%PDF- %PDF-
Mini Shell

Mini Shell

Direktori : /usr/lib/python3/dist-packages/sos/report/plugins/__pycache__/
Upload File :
Create Path :
Current File : //usr/lib/python3/dist-packages/sos/report/plugins/__pycache__/firewall_tables.cpython-312.pyc

�

i��d_��0�ddlmZmZmZGd�dee�Zy)�)�Plugin�IndependentPlugin�SoSPredicatec�<�eZdZdZdZdZdZdZdZd�Z	d�Z
d�Zd	�Zy
)�firewall_tablesaCollects information about local firewall tables, such as iptables,
    and nf_tables (via nft). Note that this plugin does _not_ collect firewalld
    information, which is handled by a separate plugin.

    Collections from this plugin are largely gated byt the presence of relevant
    kernel modules - for example,  the plugin will not collect the nf_tables
    ruleset if both the `nf_tables` and `nfnetlink` kernel modules are not
    currently loaded (unless using the --allow-system-changes option).
    zfirewall tables)�network�system)�
/etc/nftables)�	ip_tables�
ip6_tables�	nf_tables�	nfnetlink�ebtablesc�^�d|z}d|zdz}|j|t||dg����y)z� Collecting iptables rules for a table loads either kernel module
        of the table name (for kernel <= 3), or nf_tables (for kernel >= 4).
        If neither module is present, the rules must be empty.�iptable_ziptables -t � -nvLr
��kmods��predN��add_cmd_outputr��self�	tablename�modname�cmds    �D/usr/lib/python3/dist-packages/sos/report/plugins/firewall_tables.py�collect_iptablezfirewall_tables.collect_iptablesC��
�y�(���y�(�7�2�������d�7�K�*@�A�	�	C�c�^�d|z}d|zdz}|j|t||dg����y)z& Same as function above, but for ipv6 �	ip6table_z
ip6tables -t rr
rrNrrs    r�collect_ip6tablez firewall_tables.collect_ip6table*sC���	�)���	�)�G�3�������d�7�K�*@�A�	�	Cr c�N�t|ddgddi��}|jd|d��S)	zS Collects nftables rulesets with 'nft' commands if the modules
        are present r
rr�all)r�requiredznft list rulesetT)r�changes)r�collect_cmd_output)r�nft_preds  r�collect_nftablesz firewall_tables.collect_nftables3sB��
 ��'2�K�&@�*1�5�)9�;���&�&�'9��/3�'�5�	5r c��|j�}ggd�}|ddk(r|dnd}|j�D]]}|j�dd}t|�dk(s�%|ddk(s�.|d|j	�vs�D||dj|d	��_d
}	t
d�j�}|j�D]$}|ddk(s�||dvs�|j|��&	t
d
�j�}|j�D]$}|ddk(s�||dvs�|j|��&|ddk7sd|dvr |jdt|ddg����|ddk7sd|dvr |jdt|ddg����|jgd��y#t$r|}Y��wxYw#t$r|}Y��wxYw)N)�ip�ip6�statusr�output���table��zmangle
filter
z/proc/net/ip_tables_namesr,z/proc/net/ip6_tables_namesr-�filterziptables -vnxL�iptable_filterr
rrzip6tables -vnxL�ip6table_filter)r
z/etc/sysconfig/nftables.confz/etc/nftables.conf)r*�
splitlines�split�len�keys�append�open�read�IOErrorrr#rr�
add_copy_spec)	r�nft_list�
nft_ip_tables�	nft_lines�line�words�default_ip_tables�ip_tables_namesr2s	         r�setupzfirewall_tables.setup>s"��
�(�(�*��!�"�-�
�*2�8�*<��*A�H�X�&�r�	��(�(�*�	9�D��J�J�L��1�%�E��5�z�Q��5��8�w�#6��!�H�
� 2� 2� 4�4��e�A�h�'�.�.�u�Q�x�8�		9�/��	0�"�#>�?�D�D�F�O�%�/�/�1�	,�E���!�Q�&�5�M�$�4G�+G��$�$�U�+�	,�	0�"�#?�@�E�E�G�O�%�/�/�1�	-�E���!�Q�&�5�M�%�4H�+H��%�%�e�,�	-��H���"�h�-��2E�&E���� �!�$�/?��.M�N�
 �
��H���"�h�-��2F�&F����!�!�$�/@�+�.N�O�
 �
�
	
���
�	��=�	0�/�O�	0���	0�/�O�	0�s$�F+�)F=�+F:�9F:�=G�
GN)
�__name__�
__module__�__qualname__�__doc__�
short_desc�plugin_name�profiles�files�kernel_modsrr#r*rH�r rrrs:���#�J�#�K�$�H��E��K�	C�C�	5�5r rN)�sos.report.pluginsrrrrrRr r�<module>rTs��I�H�g�f�/�gr

Zerion Mini Shell 1.0