HOME

Mini Shell 1.0 Redirecting to https://devs.lapieza.net/iniciar-sesion Redirecting to https://devs.lapieza.net/iniciar-sesion.
DIR: /proc/self/root/usr/lib/python3/dist-packages/ufw/__pycache__/
Current File : //proc/self/root/usr/lib/python3/dist-packages/ufw/__pycache__/backend_iptables.cpython-311.pyc
�

#fd�����dZddlZddlZddlZddlZddlZddlZddlmZm	Z	ddl
mZmZm
Z
mZmZmZddlZGd�dejj��ZdS)z-backend_iptables.py: iptables backend for ufw�N)�UFWError�UFWRule)�warn�debug�msg�cmd�cmd_pipe�	_findpathc��eZdZdZdd�Zd�Zd�Zd�Zdd�Zd	�Z	d
�Z
d�Zd�Zd
�Z
d�Zd�Zdd�Zdd�Zd�Zdd�Zd�Zd�Zd�ZdS)�UFWBackendIptableszInstance class for UFWBackendNc��dtjjzdz|_||_||_i}t
tjj|��}tj	�
|d��|d<tj	�
|d��|d<tj	�
|d��|d<tj	�
|d	��|d
<tj	�
|d��|d<tj	�
|d
��|d<tj	�
t
tjj|��d��|d<tjj
�|d||||���ggggd�|_dD]�}d}|dkr!|���r||z
}n|dkr�+dD]1}dD],}	|�d|�d|	��}
|j|�|
���-�2|jd�|dz��|jd�|dz����gd�|_d|_d S)!z!UFWBackendIptables initializationz# z
_comment #zufw/user.rules�ruleszufw/before.rules�before_ruleszufw/after.rules�after_ruleszufw/user6.rules�rules6zufw/before6.rules�
before6_ruleszufw/after6.rules�after6_ruleszufw-init�init�iptables)�rootdir�datadir)�before�user�after�misc)�4�6�ufwr)rrr��input�output�forward�-z	-logging-rz
-logging-denyz-logging-allow)�-m�limit�--limitz3/minute�-j�LOG�--log-prefixz[UFW LIMIT BLOCK]N)r�common�programName�comment_strrrr
�
config_dir�os�path�join�	state_dir�backend�
UFWBackend�__init__�chains�use_ipv6�append�ufw_user_limit_log�ufw_user_limit_log_text)�self�dryrunrr�filesr-�ver�chain_prefix�loc�target�chains           �6/usr/lib/python3/dist-packages/ufw/backend_iptables.pyr4zUFWBackendIptables.__init__ s`���#�*�"8�8�<�G������������s�z�4�g�>�>�
�����j�2B�C�C��g�� "����Z�9K� L� L��n��!�w�|�|�J�8I�J�J��m���'�,�,�z�3D�E�E��h��!#����j�:M�!N�!N��o�� "����Z�9K� L� L��n��
����Y�s�z�/C�W�%M�%M�%/�1�1��f�
�	���'�'��j�&�%�07��	(�	J�	J�	J�"$�R�"�b�I�I����
	H�
	H�C� �L��c�z�z��=�=�?�?�� �C�'�L�L��C�Z�Z��2�
3�
3��<�3�3�F�2>�,�,����V�V�L�E��K��$�+�+�E�2�2�2�2�3�
�K���&�&�|�o�'E�F�F�F��K���&�&�|�6F�'F�G�G�G�G�#3�#3�#3���(;��$�$�$�c��td��}|jddkr|dz
}n3|jddkr|dz
}n|jddkr|dz
}n|d	z
}|S)
zGet current policyz
New profiles:�default_application_policy�acceptz allow�dropz deny�rejectz rejectz skip)�_�defaults)r:�rstrs  rB�get_default_application_policyz1UFWBackendIptables.get_default_application_policyPsy����!�!���=�5�6�(�B�B��H��D�D�
�]�7�
8�F�
B�
B��G�O�D�D�
�]�7�
8�H�
D�
D��I��D�D��G�O�D��rCc	��|j�sI|dkr-|dkr'|dkr!td��|z}t|���|dkr-|dkr'|dkr!td��|z}t|���d	}|dkrd
}n|dkrd}d}d}|dkr;	|�|jd
d|zd��n#t
$r�wxYwd}d}n{|dkr;	|�|jd
d|zd��n#t
$r�wxYwd}d}n:	|�|jd
d|zd��n#t
$r�wxYwd}d}t
jd|z��}|jd|jdfD]�}	tj	�
|��}	n#t
$r�wxYw|	d}
|	dD]l}|�|��r5tj	�|
|�
||�����Ltj	�|
|���m	tj	�|	����#t
$r�wxYwtd��||d�z}|td��z
}|S)zSets default policy of firewall�allow�denyrHzUnsupported policy '%s'�incoming�outgoing�routedz%Unsupported policy for direction '%s'�INPUT�OUTPUT�FORWARD�rJzDEFAULT_%s_POLICYz"ACCEPT"z	UFW BLOCKz	UFW ALLOWz"REJECT"z"DROP"rr�tmp�origz5Default %(direction)s policy changed to '%(policy)s'
)�	direction�policyz*(be sure to update your rules accordingly))r;rIr�set_defaultr<�	Exception�re�compiler�util�
open_files�search�
write_to_file�sub�close_files)
r:rZrY�err_msgrA�old_log_str�new_log_str�pat�f�fns�fd�linerKs
             rB�set_default_policyz%UFWBackendIptables.set_default_policy^sV���{�A	��� � �V�v�%5�%5�&�H�:L�:L��5�6�6�&�A���w�'�'�'��J�&�&�9�
�+B�+B��H�$�$��C�D�D�&�(���w�'�'�'��E��J�&�&� ����h�&�&�!���K��K��� � ���$�$�T�Z�
�%;�,?�5�,I�,8�:�:�:�:��!���������)��)����8�#�#���$�$�T�Z�
�%;�,?�5�,I�,8�:�:�:�:��!���������)��)�����$�$�T�Z�
�%;�,?�5�,I�,6�8�8�8�8��!���������)��)���*�S�;�.�/�/�C��j��/���N�1K�L�
�
����(�-�-�a�0�0�C�C�� �����������Z����K�9�9�D��z�z�$�'�'�9���.�.�r�3�7�7�;��3M�3M�N�N�N�N���.�.�r�4�8�8�8�8���H�(�(��-�-�-�-�� ����������I�J�J� )�V�<�<�>����>�?�?�?���s<�
%B3�3B?�%C4�4D�	%D/�/D;�6F�F"�#I�Ic�2	�|jr)dtd��z}|dtd��zz
}|S|���gd�}g}g}|dkr|�d��gd�}gd�}�n�|d	kr�d
D]2}|�d|z��|�d|z���3dD]2}|�d
|z��|�d
|z���3dD]2}|�d|z��|�d|z���3dD]}|�d|z����n|dkr7dD]2}|�d|z��|�d|z���3�n�|dkr�dD]2}|�d|z��|�d|z���3|jddr*|�d��|�d��|jddr*|�d��|�d���n+|d kr6dD]2}|�d!|z��|�d"|z���3n�|d#kr�dD]�}|�d$|z��|�d%|z��|�d&|z��|�d'|z��|�d(|z��|�d)|z����|�d*��|�d+��|�d,��|�d-��d.|z}|D]�}d/|vrB|�d/��\}	}|d0|	zz
}t
|jg|z|d|	gz��\}
}nt
|jg|z|gz��\}
}||z
}|dkr|d1z
}|
d2krt|�����|dks|�	��r�|d3z
}|D]�}d/|vrB|�d/��\}	}|d0|	zz
}t
|jg|z|d|	gz��\}
}nt
|j
g|z|gz��\}
}||z
}|dkr|d1z
}|
d2krt|�����|S)4z'Show current running status of firewall�> zChecking raw iptables
zChecking raw ip6tables
)�-nz-vz-x�-L�rawz-t)�filter�nat�manglerr)rsrurr�builtins)rSrUrTz	filter:%s)�
PREROUTINGrSrUrT�POSTROUTINGz	mangle:%s)rwrTzraw:%s)rwrxrTznat:%sr)r r"r!z
ufw-before-%szufw6-before-%sr�ufw-user-%s�ufw6-user-%sr%rzufw-user-limit-accept�ufw-user-limitrzufw6-user-limit-accept�ufw6-user-limitrzufw-after-%sz
ufw6-after-%s�loggingzufw-before-logging-%szufw6-before-logging-%szufw-user-logging-%szufw6-user-logging-%szufw-after-logging-%szufw6-after-logging-%szufw-logging-allowzufw-logging-denyzufw6-logging-allowzufw6-logging-denyzIPV4 (%s):
�:z(%s) �
rz

IPV6:
)r;rI�initcapsr7�caps�splitrrrr6�	ip6tables)r:�
rules_type�out�args�items�items6�c�b�i�t�rcrWs            rB�get_running_rawz"UFWBackendIptables.get_running_raw�s����;�	���4�5�5�5�C��4�!�6�7�7�7�7�C��J�	
�
�
����'�'�'�����������K�K�����6�6�6�E�0�0�0�F�F�
�:�
%�
%�3�
/�
/�����[�1�_�-�-�-��
�
�k�A�o�.�.�.�.�%�
/�
/�����[�1�_�-�-�-��
�
�k�A�o�.�.�.�.�-�
,�
,�����X��\�*�*�*��
�
�h��l�+�+�+�+�<�
+�
+�����X��\�*�*�*�*�
+�
�8�
#�
#�3�
4�
4�����_�q�0�1�1�1��
�
�.��2�3�3�3�3�
4��6�
!�
!�3�
2�
2�����]�Q�.�/�/�/��
�
�n�q�0�1�1�1�1��y��!�#�&�
/����4�5�5�5����-�.�.�.��y��!�#�&�
1��
�
�6�7�7�7��
�
�/�0�0�0��
�7�
"�
"�3�
3�
3�����^�a�/�0�0�0��
�
�o��1�2�2�2�2�
3��9�
$�
$�3�
;�
;�����4�q�8�9�9�9��
�
�6��:�;�;�;����2�Q�6�7�7�7��
�
�4�q�8�9�9�9����3�a�7�8�8�8��
�
�5��9�:�:�:�:��L�L�,�-�-�-��L�L�+�,�,�,��M�M�.�/�/�/��M�M�-�.�.�.��
�+���	$�	$�A��a�x�x���������A��w�!�}�$������$� 6�!�T�1�� E�F�F�	��S�S�����$� 6�!�� <�=�=�	��S��3�J�C��U�"�"��t����Q�w�w��s�m�m�#������$�-�-�/�/���=� �C��
(�
(���!�8�8��W�W�S�\�\�F�Q���7�a�=�(�C� #�T�]�O�d�$:�a��q�\�$I� J� J�I�R��� #�T�^�$4�t�$;�q�c�$A� B� B�I�R���s�
����&�&��4�K�C���7�7�"�3�-�-�'���
rCFc	�d�d}|jr=dtd��z}|���r|dtd��zz
}|Std��}dD]�}t|jdd|zd	g��\}}|d
krtd��cS|dkrt|d
|zz���|���r6t|jdd|zd	g��\}}|dkrt|dz�����d}d}	d}
|j|jz}d
}i}
|D�]}d}i}d}d}|sH|j	dks|j
dkr2d}|���}||
vrtd|z���Pd|
|<dD�]}d||<d}d}|dkr6|j
}|s%|j	dkr|j	}|jr|dkr|dz
}n=|j}n5|j}|s%|j
dkr|j
}|jr|dkr|dz
}n|j}|dkr|dkr|||<|dkr�||dkr|||<n||xxd|zz
cc<|r#|jdkr||xxd|jzz
cc<|r�|dkrP|j	dkrE||xxd|j	zz
cc<|jr|dkr||xxdz
cc<||xxdz
cc<|dkrP|j
dkrE||xxd|j
zz
cc<|jr|dkr||xxdz
cc<||xxdz
cc<|dkr�|dks|dkrad||<|rC|jdkr8|j
|jkr(|j|jkr||xxd|jzz
cc<|dkr||xxdz
cc<nm|r3|jdkr(|j|jkr||xxd|jzz
cc<n7|jr0|jdkr%|j
dkrd||vr||xxdz
cc<|jrT|dkr#|jdkr||xxd|jzz
cc<|dkr#|jdkr||xxd|jzz
cc<���|dkr#|jdkr||xxd|jzz
cc<|dkr#|jdkr||xxd|jzz
cc<��g}d}|js|j���d kr�|jr,|�|j�����|r%|jd kr|�|j��t5|��dkrd!d"�|��z}|r|d#|zz
}|j���}|jrd$}|jd%kr
|js|s|sd}d}|jdkrd&|���z}||dd'�dd�|j���|g��d(�|dd'�|�|�d)�z
}|r||z
}n#|jr|
|z
}
n|jd kr|	|z
}	n||z
}|d
z
}��|dks|	dks|
dkr�d*}|r|d+z
}td,��}td-��}td.��}d/}||||fz}|r|d+z
}||d0t5|��zd0t5|��zd0t5|��zfzz
}||z
}|dkr||z
}|dkr|	dkr|td)��z
}|	dkr||	z
}|dkr|
dkr|td)��z
}|
dkr||
z
}|}|r�|� ��\} }!td1��|�!��|�!d2��|�!d3d��d4�z}"|�"��}#td5��|!|"|#|d6�zStd7��|zS)8zShow ufw managed rulesrVrozChecking iptables
zChecking ip6tables
�problem runningrrqryrp�zStatus: inactiverz iptables: %s
rz�
 ip6tablesTFzSkipping found tuple '%s')�dst�srcr�z::/0� (v6)z	0.0.0.0/0�any� �/z (%s�)r��Anywherez on %sr�z (%s)z, z[%2d] �FWD�inz # %s�26�12rz

z     �To�From�Actionz%-26s %-12s%s
r#zCDefault: %(in)s (incoming), %(out)s (outgoing), %(routed)s (routed)r!r")r�r�rRz0Status: active
%(log)s
%(pol)s
%(app)s%(status)s)�log�pol�app�statuszStatus: active%s)#r;rIr6rrrr�rr�dapp�sapp�
get_app_tuplerr��v6�dportr��sport�protocolr"�interface_in�
interface_out�logtyperY�lowerr7�lenr0�upper�comment�get_comment�action�get_loglevel�_get_default_policyrL)$r:�verbose�
show_countr�rerYr��out6�s�str_out�str_rter�count�	app_rules�r�tmp_str�location�tupl�
show_protor?�portrW�attribs�
attrib_str�dir_strr,�full_str�str_to�str_from�
str_action�rules_header_fmt�rules_header�level�logging_str�
policy_str�app_policy_strs$                                    rB�
get_statuszUFWBackendIptables.get_statuss�	�����;�	���0�1�1�1�C��}�}���
8��t�a� 6�7�7�7�7���J��%�&�&��7�
	;�
	;�I��T�]�D�)�Y�7��?�@�@�I�R���Q�w�w��+�,�,�,�,�,��q����w�):�c�)B�B�C�C�C��}�}���
;� �$�.�$�!/�9�!=�t�"E�F�F�
��T���7�7�"�7�\�#9�:�:�:���������
�T�[�(�����	��T	�T	�A��G��H��D��J��
+���"�����"���"�
����(�(���9�$�$��5��>�?�?�?��&*�I�d�O�'�X
F�X
F�� "���
������%�<�<��%�C�"�'�q�v��|�|� �v���4�,�C�6�M�M� �G�O�D�� �w����%�C�"�'�q�v��|�|� �v���4�,�C�6�M�M� �G�O�D�� �w���+�%�%�#��-�-�$'�H�S�M��5�=�=���}��*�*�(,���
�
� ��
�
�
��t��3�
�
�
�!�:�a�j�E�&9�&9� ��
�
�
��q�z�)9�9�
�
�
��
1��%�<�<�A�F�b�L�L�$�S�M�M�M�V�q�v�->�>�M�M�M� �t�9��v�
�
� (��
�
�
�� 8�
�
�
�$�S�M�M�M�S�0�M�M�M��%�<�<�A�F�b�L�L�$�S�M�M�M�V�q�v�->�>�M�M�M� �t�9��v�
�
� (��
�
�
�� 8�
�
�
�$�S�M�M�M�S�0�M�M�M��5�=�=��k�)�)�S�F�]�]�(2���
�&�>�!�*��*=�*=��5�A�E�>�>�a�g���.@�.@�$�S�M�M�M�S�1�:�-=�=�M�M�M��&�=�=�$�S�M�M�M�W�4�M�M�M��&�>�!�*��*=�*=��7�a�g�-�-�$�S�M�M�M�S�1�:�-=�=�M�M�M���T�-�a�e�v�o�o�!�%�6�/�/��h�s�m�3�3��S�M�M�M�W�,�M�M�M��9�	F��e�|�|���"�(<�(<� ��
�
�
��Q�^�)D�D�
�
�
��e�|�|���2�(=�(=� ��
�
�
��Q�_�)E�E�
�
�
���e�|�|���"�(<�(<� ��
�
�
��Q�^�)D�D�
�
�
��e�|�|���2�(=�(=� ��
�
�
��Q�_�)E�E�
�
�
���G��J��y�
@�A�K�-�-�/�/�5�8�8��9�6��N�N�1�9�?�?�#4�#4�5�5�5��0�!�+��"6�"6��N�N�1�;�/�/�/��w�<�<�!�#�#�!(�D�I�I�g�,>�,>�!?�J��
.��8�u�-�-���k�'�'�)�)�G��y�
 ����{�d�"�"�1�9�"��#�#-�#����K��y�B���%��
�
���7���8�E�?�?�?�?�03���!�(�.�.�:J�:J�:A�:C�1D�1D�1D�1D�08�������0;���	=�
=�G��
!��W�����9�!��w�&�G�G��[�E�)�)��w�&�G�G���L�A��Q�J�E�E���7�7�g��m�m�w�"�}�}��H��
$��G�#���t�W�W�F���y�y�H��8���J�0��+�v�z�8�.L�L�L��
(���'���,� �3�v�;�;�.� �3�z�?�?�2� �3�x�=�=�0�2�2�
2�L�

��$�H��B�w�w��A�
���B�w�w�7�b�=�=��A�d�G�G�#���"�}�}��G�#���B�w�w�7�b�=�=��A�d�G�G�#���"�}�}��G�#���A��	/�#'�#4�#4�#6�#6� �U�K��1�2�2�&*�%=�%=�%?�%?�&*�&>�&>�x�&H�&H�)-�)A�)A�)�BF�*H�*H�I�I�J�J�"�@�@�B�B�N��J�K�K�)�*�,��;�;�<�
<��'�(�(�A�.�.rCc��|jr!tdtd��z��dSg}|�|jd��|j�e|j�^|�d��|�|j��|�d��|�|j��|�d��t|��\}}|dkr!td	|z��}t|���dS)
zStop the firewallro�running ufw-initrN�	--rootdir�	--datadirz
force-stopr�problem running ufw-init
%s)	r;rrIr7r<rrrr�r:r�r�r�res     rB�
stop_firewallz UFWBackendIptables.stop_firewall�s����;�	(���q�+�,�,�,�-�-�-�-�-��D��K�K��
�6�*�+�+�+��|�'�D�L�,D����K�(�(�(����D�L�)�)�)����K�(�(�(����D�L�)�)�)��K�K��%�%�%��D�	�	�I�R���Q�w�w��:�S�@�A�A���w�'�'�'��wrCc��|jr!tdtd��z��dSg}|�|jd��|j�e|j�^|�d��|�|j��|�d��|�|j��|�d��t|��\}}|dkr!td	|z��}t|���d
|j	vs3|j	d
t|j�����vrD	|�
d��dS#t$rtd��}t|���wxYw	|�|j	d
��dS#t$rtd
��}t|���wxYw)zStart the firewallror�rNr�r��startrr��loglevel�lowzCould not set LOGLEVELzCould not load logging rules)r;rrIr7r<rrrrrJ�list�	loglevels�keys�set_loglevelr\�update_loggingr�s     rB�start_firewallz!UFWBackendIptables.start_firewall�s����;�	,���q�+�,�,�,�-�-�-�-�-��D��K�K��
�6�*�+�+�+��|�'�D�L�,D����K�(�(�(����D�L�)�)�)����K�(�(�(����D�L�)�)�)��K�K�� � � ��D�	�	�I�R���Q�w�w��:�S�@�A�A���w�'�'�'����.�.��}�Z�(��T�^�5H�5H�5J�5J�0K�0K�K�K�,��%�%�e�,�,�,�,�,�� �,�,�,�� 8�9�9�G�"�7�+�+�+�,����,��'�'��
�j�(A�B�B�B�B�B�� �,�,�,�� >�?�?�G�"�7�+�+�+�,���s�E�)F� F(�()Gc�J�|jrdS|���d}|j}|r	d}|j}dD]n}|dks|dkr,|r|jdds�$|s|jdds�:t|d	d
|dz|zg��\}}|dkrt
d
��dS�odS)zCheck if all chains existFr�ufw6)r r!r"r%�limit-acceptr%r�rrrprq�-user-rz_need_reload: forcing reloadT)r;r�rr�r�rr)r:r��prefix�exerAr�r�s       rB�_need_reloadzUFWBackendIptables._need_reloads����;�	��5�	
�
�
�������m��
�	!��F��.�C�N�
	�
	�E�����5�N�#:�#:���d�i��0��5�����D�I�g�$6�s�$;����S�$��f�x�.?�%�.G�H�I�I�I�R���Q�w�w��4�5�5�5��t�t���urCc��td��}|jr6td��|���rtd��dSdS|���r�	|jdD]2}|�|d|g��|�|d|g���3n#t$rt|���wxYwtd|j
dg|jd	g��\}}|d
krt|dz���|���rAtd|j
dg|jd	g��\}}|d
krt|d
z���dSdSdS)zReload firewall rules filer�z> | iptables-restorez> | ip6tables-restorer�-F�-Z�catrrprz	 iptablesrr�N)
rIr;rr6�
is_enabledr5�
_chain_cmdr\rr	r<�iptables_restore�ip6tables_restore)r:rer�r�r�s     rB�_reload_user_rulesz%UFWBackendIptables._reload_user_rules:s����%�&�&���;�	;��&�'�'�'��}�}���
-��+�,�,�,�,�,�
-�
-�
�_�_�
�
�	;�
(���V�,�2�2�A��O�O�A��a�y�1�1�1��O�O�A��a�y�1�1�1�1�2���
(�
(�
(��w�'�'�'�
(����!�%���G�)<�!=�"&�"7��!>�@�@�I�R���Q�w�w��w��4�5�5�5��}�}���
;�$�e�T�Z��-A�%B�&*�&<�d�%C�E�E�	��S���7�7�"�7�\�#9�:�:�:�'	;�	;�
;�
;��7s
�"AB#�#B=c��g}tjd��}tjd��}tjd��}|�|��r�|�|��r�|�|��r>|�|�d|�d|������n)|�|�d|����|�|�d|����n?|�|�d|����n|�|��tjd��}tjd	��}	tjd
��}
d}t|��D�]{\}}
|�|
���r_|�d|
�����}|���d
krd}n|���dkrd}nd}|�d|�d�}|	�|
��sd|z}|�d|
��||<|�||�d|zdz|z|
����|�||
�d|zdz|z|�d|
������|�||
�d|zdz|z|�d|z|
��������}tjd��}t|��D]�\}}
|�|
��r|�d|
��}|�d|zdz|
��}|�d|zd z|
��}|||<|�||��|�||����|S)!z5Return list of iptables rules appropriate for sendingz-p all zport z-j (REJECT(_log(-all)?)?)z-p tcp z-j \1 --reject-with tcp-resetz-p udp rVz(.*)-j ([A-Z]+)_log(-all)?(.*)z-j [A-Z]+_log-allz(-A|-D) ([a-zA-Z0-9\-]+)z'-m limit --limit 3/min --limit-burst 10�\2rF�ALLOWr%�LIMIT�BLOCKz -j LOG --log-prefix "[UFW �] "z-m conntrack --ctstate NEW z	\1-j \2\4z\1-j z-user-logging-z\1 z\1-j RETURN�\1z	 -j LIMITz+ -m conntrack --ctstate NEW -m recent --setzL -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j z-user-limitz -j z-user-limit-accept)	r]r^rar7rc�	enumerate�stripr��insert)r:�fruler��suffix�snippets�	pat_proto�pat_port�
pat_reject�pat_log�
pat_logall�	pat_chain�
limit_argsr�r�rZ�lstr�	pat_limit�tmp1�tmp2�tmp3s                    rB�_get_rules_from_formattedz,UFWBackendIptables._get_rules_from_formattedVs�����J�z�*�*�	��:�h�'�'���Z� <�=�=�
����E�"�"�	#����u�%�%�	
:��$�$�U�+�+�E��O�O�I�M�M�)�"���'G����% �% �!�!�!�!��O�O�I�M�M�)�U�$C�$C�D�D�D����	�
�
�i�� ?� ?�@�@�@�@����	�
�
�b�%� 8� 8�9�9�9�9��O�O�E�"�"�"��*�>�?�?���Z� 4�5�5�
��J�:�;�;�	�>�
��h�'�'�	P�	P�D�A�q��~�~�a� � �
P� ���U�A�.�.�4�4�6�6���<�<�>�>�X�-�-�$�F�F��\�\�^�^�w�.�.�$�F�F�$�F�?I�z�z��v�v���!�(�(��+�+�@�8�4�?�D�%�k�k�,��:�:��������7�;�;�x�&�/@�/?�0@�BH�0I�JK�$M�$M�N�N�N�����9�=�=��&��1A�2B�DJ�2K�18���^�12�24�24�$5�$5�6�6�6�����9�=�=��&��1A�2B�DJ�2K�18���U�T�\�1�1M�1M�$O�$O�P�P�P��
�J�|�,�,�	��h�'�'�
	)�
	)�D�A�q�����"�"�	
)� �}�}�%R�%&�(�(�� �}�}�&,�.4�&5�7D�&E�FG�I�I��!�}�}�V�f�_�7K�%K�Q�O�O��"��������4�(�(�(�����4�(�(�(���rCc�R�g}|�|||��}tjd��}t|��D]�\}}|�|�d|�������|�|��r�||�d��||�|�d|���dd����||xx|�d|�����z
cc<��|S)z_Return list of iptables rules appropriate for sending as arguments
           to cmd()
        z(.*) --log-prefix (".* ")(.*)r�r)r��"rVz\3)	rr]r^r�r7rcr��match�replace)	r:r�r�rr�str_snippetsrhr�r�s	         rB�_get_lists_from_formattedz,UFWBackendIptables._get_lists_from_formatted�s�����5�5�e�V�V�L�L���j�9�:�:���l�+�+�	9�	9�D�A�q��O�O�C�G�G�E�1�-�-�3�3�5�5�6�6�6��y�y��|�|�
9����"�"�>�2�2�2����"�"�3�7�7�5�!�#4�#4�#<�#<�S�"�#E�#E�F�F�F������s�w�w�u�a�0�0�6�6�8�8�8������rCc
��
�|jdg}|���r |�|jd��|D�]}	tj�|��}n/#t$r"td��|z}t|���wxYwtj
d��}tj
d��}tj
d��}|D�]q}|}	d}
d|vr,|�d��\}	}|���}
|�
|	���r$|�d|	��}tjd	|�����}
t|
��d
kst|
��dkr"td��|z}t!|����d
}d}d}t|
��dkst|
��dk�r~td��|z}|
d�d��d}d|
dv�r@d|
dvr�|�|
d��r�|�|
d��ru|
d�d��d�d��d}|
d�d��d�d��d}n�|
d�d��r"|
d�d��d}nN|
d�d��r"|
d�d��d}nt!|����}	|
d}d}d|vrd}|�d��d}t|
��dkr6t)||
d|
d|
d|
d|
d|||
�	�	}n�t)||
d|
d|
d|
d|
d|||
�	�	}tj
d��}|
d
d kr!|�d!|
d
��|_|
dd kr!|�d!|
d��|_|dkr|�d
|��|dkr|�d"|��n2#t$r%td#��|z}t!|��Y���wxYw||jdkr1|�d��|j�|����B|�d��|j�|����s|�����d$S)%z$Read in rules that were added by ufwrrzCouldn't open '%s' for readingz^### tuple ###\s*zin_\w+zout_\w+rVz	 comment=z\s+��	z)Skipping malformed tuple (bad length): %sr��z$Skipping malformed tuple (iface): %s���rIr�!�r��in_�out_Fr~T�����%20r#r�r�zSkipping malformed tuple: %sN)r<r6r7rr_�open_file_readr\rIrr]r^r�r�rrcr�rra�	partition�
startswithrr�r��
set_interface�set_v6rr�close)r:�rfnsrirXre�	pat_tuple�pat_iface_in�
pat_iface_out�	orig_linerlr��hexr�rW�wmsg�dtyper�r�r�r"�rule�	pat_space�warn_msgs                       rB�_read_ruleszUFWBackendIptables._read_rules�sJ���
�7�#�$���=�=�?�?�	.��K�K��
�8�,�-�-�-��]	�]	�A�
(��x�.�.�q�1�1�����
(�
(�
(��<�=�=��C���w�'�'�'�
(�����
�#7�8�8�I��:�i�0�0�L��J�z�2�2�M�!�Q
4�Q
4�	� �����)�+�+� )���� =� =�I�D�#�!�i�i�k�k�G��?�?�4�(�(�H4�$�=�=��T�2�2�D��(�6�4�:�:�<�<�8�8�C��3�x�x�!�|�|�s�3�x�x�!�|�|� �!L�M�M�$(� *���T�
�
�
� �!%��')��(*�
��s�8�8�q�=�=�C��H�H��M�M�#$�%K�#L�#L�(,�$.�D�$'��G�M�M�#�$6�$6�q�$9�E�"�c�"�g�~�~�#&�#�b�'�>�>�#/�#6�#6�s�2�w�#?�#?�$2�#0�#7�#7��B��#@�#@�$2�
),�B��
�
�c�(:�(:�1�(=�(G�(G��(L�(L�Q�(O�%1�),�B��
�
�c�(:�(:�1�(=�(G�(G��(L�(L�Q�(O�%2�M�%(��W�%7�%7��%>�%>�!-�36�r�7�3D�3D�S�3I�3I�!�3L�L�L�%(��W�%7�%7��%?�%?�!-�47��G�4E�4E�c�4J�4J�1�4M�M�M�$(��J�J�J�$,�%�%(��V�F�&+�G�"�f�}�}�*.��)/���c�):�):�1�)=��"�3�x�x�!�|�|�'.�v�s�1�v�s�1�v�s�1�v�/2�1�v�s�1�v�u�g�/6�(8�(8���(/�v�s�1�v�s�1�v�s�1�v�/2�1�v�s�1�v�u�g�/6�(8�(8��-/�J�u�,=�,=�	�#&�q�6�S�=�=�09�
�
�c�3�q�6�0J�0J�D�I�#&�q�6�S�=�=�09�
�
�c�3�q�6�0J�0J�D�I�+�r�1�1� $� 2� 2�4�� F� F� F�,��2�2� $� 2� 2�5�-� H� H� H���'�%�%�%�'(�)G�'H�'H�)-�(/�H� ��N�N�N�$�H�	%����
��
�8� 4�4�4� �K�K��-�-�-� �K�.�.�t�4�4�4�4� �K�K��.�.�.� �J�-�-�d�3�3�3���J�J�L�L�L�L�{]	�]	s�	A)�),B�ER$�$+S�Sc���|jd}|r
|jd}tj|tj��s!t	d|z��}t|���	tj�|��}n#t$r�wxYw|�
��d}|j}|r	d}|j}|j
rtj���}n|d}tj�|d��tj�|d|zd	z��tj�|d|zd
z��tj�|d|zdz��tj�|d|zdz��tj�|d|zd
z��tj�|d|zdz��tj�|d|zdz��tj�|d|zdz��tj�|d|zdz��tj�|d|zdz��tj�|d|zdz��tj�|d|zdz��tj�|d|zdz��tj�|d|zdz��|dkr|jdds|dkr_|jddrLtj�|d|zdz��tj�|d|zdz��tj�|d��|D�]t}|j}	|jr
d|jz}	|jdkr
|	d|jzz
}	d}
|jdkr|jdkr|j}
n]|jdkr|jdkrd |j�d!|j��}
n4|jdkr|
|j�d|j��z
}
n|
|j�d|j��z
}
|jdkrw|jdkrld"|	�d#|j�d#|j�d#|j�d#|j�d#|j�d#|
��}|j dkr
|d$|j zz
}tj�||d%z��n�tCj"d#��}d&}
|jr|�#d'|j��}
d&}|jr|�#d'|j��}d"|	�d#|j�d#|j�d#|j�d#|j�d#|j�d#|
�d#|�d#|
��}|j dkr
|d$|j zz
}tj�||d%z��d(}|jrd)}n
|jd*krd+}|�d,|��}d-|�d#|�$���d%�}|�%|||��D]"}tj�||���#��vtj�|d.��tj�|d/��	|�&|j'd0��}n#t$r�wxYw|D]�\}}}tQ|��d1kr
|d1d2kr�&|�)|d&z��r^tj�|d#�*|���+d3d4���+d5d6��d%z����tj�|d7��|dkr|jdds|dkr�|jddr�tj�|d8��|j'd0d9krOtj�|d-|zd:zd#�*|j,��zd;z|j-zd<z��tj�|d-|zd=z��tj�|d-|zd>z��tj�|d?��tj�|d@��	|j
r"tj�.|dA��dBStj�.|��dBS#t$r�wxYw)Cz.Write out new rules to file to user chain filerrz'%s' is not writablerr�rWz*filter
r~z-user-input - [0:0]
z-user-output - [0:0]
z-user-forward - [0:0]
z-before-logging-input - [0:0]
z-before-logging-output - [0:0]
z -before-logging-forward - [0:0]
z-user-logging-input - [0:0]
z-user-logging-output - [0:0]
z-user-logging-forward - [0:0]
z-after-logging-input - [0:0]
z-after-logging-output - [0:0]
z-after-logging-forward - [0:0]
z-logging-deny - [0:0]
z-logging-allow - [0:0]
r%rrz-user-limit - [0:0]
z-user-limit-accept - [0:0]
z### RULES ###
zroute:rVrIrz!out_z
### tuple ### r�z comment=%srr#r"r r"r�r!r�z-A z
### END RULES ###
z
### LOGGING ###
r�r�-D�[z"[z] r�z### END LOGGING ###
z
### RATE LIMITING ###
�offz-user-limit z "z "
z-user-limit -j REJECT
z-user-limit-accept -j ACCEPT
z### END RATE LIMITING ###
zCOMMIT
FN)/r<r.�access�W_OKrIrrr_r`r\r�rrr;�sys�stdout�filenorbr�r�r"r�r�r�rYr�r�r�r�r�r�r�r�r]r^rc�format_ruler�_get_logging_rulesrJr�r%r0rr8r9rd)r:r��
rules_filererjr>rrkr�r��ifaces�tstrr2r�r��chain_suffixrA�rule_strr��lrules_tr��qs                      rB�_write_ruleszUFWBackendIptables._write_ruless
���Z��(�
�
�	.���H�-�J��y��R�W�-�-�	$��.�*�=�>�>�G��7�#�#�#�	��(�%�%�j�1�1�C�C���	�	�	��	����	
�
�
�������
��
�	 �!�L��K�E��;�	���"�"�$�$�B�B��U��B�	����r�;�/�/�/�����r�3��#5�8O�#O�P�P�P�����r�3��#5�)A�$B�	C�	C�	C�����r�3��#5�)B�$C�	D�	D�	D�	����r�3��#5�)J�$K�	L�	L�	L�����r�3��#5�)K�$L�	M�	M�	M�����r�3��#5�)L�$M�	N�	N�	N�����r�3��#5�)H�$I�	J�	J�	J�����r�3��#5�)I�$J�	K�	K�	K�����r�3��#5�)J�$K�	L�	L�	L�����r�3��#5�)I�$J�	K�	K�	K�����r�3��#5�)J�$K�	L�	L�	L�����r�3��#5�)K�$L�	M�	M�	M�����r�3��#5�)B�$C�	D�	D�	D�����r�3��#5�)C�$D�	E�	E�	E�
�E�!�!�d�i��&8��&=�!��F�"�"�t�y��'9�#�'>�"��H�"�"�2�s�\�'9�-D�(E�
F�
F�
F��H�"�"�2�s�\�'9�-K�(L�
M�
M�
M�	����r�#4�5�5�5��3	.�3	.�A��X�F��y�
-�!�A�H�,���y�B����#��	�/�)���F��~��#�#���2�(=�(=�������2�%�%�!�/�R�*?�*?�*?�+,�>�>�>�1�?�?�K����>�R�'�'������a�n�n�E�E�F�F������a�o�o�F�F�F��v��|�|���"�����f�f�a�j�j�j�!�'�'�'�1�5�5�5�!�'�'�'�1�5�5�5��f����9��?�?��M�A�I�5�5�D���&�&�r�4�$�;�7�7�7�7��J�s�O�O�	����6�8�$�=�=����7�7�D����6�8�$�=�=����7�7�D������
�
�
�A�G�G�G�Q�U�U�U�A�G�G�G�Q�U�U�U����d�d�d�F�F�,���9��?�?��M�A�I�5�5�D���&�&�r�4�$�;�7�7�7�"�L��y�
(�(������%�%�'��$0�L�L�,�,�?�E�E�',�u�u�a�m�m�o�o�o�o�>�H��3�3�H�l�4@�B�B�
.�
.����&�&�r�1�-�-�-�-�
.�
	����r�#:�;�;�;�	����r�#8�9�9�9�	��.�.�t�}�Z�/H�I�I�H�H���	�	�	��	�����	�	�G�A�q�!��1�v�v��z�z�a��d�d�l�l���|�|�L�3�.�/�/�
���&�&�r��H�H�Q�K�K�'�'��T�2�2�:�:�4��G�G�������	����r�#:�;�;�;�
�E�!�!�d�i��&8��&=�!��F�"�"�t�y��'9�#�'>�"��H�"�"�2�'B�C�C�C��}�Z�(�E�1�1���&�&�r�5�%�,&�(6�,7����$�"9�:�:�,;��,�"&�!=�,>�AH�,H�I�I�I�
�H�"�"�2�u�|�';�2�(3�
4�
4�
4��H�"�"�2�u�|�';�9�(:�
;�
;�
;��H�"�"�2�'D�E�E�E�����r�:�.�.�.�	��{�
*���$�$�S�%�0�0�0�0�0���$�$�S�)�)�)�)�)���	�	�	��	���s*�A>�>B
�. Z�Z�'c&�c&�&c2Tc��|���d}|jrh|���std��}t	|���|jdkr*|jddstd��|jzSn5|jdkr*|jddstd��|jzS|jr4|jdkr)|jd	krtd
��}t	|���g}d}d}|j	}|j
}	|jr7|jdkr%|jdks|j
dkrtd
��S|j}|	dks|	t|��kr!td��|	z}t	|���|	dkr%|jrtd��}t	|���	|���n#t$$r�wxYwd}
d}d}d}
|D�]�}	|���n#t$$r�wxYw|j|j|j|j
f}|
|	krm|
ddkr|
ddkr|
dks|ddkr|ddks|
|kr,d}|�|�����d}
n|	dz
}	|}
|
dz
}
t/j||��}|dkr|dz
}|dkr6|s4|s2d}|js'|�|�������|dkr|jr|jdkrd}��4|dkr6|js/|s-d}d}|�|�������p|�|�����|r$|dkrtd��}|jr|dz
}|Sn�|s.|js'|�|�����|s+|jr$|jstd��}|jr|dz
}|S|r&|js|std��}|jr|dz
}|S|jr||_n||_		|�|j��n8#t$r�t$$r!td��}t	|��YnwxYwtd��}|jrtd��}|����r�|j�s�d}|s|�|j��s|rod}|r|td��z
}n|td��z
}|jr|dz
}|r%	|���n�#t$$r�wxYw|td ��z
}n|ra|jrZd!}td"��}|jr|dz
}|r(	|���n#t$$r�wxYwd}n/|td ��z
}n|s|s|jsd#}td$��}|dk�r�|j}d%}|jr|j }d&}|dz
}d'}|j!rd(}n
|j"d)krd*}|�d+|��}td,��}tG|d-|d.g��\}}|dkrt	|���|�d/|�d/|�$����}tKj&d0��}|�'|||��D]�}tG|g|z��\}}|dkr)tQ|tRj*��t	|��|d#kr�|�+d/�,|����rX|�-d1d/�,|����}tG|d!|d2d3g��\}}|dkrt]d4|z����|S)5aXUpdates firewall with rule by:
        * appending the rule to the chain if new rule and firewall enabled
        * deleting the rule from the chain if found and firewall enabled
        * inserting the rule if possible and firewall enabled
        * updating user rules file
        * reloading the user rules file if rule is modified
        rVz)Adding IPv6 rule failed: IPv6 not enabledr%rz#Skipping unsupported IPv6 '%s' rulerz#Skipping unsupported IPv4 '%s' rule�udp�tcpz/Must specify 'tcp' or 'udp' with multiple portsFz1.4z:Skipping IPv6 application rule. Need at least iptables 1.4rzInvalid position '%d'z Cannot specify insert and deleter�)rVrVrVrVrrT���z Skipping inserting existing ruler�z"Could not delete non-existent rulezSkipping adding existing rulezCouldn't update rules filez
Rules updatedzRules updated (v6)z
Rule insertedzRule updatedz (skipped reloading firewall)r6zRule deleted�-Az
Rule addedrr�r r"r�r!r��!Could not update running firewallrqrpr�z(-A +)(ufw6?-user-[a-z\-]+)(.*)r�r'�RETURNzFAILOK: -D %s -j RETURN)/r�r�r6rIrr�r��multir�r�position�iptables_versionr�r�rr��remove�	normalizer\r�r�r7�dup_rulerrr�r;rGr�r�r�rr�r"rYrr>r]r^rrr;�stderrrar0rcr)r:r1�allow_reloadrKre�newrules�found�modifiedrrPr��inserted�matches�lastr��current�ret�flagr�r>rCrAr�r�rDrr�r�s                            rB�set_rulezUFWBackendIptables.set_rule�s���	
�
�
�������7�
	P��=�=�?�?�
(��G�H�H���w�'�'�'��{�g�%�%�d�i��.@��.E�%��>�?�?�4�;�O�O���{�g�%�%�d�i��.@��.E�%��>�?�?�4�;�O�O��:�	$�$�-�5�0�0�T�]�e�5K�5K��I�J�J�G��7�#�#�#��������
���=���7�	 ��$�u�,�,�$�)�r�/�/�26�)�r�/�/��U�V�V�V��K�E��a�<�<�8�c�%�j�j�0�0��/�0�0�H�=�G��7�#�#�#��a�<�<�D�K�<��:�;�;�G��7�#�#�#�	��N�N�������	�	�	��	�������������,	#�,	#�A�
����
�
�
�
���
�
�
��
�����u�a�e�Q�V�Q�V�4�G��� � ���G�r�M�M�d�1�g��m�m���	�	��A�J�"�$�$����r�)9�)9��7�?�?�#�H��O�O�D�M�M�O�O�4�4�4�+�D�D���M�H��D��Q�J�E��-��4�(�(�C��Q�w�w��1����a�x�x��x�h�x����{�5��O�O�D�M�M�O�O�4�4�4������t�{��t�|�r�/A�/A�����q������X����������
�
���0�0�0�0�����"�"�"�"��	���{�{��;�<�<���7�$��G�O�D���	��
1���
1�����
�
���0�0�0��	
�T�[�	
���	
��=�>�>���7�$��G�O�D����
�t�{�
�8�
��8�9�9���7�$��G�O�D����7�	"�"�D�K�K�!�D�J�	����d�g�&�&�&�&���	�	�	���	�	�	��4�5�5�G��W������	������!�!���7�	+��)�*�*�D��?�?���J	C�T�[�J	C��D��#
'�4�,�,�T�W�5�5�#
'��#
'����.��A�o�.�.�.�D�D��A�n�-�-�-�D��7�$��G�O�D��?���/�/�1�1�1�1��$����������A�=�>�>�>�D�D��
'�4�;�
'�����(�(���7�$��G�O�D��?���/�/�1�1�1�1��$����������D�D��A�=�>�>�>�D�D��
'�8�
'�D�K�
'���������r�z�z��m��$���7�$��.�C�#)�L��G�O�D�&���<�,�#,�L�L��^�u�,�,�#+�L�(4���l�l�C���?�@�@����d�E�4� 8�9�9�	��S���7�7�"�7�+�+�+�)-���u�u�u�d�6F�6F�6H�6H�6H�I���*�%G�H�H���7�7��8D�8D�F�F�
C�
C�A�!$�S�E�A�I���I�R���Q�w�w��C���,�,�,� ��)�)�)��t�|�|����s�x�x��{�{�(C�(C�|�#�K�K��s�x�x��{�{�;�;��$'��d�A�t�X�(F�$G�$G�	��S���7�7�!�";�q�"A�B�B�B���sB�.G�G� G5�5H�%Q�2Q5�4Q5�T'�'T3�2V�Vc��g}g}|r|j}n|j}|���}|�|��|���|���}|D]Y}|���}|���|���}	|	|kr|�|���Z|S)z@Return a list of UFWRules from the system based on template rule)rrrTr'rSr�r7)
r:�templater�rr��normr�r�rW�	tmp_tuples
          rB�get_app_rules_from_systemz,UFWBackendIptables.get_app_rules_from_system�s������	�
�	��K�E�E��J�E�� � �"�"�����B�����������!�!�#�#���	&�	&�A��*�*�,�,�C��M�M�O�O�O��)�)�+�+�I��D� � �� � ��%�%�%���rCc���|j}|�d��r|j}t|g|z��\}}|dkr7t	d|z��}|rtd|z��dSt
|���dS)zPerform command on chainr�rzCould not perform '%s'zFAILOK: N)rr%r�rrIrr)r:rAr��fail_okr�r�r�res        rBr�zUFWBackendIptables._chain_cmd�s����m�����F�#�#�	!��.�C������%�%�	��S�
��7�7��0�D�9�:�:�G��
(��j�7�*�+�+�+�+�+��w�'�'�'��7rCc��|jrdS|���g}	|�|��}n#t$r�wxYw	|�d���|�d���n8#t
$r�t$r!t
d��}t|��YnwxYw|���sdSt
d��}|jd|jdz|jd	z|jd
zD]9}	|�	|d|dg���#t$rt|���wxYw	|jd|jd	z|jd
zD]2}|�	|d
|g��|�	|d|g���3n#t$rt|���wxYw|D]�\}}}d}t|��dkr|ddkrd}	|dkr7t|��dkr$|�	|dg|dd�zd���|�	|||���#t$rt|���wxYwdD]�}|jddr|dks|jddrs|dkrm|�	|d|g|jz|j
dzgzd���|jddkr.|�	|d|g|jz|j
dzgzd�����dS)z#Update loglevel of running firewallNF)r�Tz&Couldn't update rules file for loggingrMrrrrrqrpr�r�rr6�delete_firstr�)rg)r{r|r%rr{rr|r�r�r8�-I)r;r�r?r\rGrrIr�r5r�r�r�r8r9rJ)	r:r��rules_trer�r�rFrgrAs	         rBr�z!UFWBackendIptables.update_logging�s����;�	��F�	
�
�
������	��-�-�e�4�4�G�G���	�	�	��	����	������'�'�'������&�&�&�&���	�	�	���	�	�	��@�A�A�G��W������	����
��� � �	��F��7�8�8����X�&���V�)<�<��;�w�� �"&�+�f�"5�6�	(�	(�A�
(�����D�!�T�?�3�3�3�3���
(�
(�
(��w�'�'�'�
(����	$��[��*�T�[��-A�A��{�6�"�#�
.�
.������D�!�9�-�-�-�����D�!�9�-�-�-�-�
.���	$�	$�	$��7�#�#�#�	$�����		(�		(�G�A�q�!��G��1�v�v��z�z�a��d�d�l�l���
(���&�&�3�q�6�6�A�:�:��O�O�A��v��!�"�"��~�t�O�D�D�D�����1�g�.�.�.�.���
(�
(�
(��w�'�'�'�
(����
;�	2�	2�E��	�'�"�3�'�

2�E�5E�,E�,E��	�'�"�3�'�-F�,1�5F�,F�,F������e�}� $� 7�(8�!%�!=��!C� D�(E�)-� �.�.�.��=��,��5�5��O�O�E�D�%�=�$(�$;�,<�%)�%A�C�%G�$H�,I�-1�$�2�2�2��	2�	2sA�7�A�,A4�42B)�(B)�D%�%D?�AF � F:�)AH>�>Ic�J�g}|t|j�����vr!td��|z}t	|���|dkr.|jdD]}|�|d|ddgdg���|S|jdD]}|�|d|ddgd	g���gd
�}|j||jdk�r�g}|j||jdkr|}|jd
D]�}dD]�}|�|��r�|�|��dks|�|��dkr$d}|�|d|ddd|g|zd	g���m|j||jdkr#d}|�|d|ddd|g|zd	g������g}|j||jdkr|}|jdD]�}|�d��rd}n||�d��rgd}|j||jdkr$|�|d|ddddddg|zd	g��n%|�|d|ddddddddg
|zd	g��|�|d|ddd|g|zd	g����|j||jdkrvg}|j||jdkr|}|j||jdkrgd�|z}d }|jd!D]#}|�|d|ddd|g|zd	g���$|S)"z%Get rules for specified logging levelzInvalid log level '%s'r8rrjr'rNrir6rV)r$r%r&z3/minz
--limit-burst�10r��highrrrHrOz[UFW BLOCK] rLr(r)�mediumz[UFW ALLOW] rrNr$�	conntrack�	--ctstate�INVALIDz[UFW AUDIT INVALID] �full)r$rprq�NEWz[UFW AUDIT] r)	r�r�r�rIrr5r7�endswithr�)	r:r�rkrer�r�largsr�r�s	         rBr?z%UFWBackendIptables._get_logging_rulessh������T�^�0�0�2�2�3�3�3�3��0�1�1�U�;�G��7�#�#�#��E�>�>��[��(�
O�
O������D�!�T�8�#<�n�M�N�N�N�N��N��[��(�
C�
C������D�!�T�8�#<�b�A�B�B�B�B�O�O�O�
��>�%� �D�N�5�$9�9�9��E��~�e�$�t�~�f�'=�=�=�"���[��)�

<�

<��7�<�<�A��z�z�!�}�}�<��3�3�A�6�6�(�B�B��3�3�A�6�6�&�@�@�%3�F�#�N�N�A��a��u�0>��0H�05�06�79�,;�<�<�<�<�"�^�E�2�d�n�X�6N�N�N�%3�F�#�N�N�A��a��u�0>��0H�05�06�79�,;�<�<�<��<��E��~�e�$�t�~�f�'=�=�=�"���[��(�
J�
J���:�:�g�&�&�4�+�F�F��Z�Z��'�'�
4�+�F��~�e�,�t�~�h�/G�G�G�����D�!�T�;�,7��,0�(�,<�>C�,D�EG�(I�J�J�J�J� ����D�!�T�;�,7��,0�%�,:�,B�	,D�
).�,.�
02�(3�4�4�4�����D�!�T�5�$2�F�$<�>C�$D�EG� I�J�J�J�J��>�%� �D�N�8�$<�<�<��E��~�e�$�t�~�f�'=�=�=�"���~�e�$�t�~�f�'=�=�=�?�?�?�*�L��#�F��[��*�
J�
J������D�!�T�5�$2�F�$<�>C�$D�EG� I�J�J�J�J��rCc
���d}ttjj|j��}g}|jD]�}|j|�d��s�#|�|j|��tj	�
|dtj	�|j|����}tj	�|��s!td��|z}t|�����tjd��}|D]I}|�d|��}tj	�|��r!td��|z}t|����J|D]S}|�d|��}|td��tj	�|��|d	�zz
}tj||���T|D�]0}|�d|��}t'jtj	�
|dtj	�|����tj	�|����t'j||��	tj|��}	|	t.j}
n1#t2$r$td
��|z}t5|��Y��wxYw|
t.jzr|td��|zz
}��|
t.jzr|td��|zz
}��2|S)
zReset the firewallrVz.rulesrzCould not find '%s'. Abortingz
%Y%m%d_%H%M%S�.z'%s' already exists. Abortingz"Backing up '%(old)s' to '%(new)s'
)�old�newzCouldn't stat '%s'zWARN: '%s' is world writablezWARN: '%s' is world readable)r
rr*�	share_dirrr<rur7r.r/r0�basename�isfilerIr�time�strftime�exists�rename�shutil�copy�dirname�copymode�stat�ST_MODEr\r�S_IWOTH�S_IROTH)r:�resr{�allfilesr��fnre�extry�statinfo�moder3s            rB�resetzUFWBackendIptables.reseths������c�j�2�D�L�A�A�	�����	(�	(�A��:�a�=�)�)�(�3�3�
���O�O�D�J�q�M�*�*�*�����i�� �g�.�.�t�z�!�}�=�=�?�?�B��7�>�>�"�%�%�
(��;�<�<��C���w�'�'�'�
(��m�O�,�,���	(�	(�A��A�A�s�s�#�B��w�~�~�b�!�!�
(��;�<�<��C���w�'�'�'�
(�
�	�	�A��A�A�s�s�#�B��1�:�;�;��W�-�-�a�0�0��<�<�>�
>�C��I�a�������	?�	?�A��Q�Q���$�C��K�����Y�
�%'�W�%5�%5�a�%8�%8�:�:������*�*�
,�
,�
,�
�O�C��#�#�#�
��7�1�:�:�����-�����
�
�
��1�2�2�a�8���X������
����
�d�l�"�
?��q�7�8�8�A�>�>������$�
?��q�7�8�8�A�>�>����
s�&I*�*+J�J)NN)FF)F)T)�__name__�
__module__�__qualname__�__doc__r4rLrmr�r�r�r�r�r�rrr4rGr`rer�r�r?r��rCrBrrsy������'�'�.;�.;�.;�.;�`���I�I�I�V[�[�[�zc/�c/�c/�c/�J(�(�(�$,�,�,�B���8;�;�;�8B�B�B�H���$c�c�c�Jg�g�g�g�Rc�c�c�c�J���0(�(�(�(�H2�H2�H2�TX�X�X�t8�8�8�8�8rCr)r�r.r]r�r�r;r~�
ufw.commonrr�ufw.utilrrrrr	r
�ufw.backendrr2r3rr�rCrB�<module>r�s���3�3�"
�	�	�	�	�	�	�	�
�
�
�
�����
�
�
�
�����(�(�(�(�(�(�(�(�?�?�?�?�?�?�?�?�?�?�?�?�?�?�?�?�����B�B�B�B�B���/�B�B�B�B�BrC