%PDF- %PDF-
Mini Shell

Mini Shell

Direktori : /lib/python2.7/site-packages/salt/states/
Upload File :
Create Path :
Current File : //lib/python2.7/site-packages/salt/states/nftables.pyo

�
���^c@@s�dZddlmZmZmZddlmZddlZej	e
�Zd�Zdddddd�Zddd	�Zdd
�Zdd�Zdd�Zdd
�ZdS(u		
Management of nftables
======================

This is an nftables-specific module designed to manage Linux firewalls. It is
expected that this state module, and other system-specific firewall states, may
at some point be deprecated in favor of a more generic `firewall` state.

.. code-block:: yaml

    httpd:
      nftables.append:
        - table: filter
        - chain: input
        - jump: accept
        - match: state
        - connstate: new
        - dport: 80
        - proto: tcp
        - sport: 1025:65535
        - save: True

    httpd:
      nftables.append:
        - table: filter
        - family: ipv6
        - chain: INPUT
        - jump: ACCEPT
        - match: state
        - connstate: NEW
        - dport: 80
        - proto: tcp
        - sport: 1025:65535
        - save: True

    httpd:
      nftables.insert:
        - position: 1
        - table: filter
        - chain: INPUT
        - jump: ACCEPT
        - match: state
        - connstate: NEW
        - dport: 80
        - proto: tcp
        - sport: 1025:65535
        - save: True

    httpd:
      nftables.insert:
        - position: 1
        - table: filter
        - family: ipv6
        - chain: INPUT
        - jump: ACCEPT
        - match: state
        - connstate: NEW
        - dport: 80
        - proto: tcp
        - sport: 1025:65535
        - save: True

    httpd:
      nftables.delete:
        - table: filter
        - chain: INPUT
        - jump: ACCEPT
        - match: state
        - connstate: NEW
        - dport: 80
        - proto: tcp
        - sport: 1025:65535
        - save: True

    httpd:
      nftables.delete:
        - position: 1
        - table: filter
        - chain: INPUT
        - jump: ACCEPT
        - match: state
        - connstate: NEW
        - dport: 80
        - proto: tcp
        - sport: 1025:65535
        - save: True

    httpd:
      nftables.delete:
        - table: filter
        - family: ipv6
        - chain: INPUT
        - jump: ACCEPT
        - match: state
        - connstate: NEW
        - dport: 80
        - proto: tcp
        - sport: 1025:65535
        - save: True

    output:
      nftables.chain_present:
        - family: ip
        - table: filter

    output:
      nftables.chain_absent:
        - family: ip
        - table: filter

i(tabsolute_importtprint_functiontunicode_literals(tSTATE_INTERNAL_KEYWORDSNcC@sdtkrdStS(uA
    Only load if the locale module is available in __salt__
    unftables.versionunftables(t__salt__tFalse(((s8/usr/lib/python2.7/site-packages/salt/states/nftables.pyt__virtual__zsufilteruipv4c	C@si|d6id6dd6dd6}td||d|�}|dtkrrt|d<dj|||�|d<|Std	||d
|d|d|d|�}|dtkr�i|d
6|d<t|d<dj|||�|d<|St|d<dj|||dj�|�|d<|SdS(u�
    .. versionadded:: 2014.7.0

    Verify the chain is exist.

    name
        A user-defined chain name.

    table
        The table to own the chain.

    family
        Networking family, either ipv4 or ipv6
    unameuchangesuresultuucommentunftables.check_chaintfamilyu8nftables {0} chain is already exist in {1} table for {2}unftables.new_chaint
table_typethooktpriorityulocaleu6nftables {0} chain in {1} table create success for {2}u4Failed to create {0} chain in {1} table: {2} for {3}N(tNoneRtTruetformatRtstrip(	tnamettableRR	R
Rtrettchain_checktres((s8/usr/lib/python2.7/site-packages/salt/states/nftables.pyt
chain_present�s<


	



cC@s9i|d6id6dd6dd6}td|||�}|set|d<dj|||�|d<|Std|||�}|r	td	|||�}|tkr�i|d
6|d<t|d<dj|||�|d<q5t|d<dj|||j�|�|d<n,t|d<d
j|||j�|�|d<|S(u�
    .. versionadded:: 2014.7.0

    Verify the chain is absent.

    family
        Networking family, either ipv4 or ipv6
    unameuchangesuresultuucommentunftables.check_chainu9nftables {0} chain is already absent in {1} table for {2}unftables.flushunftables.delete_chainulocaleu6nftables {0} chain in {1} table delete success for {2}u4Failed to delete {0} chain in {1} table: {2} for {3}u3Failed to flush {0} chain in {1} table: {2} for {3}N(RRRR
RR(RRRRRtflush_chaintcommand((s8/usr/lib/python2.7/site-packages/salt/states/nftables.pytchain_absent�s8






	
cK@s5i|d6id6dd6dd6}x$tD]}||kr)||=q)q)Wtdd||�}|dsm|S|d}tdd	td|d
d|�}|ds�|S|d}td|d
|d||�}|dr	t|d<dj||j�|�|d<|SdtkrBtdrBdj||j�|�|d<|Std|d
|d||�}|dr�i|d6|d<t|d<dj||j�|�|d<d|kr�|dr�tdddd|�dj||j�|�|d<q�n|St|d<dj||j�||d�|d<|SdS(u�
    .. versionadded:: 0.17.0

    Append a rule to a chain

    name
        A user-defined name to call this rule by in another part of a state or
        formula. This should not be an actual rule.

    family
        Network family, ipv4 or ipv6.

    All other arguments are passed in with the same name as the long option
    that would normally be used for nftables, with one exception: `--state` is
    specified as `connstate` instead of `state` (not to be confused with
    `ctstate`).
    unameuchangesuresultuucommentunftables.build_ruleRuruletfullRuaddunftables.checkutableuchainu/nftables rule for {0} already set ({1}) for {2}utestu3nftables rule for {0} needs to be set ({1}) for {2}unftables.appendulocaleu)Set nftables rule for {0} to: {1} for {2}usaveu
nftables.savetfilenameu3Set and Saved nftables rule for {0} to: {1} for {2}uHFailed to set nftables rule for {0}.
Attempted rule was {1} for {2}.
{3}N(Rt_STATE_INTERNAL_KEYWORDSRRR
Rt__opts__R(RRtkwargsRtignoreRtruleR((s8/usr/lib/python2.7/site-packages/salt/states/nftables.pytappend�sl




"

	

	
	
	

	


cK@s2i|d6id6dd6dd6}x$tD]}||kr)||=q)q)Wtdd||�}|dsm|S|d}tdd	td|d
d|�}|ds�|S|d}td|d
|d||�}|dr	t|d<dj|||j��|d<|SdtkrBtdrBdj|||j��|d<|Std|d
|d|d||�}|dri|d6|d<t|d<dj||j�|�|d<d|kr|drtdddd|�dj||j�|�|d<qn|St|d<dj||j��|d<|SdS(u
    .. versionadded:: 2014.7.0

    Insert a rule into a chain

    name
        A user-defined name to call this rule by in another part of a state or
        formula. This should not be an actual rule.

    family
        Networking family, either ipv4 or ipv6

    All other arguments are passed in with the same name as the long option
    that would normally be used for nftables, with one exception: `--state` is
    specified as `connstate` instead of `state` (not to be confused with
    `ctstate`).
    unameuchangesuresultuucommentunftables.build_ruleRuruleRRuinsertunftables.checkutableuchainu/nftables rule for {0} already set for {1} ({2})utestu3nftables rule for {0} needs to be set for {1} ({2})unftables.insertupositionulocaleu)Set nftables rule for {0} to: {1} for {2}usaveu
nftables.saveRu3Set and Saved nftables rule for {0} to: {1} for {2}u;Failed to set nftables rule for {0}.
Attempted rule was {1}N(RRRRR
RRR(RRRRRRRR((s8/usr/lib/python2.7/site-packages/salt/states/nftables.pytinsert4st




	

	

	

	


c	K@shi|d6id6dd6dd6}x$tD]}||kr)||=q)q)Wtdd||�}|dsm|S|d}tdd	td|d
d|�}|ds�|S|d}td|d
|d||�}|ds	t|d<dj|||j��|d<|SdtkrBtdrBdj|||j��|d<|Sd|kr|td|d
|dd|d|d�}n'td|d
|dd|d|�}|dr:i|d6|d<t|d<dj||j��|d<d|kr6|dr6tdddd|�dj||j�|�|d<q6n|St|d<dj||j��|d<|SdS(u�
    .. versionadded:: 2014.7.0

    Delete a rule to a chain

    name
        A user-defined name to call this rule by in another part of a state or
        formula. This should not be an actual rule.

    family
        Networking family, either ipv4 or ipv6

    All other arguments are passed in with the same name as the long option
    that would normally be used for nftables, with one exception: `--state` is
    specified as `connstate` instead of `state` (not to be confused with
    `ctstate`).
    unameuchangesuresultuucommentunftables.build_ruleRuruleRRuDunftables.checkutableuchainu2nftables rule for {0} already absent for {1} ({2})utestu7nftables rule for {0} needs to be deleted for {1} ({2})upositionunftables.deletetpositionRulocaleu Delete nftables rule for {0} {1}usaveu
nftables.saveRu2Deleted and Saved nftables rule for {0} for {1}{2}u>Failed to delete nftables rule for {0}.
Attempted rule was {1}N(RRRRR
RRR(RRRRRRRR((s8/usr/lib/python2.7/site-packages/salt/states/nftables.pytdelete�sx




"

	



	



cK@s�i|d6id6dd6dd6}x$tD]}||kr)||=q)q)Wd|krbd|d<ntd|dd	|�}|ds�t|d<d
j|d|�|d<|Sd|kr�d|d<nZtd|d|dd	|�}|ds!t|d<d
j|d|d|�|d<|Std|d|d|�}|dr�i|d6|d<t|d<dj|d|d|�|d<|St|d<d|d<|SdS(u�
    .. versionadded:: 2014.7.0

    Flush current nftables state

    family
        Networking family, either ipv4 or ipv6

    unameuchangesuresultuucommentutableufilterunftables.check_tableRu>Failed to flush table {0} in family {1}, table does not exist.uchainunftables.check_chainuKFailed to flush chain {0} in table {1} in family {2}, chain does not exist.unftables.flushulocaleu6Flush nftables rules in {0} table {1} chain {2} familyuFailed to flush nftables rulesN(RRRRR
R(RRRRRR((s8/usr/lib/python2.7/site-packages/salt/states/nftables.pytflush�sT









	


	




(t__doc__t
__future__RRRt
salt.stateRRtloggingt	getLoggert__name__tlogRRRRRR R"R#(((s8/usr/lib/python2.7/site-packages/salt/states/nftables.pyt<module>ps	6-PSY

Zerion Mini Shell 1.0