%PDF- %PDF-
Mini Shell

Mini Shell

Direktori : /lib/python2.7/site-packages/salt/modules/
Upload File :
Create Path :
Current File : //lib/python2.7/site-packages/salt/modules/nftables.pyo

�
���^c@@s3dZddlmZmZmZddlZddlZddlmZddl	Z
ddlZ
ddlZ
ddl
mZddlmZeje�Zi	dd6dd	6dd6d
d6d
d
6dd6d
d
6dd6dd6Zd�Zd�Zdd�Zd�Zddddddd�Zdd�Zdd�Zddd�Zddddd�Zddddd�Z dddd�Z!ddd�Z"dd�Z#dd�Z$ddddddd �Z%dddd!�Z&ddddd"�Z'dddddd#�Z(ddddd$�Z)dddd%�Z*dS(&u
Support for nftables
i(tabsolute_importtprint_functiontunicode_literalsN(tsix(tSTATE_INTERNAL_KEYWORDS(tCommandExecutionErroruipuipv4uip4uip6uipv6uinetuarpubridgeunetdevcC@s#tjjjd�rdStdfS(u7
    Only load the module if nftables is installed
    unftunftablesuHThe nftables execution module failed to load: nftables is not installed.(tsalttutilstpathtwhichtFalse(((s9/usr/lib/python2.7/site-packages/salt/modules/nftables.pyt__virtual__&scC@sdS(u 
    Return correct command
    unft((((s9/usr/lib/python2.7/site-packages/salt/modules/nftables.pyt
_nftables_cmd/scC@sXtddkrdStddkr(dStddkr<dStddkrPdStSdS(	u.
    Use the same file for rules for now.
    u	os_familyuRedHatu
/etc/nftablesuArchuDebianuosuGentooN(t
__grains__R
(tfamily((s9/usr/lib/python2.7/site-packages/salt/modules/nftables.pyt_conf6scC@s0djt��}td|�j�}|dS(u�
    Return version from nftables --version

    CLI Example:

    .. code-block:: bash

        salt '*' nftables.version

    u
{0} --versionucmd.runi(tformatRt__salt__tsplit(tcmdtout((s9/usr/lib/python2.7/site-packages/salt/modules/nftables.pytversionFsucK@s�idd6dd6td6}d|kr?|d|d<|d=nx7tt�ddd	gD]}||krY||=qYqYWd}	d}
t|}d
|kr�|	dj|d
�7}	|d
=nd|kr�|	d
j|d�7}	|d=nd|kr|d}
nd|kr|d=nd|krE|	dj|d�7}	|d=nd|kr�tj|d�|d<d|dkr�|djdd�|d<n|	dj|d�7}	|d=nd|kr'tj|d�|d<d|dkr|djdd�|d<n|	dj|d�7}	|d=nd|kr�|djd�}g|D]}
t	|
�^qM}|j
dt�djd�|D��|d<|	dj|d�7}	|d=nd|kr?|djd�}g|D]}
t	|
�^q�}|j
dt�djd�|D��|d<|	dj|d�7}	|d=ng}d|kru|j
dj|d��|d=nd |kr�|j
dj|d ��|d =nd!|kr�|j
d"j|d!��|d!=nd#|kr|j
d$j|d#��|d#=nd%|kr5|j
d&j|d%��|d%=nd'|kre|j
d(j|d'��|d'=nx|D]}|	|7}	qlW|	j�}	|	jdd)j|
��}	|	jdd*j|
��}	|	|d<|d7kr�|s�d-|d<|S|sd.|d<|S|sd/|d<|S|d8krs|rNd3jt�|||||	�|d<q�d4jt�||||	�|d<q�d5jt�|||||	�|d<n|dr�d6|d<nt|d<|S(9u�
    Build a well-formatted nftables rule based on kwargs.
    A `table` and `chain` are not required, unless `full` is True.

    If `full` is `True`, then `table`, `chain` and `command` are required.
    `command` may be specified as either insert, append, or delete.
    This will return the nftables command, exactly as it would
    be used from the command line.

    If a position is required (as with `insert` or `delete`), it may be specified as
    `position`. This will only be useful if `full` is True.

    If `connstate` is passed in, it will automatically be changed to `state`.

    CLI Examples:

    .. code-block:: bash

        salt '*' nftables.build_rule match=state \
            connstate=RELATED,ESTABLISHED jump=ACCEPT
        salt '*' nftables.build_rule filter input command=insert position=3 \
            full=True match=state state=related,established jump=accept

        IPv6:
        salt '*' nftables.build_rule match=state \
            connstate=related,established jump=accept \
            family=ipv6
        salt '*' nftables.build_rule filter input command=insert position=3 \
            full=True match=state state=related,established jump=accept \
            family=ipv6

    uucommenturuleuresultutargetujumpuchainusaveutableuifumeta iifname {0} uofumeta oifname {0} uprotoustateu	connstateuct state {{ {0}}} udportu:u-udport {{ {0} }} usportusport {{ {0} }} udportsu,treverseu, cs@s|]}tj|�VqdS(N(Rt	text_type(t.0tx((s9/usr/lib/python2.7/site-packages/salt/modules/nftables.pys	<genexpr>�susportscs@s|]}tj|�VqdS(N(RR(RR((s9/usr/lib/python2.7/site-packages/salt/modules/nftables.pys	<genexpr>�su{0} ujuto-portu--to-port {0} uto-portsu--to-ports {0} uto-destinationu--to-destination {0} ureject-withu--reject-with {0} u	{0} dportu	{0} sportuTrueutrueuTable needs to be specifieduChain needs to be specifieduCommand needs to be specifieduInsertuinsertuINSERTu,{0} insert rule {1} {2} {3} position {4} {5}u{0} insert rule {1} {2} {3} {4}u{0} {1} rule {2} {3} {4} {5}uSuccessfully built rule(uTrueutrue(uInsertuinsertuINSERT(R
tlistt_STATE_INTERNAL_KEYWORDSt_NFTABLES_FAMILIESRRRtreplaceRtinttsorttTruetjointappendtstripR(ttabletchaintcommandtpositiontfullRtkwargstrettignoretruletprotot
nft_familyt_dportsRt_sportst
after_jumptitem((s9/usr/lib/python2.7/site-packages/salt/modules/nftables.pyt
build_ruleVs�"


 























cC@s�t�r|rt�}ntjjj|��"}tjjj|j��}WdQXg}xH|D]@}|j�}|s�qbn|j	d�r�qbn|j
|�qbW|S(u�
    Return a data structure of the rules in the conf file

    CLI Example:

    .. code-block:: bash

        salt '*' nftables.get_saved_rules

    Nu#(RRRtfilestfopentdatatdecodet	readlinesR#t
startswithR"(t	conf_filetfp_tlinestrulestlinettmpline((s9/usr/lib/python2.7/site-packages/salt/modules/nftables.pytget_saved_ruless!
cC@s�t|}g}djt�|�}td|dt�}|sE|Stjd|�}x\|D]T}|jd�d}djt�||�}td|dt�}|j|�q^W|S(u�
    Return a data structure of the current, in-memory rules

    CLI Example:

    .. code-block:: bash

        salt '*' nftables.get_rules

        salt '*' nftables.get_rules family=ipv6

    u1{0} --numeric --numeric --numeric list tables {1}ucmd.runtpython_shellu
+u iu4{0} --numeric --numeric --numeric list table {1} {2}(RRRRR
treRR"(RR.R=RRttablesR$t
table_name((s9/usr/lib/python2.7/site-packages/salt/modules/nftables.pyt	get_rules0s"
	
cC@s�t�r|rt�}nddddg}d}x@|D]8}t|�}|r`|d7}n|dj|�}q;W|d}yAtjjj|d��#}|jtjjj	|��WdQXWn.t
tfk
r�}td	j
|���nX|S(
u�
    Save the current in-memory rules to disk

    CLI Example:

    .. code-block:: bash

        salt '*' nftables.save /etc/nftables
    uipuip6uarpubridgeu
#! nft -f
u
uwbNu*Problem writing to configuration file: {0}(RRER!RRR4R5t
writelinesR6tencodetIOErrortOSErrorRR(tfilenameRtnft_familiesR=Rt_fhtexc((s9/usr/lib/python2.7/site-packages/salt/modules/nftables.pytsaveQs"



&ufilterc
C@sfidd6td6}|s(d|d<|S|s<d|d<|St|d|�}|ds\|St||d|�}|ds|St|||d|�}|ds�|St|}djt�|||�}td|d	t�}tj	d
|�}	tj
dj|��}
x>|	D]6}|
j|�}|ritd6|j
d�d6SqWitd6d
j|�d6S(uU
    Get the handle for a particular rule

    This function accepts a rule in a standard nftables command format,
        starting with the chain. Trying to force users to adapt to a new
        method of creating rules would be irritating at best, and we
        already have a parser that can handle it.

    CLI Example:

    .. code-block:: bash

        salt '*' nftables.get_rule_handle filter input \
            rule='tcp dport 22 log accept'

        IPv6:
        salt '*' nftables.get_rule_handle filter input \
            rule='tcp dport 22 log accept' \
            family=ipv6
    uucommenturesultuChain needs to be specifieduRule needs to be specifiedRuA{0} --numeric --numeric --numeric --handle list chain {1} {2} {3}ucmd.runRAu
+u{0} # handle (?P<handle>\d+)uhandleuCould not find rule {0}(R
tcheck_tabletcheck_chaintcheckRRRRRBRtcompiletsearchR tgroup(
R$R%R,RR*tresR.RRR=tpattrtmatch((s9/usr/lib/python2.7/site-packages/salt/modules/nftables.pytget_rule_handlers:









c
C@s'idd6td6}|s(d|d<|S|s<d|d<|St|d|�}|ds\|St||d|�}|ds|St|}djt�|||�}dj|�}td	|d
t�j|�}	|	dkr�dj||||�|d<n&d
j||||�|d<t|d<|S(uU
    Check for the existence of a rule in the table and chain

    This function accepts a rule in a standard nftables command format,
        starting with the chain. Trying to force users to adapt to a new
        method of creating rules would be irritating at best, and we
        already have a parser that can handle it.

    CLI Example:

    .. code-block:: bash

        salt '*' nftables.check filter input \
            rule='tcp dport 22 log accept'

        IPv6:
        salt '*' nftables.check filter input \
            rule='tcp dport 22 log accept' \
            family=ipv6
    uucommenturesultuChain needs to be specifieduRule needs to be specifiedRuA{0} --handle --numeric --numeric --numeric list chain {1} {2} {3}u{0} #ucmd.runRAi����u?Rule {0} in chain {1} in table {2} in family {3} does not existu7Rule {0} in chain {1} in table {2} in family {3} exists(	R
RORPRRRRtfindR (
R$R%R,RR*RUR.Rtsearch_ruleR((s9/usr/lib/python2.7/site-packages/salt/modules/nftables.pyRQ�s4







cC@s�idd6td6}|s(d|d<|St|}djt�||�}td|dt�jdj|��}|d	kr�d
j|||�|d<n#dj|||�|d<t|d<|S(u
    .. versionadded:: 2014.7.0

    Check for the existence of a chain in the table

    CLI Example:

    .. code-block:: bash

        salt '*' nftables.check_chain filter input

        IPv6:
        salt '*' nftables.check_chain filter input family=ipv6
    uucommenturesultuChain needs to be specifiedu{0} list table {1} {2}ucmd.runRAuchain {0} {{i����u3Chain {0} in table {1} in family {2} does not existu+Chain {0} in table {1} in family {2} exists(R
RRRRRZR (R$R%RR*R.RR((s9/usr/lib/python2.7/site-packages/salt/modules/nftables.pyRP�s



(
cC@s�idd6td6}|s(d|d<|St|}djt�|�}td|dt�jdj||��}|d	kr�d
j||�|d<n dj||�|d<t|d<|S(uj
    Check for the existence of a table

    CLI Example::

        salt '*' nftables.check_table nat
    uucommenturesultuTable needs to be specifiedu{0} list tables {1}ucmd.runRAu
table {0} {1}i����u&Table {0} in family {1} does not existuTable {0} in family {1} exists(R
RRRRRZR (R$RR*R.RR((s9/usr/lib/python2.7/site-packages/salt/modules/nftables.pyRO
s



+
cC@s�idd6td6}|s(d|d<|St|d|�}|drH|St|}djt�||�}td|dt�}|s�d	j||�|d<t|d<nd
j||�|d<|S(u�
    .. versionadded:: 2014.7.0

    Create new custom table.

    CLI Example:

    .. code-block:: bash

        salt '*' nftables.new_table filter

        IPv6:
        salt '*' nftables.new_table filter family=ipv6
    uucommenturesultuTable needs to be specifiedRu{0} add table {1} {2}ucmd.runRAuTable {0} in family {1} createdu,Table {0} in family {1} could not be created(R
RORRRRR (R$RR*RUR.RR((s9/usr/lib/python2.7/site-packages/salt/modules/nftables.pyt	new_table's$





cC@s�idd6td6}|s(d|d<|St|d|�}|dsH|St|}djt�||�}td|dt�}|s�d	j||�|d<t|d<nd
j||�|d<|S(u�
    .. versionadded:: 2014.7.0

    Create new custom table.

    CLI Example:

    .. code-block:: bash

        salt '*' nftables.delete_table filter

        IPv6:
        salt '*' nftables.delete_table filter family=ipv6
    uucommenturesultuTable needs to be specifiedRu{0} delete table {1} {2}ucmd.runRAuTable {0} in family {1} deletedu,Table {0} in family {1} could not be deleted(R
RORRRRR (R$RR*RUR.RR((s9/usr/lib/python2.7/site-packages/salt/modules/nftables.pytdelete_tableOs$





c	C@saidd6td6}|s(d|d<|St|d|�}|dsH|St||d|�}|dr�dj|||�|d<|St|}djt�|||�}	|s�|s�|r|r�|r�tj|�r�dj|	|||�}	qd	|d<|Sntd
|	dt�}
|
sDdj|||�|d<t	|d<nd
j|||�|d<|S(uL
    .. versionadded:: 2014.7.0

    Create new chain to the specified table.

    CLI Example:

    .. code-block:: bash

        salt '*' nftables.new_chain filter input

        salt '*' nftables.new_chain filter input \
                table_type=filter hook=input priority=0

        salt '*' nftables.new_chain filter foo

        IPv6:
        salt '*' nftables.new_chain filter input family=ipv6

        salt '*' nftables.new_chain filter input \
                table_type=filter hook=input priority=0 family=ipv6

        salt '*' nftables.new_chain filter foo family=ipv6
    uucommenturesultuChain needs to be specifiedRu3Chain {0} in table {1} in family {2} already existsu{0} add chain {1} {2} {3}u,{0} \{{ type {1} hook {2} priority {3}\; \}}u(Table_type, hook, and priority required.ucmd.runRAu,Chain {0} in table {1} in family {2} createdu9Chain {0} in table {1} in family {2} could not be created(
R
RORPRRRRRRR (R$R%t
table_typethooktpriorityRR*RUR.RR((s9/usr/lib/python2.7/site-packages/salt/modules/nftables.pyt	new_chainws<







cC@s�idd6td6}|s(d|d<|St|d|�}|dsH|St||d|�}|dsk|St|}djt�|||�}td|dt�}|s�d	j|||�|d<t|d<nd
j|||�|d<|S(uv
    .. versionadded:: 2014.7.0

    Delete the chain from the specified table.

    CLI Example:

    .. code-block:: bash

        salt '*' nftables.delete_chain filter input

        salt '*' nftables.delete_chain filter foo

        IPv6:
        salt '*' nftables.delete_chain filter input family=ipv6

        salt '*' nftables.delete_chain filter foo family=ipv6
    uucommenturesultuChain needs to be specifiedRu{0} delete chain {1} {2} {3}ucmd.runRAu,Chain {0} in table {1} in family {2} deletedu9Chain {0} in table {1} in family {2} could not be deleted(R
RORPRRRRR (R$R%RR*RUR.RR((s9/usr/lib/python2.7/site-packages/salt/modules/nftables.pytdelete_chain�s,






c	C@siidj|||�d6td6}|s7d|d<|S|sKd|d<|St|d|�}|dsk|St||d|�}|ds�|St|||d|�}|dr�dj||||�|d<|St|}djt�||||�}td	|d
t�}t|�dkrIt	|d<dj||||�|d<nd
j||||�|d<|S(uL
    Append a rule to the specified table & chain.

    This function accepts a rule in a standard nftables command format,
        starting with the chain. Trying to force users to adapt to a new
        method of creating rules would be irritating at best, and we
        already have a parser that can handle it.

    CLI Example:

    .. code-block:: bash

        salt '*' nftables.append filter input \
            rule='tcp dport 22 log accept'

        IPv6:
        salt '*' nftables.append filter input \
            rule='tcp dport 22 log accept' \
            family=ipv6
    u4Failed to append rule {0} to chain {1} in table {2}.ucommenturesultuChain needs to be specifieduRule needs to be specifiedRu<Rule {0} chain {1} in table {2} in family {3} already existsu{0} add rule {1} {2} {3} {4}ucmd.runRAiu6Added rule "{0}" chain {1} in table {2} in family {3}.u>Failed to add rule "{0}" chain {1} in table {2} in family {3}.(
RR
RORPRQRRRtlenR (	R$R%R,RR*RUR.RR((s9/usr/lib/python2.7/site-packages/salt/modules/nftables.pyR"�s<







c
C@s�idj||�d6td6}|s4d|d<|S|sHd|d<|St|d|�}|dsh|St||d|�}|ds�|St|||d|�}|dr�dj||||�|d<|St|}|rdjt�|||||�}nd	jt�||||�}td
|dt�}	t|	�dkrpt	|d<d
j||||�|d<ndj||||�|d<|S(u�
    Insert a rule into the specified table & chain, at the specified position.

    If position is not specified, rule will be inserted in first position.

    This function accepts a rule in a standard nftables command format,
        starting with the chain. Trying to force users to adapt to a new
        method of creating rules would be irritating at best, and we
        already have a parser that can handle it.

    CLI Examples:

    .. code-block:: bash

        salt '*' nftables.insert filter input \
            rule='tcp dport 22 log accept'

        salt '*' nftables.insert filter input position=3 \
            rule='tcp dport 22 log accept'

        IPv6:
        salt '*' nftables.insert filter input \
            rule='tcp dport 22 log accept' \
            family=ipv6

        salt '*' nftables.insert filter input position=3 \
            rule='tcp dport 22 log accept' \
            family=ipv6
    u'Failed to insert rule {0} to table {1}.ucommenturesultuChain needs to be specifieduRule needs to be specifiedRu<Rule {0} chain {1} in table {2} in family {3} already existsu,{0} insert rule {1} {2} {3} position {4} {5}u{0} insert rule {1} {2} {3} {4}ucmd.runRAiu6Added rule "{0}" chain {1} in table {2} in family {3}.u>Failed to add rule "{0}" chain {1} in table {2} in family {3}.(
RR
RORPRQRRRRcR (
R$R%R'R,RR*RUR.RR((s9/usr/lib/python2.7/site-packages/salt/modules/nftables.pytinsert'sB







c
C@svidj||�d6td6}|r:|r:d|d<|St|d|�}|dsZ|St||d|�}|ds}|St|||d|�}|ds�dj||||�|d<|S|s�t||||�}nt|}djt�||||�}td|d	t�}	t	|	�d
krVt
|d<dj||||�|d<ndj||||�|d<|S(
u(
    Delete a rule from the specified table & chain, specifying either the rule
        in its entirety, or the rule's position in the chain.

    This function accepts a rule in a standard nftables command format,
        starting with the chain. Trying to force users to adapt to a new
        method of creating rules would be irritating at best, and we
        already have a parser that can handle it.

    CLI Examples:

    .. code-block:: bash

        salt '*' nftables.delete filter input position=3

        salt '*' nftables.delete filter input \
            rule='tcp dport 22 log accept'

        IPv6:
        salt '*' nftables.delete filter input position=3 family=ipv6

        salt '*' nftables.delete filter input \
            rule='tcp dport 22 log accept' \
            family=ipv6
    u'Failed to delete rule {0} in table {1}.ucommenturesultu+Only specify a position or a rule, not bothRu<Rule {0} chain {1} in table {2} in family {3} does not existu&{0} delete rule {1} {2} {3} handle {4}ucmd.runRAiu;Deleted rule "{0}" in chain {1} in table {2} in family {3}.uAFailed to delete rule "{0}" in chain {1}  table {2} in family {3}(RR
RORPRQRYRRRRcR (
R$R%R'R,RR*RUR.RR((s9/usr/lib/python2.7/site-packages/salt/modules/nftables.pytdeleteqs:






c	C@s/idj||�d6td6}t|d|�}|ds@|St|}|r�t||d|�}|dss|Sdjt�|||�}dj|||�}n*djt�||�}dj||�}td	|d
t�}t|�dkrt|d<dj|�|d<nd
j|�|d<|S(uB
    Flush the chain in the specified table, flush all chains in the specified
    table if chain is not specified.

    CLI Example:

    .. code-block:: bash

        salt '*' nftables.flush filter

        salt '*' nftables.flush filter input

        IPv6:
        salt '*' nftables.flush filter input family=ipv6
    u2Failed to flush rules from chain {0} in table {1}.ucommenturesultRu{0} flush chain {1} {2} {3}u*from chain {0} in table {1} in family {2}.u{0} flush table {1} {2}ufrom table {0} in family {1}.ucmd.runRAiuFlushed rules {0}uFailed to flush rules {0}(	RR
RORRPRRRcR (	R$R%RR*RUR.RtcommentR((s9/usr/lib/python2.7/site-packages/salt/modules/nftables.pytflush�s0




(+t__doc__t
__future__RRRtloggingRBtsalt.extRtsalt.utils.dataRtsalt.utils.filestsalt.utils.patht
salt.stateRRtsalt.exceptionsRt	getLoggert__name__tlogRRRRRtNoneR3R@RERNRYRQRPROR\R]RaRbR"RdReRg(((s9/usr/lib/python2.7/site-packages/salt/modules/nftables.pyt<module>sP
				�!!;8%((B1=JC

Zerion Mini Shell 1.0