HOME

Mini Shell 1.0 Redirecting to https://devs.lapieza.net/iniciar-sesion Redirecting to https://devs.lapieza.net/iniciar-sesion.
DIR: /proc/self/root/usr/lib/python3/dist-packages/ufw/__pycache__/
Current File : //proc/self/root/usr/lib/python3/dist-packages/ufw/__pycache__/common.cpython-311.pyc
�

0fdX���dZddlZddlZddlZddlmZdZdZdZeZ	dZ
dZd	Zd
Z
Gd�de��ZGd
�d��ZdS)z!common.py: common classes for ufw�N)�debug�ufwz/lib/ufwz/usr/share/ufwz/etcz/usrz	/usr/sbinTc��eZdZdZd�Zd�ZdS)�UFWErrorz$This class represents ufw exceptionsc��||_dS�N)�value)�selfr	s  �,/usr/lib/python3/dist-packages/ufw/common.py�__init__zUFWError.__init__#s
����
�
�
�c�*�t|j��Sr)�reprr	�r
s r�__str__zUFWError.__str__&s���D�J���r
N)�__name__�
__module__�__qualname__�__doc__rr�r
rrr!s8������.�.���� � � � � r
rc��eZdZdZ			d!d�Zd�Zd	�Zd
�Zd�Zd�Z	d"d�Z
d�Zd�Zd�Z
d�Zd�Zd�Zd�Zd�Zd�Zd�Zd�Zd�Zd�Zd�Zd�Zd�Zd�Zd S)#�UFWRulez$This class represents firewall rules�any�	0.0.0.0/0�inF�c
��d|_d|_d|_d|_d|_d|_d|_d|_d|_d|_	d|_
d|_d|_d|_
d|_d|_d|_||_d|_	|�|��|�|��|�|��|�|d��|�|��|�|��|�|��|�|	��dS#t4$r�wxYw)NFrr�src)�remove�updated�v6�dstr�dport�sport�protocol�multi�dapp�sapp�action�position�logtype�interface_in�
interface_out�	direction�forward�comment�
set_action�set_protocol�set_port�set_src�set_dst�
set_direction�set_commentr)
r
r)r%r#r"r$rr.r/r0s
          rrzUFWRule.__init__,sL�������������������
���
���
���
���	���	������
�������������������
	��O�O�F�#�#�#����h�'�'�'��M�M�%� � � ��M�M�%��'�'�'��L�L������L�L��������y�)�)�)����W�%�%�%�%�%���	�	�	��	���s
�B)D2�2D>c�*�|���Sr)�format_rulers rrzUFWRule.__str__Os�����!�!�!r
c��d|z}t|j��}|���|D]}|d|�d|j|��z
}�|S)zPrint rule to stdoutz'%s'z, �=)�list�__dict__�sort)r
�res�keys�ks    r�_get_attribzUFWRule._get_attribRs\����o���D�M�"�"���	�	�����	5�	5�A��C����4�=��#3�#3�4�4�C�C��
r
c���t|j|j��}|j|_|j|_|j|_|j|_|j|_|j|_|j	|_	|j
|_
|j|_|j|_|j
|_
|j|_|j|_|j|_|j|_|j|_|j|_|S)zReturn a duplicate of a rule)rr)r%rr r!r"rr#r$r&r'r(r*r+r,r-r.r/r0)r
�rules  r�dup_rulezUFWRule.dup_rule[s����t�{�D�M�2�2���k����|����'����8����8����Z��
��Z��
��Z��
��I��	��I��	��
��
��|��� �-���!�/��������|����|����r
c���d}|jdkr
|d|jzz
}|jdkr
|d|jzz
}|jdkr|dz
}n�|d|jzz
}|jrl|dz
}|jdkr+|jdkr |d|jzz
}|dz
}|d	|jzz
}n1|jdkr|d|jzz
}n|jdkr
|d	|jzz
}|jd
kr|jdkr
|d|jzz
}|js|jdkr
|d
|jzz
}|jd
kr|jdkr
|d|jzz
}|js|jdkr
|d|jzz
}d}|jdkr
d|jz}|j	dkr	|d|zz
}n@|j	dkr|d|zz
}|jdkr|dz
}n|j	dkr	|d|zz
}n|d|zz
}|j
dks|jdkr�d}tj
d��}|j
dkr!|d|�d|j
��zz
}|j
dkr|jdkr|dz
}|jdkr!|d|�d|j��zz
}|d z
}|d|zz
}|���S)!zFormat rule for later parsingrz -i %sz -o %srz -p allz -p z
 -m multiportz
 --dports z
 --sports r�::/0z -d z	 --dport z -s z	 --sport �_�allowz -j ACCEPT%s�rejectz -j REJECT%s�tcpz --reject-with tcp-reset�limitz -j LIMIT%sz
 -j DROP%sz-m comment --comment '� �dapp_z%20�,�sapp_�')r,r-r%r&r#r$r"rr+r)r'r(�re�compile�sub�strip)r
�rule_str�lstrr0�	pat_spaces     rr9zUFWRule.format_rulers�������"�"���D�$5�6�6�H����#�#���D�$6�7�7�H��=�E�!�!��	�!�H�H�����.�.�H��z�	
:��O�+���:��&�&�4�:��+>�+>���t�z� 9�9�H���/�H���t�z� 9�9�H�H��Z�5�(�(���t�z� 9�9�H�H��Z�5�(�(���t�z� 9�9�H��8�{�"�"�t�x�6�'9�'9�����)�)�H��z�	1�d�j�E�1�1���d�j�0�0�H��8�{�"�"�t�x�6�'9�'9�����)�)�H��z�	1�d�j�E�1�1���d�j�0�0�H����<�2������%�D��;�'�!�!���$�/�/�H�H�
�[�H�
$�
$���$�/�/�H��}��%�%��6�6���
�[�G�
#�
#��
��.�.�H�H����-�-�H��9��?�?�d�i�2�o�o�.�G��
�3���I��y�B����7�Y�]�]�5�$�)�%D�%D�D�D���y�B���4�9��?�?��3����y�B����7�Y�]�]�5�$�)�%D�%D�D�D���s�N�G���g�
�%�H��~�~���r
c�*�|����d��}|ddks|ddks|ddkr|d|_nd|_d}t|��dkr|d}|�|��d	S)
zSets action of the rulerHrrIrJrL�denyr�N)�lower�splitr)�len�set_logtype)r
r)�tmpr+s    rr1zUFWRule.set_action�s����l�l�n�n�"�"�3�'�'���q�6�W����A��(� 2� 2�c�!�f��6G�6G��a�&�D�K�K� �D�K����s�8�8�a�<�<��!�f�G�����!�!�!�!�!r
r"c��td��|z}|dkr�n@|dkr	|jr�n1|dkr	|jr�n"tjd|��stjd|��rt|���|�d��|�d��zd	krt|���|�d��}t|��d
krd|_	d}|D�]t}tjd
|��r�d|_	|�d��}|D]7}t|��d
kst|��dkrt|����8t|d��t|d
��krt|���n�tjd|��r6t|��d
kst|��dkrt|���nWtjd|��r3	tj|��}n,#t$rt|���wxYwt|���|r|dt|��zz
}��et|��}��v|}|dkrt|��|_dSt|��|_dS)z:Sets port and location (destination or source) of the rulez
Bad port '%s'rr"rz^[,:]z[,:]$rO�:�r[Trz	^\d+:\d+$i��rz^\d+$z
^\w[\w\-]+N)rHr'r(rR�matchr�countr]r^r&�int�socket�
getservbyname�	Exception�strr$r#)	r
�port�loc�err_msg�portsr`�p�ran�qs	         rr3zUFWRule.set_port�s����O�$�$��-���5�=�=��
�E�\�\�d�i�\��
�E�\�\�d�i�\��
�X�h��
%�
%�%	���(�D�)A�)A�%	��7�#�#�#��j�j��o�o��
�
�3���/�2�
5�
5��7�#�#�#��J�J�s�O�O�E��5�z�z�A�~�~�!��
��C��
!�
!���8�L�!�,�,�,�!%�D�J��'�'�#�,�,�C� �4�4���q�6�6�A�:�:��Q���%���"*�7�"3�"3�3�*8��3�q�6�{�{�c�#�a�&�k�k�1�1�&�w�/�/�/�2��X�g�q�)�)�	,��1�v�v��z�z�S��V�V�e�^�^�&�w�/�/�/�&4��X�m�Q�/�/�,�0�"�0��3�3����$�0�0�0�&�w�/�/�/�0����#�7�+�+�+��!��3��Q���<�'�C�C��a�&�&�C�C��D��%�<�<��T���D�J�J�J��T���D�J�J�Js�.H�Hc��|tjjdgzvr	||_dSt	d��|z}t|���)zSets protocol of the rulerzUnsupported protocol '%s'N)r�util�supported_protocolsr%rHr)r
r%rms   rr2zUFWRule.set_protocol�sE���s�x�3�u�g�=�=�=�$�D�M�M�M��3�4�4��A�G��7�#�#�#r
c�H�|jrN|jr|jdks|jdkrd|_|jr|jdks|jdkrd|_dSdSdS|jr|jdks|jdkrd|_|jr|jdks|jdkrd|_dSdSdS)zAdjusts src and dst based on v6rrrGN)r!r"rrs r�
_fix_anywherezUFWRule._fix_anywhere�s����7�		'��x�
"�T�X��.�.�$�(�k�2I�2I�!����x�
"�T�X��.�.�$�(�k�2I�2I�!�����
"�
"�2I�2I��x�
'�T�X��.�.�$�(�f�2D�2D�&����x�
'�T�X��.�.�$�(�f�2D�2D�&�����
'�
'�2D�2Dr
c�<�||_|���dS)zXSets whether this is ipv6 rule, and adjusts src and dst
           accordingly.
        N)r!rv)r
r!s  r�set_v6zUFWRule.set_v6s#������������r
c���|���}|dkr>tj�|d��st	d��}t|���||_|���dS)zSets source address of rulerzBad source addressN)r\rrs�
valid_addressrHrrrv�r
�addrr`rms    rr4zUFWRule.set_srcsi���j�j�l�l���%�<�<��� 6� 6�s�E� B� B�<��,�-�-�G��7�#�#�#�����������r
c���|���}|dkr>tj�|d��st	d��}t|���||_|���dS)z Sets destination address of rulerzBad destination addressN)r\rrsrzrHrr"rvr{s    rr5zUFWRule.set_dstsi���j�j�l�l���%�<�<��� 6� 6�s�E� B� B�<��1�2�2�G��7�#�#�#�����������r
c�B�|dkr$|dkrtd��}t|���dt|��vrtd��}t|���dt|��vrtd��}t|���t|��dkst|��d	krtd
��}t|���tt|����dkrtd��}t|���tt|����d
krtd��}t|���t	jdt|����std��}t|���|dkr	||_dS||_dS)zSets an interface for ruler�outzBad interface type�!z+Bad interface name: reserved character: '!'rbz/Bad interface name: can't use interface aliases�.z..z)Bad interface name: can't use '.' or '..'rz+Bad interface name: interface name is empty�z+Bad interface name: interface name too longz^[a-zA-Z0-9_\-\.\+,=%@]+$zBad interface nameN)rHrrjr^rRrdr,r-)r
�if_type�namerms    r�
set_interfacezUFWRule.set_interface's����d�?�?�w�%�/�/��,�-�-�G��7�#�#�#��#�d�)�)����E�F�F�G��7�#�#�#��#�d�)�)����I�J�J�G��7�#�#�#��t�9�9����s�4�y�y�D�0�0��C�D�D�G��7�#�#�#���D�	�	�N�N�a����E�F�F�G��7�#�#�#���D�	�	�N�N�R����E�F�F�G��7�#�#�#��x�4�c�$�i�i�@�@�	$��,�-�-�G��7�#�#�#��d�?�?� $�D����!%�D���r
c���t|��dkrCtjdt|����s!td��|z}t	|���t|��|_dS)zSets the position of the rulez-1z^[0-9]+z,Insert position '%s' is not a valid positionN)rjrRrdrHrrfr*)r
�numrms   r�set_positionzUFWRule.set_positionWs^��
�s�8�8�t���B�H�Z��S���$B�$B���F�G�G�3�O�G��7�#�#�#��C����
�
�
r
c���|���dks|���dks|dkr|���|_dStd��|z}t|���)zSets logtype of the rule�logzlog-allrzInvalid log type '%s'N)r\r+rHr)r
r+rms   rr_zUFWRule.set_logtypeasd���=�=�?�?�e�#�#�w�}�}���)�'C�'C��b�=�=�"�=�=�?�?�D�L�L�L��/�0�0�G�<�G��7�#�#�#r
c�n�|dks|dkr	||_dStd��|z}t|���)zSets direction of the rulerrzUnsupported direction '%s'N)r.rHr)r
r.rms   rr6zUFWRule.set_directionjsC������	�U� 2� 2�&�D�N�N�N��4�5�5��C�G��7�#�#�#r
c�J�tj�|j��S)zGet decoded comment of the rule)rrs�
hex_decoder0rs r�get_commentzUFWRule.get_commentrs���x�"�"�4�<�0�0�0r
c��||_dS)zSets comment of the ruleN)r0)r
r0s  rr7zUFWRule.set_commentvs
������r
c�6�d}|jri	tj�|j|j��\|_}n,#t
$rt
d��}t|���wxYw|r||_|j	ri	tj�|j	|j��\|_	}n,#t
$rt
d��}t|���wxYw|r||_|j
rS|j
�d��}tj�|��d�
|��|_
|jrU|j�d��}tj�|��d�
|��|_dSdS)z&Normalize src and dst to standard formFz"Could not normalize source addressz'Could not normalize destination addressrON)rrrs�normalize_addressr!rirHrr r"r#r]�
human_sort�joinr$)r
�changedrmrns    r�	normalizezUFWRule.normalizezs������8�		'�
(�&)�h�&@�&@���AE��'J�'J�#���7�7���
(�
(�
(��@�A�A���w�'�'�'�
(�����
'�&����8�		'�
(�&)�h�&@�&@���CG�7�'L�'L�#���7�7���
(�
(�
(��E�F�F���w�'�'�'�
(�����
'�&����:�	)��J�$�$�S�)�)�E��H����&�&�&����%���D�J��:�	)��J�$�$�S�)�)�E��H����&�&�&����%���D�J�J�J�	)�	)s�2>�)A'�;2B.�.)Cc� �|r|st���d|�d|�d�}|j|jkrt|��dS|j|jkrt|��dS|j|jkrt|��dS|j|jkrt|��dS|j|jkrt|��dS|j|jkrt|��dS|j|jkrt|��dS|j	|j	krt|��dS|j
|j
krt|��dS|j|jkrt|��dS|j|jkrt|��dS|j
|j
krt|��dS|j|jkr@|j|jkr0|j|jkr t#d��}t|��dS|j|jkr@|j|jkr0|j|jkr t#d��}t|��dSt#d	��|j|j|j|j|j|jd
�z}t|��dS)z�Check if rules match
        Return codes:
          0  match
          1  no match
         -1  match all but action, log-type and/or comment
         -2  match all but comment
        z
No match 'z' 'rQr[zFound exact matchrz$Found exact match, excepting comment���zZFound non-action/non-logtype/comment match (%(xa)s/%(ya)s/'%(xc)s' %(xl)s/%(yl)s/'%(yc)s'))�xa�ya�xl�yl�xc�yc���)�
ValueErrorr#rr$r%rr"r!r'r(r,r-r.r/r)r+r0rH)�x�y�dbg_msgs   rrdz
UFWRule.match�s����	��	��,�,��	�+,�!�!�Q�Q�Q�/���7�a�g����'�N�N�N��1��7�a�g����'�N�N�N��1��:���#�#��'�N�N�N��1��5�A�E�>�>��'�N�N�N��1��5�A�E�>�>��'�N�N�N��1��4�1�4�<�<��'�N�N�N��1��6�Q�V����'�N�N�N��1��6�Q�V����'�N�N�N��1��>�Q�^�+�+��'�N�N�N��1��?�a�o�-�-��'�N�N�N��1��;�!�+�%�%��'�N�N�N��1��9��	�!�!��'�N�N�N��1��8�q�x���A�I���$:�$:��	�Q�Y�&�&��+�,�,�G��'�N�N�N��1��8�q�x���A�I���$:�$:��	�Q�Y�&�&��>�?�?�G��'�N�N�N��2��F�G�G��H�A�H��I�Q�Y��I�Q�Y�8�8�9��
	�g�����rr
c��d�}|r|st���|�|��dkrdSd|�d|j�d|�d|j�d�	}|jdkrt	d|zd	z��d
S|j|jkrt	|dz��d
S|j|jkr|jdkrt	d
|z��d
S|jdkr*||j|j��st	d|z��d
S|jdkr�|jdkr|�	|j
��r�n�|j
|j
krd|j
vrt	d|z��d
S|j
|j
krqd|j
vrh|j|jkrXtj�
|j
|j
|j��s(t	d|zd|j
�d|j
�d�z��d
S�nF|jdkr8|j|jkr(t	d|zd|j�d|j�d�z��d
S	tj�|j|j��}n.#t$r!t	d|zd|jzz��Yd
SwxYw|j
|kr,d|j
vr#t	d|zd|j
�d|�d�z��d
S|j
|krgd|j
vr^|j|jkrNtj�
||j
|j��s#t	d|zd|�d|j
�d�z��d
S|j|jkr(t	d|zd|j
�d|j
�d�z��d
St	d|�d|j�d|�d|j�d�	��dS)a�This will match if x is more specific than y. Eg, for protocol if x
           is tcp and y is all or for address if y is a network and x is a
           subset of y (where x is either an address or network). Returns:

            0  match
            1  no match
           -1  fuzzy match

           This is a fuzzy destination match, so source ports or addresses
           are not considered, and (currently) only incoming.
        c�*�d|vsd|vr
||krdSdS|�d��D]j}||krdSd|vr[|�d��\}}t|��t|��kr#t|��t|��krdS�kdS)z:Returns True if p is an exact match or within a multi rulerOrbTF)r]rf)�test_p�to_matchrk�low�highs     r�_match_portsz-UFWRule.fuzzy_dst_match.<locals>._match_ports�s����f�}�}��v�
�
��X�%�%��4��u� ���s�+�+�
$�
$���T�>�>��4�4��$�;�;�"&�*�*�S�/�/�K�S�$��6�{�{�c�#�h�h�.�.�3�v�;�;�#�d�)�)�3K�3K�#�t�t���5r
rzNo fuzzy match 'z (v6=z)' 'z)'rz(direction) z (not incoming)r[z (forward does not match)rz(protocol) z(dport) r�/z(dst) z ('z' not in network 'z')z(interface) z (z != �)z %s does not existz(v6) z(fuzzy match) 'r�)r�rdr!r.rr/r%r#r,�_is_anywherer"rrs�
in_network�get_ip_from_if�IOError)r�r�r�r��if_ips     r�fuzzy_dst_matchzUFWRule.fuzzy_dst_match�s,��	�	�	�"�	��	��,�,��
�7�7�1�:�:��?�?��1���A�A�q�t�t�t�Q�Q�Q�����&��
�;�$����.�7�*�->�>�?�?�?��1�
�9��	�!�!��'�7�7�8�8�8��1�
�:���#�#��
�e�(;�(;��-�'�)�*�*�*��1�
�7�e���L�L���!�'�$B�$B���*�w�&�'�'�'��1��>�R����~��#�#����q�u�(=�(=�#����!�%���C�q�u�$4�$4��h��(�)�)�)��q���!�%���C�1�5�L�L�Q�T�Q�T�\�\��8�&�&�q�u�a�e�Q�T�:�:�6B��h��(�(��u�u�u�a�e�e�e�,%�%�&�&�&��q���~��#�#���!�.�(H�(H��n�w�.�.��~�~�~�q�~�~�~�27�7�8�8�8��q�
���/�/�����E�E�����
�
�
��n�w�.�1E��~�2'�'�(�(�(��q�q�
����
�u��~�~�#�Q�U�"2�"2��n�w�.�.��u�u�u�e�e�e�2%�%�&�&�&��q���%���C�1�5�L�L�Q�T�Q�T�\�\��8�&�&�u�a�e�Q�T�:�:�6B��n�w�.�.�7<�u�u�a�e�e�e�D�E�F�F�F��q��4�1�4�<�<��'�G�#�#�q�u�u�u�a�e�e�e�&D�D�E�E�E��1�	��1�1�1�a�d�d�d�A�A�A�q�t�t�t�L�M�M�M��rs�*I�'I0�/I0c�"�|dks|dkrdSdS)zCheck if address is anywhererGrTFr)r
r|s  rr�zUFWRule._is_anywhereNs���6�>�>�T�[�0�0��4��ur
c���d}|jdks|jdkr�|j�d|j�d|j�d|j��}|jdkr!|j�d|j�d|j�d|j��}|jdkr!|j�d|j�d|j�d|j��}|jdkr|jdkr|d|jzz
}n0|jdkr
|d|jzz
}|jdkr
|d|jzz
}|S)a�Returns a tuple to identify an app rule. Tuple is:
             dapp dst sapp src direction_iface|direction
           or
             dport dst sapp src direction_iface|direction
           or
             dapp dst sport src direction_iface|direction

           where direction_iface is of form 'in_eth0', 'out_eth0' or
           'in_eth0 out_eth0' (ie, both interfaces used). If no interfaces are
           specified, then tuple ends with the direction instead.
        rrMz %sz in_%sz out_%s)	r'r(r"rr#r$r,r-r.)r
�tupls  r�
get_app_tuplezUFWRule.get_app_tupleTs�����9��?�?�d�i�2�o�o�$(�I�I�I�t�x�x�x�����D�H�H�M�D��y�B���(,�
�
�
�D�H�H�H�d�i�i�i�)-���3���y�B���(,�	�	�	�4�8�8�8�T�Z�Z�Z�)-���3��� �B�&�&�4�+=��+C�+C�����0�0����$��*�*��H��(9�:�:�D��%��+�+��I��);�<�<�D��r
c���|jdkr<|jdks|jdkr&td��|jz}t	|���|jt
jjvr,|dkr&td��|jz}t	|���|jt
jjvr<|j	dks|j
dkr(td��|jz}t	|���dSdS)zVerify rulerrz3Improper rule syntax ('%s' specified with app rule)r!z'Invalid IPv6 address with protocol '%s'zInvalid port with protocol '%s'N)r%r(r'rHrrrs�ipv4_only_protocols�portless_protocolsr#r$)r
�rule_iptyperms   r�verifyzUFWRule.verifyvs����=�E�!�!��I��O�O�t�y�B����M�N�N��=�*�G��7�#�#�#��=�C�H�8�8�8��$����A�B�B���(�G��7�#�#�#��=�C�H�7�7�7��z�U�"�"�d�j�E�&9�&9��=�>�>�!�]�,���w�'�'�'�	8�7�&9�&9r
N)rrrrrFr)r")rrrrrrrBrEr9r1r3r2rvrxr4r5r�r�r_r6r�r7r�rdr�r�r�r�rr
rrr*s�������.�.�:E�GL��!�!�!�!�F"�"�"�������.A �A �A �F"�"�"�3#�3#�3#�3#�j$�$�$�'�'�'����������.&�.&�.&�`!�!�!�$�$�$�$�$�$�1�1�1����!)�!)�!)�FA�A�A�Fl�l�l�\��� � � �D(�(�(�(�(r
r)rrRrg�ufw.utilrr�programName�	state_dir�	share_dir�	trans_dir�
config_dir�
prefix_dir�iptables_dir�	do_checksrirrrr
r�<module>r�s���'�'�"
�	�	�	�
�
�
�
��������������	��	��	�
�
�
�
����	� � � � � �y� � � �`	(�`	(�`	(�`	(�`	(�`	(�`	(�`	(�`	(�`	(r