~ubuntu-branches/ubuntu/trusty/ufw/trusty-proposed

« back to all changes in this revision

Viewing changes to src/backend_iptables.py

Committer: Bazaar Package Importer
Author(s): Jamie Strandboge
Date: 2010-01-30 09:42:05 UTC
mfrom: (30.1.8 upstream)
Revision ID: james.westby@ubuntu.com-20100130094205-8wsowzipc32k48yy

Tags: 0.29.3-0ubuntu1

https://launchpad.net/bugs/490366

https://launchpad.net/bugs/512131

https://launchpad.net/bugs/488032

https://launchpad.net/bugs/513387

https://launchpad.net/bugs/503039

https://launchpad.net/bugs/488032

* New upstream release. Fixes:
  LP: #490366
  LP: #512131
  LP: #488032
  LP: #513387
* debian/ufw.upstart.ubuntu: start before an interface receives traffic
* debian/postinst: don't sed or chmod a file that doesn't exist
  (LP: #503039)
* debian/after*.rules.md5sum: updated for ucf (added additional sums for
  people using the workaround in LP: #488032)

files removed:
locales/mo/ar.mo

locales/mo/bg.mo

locales/mo/ca.mo

locales/mo/cs.mo

locales/mo/da.mo

locales/mo/de.mo

locales/mo/el.mo

locales/mo/en_AU.mo

locales/mo/en_GB.mo

locales/mo/fi.mo

locales/mo/fr.mo

locales/mo/he.mo

locales/mo/hu.mo

locales/mo/id.mo

locales/mo/it.mo

locales/mo/nb.mo

locales/mo/nl.mo

locales/mo/pl.mo

locales/mo/pt.mo

locales/mo/pt_BR.mo

locales/mo/ru.mo

locales/mo/sk.mo

locales/mo/sl.mo

locales/mo/sr.mo

locales/mo/sv.mo

locales/mo/tl.mo

locales/mo/zh_CN.mo

files modified:
ChangeLog

Makefile

README

conf/after.rules

conf/after6.rules

conf/sysctl.conf

conf/ufw.conf

debian/after.rules.md5sum

debian/after6.rules.md5sum

debian/changelog

debian/postinst

doc/ufw-framework.8

doc/ufw.8

locales/po/ufw.pot

setup.py

src/backend_iptables.py

src/ufw-init-functions

tests/bugs/misc/result

tests/bugs/misc/runtest.sh

tests/good/logging/result

tests/good/logging/runtest.sh

tests/root/bugs/result

tests/root/bugs/runtest.sh

tests/root/live/result

tests/root/live/runtest.sh

tests/root/valid/runtest.sh

tests/root/valid6/runtest.sh

Show diffs side-by-side

added added

removed removed

src/backend_iptables.py

self.chains['misc'].append(chain_prefix + "-logging-deny")

self.chains['misc'].append(chain_prefix + "-logging-allow")

# The default log rate limiting rule

self.ufw_user_limit_log = ['ufw-user-limit', '-m', 'limit', \

'--limit', '3/minute', '-j', 'LOG', \

'--log-prefix']

self.ufw_user_limit_log_text = "[UFW LIMIT BLOCK]"

def get_default_policy(self, primary="input"):

'''Get current policy'''

policy = "default_" + primary + "_policy"

377

383

else:

378

384

(rc, out) = cmd([self.files['init'], 'force-stop'])

379

385

if rc != 0:

386

debug(out)

380

387

raise UFWError(err_msg + " ufw-init")

381

388

382

389

def start_firewall(self):

387

394

else:

388

395

(rc, out) = cmd([self.files['init'], 'start'])

389

396

if rc != 0:

397

debug(out)

390

398

raise UFWError(err_msg + " ufw-init")

391

399

392

400

if not self.defaults.has_key('loglevel') or \

716

724

"\n")

717

725

ufw.util.write_to_file(fd, "### END LOGGING ###\n")

718

726

727

# Rate limiting only supported with IPv4

719

728

if chain_prefix == "ufw":

720

729

ufw.util.write_to_file(fd, "\n### RATE LIMITING ###\n")

721

# Rate limiting only supported with IPv4

722

ufw.util.write_to_file(fd, "-A " + chain_prefix + "-user-limit -m limit " + \

723

"--limit 3/minute -j LOG --log-prefix " + \

724

"\"[UFW LIMIT BLOCK] \"\n")

725

ufw.util.write_to_file(fd, "-A " + chain_prefix + "-user-limit -j REJECT\n")

726

ufw.util.write_to_file(fd, "-A " + chain_prefix + "-user-limit-accept -j ACCEPT\n")

730

if self.defaults['loglevel'] != "off":

731

ufw.util.write_to_file(fd, "-A " + \

732

" ".join(self.ufw_user_limit_log) + \

733

" \"" + self.ufw_user_limit_log_text + " \"\n")

734

ufw.util.write_to_file(fd, "-A " + chain_prefix + \

735

"-user-limit -j REJECT\n")

736

ufw.util.write_to_file(fd, "-A " + chain_prefix + \

737

"-user-limit-accept -j ACCEPT\n")

727

738

ufw.util.write_to_file(fd, "### END RATE LIMITING ###\n")

728

739

729

740

ufw.util.write_to_file(fd, "COMMIT\n")

980

991

981

992

def update_logging(self, level):

982

993

'''Update loglevel of running firewall'''

983

if not self._is_enabled():

994

if self.dryrun:

984

995

return

985

996

986

997

rules_t = []

999

1010

err_msg = _("Couldn't update rules file for logging")

1000

1011

UFWError(err_msg)

1001

1012

1013

# Don't update the running firewall if not enabled

1014

if not self._is_enabled():

1015

return

1016

1002

1017

# make sure all the chains are here, it's redundant but helps make

1003

1018

# sure the chains are in a consistent state

1004

1019

err_msg = _("Could not update running firewall")

1030

1045

except Exception:

1031

1046

raise UFWError(err_msg)

1032

1047

1048

# Always delete this and re-add it so that we don't have extras

1049

self._chain_cmd('ufw-user-limit', ['-D'] + self.ufw_user_limit_log + \

1050

[self.ufw_user_limit_log_text + " "], \

1051

fail_ok=True)

1052

1053

if self.defaults["loglevel"] != "off":

1054

self._chain_cmd('ufw-user-limit', ['-I'] + \

1055

self.ufw_user_limit_log + \

1056

[self.ufw_user_limit_log_text + " "], \

1057

fail_ok=True)

1058

1033

1059

def _get_logging_rules(self, level):

1034

1060

'''Get rules for specified logging level'''

1035

1061

rules_t = []

Older »