%PDF- %PDF-
Mini Shell

Mini Shell

Direktori : /usr/lib/python3/dist-packages/ufw/__pycache__/
Upload File :
Create Path :
Current File : //usr/lib/python3/dist-packages/ufw/__pycache__/common.cpython-312.pyc

�

��eX��v�dZddlZddlZddlZddlmZdZdZdZeZ	dZ
dZd	Zd
Z
Gd�de�ZGd
�d�Zy)z!common.py: common classes for ufw�N)�debug�ufwz/lib/ufwz/usr/share/ufwz/etcz/usrz	/usr/sbinTc��eZdZdZd�Zd�Zy)�UFWErrorz$This class represents ufw exceptionsc��||_y�N)�value)�selfr	s  �,/usr/lib/python3/dist-packages/ufw/common.py�__init__zUFWError.__init__#s	����
�c�,�t|j�Sr)�reprr	�r
s r�__str__zUFWError.__str__&s���D�J�J��r
N)�__name__�
__module__�__qualname__�__doc__rr�r
rrr!s��.�� r
rc��eZdZdZ			dd�Zd�Zd�Zd�Zd�Zd�Z	dd�Z
d	�Zd
�Zd�Z
d�Zd
�Zd�Zd�Zd�Zd�Zd�Zd�Zd�Zd�Zd�Zd�Zd�Zd�Zy)�UFWRulez$This class represents firewall rulesc
�>�d|_d|_d|_d|_d|_d|_d|_d|_d|_d|_	d|_
d|_d|_d|_
d|_d|_d|_||_d|_	|j'|�|j)|�|j+|�|j+|d�|j-|�|j/|�|j1|�|j3|	�y#t4$r�wxYw)NF�r�src)�remove�updated�v6�dstr�dport�sport�protocol�multi�dapp�sapp�action�position�logtype�interface_in�
interface_out�	direction�forward�comment�
set_action�set_protocol�set_port�set_src�set_dst�
set_direction�set_commentr)
r
r&r"r rr!rr+r,r-s
          rrzUFWRule.__init__,s
�������������������
���
���
���
���	���	������
�������������������
	��O�O�F�#����h�'��M�M�%� ��M�M�%��'��L�L����L�L������y�)����W�%���	��	�s
�B	D�Dc�"�|j�Sr)�format_rulers rrzUFWRule.__str__Os�����!�!r
c��d|z}t|j�}|j�|D]}|d|�d|j|��z
}�|S)zPrint rule to stdoutz'%s'z, �=)�list�__dict__�sort)r
�res�keys�ks    r�_get_attribzUFWRule._get_attribRsN����o���D�M�M�"���	�	���	5�A���4�=�=��#3�4�4�C�	5��
r
c��t|j|j�}|j|_|j|_|j
|_|j|_|j|_|j|_|j|_	|j|_
|j|_|j|_|j|_
|j|_|j|_|j |_|j"|_|j$|_|j&|_|S)zReturn a duplicate of a rule)rr&r"rrrrrr r!r#r$r%r'r(r)r*r+r,r-)r
�rules  r�dup_rulezUFWRule.dup_rule[s����t�{�{�D�M�M�2���k�k����|�|����'�'����8�8����8�8����Z�Z��
��Z�Z��
��Z�Z��
��I�I��	��I�I��	��
�
��
��|�|��� �-�-���!�/�/���������|�|����|�|����r
c�:�d}|jdk7r|d|jzz
}|jdk7r|d|jzz
}|jdk(r|dz
}n�|d|jzz
}|jr�|dz
}|jdk7r9|j
dk7r*|d|jzz
}|dz
}|d	|j
zz
}nC|jdk7r|d|jzz
}n!|j
dk7r|d	|j
zz
}|jd
k7r!|jdk7r|d|jzz
}|js!|jdk7r|d
|jzz
}|jd
k7r!|jdk7r|d|jzz
}|js!|j
dk7r|d|j
zz
}d}|jdk7rd|jz}|jdk(r	|d|zz
}nL|jdk(r|d|zz
}|jdk(r&|dz
}n |jdk(r	|d|zz
}n|d|zz
}|jdk7s|jdk7r�d}tjd�}|jdk7r"|d|jd|j�zz
}|jdk7r|jdk7r|dz
}|jdk7r"|d|jd|j�zz
}|d z
}|d|zz
}|j�S)!zFormat rule for later parsingrz -i %sz -o %s�anyz -p allz -p z
 -m multiportz
 --dports z
 --sports �	0.0.0.0/0�::/0z -d z	 --dport z -s z	 --sport �_�allowz -j ACCEPT%s�rejectz -j REJECT%s�tcpz --reject-with tcp-reset�limitz -j LIMIT%sz
 -j DROP%sz-m comment --comment '� �dapp_z%20�,�sapp_�')r)r*r"r#r r!rrr(r&r$r%�re�compile�sub�strip)r
�rule_str�lstrr-�	pat_spaces     rr6zUFWRule.format_rulers���������"���D�$5�$5�6�6�H�����#���D�$6�$6�7�7�H��=�=�E�!��	�!�H������.�.�H��z�z��O�+���:�:��&�4�:�:��+>���t�z�z� 9�9�H���/�H���t�z�z� 9�9�H��Z�Z�5�(���t�z�z� 9�9�H��Z�Z�5�(���t�z�z� 9�9�H��8�8�{�"�t�x�x�6�'9������)�)�H��z�z�d�j�j�E�1���d�j�j�0�0�H��8�8�{�"�t�x�x�6�'9������)�)�H��z�z�d�j�j�E�1���d�j�j�0�0�H����<�<�2������%�D��;�;�'�!���$�/�/�H�
�[�[�H�
$���$�/�/�H��}�}��%��6�6��
�[�[�G�
#��
��.�.�H����-�-�H��9�9��?�d�i�i�2�o�.�G��
�
�3��I��y�y�B���7�Y�]�]�5�$�)�)�%D�D�D���y�y�B��4�9�9��?��3����y�y�B���7�Y�]�]�5�$�)�)�%D�D�D���s�N�G���g�
�%�H��~�~��r
c���|j�jd�}|ddk(s|ddk(s|ddk(r|d|_nd|_d}t|�dkDr|d}|j	|�y	)
zSets action of the rulerGrrHrIrK�denyr�N)�lower�splitr&�len�set_logtype)r
r&�tmpr(s    rr.zUFWRule.set_action�ss���l�l�n�"�"�3�'���q�6�W���A��(� 2�c�!�f��6G��a�&�D�K� �D�K����s�8�a�<��!�f�G�����!r
c�^�td�|z}|dk(r�n�|dk(r|jr�n�|dk(r|jr�n�tjd|�stjd|�rt|��|j
d�|j
d�zd	kDrt|��|jd�}t|�d
kDrd|_	d}|D�]}tjd
|�rnd|_	|jd�}|D])}t|�d
kst|�dkDs� t|��t|d�t|d
�k\r�t|��tjd|�r't|�d
kst|�dkDrCt|��tjd|�r	tj|�}nt|��|r|dt|�zz
}��t|�}��|}|dk(rt|�|_yt|�|_y#t$rt|��wxYw)z:Sets port and location (destination or source) of the rulez
Bad port '%s'rDrrz^[,:]z[,:]$rN�:�rZTrz	^\d+:\d+$i��rz^\d+$z
^\w[\w\-]+N)rGr$r%rQ�matchr�countr\r]r#�int�socket�
getservbyname�	Exception�strr!r )	r
�port�loc�err_msg�portsr_�p�ran�qs	         rr0zUFWRule.set_port�s����O�$��-���5�=��
�E�\�d�i�i��
�E�\�d�i�i��
�X�X�h��
%����(�D�)A��7�#�#��j�j��o��
�
�3��/�2�
5��7�#�#��J�J�s�O�E��5�z�A�~�!��
��C��
!���8�8�L�!�,�!%�D�J��'�'�#�,�C� �4���q�6�A�:��Q��%��"*�7�"3�3�4��3�q�6�{�c�#�a�&�k�1�&�w�/�/��X�X�h��*��1�v��z�S��V�e�^�&�w�/�/��X�X�m�Q�/�0�"�0�0��3��#�7�+�+���3��Q��<�'�C��a�&�C�1
!�4�D��%�<��T��D�J��T��D�J��%�0�&�w�/�/�0�s�*H�H,c��|tjjdgzvr||_yt	d�|z}t|��)zSets protocol of the rulerDzUnsupported protocol '%s'N)r�util�supported_protocolsr"rGr)r
r"rls   rr/zUFWRule.set_protocol�s=���s�x�x�3�3�u�g�=�=�$�D�M��3�4��A�G��7�#�#r
c��|jre|jr%|jdk(s|jdk(rd|_|jr'|jdk(s|jdk(rd|_yyy|jr%|jdk(s|jdk(rd|_|jr'|jdk(s|jdk(rd|_yyy)zAdjusts src and dst based on v6rDrErFN)rrrrs r�
_fix_anywherezUFWRule._fix_anywhere�s����7�7��x�x�T�X�X��.�$�(�(�k�2I�!����x�x�T�X�X��.�$�(�(�k�2I�!���3J�x��x�x�T�X�X��.�$�(�(�f�2D�&����x�x�T�X�X��.�$�(�(�f�2D�&���3E�xr
c�2�||_|j�y)zXSets whether this is ipv6 rule, and adjusts src and dst
           accordingly.
        N)rru)r
rs  r�set_v6zUFWRule.set_v6s��������r
c���|j�}|dk7r6tjj|d�st	d�}t|��||_|j�y)zSets source address of rulerDzBad source addressN)r[rrr�
valid_addressrGrrru�r
�addrr_rls    rr1zUFWRule.set_srcsP���j�j�l���%�<���� 6� 6�s�E� B��,�-�G��7�#�#�������r
c���|j�}|dk7r6tjj|d�st	d�}t|��||_|j�y)z Sets destination address of rulerDzBad destination addressN)r[rrrryrGrrrurzs    rr2zUFWRule.set_dstsP���j�j�l���%�<���� 6� 6�s�E� B��1�2�G��7�#�#�������r
c�z�|dk7r|dk7rtd�}t|��dt|�vrtd�}t|��dt|�vrtd�}t|��t|�dk(st|�d	k(rtd
�}t|��tt|��dk(rtd�}t|��tt|��d
kDrtd�}t|��t	j
dt|��std�}t|��|dk(r||_y||_y)zSets an interface for rule�in�outzBad interface type�!z+Bad interface name: reserved character: '!'raz/Bad interface name: can't use interface aliases�.z..z)Bad interface name: can't use '.' or '..'rz+Bad interface name: interface name is empty�z+Bad interface name: interface name too longz^[a-zA-Z0-9_\-\.\+,=%@]+$zBad interface nameN)rGrrir]rQrcr)r*)r
�if_type�namerls    r�
set_interfacezUFWRule.set_interface's)���d�?�w�%�/��,�-�G��7�#�#��#�d�)���E�F�G��7�#�#��#�d�)���I�J�G��7�#�#��t�9���s�4�y�D�0��C�D�G��7�#�#���D�	�N�a���E�F�G��7�#�#���D�	�N�R���E�F�G��7�#�#��x�x�4�c�$�i�@��,�-�G��7�#�#��d�?� $�D��!%�D�r
c��t|�dk7r8tjdt|��std�|z}t	|��t|�|_y)zSets the position of the rulez-1z^[0-9]+z,Insert position '%s' is not a valid positionN)rirQrcrGrrer')r
�numrls   r�set_positionzUFWRule.set_positionWsG��
�s�8�t��B�H�H�Z��S��$B��F�G�3�O�G��7�#�#��C���
r
c��|j�dk(s|j�dk(s|dk(r|j�|_ytd�|z}t|��)zSets logtype of the rule�logzlog-allrzInvalid log type '%s'N)r[r(rGr)r
r(rls   rr^zUFWRule.set_logtypeasL���=�=�?�e�#�w�}�}��)�'C��b�=�"�=�=�?�D�L��/�0�G�<�G��7�#�#r
c�X�|dk(s|dk(r||_ytd�|z}t|��)zSets direction of the ruler~rzUnsupported direction '%s'N)r+rGr)r
r+rls   rr3zUFWRule.set_directionjs3�����	�U� 2�&�D�N��4�5��C�G��7�#�#r
c�T�tjj|j�S)zGet decoded comment of the rule)rrr�
hex_decoder-rs r�get_commentzUFWRule.get_commentrs���x�x�"�"�4�<�<�0�0r
c��||_y)zSets comment of the ruleN)r-)r
r-s  rr4zUFWRule.set_commentvs	����r
c�N�d}|jrF	tjj|j|j�\|_}|r||_|jrF	tjj|j|j�\|_	}|r||_|jrP|jjd�}tjj|�dj|�|_
|jrQ|jjd�}tjj|�dj|�|_yy#t
$rt
d�}t|��wxYw#t
$rt
d�}t|��wxYw)z&Normalize src and dst to standard formFz"Could not normalize source addressz'Could not normalize destination addressrNN)rrrr�normalize_addressrrhrGrrrr r\�
human_sort�joinr!)r
�changedrlrms    r�	normalizezUFWRule.normalizezsS�����8�8�
(�&)�h�h�&@�&@����AE���'J�#���7��&����8�8�
(�&)�h�h�&@�&@����CG�7�7�'L�#���7��&����:�:��J�J�$�$�S�)�E��H�H����&����%��D�J��:�:��J�J�$�$�S�)�E��H�H����&����%��D�J���/�
(��@�A���w�'�'�
(���
(��E�F���w�'�'�
(�s�<E!�"<F�! F� F$c���|r|s
t��d|�d|�d�}|j|jk7rt|�y|j|jk7rt|�y|j|jk7rt|�y|j
|j
k7rt|�y|j|jk7rt|�y|j|jk7rt|�y|j|jk7rt|�y|j|jk7rt|�y|j|jk7rt|�y|j|jk7rt|�y|j|jk7rt|�y|j|jk7rt|�y|j|jk(rI|j|jk(r0|j |j k(rt#d�}t|�y|j|jk(rI|j|jk(r0|j |j k7rt#d�}t|�yt#d	�|j|j|j|j|j |j d
�z}t|�y)z�Check if rules match
        Return codes:
          0  match
          1  no match
         -1  match all but action, log-type and/or comment
         -2  match all but comment
        z
No match 'z' 'rPrZzFound exact matchrz$Found exact match, excepting comment���zZFound non-action/non-logtype/comment match (%(xa)s/%(ya)s/'%(xc)s' %(xl)s/%(yl)s/'%(yc)s'))�xa�ya�xl�yl�xc�yc���)�
ValueErrorr rr!r"rrrr$r%r)r*r+r,r&r(r-rG)�x�y�dbg_msgs   rrcz
UFWRule.match�s-�����,���+,�Q�/���7�7�a�g�g���'�N���7�7�a�g�g���'�N���:�:����#��'�N���5�5�A�E�E�>��'�N���5�5�A�E�E�>��'�N���4�4�1�4�4�<��'�N���6�6�Q�V�V���'�N���6�6�Q�V�V���'�N���>�>�Q�^�^�+��'�N���?�?�a�o�o�-��'�N���;�;�!�+�+�%��'�N���9�9��	�	�!��'�N���8�8�q�x�x��A�I�I����$:��	�	�Q�Y�Y�&��+�,�G��'�N���8�8�q�x�x��A�I�I����$:��	�	�Q�Y�Y�&��>�?�G��'�N���F�G��H�H�A�H�H��I�I�Q�Y�Y��I�I�Q�Y�Y�8�9��
	�g��r
c�>�d�}|r|s
t��|j|�dk(ryd|�d|j�d|�d|j�d�	}|jdk7rt	d|zd	z�y
|j
|j
k7rt	|dz�y
|j|jk7r|jdk7rt	d
|z�y
|jdk7r,||j|j�st	d|z�y
|jdk(�r|jdk(r|j|j�r�n>|j|jk7rd|jvrt	d|z�y
|j|jk7�r�d|jv�r�|j|jk(�r�tjj|j|j|j��s�t	d|zd|j�d|j�d�z�y
|jdk7rF|j|jk7r-t	d|zd|j�d|j�d�z�y
	tjj|j|j�}|j|k7r1d|jvr#t	d|zd|j�d|�d�z�y
|j|k7rd|jvrq|j|jk(rXtjj||j|j�s#t	d|zd|�d|j�d�z�y
|j|jk7r-t	d|zd|j�d|j�d�z�y
t	d|�d|j�d|�d|j�d�	�y#t$r!t	d|zd|jzz�Yy
wxYw)a�This will match if x is more specific than y. Eg, for protocol if x
           is tcp and y is all or for address if y is a network and x is a
           subset of y (where x is either an address or network). Returns:

            0  match
            1  no match
           -1  fuzzy match

           This is a fuzzy destination match, so source ports or addresses
           are not considered, and (currently) only incoming.
        c���d|vsd|vr||k(ryy|jd�D]S}||k(ryd|vs�|jd�\}}t|�t|�k\s�;t|�t|�ks�Syy)z:Returns True if p is an exact match or within a multi rulerNraTF)r\re)�test_p�to_matchrj�low�highs     r�_match_portsz-UFWRule.fuzzy_dst_match.<locals>._match_ports�s~���f�}��v�
��X�%��� ���s�+�
$���T�>���$�;�"&�*�*�S�/�K�S�$��6�{�c�#�h�.�3�v�;�#�d�)�3K�#�

$�r
rzNo fuzzy match 'z (v6=z)' 'z)'r~z(direction) z (not incoming)rZz (forward does not match)rDz(protocol) z(dport) r�/z(dst) z ('z' not in network 'z')z(interface) z (z != �)z %s does not existz(v6) z(fuzzy match) 'r�)r�rcrr+rr,r"r r)�_is_anywhererrrr�
in_network�get_ip_from_if�IOError)r�r�r�r��if_ips     r�fuzzy_dst_matchzUFWRule.fuzzy_dst_match�sH��	�"���,��
�7�7�1�:��?����q�t�t�Q����&��
�;�;�$���.�7�*�->�>�?��
�9�9��	�	�!��'�7�7�8��
�:�:����#��
�
�e�(;��-�'�)�*��
�7�7�e��L����!�'�'�$B��*�w�&�'���>�>�R���~�~��#����q�u�u�(=�����!�%�%��C�q�u�u�$4��h��(�)�����!�%�%��C�1�5�5�L�Q�T�T�Q�T�T�\��8�8�&�&�q�u�u�a�e�e�Q�T�T�:��h��(��u�u�a�e�e�,%�%�&���~�~��#����!�.�.�(H��n�w�.��~�~�q�~�~�27�7�8��
����/�/�������E���u�u��~�#�Q�U�U�"2��n�w�.��u�u�e�2%�%�&�����%��C�1�5�5�L�Q�T�T�Q�T�T�\��8�8�&�&�u�a�e�e�Q�T�T�:��n�w�.�7<�a�e�e�D�E�F���4�4�1�4�4�<��'�G�#�q�u�u�a�e�e�&D�D�E��	�1�a�d�d�A�q�t�t�L�M���+�
��n�w�.�1E��~�~�2'�'�(��
�s�=4O2�2'P�Pc��|dk(s|dk(ryy)zCheck if address is anywhererFrETFr)r
r{s  rr�zUFWRule._is_anywhereNs���6�>�T�[�0��r
c��d}|jdk7s|jdk7�r1|j�d|j�d|j�d|j��}|jdk(r5|j�d|j�d|j�d|j��}|jdk(r5|j�d|j�d|j
�d|j��}|jdk(r#|jdk(r|d|jzz
}|S|jdk7r|d|jzz
}|jdk7r|d|jzz
}|S)a�Returns a tuple to identify an app rule. Tuple is:
             dapp dst sapp src direction_iface|direction
           or
             dport dst sapp src direction_iface|direction
           or
             dapp dst sport src direction_iface|direction

           where direction_iface is of form 'in_eth0', 'out_eth0' or
           'in_eth0 out_eth0' (ie, both interfaces used). If no interfaces are
           specified, then tuple ends with the direction instead.
        rrLz %sz in_%sz out_%s)	r$r%rrr r!r)r*r+)r
�tupls  r�
get_app_tuplezUFWRule.get_app_tupleTs�����9�9��?�d�i�i�2�o�$(�I�I�t�x�x����D�H�H�M�D��y�y�B��(,�
�
�D�H�H�d�i�i�)-���3���y�y�B��(,�	�	�4�8�8�T�Z�Z�)-���3��� � �B�&�4�+=�+=��+C������0�0�����$�$��*��H��(9�(9�:�:�D��%�%��+��I��);�);�<�<�D��r
c��|jdk7rA|jdk7s|jdk7r#td�|jz}t	|��|jt
jjvr(|dk(r#td�|jz}t	|��|jt
jjvrB|jdk7s|jdk7r#td�|jz}t	|��yy)zVerify rulerDrz3Improper rule syntax ('%s' specified with app rule)rz'Invalid IPv6 address with protocol '%s'zInvalid port with protocol '%s'N)r"r%r$rGrrrr�ipv4_only_protocols�portless_protocolsr r!)r
�rule_iptyperls   r�verifyzUFWRule.verifyvs����=�=�E�!��I�I��O�t�y�y�B���M�N��=�=�*�G��7�#�#��=�=�C�H�H�8�8�8��$���A�B����(�G��7�#�#��=�=�C�H�H�7�7�7��z�z�U�"�d�j�j�E�&9��=�>�!�]�]�,���w�'�'�':�8r
N)rDrErDrEr~Fr)r)rrrrrrr?rBr6r.r0r/rurwr1r2r�r�r^r3r�r4r�rcr�r�r�r�rr
rrr*s���.�:E�GL��!�F"���.A �F"�3#�j$�'����.&�`!�$�$�1��!)�FA�Fl�\� �D(r
r)rrQrf�ufw.utilrr�programName�	state_dir�	share_dir�	trans_dir�
config_dir�
prefix_dir�iptables_dir�	do_checksrhrrrr
r�<module>r�sV��'�"
�
������	��	��	�
�
�
�
����	� �y� �`	(�`	(r

Zerion Mini Shell 1.0