260 |
260 |
261 |
261 |
262 class IPfilterCommand(CommandBase): |
262 class IPfilterCommand(CommandBase): |
263 '''Wrapper around Solaris ipf(1m) command''' |
263 '''Wrapper around Solaris ipf(1m) command''' |
264 |
264 |
265 def split_rules(self, rules): |
265 def _split_rules(self, rules, version): |
266 # assumes that rules are inbound! |
266 # assumes that rules are inbound! |
267 cmd = ['/usr/sbin/ipfstat', '-i'] |
267 cmd = ['/usr/sbin/ipfstat', '-i'] |
|
268 if version == 6: |
|
269 cmd.insert(1, '-6') |
268 stdout = self.execute_with_pfexec(cmd) |
270 stdout = self.execute_with_pfexec(cmd) |
269 existing_rules = [] |
271 existing_rules = [] |
270 non_existing_rules = [] |
272 non_existing_rules = [] |
271 for rule in rules: |
273 for rule in rules: |
272 if rule in stdout: |
274 if rule in stdout: |
274 else: |
276 else: |
275 non_existing_rules.append(rule) |
277 non_existing_rules.append(rule) |
276 |
278 |
277 return existing_rules, non_existing_rules |
279 return existing_rules, non_existing_rules |
278 |
280 |
279 def add_rules(self, rules, version='4'): |
281 def add_rules(self, rules, version=4): |
280 rules = self.split_rules(rules)[1] |
282 rules = self._split_rules(rules, version)[1] |
281 process_input = '\n'.join(rules) |
283 process_input = '\n'.join(rules) |
282 cmd = ['/usr/sbin/ipf', '-f', '-'] |
284 cmd = ['/usr/sbin/ipf', '-f', '-'] |
283 if version == '6': |
285 if version == 6: |
284 cmd.append('-6') |
286 cmd.insert(1, '-6') |
285 return self.execute_with_pfexec(cmd, process_input=process_input) |
287 return self.execute_with_pfexec(cmd, process_input=process_input) |
286 |
288 |
287 def remove_rules(self, rules, version='4'): |
289 def remove_rules(self, rules, version=4): |
288 rules = self.split_rules(rules)[0] |
290 rules = self._split_rules(rules, version)[0] |
289 process_input = '\n'.join(rules) |
291 process_input = '\n'.join(rules) |
290 cmd = ['/usr/sbin/ipf', '-r', '-f', '-'] |
292 cmd = ['/usr/sbin/ipf', '-r', '-f', '-'] |
291 if version == '6': |
293 if version == 6: |
292 cmd.append('-6') |
294 cmd.insert(1, '-6') |
293 return self.execute_with_pfexec(cmd, process_input=process_input) |
295 return self.execute_with_pfexec(cmd, process_input=process_input) |
294 |
296 |
295 |
297 |
296 class IPnatCommand(CommandBase): |
298 class IPnatCommand(CommandBase): |
297 '''Wrapper around Solaris ipnat(1m) command''' |
299 '''Wrapper around Solaris ipnat(1m) command''' |