Files
@ 9b889983cd7b
Branch filter:
Location: conntrackt/conntrackt/utils.py - annotation
9b889983cd7b
1.6 KiB
text/x-python
CONNT-15: Fixed some headline stuff. Added context tests for generated headlines.
90fac7c6abb9 90fac7c6abb9 90fac7c6abb9 f397b9db8183 90fac7c6abb9 90fac7c6abb9 2b2462d3175a 2b2462d3175a 2b2462d3175a 90fac7c6abb9 90fac7c6abb9 90fac7c6abb9 90fac7c6abb9 90fac7c6abb9 90fac7c6abb9 90fac7c6abb9 90fac7c6abb9 90fac7c6abb9 90fac7c6abb9 90fac7c6abb9 90fac7c6abb9 90fac7c6abb9 90fac7c6abb9 90fac7c6abb9 90fac7c6abb9 2b2462d3175a 2b2462d3175a 2b2462d3175a 2b2462d3175a 2b2462d3175a 2b2462d3175a 2b2462d3175a 2b2462d3175a 2b2462d3175a 2b2462d3175a 2b2462d3175a 90fac7c6abb9 f4bb5c3c3539 f4bb5c3c3539 f4bb5c3c3539 2b2462d3175a 2b2462d3175a 2b2462d3175a 2b2462d3175a 2b2462d3175a 2b2462d3175a 2b2462d3175a 2b2462d3175a 2b2462d3175a 2b2462d3175a 2b2462d3175a 2b2462d3175a 90fac7c6abb9 90fac7c6abb9 | # Standard library imports.
import re
# Django imports.
from django.template import Context, loader
# Application imports.
import iptables
def generate_entity_iptables(entity):
"""
Generates full iptables rules for the supplied entity. The generated rules
can be fed directly to the iptables-restore utility.
Arguments:
entity - An Entity instance for which the iptables rules should be
generated.
Returns:
String containing the iptables rules for entity.
"""
# Fetch list of incoming communications.
incoming = entity.incoming_communications()
# Set-up the nat table.
nat = iptables.Table("nat")
for chain in ("PREROUTING", "INPUT", "OUTPUT", "POSTROUTING"):
nat.add_chain(iptables.Chain(chain, "ACCEPT"))
# Set-up the filter table INPUT chain.
filter = iptables.Table("filter")
input = iptables.Chain("INPUT", "DROP")
input.add_rule(iptables.LoopbackRule())
input.add_rule(iptables.RelatedRule())
for communication in incoming:
source = "%s/%s" % (communication.source.address, communication.source.netmask)
destination = "%s/%s" % (communication.destination.address, communication.destination.netmask)
input.add_rule(iptables.Rule(source, destination, communication.protocol, communication.port, communication.description))
filter.add_chain(input)
# Set-up empty chains.
filter.add_chain(iptables.Chain("OUTPUT", "ACCEPT"))
filter.add_chain(iptables.Chain("FORWARD", "DROP"))
# Construct the iptables file using the two tables.
content = "%s%s" % (filter, nat)
return content
|