Logo Search packages:      
Sourcecode: ufw version File versions

def src::frontend::UFWFrontend::set_rule (   self,
  rule,
  ip_version 
)

Updates firewall with rule

Definition at line 441 of file frontend.py.

00441                                         :
        '''Updates firewall with rule'''
        res = ""
        err_msg = ""
        tmp = ""
        rules = []

        if rule.dapp == "" and rule.sapp == "":
            rules.append(rule)
        else:
            tmprules = []
            try:
                if rule.remove:
                    if ip_version == "v4":
                        tmprules = self.backend.get_app_rules_from_system(rule, False)
                    elif ip_version == "v6":
                        tmprules = self.backend.get_app_rules_from_system(rule, True)
                    elif ip_version == "both":
                        tmprules = self.backend.get_app_rules_from_system(rule, False)
                        tmprules += self.backend.get_app_rules_from_system(rule, True)
                    else:
                        err_msg = _("Invalid IP version '%s'") % (ip_version)
                        raise UFWError(err_msg)

                    for tmp in tmprules:
                        r = tmp.dup_rule()
                        r.remove = rule.remove
                        rules.append(r)
                else:
                    rules = self.backend.get_app_rules_from_template(rule)
            except Exception:
                raise

        count = 0
        set_error = False
        for i, r in enumerate(rules):
            count = i
            try:
                if self.backend.use_ipv6():
                    if ip_version == "v4":
                        r.set_v6(False)
                        tmp = self.backend.set_rule(r)
                    elif ip_version == "v6":
                        r.set_v6(True)
                        tmp = self.backend.set_rule(r)
                    elif ip_version == "both":
                        r.set_v6(False)
                        tmp = self.backend.set_rule(r)
                        r.set_v6(True)
                        tmp += "\n" + str(self.backend.set_rule(r))
                    else:
                        err_msg = _("Invalid IP version '%s'") % (ip_version)
                        raise UFWError(err_msg)
                else:
                    if ip_version == "v4" or ip_version == "both":
                        r.set_v6(False)
                        tmp = self.backend.set_rule(r)
                    elif ip_version == "v6":
                        err_msg = _("IPv6 support not enabled")
                        raise UFWError(err_msg)
                    else:
                        err_msg = _("Invalid IP version '%s'") % (ip_version)
                        raise UFWError(err_msg)
            except UFWError, e:
                err_msg = e.value
                set_error = True
                break

            if r.updated:
                warn_msg = _("Rule changed after normalization")
                warnings.warn(warn_msg)

        if not set_error:
            # Just return the last result if no error
            res += tmp
        elif len(rules) == 1:
            # If just one rule, error out
            error(err_msg)
        else:
          # If error and more than one rule, delete the successfully added
          # rules in reverse order
            undo_error = False
            indexes = range(count+1)
            indexes.reverse()
            for j in indexes:
                if count > 0 and rules[j]:
                    backout_rule = rules[j].dup_rule()
                    backout_rule.remove = True
                    try:
                        self.set_rule(backout_rule, ip_version)
                    except Exception:
                        # Don't fail, so we can try to backout more
                        undo_error = True
                        warn_msg = _("Could not back out rule '%s'" % \
                                     r.format_rule())
                        warn(warn_msg)

            if undo_error:
                err_msg += _("\nError applying application rules. " + \
                            "Some rules could not be unapplied.")
            else:
                err_msg += _("\nError applying application rules. " + \
                            "Attempted rules successfully unapplied.")

            raise UFWError(err_msg)

        return res

    def do_action(self, action, rule, ip_version):


Generated by  Doxygen 1.6.0   Back to index