File: pyroman

package info (click to toggle)
pyroman 0.4-3
  • links: PTS
  • area: main
  • in suites: etch, etch-m68k
  • size: 256 kB
  • ctags: 213
  • sloc: python: 1,049; sh: 60; makefile: 9
file content (123 lines) | stat: -rwxr-xr-x 3,829 bytes parent folder | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
#!/usr/bin/python
""" Pyroman, an iptables firewall configuration tool """
# where the rules are located - e.g. /etc/pyroman
default_rules_path = "/etc/pyroman"
# timeout for the "safe" mode invocation
safe_timeout_default = 30

#Copyright (c) 2006 Erich Schubert erich@debian.org

#Permission is hereby granted, free of charge, to any person obtaining a copy
#of this software and associated documentation files (the "Software"), to deal
#in the Software without restriction, including without limitation the rights
#to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
#copies of the Software, and to permit persons to whom the Software is
#furnished to do so, subject to the following conditions:

#The above copyright notice and this permission notice shall be included in
#all copies or substantial portions of the Software.

#THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
#IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
#FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
#AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
#LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
#OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
#SOFTWARE.
import sys, glob, os, getopt

# usercommands, the Firewall class and the firewall object
# should be available to user rules
from pyroman.pyroman import Firewall
from pyroman.commands import *

# Pyroman version
version = "0.4"

def usage():
	print """\
Usage: pyroman [-hVnspP] [--help] [--version] [--no-act]
       [-r rulesdir] [--rules=rulesdir] [--print] [--print-verbose]
       [-t seconds] [--timeout=seconds] [--safe] [safe]\
"""

def main():
	rules_path = default_rules_path
	no_act = False
	print_only = False
	verbose_print = False
	# parse options
	try:
		opts, args = getopt.getopt(sys.argv[1:], "hVr:t:snpP", \
			["help", "version", "rules=", "timeout=", "safe", "no-act",
			 "print", "print-verbose"])
	except getopt.GetoptError:
		usage()
		sys.exit(2)

	for o, a in opts:
		# help screen
		if o in ("-h", "--help"):
			usage()
			sys.exit()
		# print version number
		if o in ("-V", "--version"):
			print "Pyroman version %s" % version
			sys.exit()
		# Use different directory for rules
		if o in ("-r", "--rules"):
			rules_path = a
		# Setup timeout, implies -s
		if o in ("-t", "--timeout"):
			Firewall.timeout = int(a)
		# When given the "safe" parameter, setup a timeout.
		if o in ("-s", "--safe"):
			if not Firewall.timeout:
				Firewall.timeout = safe_timeout_default
		# Don't execute firewall
		if o in ("-n", "--no-act"):
			no_act = True
		# Print resulting firewall only
		if o in ("-p", "--print"):
			print_only = True
			verbose_print = False
		# Print resulting firewall only
		if o in ("-P", "--print-verbose"):
			print_only = True
			verbose_print = True

	# When given the "safe" parameter, setup a timeout.
	if len(args) > 0:
		if len(args) == 1 and args[0] == "safe":
			if not Firewall.timeout:
				Firewall.timeout = safe_timeout_default
		else:
			print "Unknown parameter passed."
			usage()
			sys.exit(2)
	run(rules_path, no_act, print_only, verbose_print)

def run(rules_path, no_act, print_only, verbose_print):
	# load user rules alphabetically
	rfiles = glob.glob(os.path.join(rules_path,"*.py"))
	if len(rfiles) < 1:
		print "No rule files found in directory '%s'!" % rules_path
		sys.exit(1)
	rfiles.sort()
	for nam in rfiles:
		execfile(nam)

	# do some consistency checks
	Firewall.verify()
	# generate...
	Firewall.generate()
	# execute firewall
	if no_act:
		print "Syntax checks passed, would commit to iptables now."
	elif print_only:
		Firewall.print_rules(verbose_print)
	else:
		Firewall.execute_rules()

if __name__ == "__main__":
	main()