ExternalMirrors
/
ufw-formula
mirror of https://github.com/saltstack-formulas/ufw-formula
Watch 1
Star 0
Fork 1
Code Issues 0 Releases 12 Wiki Activity
Saltstack Official UFW Formula
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2 Commits
1 Branch
Tree: 3c181286da
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '3c181286da'
${ noResults }
ufw-formula/_states/ufw.py

105 lines
2.8KB
Raw Blame History 

  1. from salt.exceptions import CommandExecutionError, CommandNotFoundError

  2. import re

  3. import socket

  4. 

  5. 

  6. def _unchanged(name, msg):

  7.     return {'name': name, 'result': True, 'comment': msg, 'changes': {}}

  8. 

  9. 

  10. def _test(name, msg):

  11.     return {'name': name, 'result': None, 'comment': msg, 'changes': {}}

  12. 

  13. 

  14. def _error(name, msg):

  15.     return {'name': name, 'result': False, 'comment': msg, 'changes': {}}

  16. 

  17. 

  18. def _changed(name, msg, **changes):

  19.     return {'name': name, 'result': True, 'comment': msg, 'changes': changes}

  20. 

  21. 

  22. def _resolve(host):

  23.     # pure IP address / netmask IPv4 or IPv6 ?

  24.     if re.match(r'^([0-9\.](::))+(/[0-9]+)?$', host):

  25.         return

  26. 

  27.     return socket.gethostbyname(host)

  28. 

  29. 

  30. def _as_rule(method, app, protocol, from_addr, from_port, to_addr, to_port):

  31.     cmd = [method]

  32.     if app is not None:

  33.         cmd.append(app)

  34.     else:

  35.         if protocol is not None:

  36.             cmd.append("proto")

  37.             cmd.append(protocol)

  38. 

  39.         cmd.append("from")

  40.         if from_addr is not None:

  41.             cmd.append(_resolve(from_addr))

  42.         else:

  43.             cmd.append("any")

  44. 

  45.         if from_port is not None:

  46.             cmd.append("port")

  47.             cmd.append(_resolve(from_port))

  48. 

  49.         cmd.append("to")

  50.         if to_addr is not None:

  51.             cmd.append(to_addr)

  52.         else:

  53.             cmd.append("any")

  54. 

  55.         if to_port is not None:

  56.             cmd.append("port")

  57.             cmd.append(to_port)

  58.     real_cmd = ' '.join(cmd)

  59.     return real_cmd

  60. 

  61. 

  62. def enabled(name, **kwargs):

  63.     if __salt__['ufw.is_enabled']():

  64.         return _unchanged(name, "UFW is already enabled")

  65. 

  66.     if __opts__['test']:

  67.         return _test(name, "UFW will be enabled")

  68. 

  69.     try:

  70.         __salt__['ufw.set_enabled'](True)

  71.     except (CommandExecutionError, CommandNotFoundError) as e:

  72.         return _error(name, e.message)

  73. 

  74.     return _changed(name, "UFW is enabled", enabled=True)

  75. 

  76. 

  77. def allowed(name, app=None, protocol=None,

  78.             from_addr=None, from_port=None, to_addr=None, to_port=None):

  79. 

  80.     rule = _as_rule("allow", app=app, protocol=protocol,

  81.                    from_addr=from_addr, from_port=from_port, to_addr=to_addr, to_port=to_port)

  82. 

  83.     if __opts__['test']:

  84.         return _test(name, "{0}: {1}".format(name, rule))

  85. 

  86.     try:

  87.         out = __salt__['ufw.add_rule'](rule)

  88.     except (CommandExecutionError, CommandNotFoundError) as e:

  89.         return _error(name, e.message)

  90. 

  91.     changes = False

  92.     for line in out.split('\n'):

  93.         if line.startswith("Skipping"):

  94.             continue

  95.         if line.startswith("Rule added") or line.startswith("Rules updated"):

  96.             changes = True

  97.             break

  98.         return _error(name, line)

  99. 

  100.     if changes:

  101.         return _changed(name, "{0} allowed".format(name), rule=rule)

  102.     else:

  103.         return _unchanged(name, "{0} was already allowed".format(name))