c`c @sdZdddgZddlZddlmZddlmZddlm Z dd l m Z dd l m Z mZdd lmZd Zd ddddddddddg Zidd6dd6dd6dd6Zidd6d d6d!d6Zdefd"YZd#Zd$ZdS(%sThe ipset command wrappertipsettcheck_ipset_nametremove_default_create_optionsiN(terrors(t FirewallError(trunProg(tlog(ttempFiletreadfile(tCOMMANDSi shash:ips hash:ip,portshash:ip,port,ipshash:ip,port,nets hash:ip,markshash:nets hash:net,nets hash:net,portshash:net,port,netshash:net,ifaceshash:macs inet|inet6tfamilytvaluethashsizetmaxelems value in secsttimeouttinett1024t65536cBseZdZdZdZdZdZdZddZ dZ dZ d Z dd Z ddd Zd Zdd ZdddZdZdZdZdZRS(sipset command wrapper classcCstd|_d|_dS(NR(R t_commandtname(tself((s7/usr/lib/python2.7/site-packages/firewall/core/ipset.pyt__init__Js cCsg|D]}d|^q}tjd|j|jdj|t|j|\}}|dkrtd|jdj||fn|S(sCall ipset with argss%ss %s: %s %st is'%s %s' failed: %s(Rtdebug2t __class__RtjoinRt ValueError(Rtargstitemt_argststatustret((s7/usr/lib/python2.7/site-packages/firewall/core/ipset.pyt__runNs%  cCs/t|tkr+ttjd|ndS(sCheck ipset namesipset name '%s' is not validN(tlentIPSET_MAXNAMELENRRt INVALID_NAME(RR((s7/usr/lib/python2.7/site-packages/firewall/core/ipset.pyt check_nameYs cCsg}d}y|jdg}Wn$tk rH}tjd|nX|j}t}x{|D]s}|r|jjdd}|d|kr|dt kr|j |dqn|j drbt }qbqbW|S(s?Return types that are supported by the ipset command and kernelts--helpsipset error: %siisSupported set types:N( t _ipset__runRRtdebug1t splitlinestFalsetstriptsplittNonet IPSET_TYPEStappendt startswithtTrue(RRtoutputtextlinestin_typestlinetsplits((s7/usr/lib/python2.7/site-packages/firewall/core/ipset.pytset_supported_types_s     cCs;t|tks|tkr7ttjd|ndS(sCheck ipset types!ipset type name '%s' is not validN(R!R"R-RRt INVALID_TYPE(Rt type_name((s7/usr/lib/python2.7/site-packages/firewall/core/ipset.pyt check_typets cCs|j||j|d||g}t|trxF|jD]5\}}|j||dkrE|j|qEqEWn|j|S(s+Create an ipset with name, type and optionstcreateR%(R$R:t isinstancetdicttitemsR.R&(Rtset_nameR9toptionsRtkeytval((s7/usr/lib/python2.7/site-packages/firewall/core/ipset.pyt set_createzs    cCs |j||jd|gS(Ntdestroy(R$R&(RR?((s7/usr/lib/python2.7/site-packages/firewall/core/ipset.pyt set_destroys cCsd||g}|j|S(Ntadd(R&(RR?tentryR((s7/usr/lib/python2.7/site-packages/firewall/core/ipset.pytset_addscCsd||g}|j|S(Ntdel(R&(RR?RGR((s7/usr/lib/python2.7/site-packages/firewall/core/ipset.pyt set_deletescCs?d||g}|r2|jddj|n|j|S(Nttests%sR(R.RR&(RR?RGR@R((s7/usr/lib/python2.7/site-packages/firewall/core/ipset.pyRKscCsKdg}|r|j|n|r5|j|n|j|jdS(Ntlists (R.textendR&R+(RR?R@R((s7/usr/lib/python2.7/site-packages/firewall/core/ipset.pytset_lists  c Cs|jddg}i}d}}i}x|D]z}t|dkrPq2ng|jddD]}|j^qc}t|dkrq2q2|ddkr|d}q2|ddkr|d}q2|dd kr2|dj} d} xz| t| kro| | } | dkrbt| | krK| d7} | | || R.twriteRtclosetoststatRRRRRtst_sizeRtgetDebugLogLevelRt Exceptiontdebug3tendswithtunlinkR(RR?R9tentriestcreate_optionst entry_optionst temp_fileRRARBRGRfRRR[R5((s7/usr/lib/python2.7/site-packages/firewall/core/ipset.pyt set_restoresV              #  cCs,dg}|r|j|n|j|S(Ntflush(R.R&(RR?R((s7/usr/lib/python2.7/site-packages/firewall/core/ipset.pyt set_flushs cCs|jd||gS(Ntrename(R&(Rt old_set_namet new_set_name((s7/usr/lib/python2.7/site-packages/firewall/core/ipset.pyRt scCs|jd||gS(Ntswap(R&(Rt set_name_1t set_name_2((s7/usr/lib/python2.7/site-packages/firewall/core/ipset.pyRwscCs|jdgS(Ntversion(R&(R((s7/usr/lib/python2.7/site-packages/firewall/core/ipset.pyRzsN(t__name__t __module__t__doc__RR&R$R7R:R,RCRERHRJRKRNR]R^RqRsRtRwRz(((s7/usr/lib/python2.7/site-packages/firewall/core/ipset.pyRGs&         ' 7   cCst|tkrtStS(s"Return true if ipset name is valid(R!R"R)R0(R((s7/usr/lib/python2.7/site-packages/firewall/core/ipset.pyRscCsK|j}x8tD]0}||krt|||kr||=qqW|S(s( Return only non default create options (tcopytIPSET_DEFAULT_CREATE_OPTIONS(R@RXR\((s7/usr/lib/python2.7/site-packages/firewall/core/ipset.pyRs    (R}t__all__tos.pathRetfirewallRtfirewall.errorsRtfirewall.core.progRtfirewall.core.loggerRtfirewall.functionsRRtfirewall.configR R"R-tIPSET_CREATE_OPTIONSRtobjectRRR(((s7/usr/lib/python2.7/site-packages/firewall/core/ipset.pyts@