plogical/firewallUtilities.py

import subprocess
import CyberCPLogFileWriter as logging
import shlex
from processUtilities import ProcessUtilities


class FirewallUtilities:

    @staticmethod
    def resFailed(res):
        if ProcessUtilities.decideDistro() == ProcessUtilities.ubuntu and res != 0:
            return True
        elif ProcessUtilities.decideDistro() == ProcessUtilities.centos and res == 1:
            return True
        return False

    @staticmethod
    def doCommand(command):
        try:
            cmd = shlex.split(command)
            res = ProcessUtilities.executioner(cmd)
            if FirewallUtilities.resFailed(res):
                logging.CyberCPLogFileWriter.writeToFile("Failed to apply rule: " + command + " Error #" + str(res))
                return 0

        except OSError, msg:
            logging.CyberCPLogFileWriter.writeToFile("Failed to apply rule: " + command + " Error: " + str(msg))
            return 0
        except ValueError, msg:
            logging.CyberCPLogFileWriter.writeToFile("Failed to apply rule: " + command + " Error: " + str(msg), 1)
            return 0
        return 1


    @staticmethod
    def addRule(proto,port,ipAddress):
        ruleFamily = 'rule family="ipv4"'
        sourceAddress = 'source address="' + ipAddress + '"'
        ruleProtocol = 'port protocol="' + proto + '"'
        rulePort = 'port="' + port + '"'

        command = "sudo firewall-cmd --permanent --zone=public --add-rich-rule='" + ruleFamily + " " + sourceAddress + " " + ruleProtocol + " " + rulePort + " " + "accept'"

        if not FirewallUtilities.doCommand(command):
            return 0

        ruleFamily = 'rule family="ipv6"'
        sourceAddress = ''

        command = "sudo firewall-cmd --permanent --zone=public --add-rich-rule='" + ruleFamily + " " + sourceAddress + " " + ruleProtocol + " " + rulePort + " " + "accept'"

        if not FirewallUtilities.doCommand(command):
            return 0

        command = 'sudo firewall-cmd --reload'

        if not FirewallUtilities.doCommand(command):
            return 0

        return 1

    @staticmethod
    def deleteRule(proto, port, ipAddress):
        ruleFamily = 'rule family="ipv4"'
        sourceAddress = 'source address="' + ipAddress + '"'
        ruleProtocol = 'port protocol="' + proto + '"'
        rulePort = 'port="' + port + '"'

        command = "sudo firewall-cmd --permanent --zone=public --remove-rich-rule='" + ruleFamily + " " + sourceAddress + " " + ruleProtocol + " " + rulePort + " " + "accept'"

        if not FirewallUtilities.doCommand(command):
            return 0

        ruleFamily = 'rule family="ipv6"'
        sourceAddress = ''

        command = "sudo firewall-cmd --permanent --zone=public --remove-rich-rule='" + ruleFamily + " " + sourceAddress + " " + ruleProtocol + " " + rulePort + " " + "accept'"

        if not FirewallUtilities.doCommand(command):
            return 0

        command = 'sudo firewall-cmd --reload'

        if not FirewallUtilities.doCommand(command):
            return 0

        return 1
Initial Commit 2017-10-24 19:16:36 +05:00			`import subprocess`
			`import CyberCPLogFileWriter as logging`
			`import shlex`
combine robert changes 2018-11-16 14:41:40 +05:00			`from processUtilities import ProcessUtilities`
Initial Commit 2017-10-24 19:16:36 +05:00


			`class FirewallUtilities:`

combine robert changes 2018-11-16 14:41:40 +05:00			`@staticmethod`
			`def resFailed(res):`
			`if ProcessUtilities.decideDistro() == ProcessUtilities.ubuntu and res != 0:`
			`return True`
			`elif ProcessUtilities.decideDistro() == ProcessUtilities.centos and res == 1:`
			`return True`
			`return False`

Initial Commit 2017-10-24 19:16:36 +05:00			`@staticmethod`
IP4 and IP6 firewall rules rather than port rules 2018-11-14 15:15:20 -05:00			`def doCommand(command):`
Initial Commit 2017-10-24 19:16:36 +05:00			`try:`
IP4 and IP6 firewall rules rather than port rules 2018-11-14 15:15:20 -05:00			`cmd = shlex.split(command)`
centralized execution ph1 2019-03-21 23:26:42 +05:00			`res = ProcessUtilities.executioner(cmd)`
combine robert changes 2018-11-16 14:41:40 +05:00			`if FirewallUtilities.resFailed(res):`
			`logging.CyberCPLogFileWriter.writeToFile("Failed to apply rule: " + command + " Error #" + str(res))`
IP4 and IP6 firewall rules rather than port rules 2018-11-14 15:15:20 -05:00			`return 0`
Firewall: Add Rules by IP, Bug Fixes: SSL, Error Logs, Remote Transfer 2017-11-02 02:09:47 +05:00
IP4 and IP6 firewall rules rather than port rules 2018-11-14 15:15:20 -05:00			`except OSError, msg:`
combine robert changes 2018-11-16 14:41:40 +05:00			`logging.CyberCPLogFileWriter.writeToFile("Failed to apply rule: " + command + " Error: " + str(msg))`
IP4 and IP6 firewall rules rather than port rules 2018-11-14 15:15:20 -05:00			`return 0`
			`except ValueError, msg:`
combine robert changes 2018-11-16 14:41:40 +05:00			`logging.CyberCPLogFileWriter.writeToFile("Failed to apply rule: " + command + " Error: " + str(msg), 1)`
IP4 and IP6 firewall rules rather than port rules 2018-11-14 15:15:20 -05:00			`return 0`
			`return 1`
Initial Commit 2017-10-24 19:16:36 +05:00


IP4 and IP6 firewall rules rather than port rules 2018-11-14 15:15:20 -05:00			`@staticmethod`
			`def addRule(proto,port,ipAddress):`
			`ruleFamily = 'rule family="ipv4"'`
			`sourceAddress = 'source address="' + ipAddress + '"'`
			`ruleProtocol = 'port protocol="' + proto + '"'`
			`rulePort = 'port="' + port + '"'`
Initial Commit 2017-10-24 19:16:36 +05:00
IP4 and IP6 firewall rules rather than port rules 2018-11-14 15:15:20 -05:00			`command = "sudo firewall-cmd --permanent --zone=public --add-rich-rule='" + ruleFamily + " " + sourceAddress + " " + ruleProtocol + " " + rulePort + " " + "accept'"`
Initial Commit 2017-10-24 19:16:36 +05:00
combine robert changes 2018-11-16 14:41:40 +05:00			`if not FirewallUtilities.doCommand(command):`
Initial Commit 2017-10-24 19:16:36 +05:00			`return 0`
IP4 and IP6 firewall rules rather than port rules 2018-11-14 15:15:20 -05:00
			`ruleFamily = 'rule family="ipv6"'`
			`sourceAddress = ''`

			`command = "sudo firewall-cmd --permanent --zone=public --add-rich-rule='" + ruleFamily + " " + sourceAddress + " " + ruleProtocol + " " + rulePort + " " + "accept'"`

combine robert changes 2018-11-16 14:41:40 +05:00			`if not FirewallUtilities.doCommand(command):`
IP4 and IP6 firewall rules rather than port rules 2018-11-14 15:15:20 -05:00			`return 0`

			`command = 'sudo firewall-cmd --reload'`

combine robert changes 2018-11-16 14:41:40 +05:00			`if not FirewallUtilities.doCommand(command):`
Initial Commit 2017-10-24 19:16:36 +05:00			`return 0`

			`return 1`

			`@staticmethod`
Do add for ip4 and ip4 by port 2018-11-14 12:17:24 -05:00			`def deleteRule(proto, port, ipAddress):`
IP4 and IP6 firewall rules rather than port rules 2018-11-14 15:15:20 -05:00			`ruleFamily = 'rule family="ipv4"'`
			`sourceAddress = 'source address="' + ipAddress + '"'`
			`ruleProtocol = 'port protocol="' + proto + '"'`
			`rulePort = 'port="' + port + '"'`
Committed all files 2018-11-14 13:45:03 -05:00
IP4 and IP6 firewall rules rather than port rules 2018-11-14 15:15:20 -05:00			`command = "sudo firewall-cmd --permanent --zone=public --remove-rich-rule='" + ruleFamily + " " + sourceAddress + " " + ruleProtocol + " " + rulePort + " " + "accept'"`
Initial Commit 2017-10-24 19:16:36 +05:00
combine robert changes 2018-11-16 14:41:40 +05:00			`if not FirewallUtilities.doCommand(command):`
IP4 and IP6 firewall rules rather than port rules 2018-11-14 15:15:20 -05:00			`return 0`
Initial Commit 2017-10-24 19:16:36 +05:00
IP4 and IP6 firewall rules rather than port rules 2018-11-14 15:15:20 -05:00			`ruleFamily = 'rule family="ipv6"'`
			`sourceAddress = ''`
Initial Commit 2017-10-24 19:16:36 +05:00
IP4 and IP6 firewall rules rather than port rules 2018-11-14 15:15:20 -05:00			`command = "sudo firewall-cmd --permanent --zone=public --remove-rich-rule='" + ruleFamily + " " + sourceAddress + " " + ruleProtocol + " " + rulePort + " " + "accept'"`
Initial Commit 2017-10-24 19:16:36 +05:00
combine robert changes 2018-11-16 14:41:40 +05:00			`if not FirewallUtilities.doCommand(command):`
IP4 and IP6 firewall rules rather than port rules 2018-11-14 15:15:20 -05:00			`return 0`
Initial Commit 2017-10-24 19:16:36 +05:00
IP4 and IP6 firewall rules rather than port rules 2018-11-14 15:15:20 -05:00			`command = 'sudo firewall-cmd --reload'`
Initial Commit 2017-10-24 19:16:36 +05:00
combine robert changes 2018-11-16 14:41:40 +05:00			`if not FirewallUtilities.doCommand(command):`
Initial Commit 2017-10-24 19:16:36 +05:00			`return 0`

combine robert changes 2018-11-16 14:41:40 +05:00			`return 1`