o

bhAb�$�@s
dg
Zd
dl
Zd
dlmZ
d
dlmZ
d
dlmZm	Z	m
Z

d
dlmZ
d
dl
mZ
d
dlmZmZ
d
dlZd	g
gd
�
gd�
d�ZiZiZiZe��D]8Zgee<e�ee<eeD](Zee�d
e�

ee�deef�

ee�de�

ee�de�

qYqJGdd�de�ZdS)�ebtables�N)
�runProg)
�log)�tempFile�readfile�	splitArgs)
�COMMANDS)
�	ipXtables��
FirewallError�INVALID_IPV�BROUTING)�
PREROUTING�POSTROUTING�OUTPUT)�INPUTr�FORWARD)�broute�nat�filterz-N %s_directz-I %s 1 -j %s_directz-I %s_direct 1 -j RETURNz	%s_directc@s�eZ
dZd
ZdZdZdd�Zdd�Zdd�Zd	d
�Z	dd�Z
d
d�Zdd�Zdd�Z
dd�Zdd�Zdd�Zdd�Zdd�Zdd�Zd/d d!�
Zd"d#�Zd$d%�Zd&d'�Zd(d)�Zd0d+d,�
Zd-d.�ZdS)1r
�ebFc

CsBt|j
|_td
|j
|_|��|_|��|_|��
g|_	dS)Nz
%s-restore)
r�ipv�_command�_restore_command�_detect_restore_noflush_option�restore_noflush_option�_detect_concurrent_option�concurrent_option�fill_exists�available_tables�
�self�r"�8/usr/lib/python3/dist-packages/firewall/core/ebtables.py�__init__9s








zebtables.__init__c

Cs$tj
�|j�
|_tj
�|j�
|_dS�
N)�os�path�existsr�command_existsr�restore_command_existsr r"r"r#rAs

zebtables.fill_existsc
Cs(d
}
t|j
ddg�}|ddkrd}
|
S)N�z--concurrent�-Lr)rr)r!r�retr"r"r#rEs



z"ebtables._detect_concurrent_optionc
Cs,g}
z	|�|
d
�
WdSt
y


YdSw)N�offFT)�	set_rules�
ValueError)r!�rulesr"r"r#rOs

�
�z'ebtables._detect_restore_noflush_optioncCs�g}|jr|j|
v
r|�
|j�

|d
d�|
D�
7}t�d|j|jd�|�
�
t|j|�\}}|dkr?td|jd�|
�
|f�
�
|S)Nc
Ssg|]}
d|
�qS)
z%sr")�.0�itemr"r"r#�
<listcomp>^sz"ebtables.__run.<locals>.<listcomp>�	%s: %s %s�
 r�'%s %s' failed: %s)	r�appendr�debug2�	__class__r�joinrr0)r!�args�_args�statusr-r"r"r#�__runYs








�zebtables.__runcCs$d
D]
}||
vrtt
d|��
qdS)N)z
%%REJECT%%z%%ICMP%%z%%LOGTYPE%%z'%s' invalid for ebtablesr
)r!�rule�strr"r"r#�_rule_validatefs



���zebtables._rule_validatecCs|tvo	|t|vSr%)
�BUILT_IN_CHAINS)r!r�table�chainr"r"r#�is_chain_builtinls


�zebtables.is_chain_builtinc	CsLg}|
r|�d
|d|g�

|�d
|d|dddg�

|S|�d
|d|g�

|S)N�-tz-N�-I�
1z-j�RETURN�-X)
r8)r!�addrDrEr1r"r"r#�build_chain_rulesps


�zebtables.build_chain_rulescCs8d
|g}|
r|d|t|�
g7}n|d|g7}||7}|S)NrGrHz-D)
rA)r!rLrDrE�indexr<r@r"r"r#�
build_rule{s




zebtables.build_rulecC�
t�
|
�
Sr%)r	�common_reverse_rule�r!r<r"r"r#�reverse_rule��

zebtables.reverse_rulecCst�
|
�

dSr%)r	�common_check_passthroughrRr"r"r#�check_passthrough�s
zebtables.check_passthroughcCrPr%)r	�common_reverse_passthroughrRr"r"r#�reverse_passthrough�rTzebtables.reverse_passthroughc
Cst�}d
}i}|
D]i}|dd�}|�
|�

dD]%}z|�|�
}	Wn	ty*


Yqwt|�
|	dkr=|�|	�

|�|	�
}qtt|�
�
D]$}	tjD]}
|
||	vrg||	�	d�
r_||	�
d�
sgd||	||	<qIqD|�|g��|�

q	|D]}|�
d|�

||D]}|�
d�|�
d�

q�qu|��
t�|j�
}t�d	|j|jd
|j|jf�
g}|�d�

t|j||jd�\}
}t��d
kr�t|j�
}|du
r�d}	|D]}tjd|	|fddd�
|�
d�
s�tjddd�
|	d7}	q�t�|j�

|
dk�
rtd|jd�|�
|f�
�
dS)Nr)rGz--table�
�
"z"%s"z*%s
r6�

r5z%s: %dz	--noflush)
�stdin�z%8d: %sr)�nofmt�nlr+)
r^r7)rrBrNr0�len�pop�range�string�
whitespace�
startswith�endswith�
setdefaultr8�writer;�closer&�stat�namerr9r:r�st_sizer�getDebugLogLevelr�debug3�unlink)r!r1�
log_denied�	temp_filerD�table_rules�_ruler@�opt�
i�
crjr<r>r-�lines�liner"r"r#r/�sn








�



�



���


�

�



�














��zebtables.set_rulescCs|�|
�

|�
|
�
Sr%)rB�_ebtables__run)r!r@rpr"r"r#�set_rule�s



zebtables.set_ruleNc	Cs�g}|
r|
g
nt�
�}|D]2}
|
|jvr|�|
�

q
z|�d
|
dg�

|j�|
�

|�|
�

Wq
ty?


t�d|
�

Yq
w|S)NrGr,z#ebtables table '%s' does not exist.)rC�keysrr8ryr0r�debug1)r!rDr-�tablesr"r"r#�get_available_tables�s










�zebtables.get_available_tablesc
CsiSr%r")r!rDr"r"r#�get_zone_table_chains�s
zebtables.get_zone_table_chainsc
Cs>g}
t�
�D]}||��v
rqd
D]
}|
�d||g�

qq|
S)N)z-FrKz-ZrG�rCr{r~r8)r!r1rD�flagr"r"r#�build_flush_rules�s




�zebtables.build_flush_rulesc	CsVg}|
d
krdn
|
}t�
�D]}||��v
rqt|D]}|�d|d||g�

qq|S)N�PANIC�DROPrGz-Pr�)r!�policyr1�_policyrDrEr"r"r#�build_set_policy_rules�s






�zebtables.build_set_policy_rulesc


CsgSr%r"r r"r"r#�build_default_tables�szebtables.build_default_tablesr.cCs�g}tD]@}||�
�v
r
qt|dd�}|
d
kr$|tvr$|�t|�

d|g}|D]}t|�
tkr:|�||�

q*|�|t|�
�

q*q|S)Nr.rG)�
DEFAULT_RULESr~�	LOG_RULES�extend�type�listr8r)r!rp�
default_rulesrD�_default_rules�prefixr@r"r"r#�build_default_rules�s










�zebtables.build_default_rulescCs
|
|jkSr%)
r)r!rr"r"r#�is_ipv_supported
rTzebtables.is_ipv_supportedr%)
r.)�__name__�
__module__�__qualname__rrk�policies_supportedr$rrrryrBrFrMrOrSrVrXr/rzr~rr�r�r�r�r�r"r"r"r#r
4s2





	@


)�__all__�os.pathr&�firewall.core.progr�firewall.core.loggerr�firewall.functionsrrr�firewall.configr�
firewall.corer	�firewall.errorsrrrcrCr�r��
OUR_CHAINSr{rD�setrEr8rL�objectr
r"r"r"r#�<module>
s4








�









�