Skip to content
GitLab
Menu
Projects
Groups
Snippets
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
Menu
Open sidebar
Nounous
firewall
Commits
4f74e373
Commit
4f74e373
authored
Jan 08, 2021
by
Benjamin Graillot
Committed by
root
Jan 08, 2021
Browse files
[firewall.py] Use sets instead of lists
parent
2e4412a9
Changes
1
Hide whitespace changes
Inline
Side-by-side
firewall.py
View file @
4f74e373
...
...
@@ -174,42 +174,38 @@ if __name__ == "__main__":
for
interface
in
interface_ports
:
for
ip
in
[
ipaddress
.
ip_address
(
interface
[
'ipv4'
])
]
+
[
ipaddress
.
ip_address
(
ipv6
[
'ipv6'
])
for
ipv6
in
interface
[
'ipv6'
]
]:
tcp_ports_in
=
[]
tcp_ports_out
=
[]
udp_ports_in
=
[]
udp_ports_out
=
[]
tcp_ports_in
=
set
()
tcp_ports_out
=
set
()
udp_ports_in
=
set
()
udp_ports_out
=
set
()
for
subnet
in
config
[
'DEFAULT_SERVICES_RE2O'
]:
if
ip
in
ipaddress
.
ip_network
(
subnet
):
if
'tcp_in'
in
config
[
'DEFAULT_SERVICES_RE2O'
][
subnet
]:
for
opening
in
config
[
'DEFAULT_SERVICES_RE2O'
][
subnet
][
'tcp_in'
]:
tcp_ports_in
.
a
ppen
d
(
tuple
(
opening
))
tcp_ports_in
.
a
d
d
(
tuple
(
opening
))
for
opening
in
interface
[
'port_lists'
]:
for
port_range
in
opening
[
'tcp_ports_in'
]:
tcp_ports_in
.
a
ppen
d
((
port_range
[
'begin'
],
port_range
[
'end'
]))
tcp_ports_in
.
a
d
d
((
port_range
[
'begin'
],
port_range
[
'end'
]))
if
tcp_ports_in
:
tcp_ports_in
.
sort
()
tcp_ports_in
=
','
.
join
(
'{}-{}'
.
format
(
port
[
0
],
port
[
1
])
if
port
[
0
]
!=
port
[
1
]
else
str
(
port
[
0
])
for
port
in
tcp_ports_in
)
tcp_ports_in
=
','
.
join
(
'{}-{}'
.
format
(
port
[
0
],
port
[
1
])
if
port
[
0
]
!=
port
[
1
]
else
str
(
port
[
0
])
for
port
in
sorted
(
tcp_ports_in
)
)
ports_openings_adh
.
append
(
'ip{ip_version} daddr {ip} tcp dport {{ {ports} }} accept'
.
format
(
ip_version
=
''
if
ip
.
version
==
4
else
'6'
,
ip
=
ip
,
ports
=
tcp_ports_in
))
for
opening
in
interface
[
'port_lists'
]:
for
port_range
in
opening
[
'tcp_ports_out'
]:
tcp_ports_out
.
a
ppen
d
((
port_range
[
'begin'
],
port_range
[
'end'
]))
tcp_ports_out
.
a
d
d
((
port_range
[
'begin'
],
port_range
[
'end'
]))
if
tcp_ports_out
:
tcp_ports_out
.
sort
()
tcp_ports_out
=
','
.
join
(
'{}-{}'
.
format
(
port
[
0
],
port
[
1
])
if
port
[
0
]
!=
port
[
1
]
else
str
(
port
[
0
])
for
port
in
tcp_ports_out
)
tcp_ports_out
=
','
.
join
(
'{}-{}'
.
format
(
port
[
0
],
port
[
1
])
if
port
[
0
]
!=
port
[
1
]
else
str
(
port
[
0
])
for
port
in
sorted
(
tcp_ports_out
)
)
ports_openings_adh
.
append
(
'ip{ip_version} saddr {ip} tcp dport {{ {ports} }} accept'
.
format
(
ip_version
=
''
if
ip
.
version
==
4
else
'6'
,
ip
=
ip
,
ports
=
tcp_ports_out
))
for
opening
in
interface
[
'port_lists'
]:
for
port_range
in
opening
[
'udp_ports_in'
]:
udp_ports_in
.
a
ppen
d
((
port_range
[
'begin'
],
port_range
[
'end'
]))
udp_ports_in
.
a
d
d
((
port_range
[
'begin'
],
port_range
[
'end'
]))
if
udp_ports_in
:
udp_ports_in
.
sort
()
udp_ports_in
=
','
.
join
(
'{}-{}'
.
format
(
port
[
0
],
port
[
1
])
if
port
[
0
]
!=
port
[
1
]
else
str
(
port
[
0
])
for
port
in
udp_ports_in
)
udp_ports_in
=
','
.
join
(
'{}-{}'
.
format
(
port
[
0
],
port
[
1
])
if
port
[
0
]
!=
port
[
1
]
else
str
(
port
[
0
])
for
port
in
sorted
(
udp_ports_in
)
)
ports_openings_adh
.
append
(
'ip{ip_version} daddr {ip} udp dport {{ {ports} }} accept'
.
format
(
ip_version
=
''
if
ip
.
version
==
4
else
'6'
,
ip
=
ip
,
ports
=
udp_ports_in
))
for
opening
in
interface
[
'port_lists'
]:
for
port_range
in
opening
[
'udp_ports_out'
]:
udp_ports_out
.
a
ppen
d
((
port_range
[
'begin'
],
port_range
[
'end'
]))
udp_ports_out
.
a
d
d
((
port_range
[
'begin'
],
port_range
[
'end'
]))
if
udp_ports_out
:
udp_ports_out
.
sort
()
udp_ports_out
=
','
.
join
(
'{}-{}'
.
format
(
port
[
0
],
port
[
1
])
if
port
[
0
]
!=
port
[
1
]
else
str
(
port
[
0
])
for
port
in
udp_ports_out
)
udp_ports_out
=
','
.
join
(
'{}-{}'
.
format
(
port
[
0
],
port
[
1
])
if
port
[
0
]
!=
port
[
1
]
else
str
(
port
[
0
])
for
port
in
sorted
(
udp_ports_out
)
)
ports_openings_adh
.
append
(
'ip{ip_version} saddr {ip} udp dport {{ {ports} }} accept'
.
format
(
ip_version
=
''
if
ip
.
version
==
4
else
'6'
,
ip
=
ip
,
ports
=
udp_ports_out
))
logger
.
debug
(
"Generated {} ports opening"
.
format
(
len
(
ports_openings_adh
)))
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment
