~ubuntu-branches/ubuntu/saucy/ufw/saucy

« back to all changes in this revision

Viewing changes to src/backend.py

Committer: Package Import Robot
Author(s): Jamie Strandboge
Date: 2012-08-17 14:32:01 UTC
mfrom: (30.1.15)
Revision ID: package-import@ubuntu.com-20120817143201-xj33z2za9mvzpw2k

Tags: 0.33-0ubuntu1

https://launchpad.net/bugs/1007326

https://launchpad.net/bugs/951462

https://launchpad.net/bugs/868195

https://launchpad.net/bugs/987784

https://launchpad.net/bugs/787955

* New upstream release. Fixes the following bugs:
  - also use correct ports for DHCPv6. Thanks to Marco Davids (LP: #1007326)
  - add IPv6 limit support (LP: #951462)
  - add zh_TW translation (LP: #868195)
  - add 'show added' report (LP: #987784)
  - remove ACCEPT_NO_TRACK option since it never worked (LP: #787955)
* debian/(after|before)6.rules.md5sum: adjust for recently missed shipped
  configurations

files added:
locales/po/zh_TW.po

tests/root_kern

tests/root_kern/limit6

tests/root_kern/limit6/orig

tests/root_kern/limit6/result

tests/root_kern/limit6/runtest.sh

files modified:
ChangeLog

README

README.translations

conf/after6.rules

conf/ufw.defaults

debian/after6.rules.md5sum

debian/before6.rules.md5sum

debian/changelog

doc/ufw.8

locales/po/ar.po

locales/po/ast.po

locales/po/bg.po

locales/po/bs.po

locales/po/ca.po

locales/po/cs.po

locales/po/da.po

locales/po/de.po

locales/po/el.po

locales/po/en_AU.po

locales/po/en_GB.po

locales/po/es.po

locales/po/fi.po

locales/po/fr.po

locales/po/he.po

locales/po/hu.po

locales/po/id.po

locales/po/it.po

locales/po/ja.po

locales/po/nb.po

locales/po/nl.po

locales/po/pl.po

locales/po/pt.po

locales/po/pt_BR.po

locales/po/ru.po

locales/po/sk.po

locales/po/sl.po

locales/po/sr.po

locales/po/sv.po

locales/po/tl.po

locales/po/ufw.pot

locales/po/ur.po

locales/po/zh_CN.po

setup.py

src/backend.py

src/backend_iptables.py

src/frontend.py

src/parser.py

src/util.py

tests/bad/policy/result

tests/bad/policy/runtest.sh

tests/bugs/misc/result

tests/bugs/misc/runtest.sh

tests/check-requirements

tests/destructive/bugs/result

tests/destructive/bugs/runtest.sh

tests/good/policy/result

tests/good/policy/runtest.sh

tests/good/reports/result

tests/good/reports/runtest.sh

tests/root/live/result

tests/root/live/runtest.sh

tests/root/live_apps/runtest.sh

tests/root/logging/runtest.sh

tests/root/valid6/runtest.sh

Show diffs side-by-side

added added

removed removed

src/backend.py

self.ip6tables_restore = os.path.join(iptables_dir, \

"ip6tables-restore")

self.iptables_version = ufw.util.get_iptables_version(self.iptables)

try:

self.iptables_version = ufw.util.get_iptables_version(self.iptables)

except OSError:

err_msg = _("Couldn't determine iptables version")

raise UFWError(err_msg)

self.caps = {}

self.caps['limit'] = {}

# Set defaults for dryrun, non-root, etc

self.caps['limit']['4'] = True

self.caps['limit']['6'] = False # historical default for the testsuite

# Try to get capabilities from the running system if root

if self.do_checks and os.getuid() == 0 and not self.dryrun:

# v4

nf_caps = ufw.util.get_netfilter_capabilities(self.iptables)

if 'recent-set' in nf_caps and 'recent-update' in nf_caps:

self.caps['limit']['4'] = True

else:

self.caps['limit']['4'] = False

# v6

nf_caps = ufw.util.get_netfilter_capabilities(self.ip6tables)

if 'recent-set' in nf_caps and 'recent-update' in nf_caps:

self.caps['limit']['6'] = True

else:

self.caps['limit']['6'] = False

def is_enabled(self):

'''Is firewall configured as enabled'''

113

rstr = ""

114

if self.defaults[policy] == "accept":

115

rstr = "allow"

elif self.defaults[policy] == "accept_no_track":

rstr = "allow-without-tracking"

116

elif self.defaults[policy] == "reject":

117

rstr = "reject"

118

else:

142

167

if not pat.search(profile):

143

168

profiles.append(os.path.join(self.files['apps'], profile))

144

169

145

for path in list(self.files.values()) + [ os.path.abspath(sys.argv[0]) ] + \

170

for path in list(self.files.values()) + \

171

[ os.path.abspath(sys.argv[0]) ] + \

146

172

profiles:

173

if not path.startswith('/'):

174

path = "%s/%s" % (os.getcwd(), path)

147

175

while True:

148

176

debug("Checking " + path)

149

177

if path == self.files['apps'] and \

178

206

if path == "/":

179

207

break

180

208

209

last_path = path

181

210

path = os.path.dirname(path)

182

211

if not path:

183

raise OSError(errno.ENOENT, "Could not find '%s'" % (path))

212

raise OSError(errno.ENOENT, \

213

"Could not find parent for '%s'" % \

214

(last_path))

184

215

185

216

for f in self.files:

186

217

if f != 'apps' and not os.path.isfile(self.files[f]):

206

237

orig.close()

207

238

208

239

# do some default policy sanity checking

209

policies = ['accept', 'accept_no_track', 'drop', 'reject']

240

policies = ['accept', 'drop', 'reject']

210

241

for c in [ 'input', 'output', 'forward' ]:

211

242

if 'default_%s_policy' % (c) not in self.defaults:

212

243

err_msg = _("Missing policy for '%s'" % (c))

213

244

raise UFWError(err_msg)

214

245

p = self.defaults['default_%s_policy' % (c)]

215

if p not in policies or \

216

(p == 'accept_no_track' and c == 'forward'):

246

if p not in policies:

217

247

err_msg = _("Invalid policy '%(policy)s' for '%(chain)s'" % \

218

248

({'policy': p, 'chain': c}))

219

249

raise UFWError(err_msg)

Older »