF : have_firewall,
377		HELP : 'Remove rule(s) from the ~~ruleset~~.',
	402	HELP : 'Remove rule(s) from the policy.',
378	403	LABEL : 'rule',
379	404	RULE : {
…	…
387	412	GROUP : 20,
388	413	IF : have_firewall,
389		HELP : 'List ~~ruleset~~.',
390		ACTION : self.__list_~~ruleset~~,
	414	HELP : 'List policy.',
	415	ACTION : self.__list_policy,
391	416	},
392	417	'move' : {
…	…
407	432	'firewall' : {
408	433	HELP : "Commands for firewall management.",
	434	'set' : {
	435	GROUP : 10,
	436	IF : have_firewall,
	437	HELP : 'Display or set firewall settings',
	438	ACTION : {
	439	HELP : 'List current settings.',
	440	ACTION : self.__list_firewall_settings,
	441	},
	442	lambda ctx, setting: setting in self.firewall.config and not self.firewall.config.readonly(setting): {
	443	VAR : 'setting',
	444	HELP : lambda ctx: [ (v, 'Set ' + self.firewall.config.help(v)) for v in self.firewall.config if not self.firewall.config.readonly(v) ],
	445	lambda ctx, value: self.firewall.config.validate(ctx['setting'], value) : {
	446	VAR : 'value',
	447	HELP : ('<value>', 'Value for setting'),
	448	ACTION : self.__firewall_set,
	449	},
	450	},
	451	},
	452	'unset' : {
	453	GROUP : 10,
	454	HELP : 'Unset a firewall setting.',
	455	IF : have_firewall,
	456	lambda ctx, setting: setting in self.firewall.config and not self.firewall.config.readonly(setting): {
	457	VAR : 'setting',
	458	HELP : lambda ctx: [ (v, 'Unset ' + self.firewall.config.help(v)) for v in self.firewall.config if not self.firewall.config.readonly(v) ],
	459	ACTION : self.__firewall_unset,
	460	}
	461	},
409	462	'acquire' : {
410	463	HELP : 'Acquire a firewall for management.',
…	…
412	465	VAR : 'name',
413	466	HELP : ('<name>', 'Name of firewall.'),
414		LABEL : 'acquire',
415		IP : {
416		UNLESS : lambda ctx: 'ip' in ctx,
417		VAR : 'ip',
418		HELP : lambda ctx: ('<ip>', 'Management IP address of firewall%s.' % (name_to_ip(ctx['name']) and ' (' + name_to_ip(ctx['name']) + ')' or '')),
	467	FIREWALL_TYPE : {
	468	VAR : 'type',
419	469	JUMP : 'acquire',
420		},
421		~~FIREWALL_TYPE : {~~
422		~~IF : lambda ctx: 'ip' in ctx or name_to_ip(ctx['name']),~~
423		~~VAR : 'type',~~
424	470	HELP : help_firewall_type,
425		ACTION : lambda ctx, args: self.acquire_firewall(args),
	471	LABEL : 'acquire',
	472	'description' : {
	473	UNLESS_VAR : 'description',
	474	HELP : 'Set description of firewall.',
	475	'.*' : {
	476	HELP : ('<description>', 'Description of firewall'),
	477	VAR : 'description',
	478	JUMP : 'acquire',
	479	},
	480	},
	481	IP : {
	482	UNLESS : lambda ctx: 'ip' in ctx,
	483	VAR : 'ip',
	484	HELP : lambda ctx: ('<ip>', 'Management IP address of firewall%s.' % (name_to_ip(ctx['name']) and ' (' + name_to_ip(ctx['name']) + ')' or '')),
	485	JUMP : 'acquire',
	486	},
	487	ACTION : {
	488	IF : lambda ctx: 'type' in ctx and ('ip' in ctx or name_to_ip(ctx['name'])),
	489	ACTION : lambda ctx, args: self.acquire_firewall(args),
	490	},
426	491	},
427	492	},
…	…
429	494	'list' : {
430	495	HELP : "List available firewalls.",
	496	ACTION : self.__list_firewalls,
431	497	},
432	498	'switch' : {
433		HELP : 'Switch firewall.',
	499	HELP : 'Switch active firewall.',
434	500	FIREWALL : {
435	501	VAR : 'firewall',
…	…
439	505	},
440	506	},
441		~~FIREWALL : {~~
442		~~GROUP : 10,~~
443		~~VAR : 'firewall',~~
444		~~HELP : help_firewall,~~
445		~~'list' : {~~
446		~~HELP : 'List settings for this firewall.',~~
447		~~ACTION : lambda ctx, firewall: self.__list_firewall_settings(firewall),~~
448		},
449		},
450	507	},
451	508	}
…	…
453	510	self._parser = Parser(self.__grammar)
454	511
455
456		def __list_objects(self, context, type = 'all', filter = '*'):
	512	def __firewall_set(self, ctx, setting, value):
	513	try:
	514	self.firewall.config[setting] = value
	515	except Config.Error, e:
	516	error(e)
	517
	518	def __firewall_unset(self, ctx, setting):
	519	try:
	520	del(self.firewall.config[setting])
	521	except Config.Error, e:
	522	error(e)
	523
	524	def __list_firewalls(self, ctx):
	525	for fw in sorted(self.__firewalls.values(), lambda a, b: cmp(a.name, b.name)):
	526	if self.firewall == fw:
	527	out = '^B*^B '
	528	else:
	529	out = ' '
	530	out += '^B%s^B ^B%s^B ^B%s^B' % (fw.config.name, fw.config.type, fw.config.ip)
	531	if fw.config.description:
	532	out += ' description ^B"%s"^B' % fw.config.description
	533	cprint(out)
	534
	535	def __list_objects(self, ctx, type = 'all', filter = '*'):
457	536	if type == 'all':
458	537	type = Resolver.get_object_types()
…	…
468	547
469	548	def __list_firewall_settings(self, firewall):
470		heading = ['^B^USetting^N', '^B^UValue^N']
	549	heading = ['^B^USetting^N', '^B^UValue^N', '^B^UDescription^N']
471	550	rows = []
472		firewall = self.__firewalls[firewall]
473		for var in firewall.listv():
474		rows.append([var, firewall.rawgetv(var)])
	551	for var in self.firewall.config:
	552	rows.append([var, self.firewall.config[var], self.firewall.config.help(var)])
475	553	rows.sort(lambda a, b: cmp(a[0], b[0]))
476	554	print_table(rows, heading)
477	555
478	556	def __firewall_class(self, type):
479		~~for i in self.firewall_types:~~
480		~~if i.lower() == type:~~
481		~~type = i~~
482		~~break~~
483	557	from DynamicLoader import loadClass
484		return loadClass('%s.%s' % (~~type, type~~))
485
486		def acquire_firewall(self, name, type, ip = None):
	558	return loadClass('%s.%s' % (self.firewall_types[type], self.firewall_types[type]))
	559
	560	def acquire_firewall(self, name, type, ip = None, description = ''):
487	561	if name in self.__firewalls:
488	562	raise Engine.Error("Firewall '%s' already acquired" % name)
…	…
501	575	fw = FirewallClass(name, ip, self)
502	576	fw.acquire()
	577	fw.config.description = description
503	578	self.set_firewall(fw)
	579	except KeyboardInterrupt:
	580	warning("User aborted acquisition of firewall")
504	581	except Exception, e:
505	582	error(e)
506	583
507		def quit(self, c~~ontext~~ = None):
	584	def quit(self, ctx = None):
508	585	info("Firewall console exit.")
509	586	sys.exit(0)
510	587
511		def __insert_rule(self, context, action, source = [], sport = [], destination = [], dport = [], protocol = None, description = None, where = 'bottom', index = None, state = 'new', log = None, reject_type = None, reject_subtype = None):
	588	def __insert_rule(self, ctx, source = [], sport = [], in_if = [], destination = [], dport = [], out_if = [], log = None, index = None, where = 'bottom', **argd):
512	589	if log:
513	590	if log == 'log':
…	…
516	593	log = log[1]
517	594	if index != None: index = int(index)
518		self.firewall.add(Rule(action, tolist(source), tolist(sport), tolist(destination), tolist(dport), protocol, description, state, log, reject_type, reject_subtype), where, index)
519
520		def __remove_rule(self, context, rules):
	595	try:
	596	source = tolist(source)
	597	sport = tolist(sport)
	598	in_if = tolist(in_if)
	599	destination = tolist(destination)
	600	dport = tolist(dport)
	601	out_if = tolist(out_if)
	602	self.firewall.add(self.firewall.Rule(
	603	source = source, sport = sport, in_if = in_if,
	604	destination = destination, dport = dport, out_if = out_if,
	605	**argd),
	606	where, index)
	607	except Firewall.Error, e:
	608	error(e)
	609
	610	def __remove_rule(self, ctx, rules):
521	611	self.firewall.remove(map(int, rules))
522	612
523		def __move_rule(self, c~~ontext~~, old, where = 'top', index = None):
	613	def __move_rule(self, ctx, old, where = 'top', index = None):
524	614	if index and old == index: return
525	615	try:
…	…
532	622	raise
533	623
534		def __list_ruleset(self, context):
535		for ruleno, rule in enumerate(self.firewall.get_rules()):
536		cmd = "^B%s^B" % rule.action
537		if rule.state != 'new':
538		cmd += " state ^B" + rule.state + "^B"
539		if rule.protocol:
540		try:
541		cmd += ' protocol ^B%s^B' % int(rule.protocol)
542		except:
543		cmd += " ^B" + rule.protocol + "^B"
544		if rule.source or rule.sport:
545		cmd += " from"
546		if rule.source:
547		cmd += " ^B" + ' '.join(rule.source) + "^B"
548		if rule.sport:
549		cmd += " port ^B" + ' '.join(rule.sport) + "^B"
550		if rule.destination or rule.dport:
551		cmd += " to"
552		if rule.destination:
553		cmd += " ^B" + ' '.join(rule.destination) + "^B"
554		if rule.dport:
555		cmd += " port ^B" + ' '.join(rule.dport) + "^B"
556		if rule.reject_type:
557		cmd += " with ^B%s^B" % rule.reject_type
558		if rule.reject_subtype:
559		cmd += " ^B%s^B" % rule.reject_subtype
560		if rule.log:
561		cmd += " log"
562		if type(rule.log) is str:
563		cmd += " message ^B'%s'^B" % rule.log
564		if rule.description:
565		cmd += " description ^B'%s'^B" % rule.description
566		cprint("^B%3i:^B %s" % (ruleno, cmd))
567
568		def __create_object(self, context, type, name, value, description = None):
	624	def __list_policy(self, ctx):
	625	self.firewall.list_rules()
	626
	627	def __create_object(self, ctx, type, name, value, description = None):
569	628	try:
570	629	self.resolver.add_object(Object(type, name, value, description))
…	…
588	647	self.unhook(hook, grammar)
589	648	self.resolver = None
	649	self.prompt = 'fwc> '
590	650
591	651	self.firewall = firewall
592	652	if self.firewall:
593	653	self.resolver = firewall.resolver
594		self.__firewalls[firewall.name] = firewall
	654	self.__firewalls[firewall.config.name] = firewall
595	655	for hook, grammar in firewall.hooks.iteritems():
596	656	self.hook(hook, grammar)
597		info("Current firewall: " + self.firewall.name)
	657	self.prompt = 'fwc:%s> ' % firewall.config.name
	658	info("Current firewall: ^B" + firewall.config.name + "^B")
598	659
599	660	def hook(self, hook, grammar):
…	…
605	666	self.__hooks[hook].remove(grammar)
606	667
607		~~def rawgetv(self, section, key, default = None):~~
608		~~try:~~
609		~~return self.__config.get(section, key)~~
610		~~except:~~
611		~~return default~~
612
613		~~def getv(self, section, key, default = None):~~
614		~~try:~~
615		~~return self.expandv(section, self.__config.get(section, key))~~
616		~~except:~~
617		~~return default~~
618
619		~~def hasv(self, section, key):~~
620		~~return self.__config.has_option(section, key)~~
621
622		~~def setv(self, section, key, value):~~
623		~~return self.__config.set(section, key, value)~~
624
625		~~def setdefaultv(self, section, key, value):~~
626		~~if not self.hasv(section, key):~~
627		~~self.setv(section, key, value)~~
628
629		~~def listv(self, section):~~
630		~~return self.__config.options(section)~~
631
632		~~def expandv(self, section, text):~~
633		~~vars = dict(self.__config.items(section))~~
634		~~lasttext = ''~~
635		~~while '$' in text and lasttext != text:~~
636		~~lasttext = text[:]~~
637		~~text = Template(text).safe_substitute(vars)~~
638		~~return text~~
639
640	668
641	669
642		def check_port_protocol(c~~ontext~~):
643		return 'protocol' in c~~ontext~~ and context['protocol'] in [ 'tcp', 'udp' ]
644
645		def have_firewall(c~~ontext~~):
	670	def check_port_protocol(ctx):
	671	return 'protocol' in ctx and context['protocol'] in [ 'tcp', 'udp' ]
	672
	673	def have_firewall(ctx):
646	674	""" Return true if the current firewall is have_firewall. """
647	675	return Engine().firewall
648	676
649		def help_object(c~~ontext~~, type, include_generic = True):
	677	def help_object(ctx, type, include_generic = True):
650	678	if include_generic:
651	679	help = { '<%s>' % type : '%s object.' % type.title() }
…	…
659	687	return help
660	688
661		def help_network(c~~ontext~~):
	689	def help_network(ctx):
662	690	help = { '<network>' : 'Network address.'}
663		for o in Engine().firewall.resolver.get_objects(~~'network'~~):
	691	for o in Engine().firewall.resolver.get_objects(Object.NETWORK):
664	692	if o.description:
665	693	help[o.name] = "%s (%s)" % (o.description, ', '.join(tolist(o.value)))
…	…
668	696	return help
669	697
670		def help_port(context):
	698	def help_interface(ctx):
	699	help = { '<interface>' : 'Interface name.'}
	700	for o in Engine().firewall.resolver.get_objects(Object.INTERFACE):
	701	if o.description:
	702	help[o.name] = "%s (%s)" % (o.description, ', '.join(tolist(o.value)))
	703	else:
	704	help[o.name] = o.value
	705	return help
	706
	707	def help_port(ctx):
671	708	help = { '<port>' : 'Port.'}
672		for o in Engine().firewall.resolver.get_objects(~~'port'~~):
	709	for o in Engine().firewall.resolver.get_objects(Object.PORT):
673	710	text = o.description or "Port object %s" % o.name
674	711	help[o.name] = text + " (%s)" % ', '.join(tolist(o.value))
675	712	return help
676	713
677		def help_firewall(c~~ontext~~):
	714	def help_firewall(ctx):
678	715	help = {}
679	716	for name, fw in Engine()._Engine__firewalls.iteritems():
680		help[name] = "Firewall %s" % fw.name
	717	if fw.description:
	718	help[name] = fw.description
	719	else:
	720	help[name] = "Firewall %s" % fw.name
681	721	if Engine().firewall == fw:
682	722	help[name] += ' ^B(current)^B'
…	…
691	731
692	732
693		def IP(c~~ontext~~, str):
	733	def IP(ctx, str):
694	734	return re.match(Object.IP_PATTERN, str)
695	735
696		def NETWORK(context, str):
	736	def INTERFACE(ctx, str):
	737	return re.match(Object.INTERFACE_PATTERN, str) \
	738	or str in help_object(ctx, 'interface')
	739
	740	def NETWORK(ctx, str):
697	741	return re.match(Object.NETWORK_PATTERN, str) \
698		or str in help_object(c~~ontext~~, 'network')
699
700		def PORT(c~~ontext~~, str):
	742	or str in help_object(ctx, 'network')
	743
	744	def PORT(ctx, str):
701	745	return re.match(Object.PORT_PATTERN, str) \
702		or str in help_object(c~~ontext~~, 'port')
703
704		def PORT_RANGE(c~~ontext~~, str):
	746	or str in help_object(ctx, 'port')
	747
	748	def PORT_RANGE(ctx, str):
705	749	range = str.split('-')
706		return PORT(c~~ontext~~, range[0]) and (len(range) < 2 or len(range) > 1 and PORT(context, range[1]))
707
708		def RULE(c~~ontext~~, str):
	750	return PORT(ctx, range[0]) and (len(range) < 2 or len(range) > 1 and PORT(context, range[1]))
	751
	752	def RULE(ctx, str):
709	753	try:
710	754	return int(str) >= 0 and int(str) < len(Engine().firewall.get_rules())
…	…
712	756	return False
713	757
714		def FIREWALL(c~~ontext~~, arg):
715		return arg in help_firewall(c~~ontext~~)
716
717		def help_firewall_type(c~~ontext~~):
	758	def FIREWALL(ctx, arg):
	759	return arg in help_firewall(ctx)
	760
	761	def help_firewall_type(ctx):
718	762	help = {}
719		for type in Engine().firewall_types:
	763	for type in Engine().firewall_types.keys():
720	764	help[type.lower()] = 'Firewall type %s' % type
721	765	return help
722	766
723		def FIREWALL_TYPE(c~~ontext~~, arg):
724		return arg in ~~map(str.lower, Engine().firewall_types)~~
	767	def FIREWALL_TYPE(ctx, arg):
	768	return arg in Engine().firewall_types

fwc/trunk/Firewall.py

r124	r125
1		from Config~~Reader import ConfigReader~~
	1	from Config import Config
2	2	from Resolver import Resolver
3		~~from Rule import Rule~~
4	3	from Object import Object
5		from util import abstract
	4	from util import *
	5	import re
6	6
7		class Firewall~~(ConfigReader)~~:
	7	class Firewall:
8	8	"""
9	9	The Firewall class contains all
…	…
14	14	class InvalidRule(Error): pass
15	15
16		def __init__(self, name, ip, engine, hooks = {}):
17		ConfigReader.__init__(self, 'firewall-' + name, engine)
	16	class Rule:
	17	def __init__(self, action = None, source = [], sport = [], destination = [], dport = [], protocol = [], description = None, log = None, reject_type = None, reject_subtype = None, in_if = None, out_if = None):
	18	self.action = action
	19	self.source = source
	20	self.sport = sport
	21	self.dport = dport
	22	self.destination = destination
	23	self.source = source
	24	self.protocol = protocol
	25	self.description = description
	26	self.log = log
	27	self.reject_type = reject_type
	28	self.reject_subtype = reject_subtype
	29	self.in_if = in_if
	30	self.out_if = out_if
	31
	32	def __init__(self, type, name, ip, engine, hooks = {}):
	33	self.config = Config()
	34	self.config.define('type', type, 'Type of firewall', readonly = 1)
	35	self.config.define('name', name, 'Firewall name', readonly = 1)
	36	self.config.define('ip', ip, 'Management IP address of firewall')
	37	self.config.define('description', '', 'Description of firewall')
18	38	self.__rules = []
19	39	self.resolver = Resolver()
20		self.~~name, self.ip, self.engine, self.hooks = name, ip,~~ engine, hooks
	40	self.engine, self.hooks = engine, hooks
21	41
22	42	def resolve_rule(self, rule):
…	…
48	68	raise Firewall.InvalidIndex("invalid location '%s' for rule addition" % where)
49	69	except IndexError:
50		raise Firewall.InvalidIndex("Invalid ~~ruleset~~ index %s" % index)
	70	raise Firewall.InvalidIndex("Invalid policy index %s" % index)
51	71
52	72	def move(self, old, new):
…	…
64	84	raise
65	85	except IndexError:
66		raise InvalidRule("Invalid ~~ruleset~~ index %s or %s" % (old, new))
	86	raise InvalidRule("Invalid policy index %s or %s" % (old, new))
67	87
68	88	def remove(self, index):
…	…
83	103	return self.__rules[rule]
84	104
	105	def describe_rule(self, rule, pretty = True):
	106	description = "^B%s^B" % rule.action
	107	if rule.protocol:
	108	try:
	109	description += ' protocol ^B%s^B' % int(rule.protocol)
	110	except:
	111	description += " ^B" + rule.protocol + "^B"
	112	if rule.source or rule.sport:
	113	description += " from"
	114	if rule.source:
	115	description += " ^B" + ' '.join(rule.source) + "^B"
	116	if rule.sport:
	117	description += " port ^B" + ' '.join(rule.sport) + "^B"
	118	if rule.in_if:
	119	description += " in ^B%s^B" % ' '.join(rule.in_if)
	120	if rule.destination or rule.dport:
	121	description += " to"
	122	if rule.destination:
	123	description += " ^B" + ' '.join(rule.destination) + "^B"
	124	if rule.dport:
	125	description += " port ^B" + ' '.join(rule.dport) + "^B"
	126	if rule.out_if:
	127	description += " out ^B%s^B" % ' '.join(rule.out_if)
	128	if rule.reject_type:
	129	description += " with ^B%s^B" % rule.reject_type
	130	if rule.reject_subtype:
	131	description += " ^B%s^B" % rule.reject_subtype
	132	if rule.log:
	133	description += " log"
	134	if type(rule.log) is str:
	135	description += " message ^B'%s'^B" % rule.log
	136	if rule.description:
	137	description += " description ^B'%s'^B" % rule.description
	138	if not pretty:
	139	description = re.sub(r'\^.', '', description)
	140	return description
	141
	142	def list_rules(self):
	143	for ruleno, rule in enumerate(self.__rules):
	144	cprint("^B%3i:^B %s" % (ruleno, self.describe_rule(rule)))
	145
85	146	def get_rules(self):
86	147	return self.__rules
…	…
91	152	@abstract
92	153	def install(self):
93		""" Install ~~ruleset~~ on the given firewall. """
	154	""" Install policy on the given firewall. """
94	155
95	156	@abstract

fwc/trunk/fwc

r123	r125
10	10	from CLY.Interactive import interact
11	11	from util import *
12		~~from Rule import Rule~~
13	12	from Object import Object
14	13	from Firewall import Firewall
…	…
28	27
29	28	while True:
30		result = interact(engine._parser, engine.~~getv('default', 'prompt', 'fwc> ')~~)
	29	result = interact(engine._parser, engine.config.prompt)
31	30
32	31	if result.state == Result.NOP:

fwc/trunk/LinuxIPTables.py

r124	r125
1	1	from Interface import Interface
2	2	from Firewall import Firewall
3		~~from ConfigReader import ConfigReader~~
4	3	from CLY.Symbols import *
5	4	from Object import Object
…	…
7	6	import os
8	7
9		class IPTables(Firewall):
	8	class LinuxIPTables(Firewall):
	9	class Rule(Firewall.Rule):
	10	def __init__(self, state = [], **dargs):
	11	Firewall.Rule.__init__(self, **dargs)
	12	if state: state = tolist(state)
	13	self.state = state
	14
10	15	def __init__(self, name, ip, engine):
11		Firewall.__init__(self, name, ip, engine, {
	16	self.__states = {
	17	'new' : 'Match new connections.',
	18	'established' : 'Match established connections.',
	19	'invalid' : 'Match invalid connections.',
	20	'related' : 'Match related connections.',
	21	}
	22	Firewall.__init__(self, 'linux', name, ip, engine, {
12	23	'match' : {
13	24	'state' : {
…	…
15	26	RANGE : 1,
16	27	HELP : 'Match connections in this state (default: new).',
17		~~'new\|established\|invalid\|related'~~ : {