HEX
Server: LiteSpeed
System: Linux php-prod-1.spaceapp.ru 5.15.0-157-generic #167-Ubuntu SMP Wed Sep 17 21:35:53 UTC 2025 x86_64
User: xnsbb3110 (1041)
PHP: 8.1.33
Disabled: NONE
$ pwd: /proc/self/root/lib/python3/dist-packages/firewall/core/__pycache__/
Upload Files
File: //proc/self/root/lib/python3/dist-packages/firewall/core/__pycache__/ipset.cpython-310.pyc
o

bhAbG2�@s�dZgd�ZddlZddlZddlmZddlmZddl	m
Z
ddlmZddl
mZmZdd	lmZd
Zgd�Zdd
d
dd�Zdddd�ZGdd�de�Zdd�Zdd�Zdd�Zdd�Zdd�ZdS) zThe ipset command wrapper)�ipset�check_ipset_name�remove_default_create_options�N)�errors)�
FirewallError)�runProg)�log)�tempFile�readfile)�COMMANDS� )zhash:ipzhash:ip,portzhash:ip,port,ipzhash:ip,port,netzhash:ip,markzhash:netzhash:net,netz
hash:net,portzhash:net,port,netzhash:net,ifacezhash:macz
inet|inet6�valuez
value in secs)�family�hashsize�maxelem�timeout�inet�1024�65536)rrrc@s�eZdZdZdd�Zdd�Zdd�Zdd	�Zd
d�Zd'd
d�Z	dd�Z
dd�Zdd�Zd'dd�Z
d(dd�Zdd�Zd'dd�Z	d(dd�Zdd �Zd!d"�Zd#d$�Zd%d&�ZdS))rzipset command wrapper classcCstd|_d|_dS)Nr)r�_command�name��self�r�5/usr/lib/python3/dist-packages/firewall/core/ipset.py�__init__K�

zipset.__init__cCs^dd�|D�}t�d|j|jd�|��t|j|�\}}|dkr-td|jd�|�|f��|S)zCall ipset with argscSsg|]}d|�qS)�%sr)�.0�itemrrr�
<listcomp>R�zipset.__run.<locals>.<listcomp>z	%s: %s %s� r�'%s %s' failed: %s)r�debug2�	__class__r�joinr�
ValueError)r�args�_args�status�retrrr�__runOs
�zipset.__runcCs t|�tkrttjd|��dS)zCheck ipset namezipset name '%s' is not validN)�len�IPSET_MAXNAMELENrr�INVALID_NAME)rrrrr�
check_nameZs
��zipset.check_namec
Cs�g}d}z|�dg�}Wnty%}z
t�d|�WYd}~nd}~ww|��}d}|D]&}|rM|���dd�}|d|vrM|dtvrM|�|d�|�	d�rTd	}q.|S)
z?Return types that are supported by the ipset command and kernel�z--helpzipset error: %sNF�rzSupported set types:T)
�_ipset__runr'r�debug1�
splitlines�strip�split�IPSET_TYPES�append�
startswith)rr+�output�ex�lines�in_types�line�splitsrrr�set_supported_types`s&��
�zipset.set_supported_typescCs(t|�tks
|tvrttjd|��dS)zCheck ipset typez!ipset type name '%s' is not validN)r-r.r8rr�INVALID_TYPE)r�	type_namerrr�
check_typeus
��zipset.check_typeNcCs`|�|�|�|�d||g}t|t�r+|��D]\}}|�|�|dkr*|�|�q|�|�S)z+Create an ipset with name, type and options�creater1)r0rD�
isinstance�dict�itemsr9r3)r�set_namerC�optionsr(�key�valrrr�
set_create{s





�
zipset.set_createcCs|�|�|�d|g�S)N�destroy)r0r3)rrIrrr�set_destroy�s
zipset.set_destroycC�d||g}|�|�S)N�add�r3�rrI�entryr(rrr�set_add�rz
ipset.set_addcCrP)N�delrRrSrrr�
set_delete�rzipset.set_deletecCs,d||g}|r|�dd�|��|�|�S)N�testrr")r9r&r3)rrIrTrJr(rrrrX�s

z
ipset.testcCs2dg}|r
|�|�|r|�|�|�|��d�S)N�list�
)r9�extendr3r7)rrIrJr(rrr�set_list�s

zipset.set_listcCs4|jdgd�}i}d}}i}|D]�}t|�dkrqdd�|�dd�D�}t|�dkr,q|d	d
kr7|d}q|d	dkrB|d}q|d	dkr�|d��}d	}	|	t|�kr�||	}
|
d
vryt|�|	kro|	d7}	||	||
<n
t�d|�iS|	d7}	|	t|�ksV|r�|r�|t|�f||<d}}|��q|S)z" Get active ipsets (only headers) z-terse)rJN�cSsg|]}|���qSr)r6�r�xrrrr �r!z.ipset.set_get_active_terse.<locals>.<listcomp>�:r2r�Name�Type�Header)rrrr�netmaskz&Malformed ipset list -terse output: %s)r\r-r7r�errorr�clear)rr=r+�_name�_type�_optionsr?�pairr@�i�optrrr�set_get_active_terse�sJ

����zipset.set_get_active_tersecC�dg}|r
|�|�|�|�S)N�save�r9r3�rrIr(rrrro��

z
ipset.savec	Cs�|�|�|�|�t�}d|vrd|}d||dg}|r4|��D]\}}	|�|�|	dkr3|�|	�q!|�dd�|��|�d|�|D]#}
d|
vrQd|
}
|ra|�d||
d�|�f�qG|�d	||
f�qG|��t�	|j
�}t�d
|j
|jd|j
|jf�dg}t|j||j
d
�\}}
t��dkr�zt|j
�Wn	ty�Yn'wd}t|j
�D]}tjd||fddd�|�d�s�tjddd�|d7}q�t�|j
�|dkr�td|jd�|�|
f��|
S)Nr"z'%s'rEz-existr1z%s
z	flush %s
z
add %s %s %s
z
add %s %s
z%s: %s restore %sz%s: %d�restore)�stdinr2r]z%8d: %sr)�nofmt�nlrZ)rur#)r0rDr	rHr9�writer&�close�os�statrrr$r%r�st_sizer�getDebugLogLevelr
�	Exception�debug3�endswith�unlinkr')rrIrC�entries�create_options�
entry_options�	temp_filer(rKrLrTrzr*r+rkr?rrr�set_restore�sb



���
��


�zipset.set_restorecCrn)N�flushrprqrrr�	set_flushrrzipset.set_flushcC�|�d||g�S)N�renamerR)r�old_set_name�new_set_namerrrr�
�zipset.renamecCr�)N�swaprR)r�
set_name_1�
set_name_2rrrr�r�z
ipset.swapcCs|�dg�S)N�versionrRrrrrr�sz
ipset.version)N)NN)�__name__�
__module__�__qualname__�__doc__rr3r0rArDrMrOrUrWrXr\rmror�r�r�r�r�rrrrrHs*




'
�8rcCst|�tkrdSdS)z"Return true if ipset name is validFT)r-r.)rrrrrsrcCs4|��}tD]}||vrt|||kr||=q|S)z( Return only non default create options )�copy�IPSET_DEFAULT_CREATE_OPTIONS)rJrirlrrrrs�rc	Cs`g}|�d�D]#}z|�d�|�ttj|dd���Wqty*|�|�Yqwd�|�S)z! Normalize IP addresses in entry �,�/F��strict)r7�indexr9�str�	ipaddress�
ip_networkr'r&)rT�_entry�_partrrr�normalize_ipset_entry&s
�
r�cCstt|�d��dkrdSz	tj|dd�}Wn
tyYdSw|D]}|�tj|dd��r7ttjd�	||���q!dS)z: Check if entry overlaps any entry in the list of entries r�r]NFr�z,Entry '{}' overlaps with existing entry '{}')
r-r7r�r�r'�overlapsrr�
INVALID_ENTRY�format)rTr��
entry_network�itrrrr�check_entry_overlaps_existing2s���r�cCsjz	dd�|D�}Wn
tyYdSw|��|�d�}|D]}|�|�r0ttjd�||���|}qdS)z> Check if any entry overlaps any entry in the list of entries cSsg|]	}tj|dd��qS)Fr�)r�r�r^rrrr Esz1check_for_overlapping_entries.<locals>.<listcomp>NrzEntry '{}' overlaps entry '{}')r'�sort�popr�rrr�r�)r��prev_network�current_networkrrr�check_for_overlapping_entriesBs�4

�r�)r��__all__�os.pathryr��firewallr�firewall.errorsr�firewall.core.progr�firewall.core.loggerr�firewall.functionsr	r
�firewall.configrr.r8�IPSET_CREATE_OPTIONSr��objectrrrr�r�r�rrrr�<module>s8�	�P	
@ Telegram