HEX
Server: LiteSpeed
System: Linux php-prod-1.spaceapp.ru 5.15.0-157-generic #167-Ubuntu SMP Wed Sep 17 21:35:53 UTC 2025 x86_64
User: xnsbb3110 (1041)
PHP: 8.1.33
Disabled: NONE
$ pwd: /proc/self/root/lib/python3/dist-packages/firewall/core/__pycache__/
Upload Files
File: //proc/self/root/lib/python3/dist-packages/firewall/core/__pycache__/rich.cpython-310.pyc
o

bhAb,��@s�gd�ZddlmZddlmZddlmZddlmZddlm	Z	Gdd�de
�ZGd	d
�d
e
�ZGdd�de
�Z
Gd
d�de
�ZGdd�de�ZGdd�de
�ZGdd�de
�ZGdd�de
�ZGdd�de
�ZGdd�de
�ZGdd�de
�ZGdd�de
�ZGdd �d e
�ZGd!d"�d"e
�ZGd#d$�d$e
�ZGd%d&�d&e
�ZGd'd(�d(e�ZGd)d*�d*e
�ZGd+d,�d,e
�ZGd-d.�d.e
�Zd/S)0)�Rich_Source�Rich_Destination�Rich_Service�	Rich_Port�
Rich_Protocol�Rich_Masquerade�Rich_IcmpBlock�
Rich_IcmpType�Rich_SourcePort�Rich_ForwardPort�Rich_Log�
Rich_NFLog�Rich_Accept�Rich_Reject�	Rich_Drop�	Rich_Mark�
Rich_Audit�
Rich_Limit�	Rich_Rule�Rich_Tcp_Mss_Clamp�)�	functions)�check_ipset_name)�REJECT_TYPES)�errors)�
FirewallErrorc@�eZdZddd�Zdd�ZdS)rFcCs�||_|jdkrd|_||_|jdks|jdurd|_n|jdur'|j��|_||_|jdkr2d|_||_|jdurJ|jdurL|jdurNttjd��dSdSdS)N��no address, mac and ipset)�addr�mac�upper�ipset�invertrr�INVALID_RULE)�selfrrr!r"�r%�4/usr/lib/python3/dist-packages/firewall/core/rich.py�__init__$s"


��zRich_Source.__init__cCsfd|jrdnd}|jdur|d|jS|jdur!|d|jS|jdur-|d|jSttjd��)Nz	source%s � NOTr�address="%s"zmac="%s"�
ipset="%s"r)r"rrr!rrr#�r$�retr%r%r&�__str__5s


�zRich_Source.__str__N�F��__name__�
__module__�__qualname__r'r-r%r%r%r&r#s
rc@r)rFcCsZ||_|jdkrd|_||_|jdkrd|_||_|jdur)|jdur+ttjd��dSdS)Nr�no address and ipset)rr!r"rrr#)r$rr!r"r%r%r&r'Bs

��zRich_Destination.__init__cCsNd|jrdnd}|jdur|d|jS|jdur!|d|jSttjd��)Nzdestination%s r(rr)r*r3)r"rr!rrr#r+r%r%r&r-Ns

�zRich_Destination.__str__Nr.r/r%r%r%r&rAs
rc@�eZdZdd�Zdd�ZdS)rcC�
||_dS�N��name�r$r8r%r%r&r'Y�
zRich_Service.__init__cC�
d|jS)Nzservice name="%s"r7�r$r%r%r&r-\r:zRich_Service.__str__Nr/r%r%r%r&rX�rc@r4)rcC�||_||_dSr6��port�protocol)r$r@rAr%r%r&r'`�
zRich_Port.__init__cC�d|j|jfS)Nzport port="%s" protocol="%s"r?r<r%r%r&r-dszRich_Port.__str__Nr/r%r%r%r&r_src@�eZdZdd�ZdS)r	cCrC)Nz#source-port port="%s" protocol="%s"r?r<r%r%r&r-hs�zRich_SourcePort.__str__N�r0r1r2r-r%r%r%r&r	g�r	c@r4)rcCr5r6��value�r$rHr%r%r&r'mr:zRich_Protocol.__init__cCr;)Nzprotocol value="%s"rGr<r%r%r&r-pr:zRich_Protocol.__str__Nr/r%r%r%r&rlr=rc@r4)rcCsdSr6r%r<r%r%r&r't�zRich_Masquerade.__init__cC�dS)N�
masquerader%r<r%r%r&r-wrJzRich_Masquerade.__str__Nr/r%r%r%r&rsr=rc@r4)rcCr5r6r7r9r%r%r&r'{r:zRich_IcmpBlock.__init__cCr;)Nzicmp-block name="%s"r7r<r%r%r&r-~r:zRich_IcmpBlock.__str__Nr/r%r%r%r&rzr=rc@r4)rcCr5r6r7r9r%r%r&r'�r:zRich_IcmpType.__init__cCr;)Nzicmp-type name="%s"r7r<r%r%r&r-�r:zRich_IcmpType.__str__Nr/r%r%r%r&r�r=rc@r4)rcCr5r6rGrIr%r%r&r'�r:zRich_Tcp_Mss_Clamp.__init__cCr;)Nztcp-mss-clamp value="%s"rGr<r%r%r&r-�r:zRich_Tcp_Mss_Clamp.__str__Nr/r%r%r%r&r�r=rc@r4)r
cCs@||_||_||_||_|jdurd|_|jdurd|_dSdS�Nr�r@rA�to_port�
to_address)r$r@rArOrPr%r%r&r'�s


�zRich_ForwardPort.__init__cCs@d|j|j|jdkrd|jnd|jdkrd|jfSdfS)Nz(forward-port port="%s" protocol="%s"%s%srz
 to-port="%s"z
 to-addr="%s"rNr<r%r%r&r-�s����zRich_ForwardPort.__str__Nr/r%r%r%r&r
�sr
c@�&eZdZddd�Zdd�Zdd�ZdS)	rNcCs||_||_||_dSr6��prefix�level�limit)r$rSrTrUr%r%r&r'�s
zRich_Log.__init__cCsBd|jr	d|jnd|jrd|jnd|jrd|jfSdfS)Nz	log%s%s%s� prefix="%s"rz level="%s"� %srRr<r%r%r&r-�s����zRich_Log.__str__cCsZ|jrt|j�dkrttjd��|jr|jdvrttj|j��|jdur+|j��dSdS)N��+maximum accepted length of 'prefix' is 127.)�emerg�alert�crit�error�warning�notice�info�debug)	rS�lenrr�INVALID_LOG_PREFIXrT�INVALID_LOG_LEVELrU�checkr<r%r%r&re�s

�zRich_Log.check)NNN�r0r1r2r'r-rer%r%r%r&r�s
rc@rQ)	rNcCs||_||_||_||_dSr6��grouprS�	thresholdrU)r$rhrS�
queue_sizerUr%r%r&r'�s
zRich_NFLog.__init__cCsTd|jr	d|jnd|jrd|jnd|jrd|jnd|jr&d|jfSdfS)Nz
nflog%s%s%s%sz group="%s"rrVz queue-size="%s"rWrgr<r%r%r&r-�s����zRich_NFLog.__str__cCsx|jrt�|j�sttjd��|jrt|j�dkrttjd��|j	r.t�|j	�s.ttj
d��|jdur:|j��dSdS)Nz5nflog 'group' must be an integer between 0 and 65535.rXrYz:nflog 'queue-size' must be an integer between 0 and 65535.)
rhr�checkUINT16rr�INVALID_NFLOG_GROUPrSrbrcri�INVALID_NFLOG_QUEUErUrer<r%r%r&re�s
�zRich_NFLog.check)NNNNrfr%r%r%r&r�s
rc@�eZdZddd�Zdd�ZdS)rNcCr5r6�rU�r$rUr%r%r&r'�s
zRich_Audit.__init__cC�d|jr
d|jSdS)Nzaudit%srWrror<r%r%r&r-��zRich_Audit.__str__r6r/r%r%r%r&r�s
rc@rn)r
NcCr5r6rorpr%r%r&r'�r:zRich_Accept.__init__cCrq)Nzaccept%srWrror<r%r%r&r-�rrzRich_Accept.__str__r6r/r%r%r%r&r
�s
r
c@rQ)	rNcCr>r6��typerU)r$�_typerUr%r%r&r'�rBzRich_Reject.__init__cCs0d|jr	d|jnd|jrd|jfSdfS)Nz
reject%s%sz
 type="%s"rrWrsr<r%r%r&r-�s
��zRich_Reject.__str__cCs\|jr(|sttjd��|dvr*|jt|vr,d�t|�}ttjd|j|f��dSdSdS)Nz9When using reject type you must specify also rule family.��ipv4�ipv6z, z%Wrong reject type %s.
Use one of: %s.)rtrrr#r�join)r$�family�valid_typesr%r%r&re�s�zRich_Reject.check)NNrfr%r%r%r&r��
rc@rD)rcCrq)Nzdrop%srWrror<r%r%r&r-�rrzRich_Drop.__str__NrEr%r%r%r&r�rFrc@rQ)	rNcCr>r6��setrU)r$�_setrUr%r%r&r'�rBzRich_Mark.__init__cCs"d|j|jr
d|jfSdfS)Nz
mark set=%s%srWrr}r<r%r%r&r-s
��zRich_Mark.__str__cCs�|jdur	|j}nttjd��d|vr:|�d�}t|�dkr$ttj|��t�|d�r2t�|d�s8ttj|��dSt�|�sEttj|��dS)Nzno value set�/�r�)r~rr�INVALID_MARK�splitrbr�checkUINT32)r$�x�splitsr%r%r&res

��
�zRich_Mark.checkr6rfr%r%r%r&r�r|rc@s,eZdZdd�Zdd�Zdd�Zdd�Zd	S)
rcCsb||_d|jvr+|j�d�}t|�dkr-|ddvr/d|d|ddd�f|_dSdSdSdS)Nr�r�r�)�second�minute�hour�dayz%s/%sr)rHr�rb)r$rHr�r%r%r&r's
"�zRich_Limit.__init__cCsd}d|jvr
|j�d�}|rt|�dkrttj|j��|\}}zt|�}Wn
ttj|j��|dks9|dvr@ttj|j��d}|dkrId}n|dkrPd}n
|dkrWd	}n|d
kr]d}d||d
krnttjd|j��|dkr|d
kr�ttjd|j��dSdS)Nr�r�r�)�s�m�h�dr�r��<r�ir�i�Qi'rz%s too fastz%s too slow)rHr�rbrr�
INVALID_LIMIT�int)r$r��rate�duration�multr%r%r&re s<
���zRich_Limit.checkcCr;)Nzlimit value="%s"rGr<r%r%r&r-Br:zRich_Limit.__str__cCrKrMr%r<r%r%r&�commandErJzRich_Limit.commandN)r0r1r2r'rer-r�r%r%r%r&rs
"rc@s>eZdZdZdZddd�Zdd�Zd	d
�Zdd�Zd
d�Z	dS)ri���i�NrcCsZ|dur
t|�|_nd|_||_d|_d|_d|_d|_d|_d|_|r+|�	|�dSdSr6)
�strrz�priority�source�destination�element�log�audit�action�_import_from_string)r$rz�rule_strr�r%r%r&r'Ls�zRich_Rule.__init__cCs�g}t�|�D]5}d|vr5|�d�}t|�dks |dr |ds(ttjd|��|�|d|dd��q|�d|i�q|�ddi�|S)	z Lexical analysis �=r�rr�zinternal error in _lexer(): %s)�	attr_name�
attr_valuer��EOL)r�	splitArgsr�rbrrr#�append)r$r��tokens�r�attrr%r%r&�_lexer]s
�zRich_Rule._lexercCsN	|sttjd��t�|�}d|_d|_d|_d|_d|_	d|_
d|_d|_|�
|�}|r;|d�d�dkr;ttjd��i}g}d}||�d�dkrP|dgk�s�||�d�}||�d�}||�d�}|rt|dvrsttjd	|��ne|d
vr�|dkr�|jr�ttjd��|d
kr�|jr�ttjd��|dvr�|j	r�ttjd||j	f��|dvr�|j
r�ttjd��|dkr�|jr�ttjd��|dvr�|jr�ttjd||jf��nttjd|��t|�dkr�|t|�dnd}	|	dk�r)|�s|�r|dkr�ttjd��|dk�r	ttjd��ttjd||f��d|v�r"ttjd||f��|�d��nf|	dk�r�|dk�rE|d v�r@ttjd!|��||_�nJ|dk�rczt|�|_W�n<t�ybttjd"|��w|�rz|d#k�rnd$}
nd%||f}
ttj|
��|�|��n|	dk�r�|d&v�r�|||<�n�|d'v�r�d(|d)<�n�t|�d*�|�d+�|�d,�|�d)d-��|_|��|��|d}�n�|	d
k�r�|d.v�r�|||<�n�|d'v�r�d(|d)<�n�t|�d*�|�d,�|�d)d-��|_|��|��|d}�n�|	d#k�r|d/k�rt|�|_	|���n�ttjd0��|	d1k�r:|d/k�r$|||<�nkt|�d/��|_	|��|��|d}�nU|	d2k�rU|d3k�rOt|�|_	|���n@ttjd4��|	d5k�r|d6v�re|||<�n*t|�d5�|�d#��|_	|��|��|d}�n|	d7k�r�|d3k�r�t|�|_	|���n�ttjd8��|	d9k�r�|d3k�r�t|�|_	|���n�ttjd:��|	d;k�r�t�|_	|��|��|d}�n�|	d<k�r�|d=v�r�|||<�n�t|�d5�|�d#�|�d>�|�d?��|_	|��|��|d}�n�|	d@k�r(|d6v�r|||<�n�t |�d5�|�d#��|_	|��|��|d}�ng|	dAk�rb|dBv�r8|||<�nW|dCk�rD|�dC��nKt!|�dD�|�dE�|�dC��|_
|��|��|d}�n-|	dFk�r�|dGv�rr|||<�n|dCk�r~|�dC��nt"|�dH�|�dD�|�dI�|�dC��|_
|��|��|d}n�|	dk�r�|dCk�r�|�dC�n�t#|�dC��|_|��|��|d}n�|	dJk�r�|dCk�r�|�dC�n�t$|�dC��|_|��|��|d}n�|	dKk�r|dCk�r�|�dC�n�t%|�dC��|_|��|��|d}n�|	dLk�rA|dMk�r|||<nr|dCk�r(|�dC�ngt&|�dM�|�dC��|_|��|��|d}nN|	dNk�rt|dOk�rP|||<n?|dCk�r[|�dC�n4t'|�dO�|�dC��|_|��|��|d}n|	dCk�r�|d/k�r�t(|�|dC<|��nttjdP��|d}||�d�dkrP|dgkrP|�)�dS)QNz
empty rulerr�r��ruler�r�)r�rz�addressrr!r"rHr@rA�to-port�to-addrr8rhrSrT�
queue-sizertr~zbad attribute '%s')r�r�r�rA�servicer@�
icmp-block�	icmp-typerL�forward-port�source-portr��nflogr��accept�drop�reject�markrU�not�NOTr��
tcp-mss-clampr�zmore than one 'source' elementr�z#more than one 'destination' element)rAr�r@r�r�rLr�r�zFmore than one element. There cannot be both '%s' and '%s' in one rule.)r�r�zmore than one logging elementr�zmore than one 'audit' element)r�r�r�r�zOmore than one 'action' element. There cannot be both '%s' and '%s' in one rule.zunknown element %sr�rrzz0'family' outside of rule. Use 'rule family=...'.r�z4'priority' outside of rule. Use 'rule priority=...'.z:'%s' outside of any element. Use 'rule <element> %s= ...'.z,'%s' outside of rule. Use 'rule ... %s ...'.rvzH'family' attribute cannot have '%s' value. Use 'ipv4' or 'ipv6' instead.z(invalid 'priority' attribute value '%s'.rAzdwrong 'protocol' usage. Use either 'rule protocol value=...' or  'rule [forward-]port protocol=...'.zDattribute '%s' outside of any element. Use 'rule <element> %s= ...'.)r�rr!r")r�r�Tr"r�rr!F)r�r!r"rHzinvalid 'protocol' elementr�r�r8zinvalid 'service' elementr@r?r�zinvalid 'icmp-block' elementr�zinvalid 'icmp-type' elementrLr�)r@rAr�r�r�r�r�r�)rSrTrUrSrTr�)rhrSr�rhr�r�r�r�rtr�r~zinvalid 'limit' element)*rrr#r�stripNonPrintableCharactersr�rzr�r�r�r�r�r�r��getrbr�r��
ValueError�INVALID_PRIORITYr�pop�clearrrrrrrrrr
r	rrrr
rrrrre)r$r�r��attrs�in_elements�indexr�r�r��
in_element�err_msgr%r%r&r�ns�

��� 







�



*


"


















(




 


(



















�



��`zRich_Rule._import_from_stringcCsn|jdur|jdvrttj|j��|jdur7|jdur!|jjdus&|jdur+ttj��t|j	�t
kr7ttj��|j|jksC|j|j
krOttjd|j|j
f��|j	dur�|jdusc|jdur�|jdkr�|jdurnttjd��|jdur�|jdur�|jdkr�ttjd��t|j	�tt
ttfvr�|jdur�|jdur�|jdur�ttjd��|jdu�r*|jjdur�|jdur�ttj��|jjdur�ttjd��|jjdur�ttjd��t�|j|jj�s�ttjt|jj���nE|jjdu�r|jjdur�ttjd	��t�|jj��s
ttjt|jj���n|jjdu�r$t|jj��s#ttjt|jj���nttjd
��|jdu�r�|jjdu�rd|jdu�rBttj��|jjdu�rOttj d��t�|j|jj��scttjt|jj���n|jjdu�r}t|jj��s|ttjt|jj���nttjd��t|j	�t!k�r�|j	j"du�s�t#|j	j"�dk�r�ttj$t|j	j"����n�t|j	�t%k�r�t�&|j	j'��s�ttj(|j	j'��|j	j)d
v�r�ttj*|j	j)���nt|j	�t+k�r�t�,|j	j-��s�ttj*|j	j-���net|j	�tk�r|jdu�r�ttjd��|jdu�r|jjdu�rttjd���n<t|j	�tk�rA|j	j"du�s+t#|j	j"�dk�r5ttj.t|j	j"���|j�r?ttjd���nt|j	�t/k�rd|j	j"du�sYt#|j	j"�dk�rcttj.t|j	j"���n�t|j	�t
k�r�t�&|j	j'��s|ttj(|j	j'��|j	j)d
v�r�ttj*|j	j)��|j	j0dk�r�|j	j1dk�r�ttj(|j	j0��|j	j0dk�r�t�&|j	j0��s�ttj(|j	j0��|j	j1dk�r�t�2|j|j	j1��s�ttj|j	j1��|jdu�r�ttj��|jdu�r�ttjd��nft|j	�t3k�rt�&|j	j'��sttj(|j	j'��|j	j)d
v�rttj*|j	j)��n>t|j	�tk�r>|jdu�r(ttjd|j��|j	j-�r=t�4|j	j-��s=ttj|j	j-��n|j	du�rOttjdt|j	���|jdu�rZ|j�5�|jdu�r�t|j�t6t7t8fv�rtttj9t|j���|jj:du�r�|jj:�5�|jdu�r�t|j�t7k�r�|j�5|j�n
t|j�t;k�r�|j�5�|jj:du�r�|jj:�5�dSdSdS)Nrvz/'priority' attribute must be between %d and %d.rzno element, no actionz%no element, no source, no destinationzno action, no log, no auditzaddress and maczaddress and ipsetz
mac and ipsetzinvalid sourcezinvalid destinationr�)�tcp�udp�sctp�dccpzmasquerade and actionzmasquerade and mac sourcezicmp-block and actionrzforward-port and actionz+tcp-mss-clamp and %s are mutually exclusivezUnknown element %s)<rzrr�INVALID_FAMILYr�rr��MISSING_FAMILYrtr�r
r��priority_min�priority_maxr�r�r�r#rrrr�rr!r�
check_address�INVALID_ADDRr��	check_mac�INVALID_MACr�
INVALID_IPSET�INVALID_DESTINATIONrr8rb�INVALID_SERVICEr�
check_portr@�INVALID_PORTrA�INVALID_PROTOCOLr�
checkProtocolrH�INVALID_ICMPTYPErrOrP�check_single_addressr	�checkTcpMssClamprer
rr�INVALID_AUDIT_TYPErUrr<r%r%r&rees&




�


�


���
�� ���� � ����
��
��

�zRich_Rule.checkcCs�d}|jr|d|j7}|jr|d|j7}|jr |d|j7}|jr*|d|j7}|jr4|d|j7}|jr>|d|j7}|jrH|d|j7}|jrR|d|j7}|S)Nr�z priority="%d"z family="%s"rW)r�rzr�r�r�r�r�r�r+r%r%r&r-s$zRich_Rule.__str__)NNr)
r0r1r2r�r�r'r�r�rer-r%r%r%r&rHs
x0rN)�__all__�firewallr�firewall.core.ipsetr�firewall.core.baserr�firewall.errorsr�objectrrrrr	rrrrrr
rrrr
rrrrrr%r%r%r&�<module>s41
@ Telegram