conntrackt Changeset - 2b2462d3175a

Changeset - 2b2462d3175a

Parent rev.

Child rev.

[Not reviewed]

default

0 2 0

Branko Majic (branko) - 11 years ago 2013-06-23 19:39:23
branko@majic.rs

Switched to using new implementation for generating iptables file.

2 files changed with 30 insertions and 11 deletions:

conntrackt/iptables.py

conntrackt/utils.py

0 comments (0 inline, 0 general)

conntrackt/iptables.py

➞

Show inline comments

 # Python imports.
 from operator import attrgetter
 class Rule(object):
     """
     Class representing a single iptables rule. The representation does not
@@ @@ -61,7 +62,7 @@ class Rule(object): @@
         Returns:
-        String representation of the rule.
         String representation of the rule.
         """
         return self.__unicode__()
@@ @@ -90,7 +91,7 @@ class Chain(object): @@
         if default not in ("ACCEPT", "DROP", "REJECT"):
             raise ValueError("Unsupported default target specified: %s" % default)
         self.name = name
         self.default = default
         self.rules = []
@@ @@ -131,7 +132,7 @@ class Chain(object): @@
         rules.sort(key=attrgetter("description"))
         # Use this property to figure out if we need new line separator.
         previous_description=None
+        previous_description = None
         # Process each rule.
         for rule in rules:
@@ @@ -219,4 +220,3 @@ class Table(object): @@
         """
         return self.__unicode__()

conntrackt/utils.py

➞

Show inline comments

@@ @@ -4,6 +4,9 @@ import re @@
 # Django imports.
 from django.template import Context, loader
 # Application imports.
 import iptables
 def generate_entity_iptables(entity):
     """
@@ @@ -20,14 +23,30 @@ def generate_entity_iptables(entity): @@
         String containing the iptables rules for entity.
     """
     # Render the iptables template.
     template = loader.get_template('conntrackt/entity_iptables.html')
     context = Context({'entity': entity})
     content = template.render(context)
     # Fetch list of incoming communications.
     incoming = entity.incoming_communications()
     # Set-up the nat table.
     nat = iptables.Table("nat")
     for chain in ("PREROUTING", "INPUT", "OUTPUT", "POSTROUTING"):
         nat.add_chain(iptables.Chain(chain, "ACCEPT"))
     # Set-up the filter table INPUT chain.
     filter = iptables.Table("filter")
     input = iptables.Chain("INPUT", "DROP")
     # Remove the blank lines.
     content = re.sub('^\s*\n', '', content)
     content = re.sub('\n\s*\n', '\n', content)
     for communication in incoming:
         source = "%s/%s" % (communication.source.address, communication.source.netmask)
         destination = "%s/%s" % (communication.destination.address, communication.destination.netmask)
         input.add_rule(iptables.Rule(source, destination, communication.protocol, communication.port, communication.description))
     filter.add_chain(input)
     # Set-up empty chains.
     filter.add_chain(iptables.Chain("OUTPUT", "ACCEPT"))
     filter.add_chain(iptables.Chain("FORWARD", "DROP"))
     # Construct the iptables file using the two tables.
     content = "%s%s" % (filter, nat)
     return content

0 comments (0 inline, 0 general)