Sh3ll
OdayForums


Server : Apache
System : Linux server1.cgrithy.com 3.10.0-1160.95.1.el7.x86_64 #1 SMP Mon Jul 24 13:59:37 UTC 2023 x86_64
User : nobody ( 99)
PHP Version : 8.1.23
Disable Function : NONE
Directory :  /usr/lib/python2.7/site-packages/firewall/core/io/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Current File : //usr/lib/python2.7/site-packages/firewall/core/io/zone.pyo
�
�c�`c@sjdddgZddljZddlZddlZddlZddlmZddlm	Z	m
Z
mZmZm
Z
mZmZmZmZmZddlmZmZddlmZmZmZmZmZmZmZdd	lmZdd
l m!Z!ddlm"Z"ddl#m$Z$defd
��YZ%defd��YZ&e'd�Z(e)d�Z*dS(tZonetzone_readertzone_writeri����N(tconfig(
tcheckIPtcheckIP6tcheckIPnMaskt
checkIP6nMasktcheckInterfacetuniqifytmax_zone_name_lent
u2b_if_py2t	check_mactportStr(tDEFAULT_ZONE_TARGETtZONE_TARGETS(tPY2t	IO_ObjecttIO_Object_ContentHandlertIO_Object_XMLGeneratort
check_porttcheck_tcpudptcheck_protocol(trich(tlog(terrors(t
FirewallErrorcBsEeZdZdAdBdCdefdDddgfddEgfd	dgfd
efddFgfddgfd
dgfddgfddgfddGgfdeffZdZdddgZidHd6dHd6dHd6dgd6ddgd6dgd6dgd6ddgd6dgd6dHd6dHd 6d!gd"6d#gd6ddgd$6dHd%6dHd&6dHd'6dHd(6dHd)6d*gd+6d#gd,6dHd-6Zidd.ddgd6d/gd
6d0d1gd6d2gd6d!d3d4d2d5gd 6d4gd"6d6d7gd%6d8gd(6Z	e
d9��Zd:�Zd;�Z
d<�Zd=�Zd>�Zd?�Zd@�ZRS(Is Zone class tversionttshorttdescriptiontUNUSEDttargettservicestportsticmp_blockst
masqueradet
forward_portst
interfacestsourcest	rules_strt	protocolstsource_portsticmp_block_inversions&(sssbsasa(ss)asba(ssss)asasasasa(ss)b)t_t-t/tzonetnametservicetporttprotocols
icmp-blocks	icmp-typesforward-portt	interfacetruletsourcetaddresstdestinationtvaluessource-portRtaudittaccepttrejecttdroptsettmarktlimitsicmp-block-inversiont	immutabletenabledsto-portsto-addrtfamilytmactinverttipsettprefixtlevelttypecCsLx3ttj�D]"\}\}}||kr|SqWttjd��dS(Ns
index_of()(t	enumerateRtIMPORT_EXPORT_STRUCTURERRt
UNKNOWN_ERROR(telementtiteltdummy((s9/usr/lib/python2.7/site-packages/firewall/core/io/zone.pytindex_ofbs"cCs�tt|�j�d|_d|_d|_t|_t|_	g|_
g|_g|_g|_
t|_g|_g|_g|_g|_d|_g|_g|_t|_t|_t|_dS(NR(tsuperRt__init__RRRtFalseRRR R!R"R)R#R$R%R*R&R'tNonet	fw_configtrulesR(R+tcombinedtapplied(tself((s9/usr/lib/python2.7/site-packages/firewall/core/io/zone.pyRSis*																			cCs�d|_d|_d|_t|_t|_|j2|j2|j	2|j
2t|_|j2|j
2|j2|j2d|_|j2|j2t|_t|_t|_dS(NR(RRRRTRRR R!R"R)R#R$R%R*R&R'RURVRWR(R+RXRY(RZ((s9/usr/lib/python2.7/site-packages/firewall/core/io/zone.pytcleanup�s(									c	Cst|j�|_t|j�|_t|j�|_t|j�|_g|jD]}t|�^qR|_g|jD]$\}}t|�t|�f^qw|_g|jD]}t|�^q�|_g|jD]}t|�^q�|_g|j	D]<\}}}}t|�t|�t|�t|�f^q�|_	g|j
D]$\}}t|�t|�f^qG|_
g|jD]}t|�^q~|_g|jD]}t|�^q�|_g|j
D]}t|�^q�|_
g|jD]}t|�^q�|_dS(s� HACK. I haven't been able to make sax parser return
            strings encoded (because of python 2) instead of in unicode.
            Get rid of it once we throw out python 2 support.N(RRRRR R!R"R)R#R%R*R&R'RWR((	RZtstpotprRNtp1tp2tp3tp4((s9/usr/lib/python2.7/site-packages/firewall/core/io/zone.pytencode_strings�s%7%%O4%%%cCs�|dkrlg|D]}tjd|�^q|_tt|�j|g|jD]}t|�^qP�ntt|�j||�dS(NR(trule_str(Rt	Rich_RuleRWRRRt__setattr__tstr(RZR0R9R\((s9/usr/lib/python2.7/site-packages/firewall/core/io/zone.pyRf�s(8c

Cs?|dkr]|jr]|jj�}x|D]+}||kr+ttjd|��q+q+Wn�|dkr�x�|D]"}t|d�t|d�qpWn�|dkr�x�|D]}t|�q�Wnx|dkr |jr |jj�}xQ|D]+}||kr�ttj	d|��q�q�Wn|d	kr�x|D]�}	t|	d�t|	d�|	d
r�|	dr�ttj
d|	��n|	d
r�t|	d
�n|	dr3t|	d�r�t|	d�r�ttj
d
|	d��q�q3q3WnI|dkr.x:|D]"}t|d�t|d�qWn
|dkr^|tkr;ttj|��q;n�|dkr�x�|D]'}
t|
�sqttj|
��qqqqWn�|dkrx�|D]R}t|�r�t|�r�t|�r�|jd�r�ttj
|��q�q�Wn0|dkr;x!|D]}tjd|�qWndS(NR!s '%s' not among existing servicesR"iiR)R#s"'%s' not among existing icmp typesR%iis$'%s' is missing to-port AND to-addr s#to-addr '%s' is not a valid addressR*R R&R'sipset:R(Rd(RVtget_servicesRRtINVALID_SERVICERRRt
get_icmptypestINVALID_ICMPTYPEtINVALID_FORWARDRRtINVALID_ADDRRtINVALID_TARGETRtINVALID_INTERFACERRRt
startswithRRe(
RZRtitemtexisting_servicesR1R2tprototexisting_icmptypesticmptypetfwd_portR4R6R5((s9/usr/lib/python2.7/site-packages/firewall/core/io/zone.pyt
_check_config�sn
	


	


"



cCstt|�j|�|jd�r>ttjd|��n�|jd�rfttjd|��n�|jd�dkr�ttjd|��nnd|kr�||j	d� }n|}t
|�t�krttjd|t
|�t�|jf��ndS(NR.s'%s' can't start with '/'s'%s' can't end with '/'ismore than one '/' in '%s's'Zone of '%s' has %d chars, max is %d %s(
RRRt
check_nameRpRRtINVALID_NAMEtendswithtcounttfindtlenR
RX(RZR0tchecked_name((s9/usr/lib/python2.7/site-packages/firewall/core/io/zone.pyRx�s&				c
CsEt|_d|_d|_d|_d|_x3|jD](}||jkr7|jj|�q7q7Wx3|j	D](}||j	krm|j	j|�qmqmWx3|j
D](}||j
kr�|j
j|�q�q�Wx3|jD](}||jkr�|jj|�q�q�Wx3|jD](}||jkr|jj|�qqWx3|j
D](}||j
krE|j
j|�qEqEW|jr�t|_nx3|jD](}||jkr�|jj|�q�q�Wx3|jD](}||jkr�|jj|�q�q�Wx7|jD],}	|jj|	�|jjt|	��q�W|jrAt|_ndS(NR(tTrueRXRUtfilenameRRRR&tappendR'R!R"R)R#R$R%R*RWR(RgR+(
RZR/R4R6R1R2RsticmptforwardR5((s9/usr/lib/python2.7/site-packages/firewall/core/io/zone.pytcombinesH							(sversionR(sshortR(sdescriptionR(stargetR(RR(RRRR(RRN(t__name__t
__module__t__doc__RTRKtDBUS_SIGNATUREtADDITIONAL_ALNUM_CHARSRUtPARSER_REQUIRED_ELEMENT_ATTRStPARSER_OPTIONAL_ELEMENT_ATTRStstaticmethodRQRSR[RcRfRwRxR�(((s9/usr/lib/python2.7/site-packages/firewall/core/io/zone.pyR(sv		

















					9	tzone_ContentHandlercBs#eZd�Zd�Zd�ZRS(cCs/tj||�d|_t|_d|_dS(N(RRSRUt_ruleRTt_rule_errort	_limit_ok(RZRq((s9/usr/lib/python2.7/site-packages/firewall/core/io/zone.pyRS,s		c	Cswtj|||�|jr dS|jj||�|dkrd|krbtjd|d�nd|kr�|d|j_nd|kr�tjd|d�nd|krs|d}|tkr�t	t
j|��n|dkr|tkr||j_
qqsnk|d	krn\|d
kr&nM|dkr�|jr�|jjrmtjdt|j��t|_dStj|d�|j_dS|d|jjkr�|jjj|d�qstjd
|d�n�
|dkr�|jr<|jjrtjdt|j��t|_dStj|d|d�|j_dSt|d�t|d�t|dd�|df}||jjkr�|jjj|�qstjd|d|d�n�|dkrs|jr|jjrtjdt|j��t|_dStj|d�|j_qst|d�|d|jjkr\|jjj|d�qstjd|d�n|dkr|jr�|jjr�tjdt|j��t|_dStj|d�|j_dS|d|jjkr|jjj|d�qstjd|d�nU|dkr�|jr�|jjretjdt|j��t|_dStj |d�|j_dStjd|d�n�
|dkrZd|kr�|dj!�d`kr�tjd|d�dS|jr/|jjrtjdt|j��t|_dStj"�|j_qs|jj#rKtjd�qst|j_#n
|dkrd}d|kr�|d}nd}d |kr�|d }n|jr	|jjr�tjdt|j��t|_dStj$|d|d||�|j_dSt|d�t|d�|r8t|�n|rtt%|�rtt&|�rtt	t
j'd!|��qtnt|dd�|dt|d�t|�f}||jj(kr�|jj(j|�qstjd"|d|d|r�d#|nd|rd$|nd�na|d%kr�|jr}|jjrYtjdt|j��t|_dStj)|d|d�|j_dSt|d�t|d�t|dd�|df}||jj*kr�|jj*j|�qstjd&|d|d�nw|d'kr�|jr+tjd(�t|_dSd|krQtjd)�t|_dS|d|jj+kr�|jj+j|d�qstjd*|d�n�|d+kr,|jr�	|jj,r�tjd,t|j��t|_dSt-}d-|kr	|d-j!�dakr	t}nd}}	}
d0|kr7	|d0}nd1|krP	|d1}	nd2|kri	|d2}
ntj/||	|
d-|�|j_,dSd0|kr�	d2|kr�	tjd3�dSd0|kr�	d2|kr�	tjd4�dSd5|kr
tjd6|d5�nd-|kr 
tjd7�dSd0|kr{
t0|d0�r{
t1|d0�r{
t2|d0�r{
t	t
j'|d0��q{
nd2|kr�
d8|d2}||jj3kr�
|jj3j|�q�
tjd9|d0�nd0|krs|d0}||jj3kr|jj3j|�q)tjd9|d0�qsnG|d:kr�|js[tjd;�t|_dS|jj4r�tjd<t|j��dSt-}d-|kr�|d-j!�dbkr�t}ntj5|d0|�|j_4n�|dckr�|jstjdA�t|_dS|jj6r)tjdB�t|_dS|d=krJtj7�|j_6n�|d>kr�d}dC|kru|dC}ntj8|�|j_6nO|d?kr�tj9�|j_6n.|d@kr�|dD}tj:|�|j_6n|jj6|_;n�|dEkr�
|js
tjdF�dS|jjr1
tjdG�dSd}
dH|krv
|dH}
|
ddkrv
tjdQ�t|_dSndR|kr�
|dRnd}tj<||
�|j_|jj|_;n�|dSkr8|js�
tjdT�dS|jj=rtjdUt|j��t|_dStj>�|j_=|jj=|_;n;|dVkr�d}d5|kr�|d5}|dekr�tjdY|d5�t|_dSntj?|�|_n�|dZkr(|j;s�tjd[�t|_dS|j;j@rtjd\t|j��t|_dS|d}tjA|�|j;_@nK|d]kr_|jjBrPtjd^�qst|j_Bntjd_|�dSdS(fNR/R0s'Ignoring deprecated attribute name='%s'RRAs,Ignoring deprecated attribute immutable='%s'R RRRR1s;Invalid rule: More than one element in rule '%s', ignoring.s#Service '%s' already set, ignoring.R2R3R-s#Port '%s/%s' already set, ignoring.R9s$Protocol '%s' already set, ignoring.s
icmp-blocks&icmp-block '%s' already set, ignoring.s	icmp-types-Invalid rule: icmp-block '%s' outside of ruleR$RBtnotfalses*Ignoring deprecated attribute enabled='%s's!Masquerade already set, ignoring.sforward-portsto-portsto-addrs#to-addr '%s' is not a valid addresss-Forward port %s/%s%s%s already set, ignoring.s >%ss @%sssource-ports*Source port '%s/%s' already set, ignoring.R4s$Invalid rule: interface use in rule.s Invalid interface: Name missing.s%Interface '%s' already set, ignoring.R6s:Invalid rule: More than one source in rule '%s', ignoring.REtyesttrueR7RDRFs$Invalid source: No address no ipset.s"Invalid source: Address and ipset.RCs)Ignoring deprecated attribute family='%s's+Invalid source: Invertion not allowed here.sipset:%ss"Source '%s' already set, ignoring.R8s)Invalid rule: Destination outside of rules?Invalid rule: More than one destination in rule '%s', ignoring.R;R<R=R?s$Invalid rule: Action outside of rules"Invalid rule: More than one actionRIR>Rs!Invalid rule: Log outside of rulesInvalid rule: More than one logRHtemergtalerttcritterrortwarningtnoticetinfotdebugsInvalid rule: Invalid log levelRGR:s#Invalid rule: Audit outside of rules9Invalid rule: More than one audit in rule '%s', ignoring.R5tipv4tipv6s&Invalid rule: Rule family "%s" invalidR@s4Invalid rule: Limit outside of action, log and audits9Invalid rule: More than one limit in rule '%s', ignoring.sicmp-block-inversions+Icmp-Block-Inversion already set, ignoring.sUnknown XML element '%s'(R�R�(syesR�(syesR�(sacceptsrejectsdropsmark(R�R�R�serrorswarningR�sinfosdebug(R�R�(CRtstartElementR�Rqtparser_check_element_attrsRR�RRRRRnRR R�RMRgRRtRich_ServiceR!R�t	Rich_PortRRR
R"t
Rich_ProtocolRR)tRich_IcmpBlockR#t
Rich_IcmpTypetlowertRich_MasqueradeR$tRich_ForwardPortRRRmR%tRich_SourcePortR*R&R6RTRUtRich_SourceRRRR'R8tRich_DestinationtactiontRich_AccepttRich_Rejectt	Rich_Dropt	Rich_MarkR�tRich_LogR:t
Rich_AuditReR@t
Rich_LimitR+(RZR0tattrsR tentrytto_porttto_addrREtaddrRDRFt_typet_setRHRGRCR9((s9/usr/lib/python2.7/site-packages/firewall/core/io/zone.pyR�2st			
							
																	

			

					
		
	
						




	
	
		
			
	
	
	

	


	
		
		
			
			
cCstj||�|dkr�|js�y|jj�Wn/tk
rg}tjd|t|j��q�Xt|j�|j	j
kr�|j	jj|j�|j	j
jt|j��q�tjdt|j��nd|_t|_n|d
krd|_ndS(NR5s%s: %ss Rule '%s' already set, ignoring.R;R<R=R?RR:(sacceptsrejectsdropsmarkslogsaudit(Rt
endElementR�R�tcheckt	ExceptionRR�RgRqR(RWR�RURTR�(RZR0te((s9/usr/lib/python2.7/site-packages/firewall/core/io/zone.pyR��s 	 		(R�R�RSR�R�(((s9/usr/lib/python2.7/site-packages/firewall/core/io/zone.pyR�+s		�dc
	Csbt�}|jd�s1ttjd|��n|d |_|sW|j|j�n||_||_|j	t
j�r�tnt
|_|j|_t|�}tj�}|j|�d||f}t|d��i}tjd�}|j|�y|j|�Wn2tjk
r>}	ttjd|	j���nXWdQX~~tr^|j�n|S(Ns.xmls'%s' is missing .xml suffixi����s%s/%strbsnot a valid zone file: %s(RRzRRRyR0RxR�tpathRpRt
ETC_FIREWALLDRTRtbuiltintdefaultR�tsaxtmake_parsertsetContentHandlertopentInputSourceRUt
setByteStreamtparsetSAXParseExceptiontINVALID_ZONEtgetExceptionRRc(
R�R�t
no_check_nameR/thandlertparserR0tfR6tmsg((s9/usr/lib/python2.7/site-packages/firewall/core/io/zone.pyR�s:		
		!

	
c
Cs%
|r|n|j}|jr4d||jf}nd||jf}tjj|�r�ytj|d|�Wq�tk
r�}tj	d||�q�Xntjj
|�}|jtj
�rtjj|�rtjjtj
�s�tjtj
d�ntj|d�ntj|dddd	�}t|�}|j�i}|jrq|jd
krq|j|d<n|jtkr�|j|d<n|jd
|�|jd�|jr|jd
kr|jd�|jdi�|j|j�|jd�|jd�n|jrq|jd
krq|jd�|jdi�|j|j�|jd�|jd�nxHt|j�D]7}	|jd�|jdi|	d6�|jd�q�Wxrt|j�D]a}
|jd�d|
kr	|jdi|
dd6�n|jdi|
d6�|jd�q�WxHt|j �D]7}|jd�|jdi|d6�|jd�qAWxWt|j!�D]F}|jd�|jdi|dd6|dd6�|jd�q�WxHt|j"�D]7}
|jd�|jdi|
d6�|jd�q�W|j#rW|jd�|jdi�|jd�nxHt|j$�D]7}|jd�|jd i|d6�|jd�qgW|j%r�|jd�|jd!i�|jd�nx�t|j&�D]�}|jd�i|dd6|dd6}|d"rB|d"d
krB|d"|d#<n|d$rm|d$d
krm|d$|d%<n|jd&|�|jd�q�WxWt|j'�D]F}|jd�|jd'i|dd6|dd6�|jd�q�Wx|j(D]�}i}|j)r|j)|d(<n|jd�|jd)|�|jd�|j*r�i}|j*j+ro|j*j+|d<n|j*j,r�|j*j,|d*<n|j*j-r�|j*j-|d<n|j*j.r�d+|d,<n|jd-�|jd|�|jd�n|j/rUi|j/j+d6}|j/j.r(d+|d,<n|jd-�|jd.|�|jd�n|j0r�	d
}i}t1|j0�t2j3kr�d}|j0j|d<n�t1|j0�t2j4kr�d}|j0j5|d<|j0j6|d<n�t1|j0�t2j7kr
d}|j0j8|d<nnt1|j0�t2j9kr.d!}nMt1|j0�t2j:kr_d }|j0j|d<nt1|j0�t2j;kr�d/}|j0j|d<n�t1|j0�t2j<kr	d&}|j0j5|d<|j0j6|d<|j0j=d
kr�|j0j=|d#<n|j0j>d
kr{	|j0j>|d%<q{	n`t1|j0�t2j?kr\	d'}|j0j5|d<|j0j6|d<nt@tAjBd0t1|j0���|jd-�|j||�|jd�n|jr�
i}|jjCr�	|jjC|d1<n|jjDr�	|jjD|d2<n|jjErh
|jd-�|jd3|�|jd4�|jd5i|jjEj8d6�|jd6�|jd3�n|jd-�|jd3|�|jd�n|jFrDi}|jFjEr|jd-�|jd7i�|jd4�|jd5i|jFjEj8d6�|jd6�|jd7�n|jd-�|jd7|�|jd�n|jGr�d
}i}t1|jG�t2jHkrzd8}n�t1|jG�t2jIkr�d9}|jGj1r%|jGj1|d:<q%nkt1|jG�t2jJkr�d;}nJt1|jG�t2jKkrd<}|jGjL|d=<ntjMd>t1|jG��|jGjEr�|jd-�|j||�|jd4�|jd5i|jGjEj8d6�|jd6�|j|�n|jd-�|j||�|jd�n|jd�|jd)�|jd�q�W|jd
�|jd�|jN�|jO�~dS(?Ns%s/%ss	%s/%s.xmls%s.oldsBackup of file '%s' failed: %si�tmodetwttencodingsUTF-8RRR R/s
s  RRR4R0sipset:R6iRFR7R1R2iiR3R9sicmp-block-inversions
icmp-blockR$isto-portisto-addrsforward-portssource-portRCR5RDRREs    R8s	icmp-types#Unknown element '%s' in zone_writerRGRHRs
      R@s
    R:R;R<RIR=R?R>sUnknown action '%s'(PR�R�R0tostexiststshutiltcopy2R�RR�tdirnameRpRR�tmkdirtioR�Rt
startDocumentRR RR�tignorableWhitespaceRt
charactersR�RR	R&t
simpleElementR'R!R"R)R+R#R$R%R*RWRCR6R�RDRFRER8RMRIRR�R�R2R3R�R9R�R�R�R�R�t
to_addressR�RRtINVALID_OBJECTRGRHR@R:R�R�R�R�R�R>R�tendDocumenttclose(R/R�t_pathR0R�tdirpathR�R�R�R4R6R1R2R3R�R�R5RMR�((s9/usr/lib/python2.7/site-packages/firewall/core/io/zone.pyR�s�	%









&
	

	


	

	

	

		
	

	

	

	

			

	







(+t__all__txml.saxR�R�R�R�tfirewallRtfirewall.functionsRRRRRR	R
RRR
tfirewall.core.baseRRtfirewall.core.io.io_objectRRRRRRRt
firewall.coreRtfirewall.core.loggerRRtfirewall.errorsRRR�RTRRUR(((s9/usr/lib/python2.7/site-packages/firewall/core/io/zone.pyt<module>s$F4���

ZeroDay Forums Mini