|
Server : Apache System : Linux iad1-shared-b8-43 6.6.49-grsec-jammy+ #10 SMP Thu Sep 12 23:23:08 UTC 2024 x86_64 User : dh_edsupp ( 6597262) PHP Version : 8.2.26 Disable Function : NONE Directory : /lib/python3/dist-packages/sos/report/plugins/__pycache__/ |
Upload File : |
o
����-�_gC����������������������@���s*���d�dl�mZmZmZ�G�dd��dee�ZdS�)�����)�Plugin�IndependentPlugin�
SoSPredicatec�������������������@���sD���e�Zd�ZdZdZdZdZdZdZdd��Z d d
��Z
d
d
��Z
d
d��Z
dS�)�FirewallTablesa���Collects information about local firewall tables, such as iptables,
and nf_tables (via nft). Note that this plugin does _not_ collect firewalld
information, which is handled by a separate plugin.
Collections from this plugin are largely gated byt the presence of relevant
kernel modules - for example, the plugin will not collect the nf_tables
ruleset if both the `nf_tables` and `nfnetlink` kernel modules are not
currently loaded (unless using the --allow-system-changes option).
zfirewall tables�firewall_tables)�network�system)�
/etc/nftables)� ip_tables�
ip6_tables� nf_tables� nfnetlink�ebtablesc�����������������C����2���d|�}d|�d�}|�j�|t|�|dgd�d��dS�)z� Collecting iptables rules for a table loads either kernel module
of the table name (for kernel <= 3), or nf_tables (for kernel >= 4).
If neither module is present, the rules must be empty.�iptable_z
iptables -t � -nvLr
�����kmods��predN��add_cmd_outputr�����self� tablename�modname�cmd��r
����D/usr/lib/python3/dist-packages/sos/report/plugins/firewall_tables.py�collect_iptable ���s
���
�z
FirewallTables.collect_iptablec�����������������C���r���)z& Same as function above, but for ipv6 � ip6table_z
ip6tables -t r���r
���r���r���Nr���r���r
���r
���r
����collect_ip6table*���s
���
�z FirewallTables.collect_ip6tablec�����������������C���s&���t�|�ddgddid�}|�jd|dd�S�) zS Collects nftables rulesets with 'nft' commands if the modules
are present r
���r
���r����all)r����requiredznft -a list rulesetT)r����changes)r����collect_cmd_output)r����nft_predr
���r
���r
����collect_nftables3���s�����z FirewallTables.collect_nftablesc�����������
������C���s��|�����}g�g�d�}|d�dkr|d�nd}|���D�]'}|���dd��}t|�dkr@|d�dkr@|d�|v�r@||d���|d ���qd
}z d
}t|d
d
d��
}|���} W�d�����n1�s\w���Y��W�n
�tym���|} Y�nw�| ���D�]}
|d�dkr�|
|d�v�r�|��|
��qrz d}
t|
d
d
d��
}
|
���} W�d�����n1�s�w���Y��W�n
�ty����|} Y�nw�| ���D�]}
|d�dkr�|
|d�v�r�|�� |
��q�|d�dks�d|d�v�r�|�j
dt
|�ddgd�d��|d�dks�d|d�v�r�|�j
dt
|�ddgd�d��|��
g�d���d�S�)N)�ip�ip6�statusr����output�������table��������zmangle
filter
nat
z/proc/net/ip_tables_names�rzUTF-8)�encodingr(���z/proc/net/ip6_tables_namesr)����filterziptables -vnxL�iptable_filterr
���r���r���zip6tables -vnxL�ip6table_filter)r ���z
/etc/sysconfig/nftables.confz/etc/nftables.conf)
r'����
splitlines�split�len�append�open�read�IOErrorr ���r!���r���r����
add_copy_spec)
r����nft_list�
nft_ip_tables� nft_lines�line�words�default_ip_tables�proc_net_ip_tables�ifile�ip_tables_namesr.����proc_net_ip6_tables�ipfiler
���r
���r
����setup>���s^���
�
��
�
�
��
�
���zFirewallTables.setupN)
�__name__�
__module__�
__qualname__�__doc__�
short_desc�
plugin_name�profiles�files�
kernel_modsr ���r!���r'���rI���r
���r
���r
���r
���r���
���s����
r���N)�sos.report.pluginsr���r���r���r���r
���r
���r
���r
����<module>���s���