183
def modify_access(src, dst='any', port=None, proto=None, action='allow'):
183
def default_policy(policy='deny', direction='incoming'):
185
Changes the default policy for traffic `direction`
187
:param policy: allow, deny or reject
188
:param direction: traffic direction, possible values: incoming, outgoing,
191
if policy not in ['allow', 'deny', 'reject']:
192
raise UFWError(('Unknown policy %s, valid values: '
193
'allow, deny, reject') % policy)
195
if direction not in ['incoming', 'outgoing', 'routed']:
196
raise UFWError(('Unknown direction %s, valid values: '
197
'incoming, outgoing, routed') % direction)
199
output = subprocess.check_output(['ufw', 'default', policy, direction],
200
universal_newlines=True,
201
env={'LANG': 'en_US',
202
'PATH': os.environ['PATH']})
203
hookenv.log(output, level='DEBUG')
205
m = re.findall("^Default %s policy changed to '%s'\n" % (direction,
209
hookenv.log("ufw couldn't change the default policy to %s for %s"
210
% (policy, direction), level='WARN')
213
hookenv.log("ufw default policy for %s changed to %s"
214
% (direction, policy), level='INFO')
218
def modify_access(src, dst='any', port=None, proto=None, action='allow',
185
221
Grant access to an address or subnet
192
228
:param port: destiny port
193
229
:param proto: protocol (tcp or udp)
194
230
:param action: `allow` or `delete`
231
:param index: if different from None the rule is inserted at the given
196
234
if not is_enabled():
197
235
hookenv.log('ufw is disabled, skipping modify_access()', level='WARN')
230
def grant_access(src, dst='any', port=None, proto=None):
270
def grant_access(src, dst='any', port=None, proto=None, index=None):
232
272
Grant access to an address or subnet
238
278
field has to be set.
239
279
:param port: destiny port
240
280
:param proto: protocol (tcp or udp)
281
:param index: if different from None the rule is inserted at the given
242
return modify_access(src, dst=dst, port=port, proto=proto, action='allow')
284
return modify_access(src, dst=dst, port=port, proto=proto, action='allow',
245
288
def revoke_access(src, dst='any', port=None, proto=None):