Skip to content

GitLab

Commit 4f74e373 authored by Benjamin Graillot's avatar Benjamin Graillot Committed by root
Browse files

[firewall.py] Use sets instead of lists

parent 2e4412a9
Hide whitespace changes
Inline Side-by-side
firewall.py
View file @ 4f74e373
......@@ -174,42 +174,38 @@ if __name__ == "__main__":
for interface in interface_ports:
for ip in [ ipaddress.ip_address(interface['ipv4']) ] + [ ipaddress.ip_address(ipv6['ipv6']) for ipv6 in interface['ipv6'] ]:
tcp_ports_in = []
tcp_ports_out = []
udp_ports_in = []
udp_ports_out = []
tcp_ports_in = set()
tcp_ports_out = set()
udp_ports_in = set()
udp_ports_out = set()
for subnet in config['DEFAULT_SERVICES_RE2O']:
if ip in ipaddress.ip_network(subnet):
if 'tcp_in' in config['DEFAULT_SERVICES_RE2O'][subnet]:
for opening in config['DEFAULT_SERVICES_RE2O'][subnet]['tcp_in']:
tcp_ports_in.append(tuple(opening))
tcp_ports_in.add(tuple(opening))
for opening in interface['port_lists']:
for port_range in opening['tcp_ports_in']:
tcp_ports_in.append((port_range['begin'], port_range['end']))
tcp_ports_in.add((port_range['begin'], port_range['end']))
if tcp_ports_in:
tcp_ports_in.sort()
tcp_ports_in = ','.join( '{}-{}'.format(port[0], port[1]) if port[0] != port[1] else str(port[0]) for port in tcp_ports_in )
tcp_ports_in = ','.join( '{}-{}'.format(port[0], port[1]) if port[0] != port[1] else str(port[0]) for port in sorted(tcp_ports_in) )
ports_openings_adh.append('ip{ip_version} daddr {ip} tcp dport {{ {ports} }} accept'.format(ip_version='' if ip.version == 4 else '6', ip=ip, ports=tcp_ports_in))
for opening in interface['port_lists']:
for port_range in opening['tcp_ports_out']:
tcp_ports_out.append((port_range['begin'], port_range['end']))
tcp_ports_out.add((port_range['begin'], port_range['end']))
if tcp_ports_out:
tcp_ports_out.sort()
tcp_ports_out = ','.join( '{}-{}'.format(port[0], port[1]) if port[0] != port[1] else str(port[0]) for port in tcp_ports_out )
tcp_ports_out = ','.join( '{}-{}'.format(port[0], port[1]) if port[0] != port[1] else str(port[0]) for port in sorted(tcp_ports_out) )
ports_openings_adh.append('ip{ip_version} saddr {ip} tcp dport {{ {ports} }} accept'.format(ip_version='' if ip.version == 4 else '6', ip=ip, ports=tcp_ports_out))
for opening in interface['port_lists']:
for port_range in opening['udp_ports_in']:
udp_ports_in.append((port_range['begin'], port_range['end']))
udp_ports_in.add((port_range['begin'], port_range['end']))
if udp_ports_in:
udp_ports_in.sort()
udp_ports_in = ','.join( '{}-{}'.format(port[0], port[1]) if port[0] != port[1] else str(port[0]) for port in udp_ports_in )
udp_ports_in = ','.join( '{}-{}'.format(port[0], port[1]) if port[0] != port[1] else str(port[0]) for port in sorted(udp_ports_in) )
ports_openings_adh.append('ip{ip_version} daddr {ip} udp dport {{ {ports} }} accept'.format(ip_version='' if ip.version == 4 else '6', ip=ip, ports=udp_ports_in))
for opening in interface['port_lists']:
for port_range in opening['udp_ports_out']:
udp_ports_out.append((port_range['begin'], port_range['end']))
udp_ports_out.add((port_range['begin'], port_range['end']))
if udp_ports_out:
udp_ports_out.sort()
udp_ports_out = ','.join( '{}-{}'.format(port[0], port[1]) if port[0] != port[1] else str(port[0]) for port in udp_ports_out )
udp_ports_out = ','.join( '{}-{}'.format(port[0], port[1]) if port[0] != port[1] else str(port[0]) for port in sorted(udp_ports_out) )
ports_openings_adh.append('ip{ip_version} saddr {ip} udp dport {{ {ports} }} accept'.format(ip_version='' if ip.version == 4 else '6', ip=ip, ports=udp_ports_out))
logger.debug("Generated {} ports opening".format(len(ports_openings_adh)))
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment