python 处理linux iptables 策略

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
# vim: tabstop=4 shiftwidth=4 softtabstop=4
# Copyright 2010 United States Government as represented by the
# Administrator of the National Aeronautics and Space Administration.
# Copyright 2011 Justin Santa Barbara
# All Rights Reserved.
# Copyright (c) 2010 Citrix Systems, Inc.
#
#    Licensed under the Apache License, Version 2.0 (the "License"); you may
#    not use this file except in compliance with the License. You may obtain
#    a copy of the License at
#
#         http://www.apache.org/licenses/LICENSE-2.0
#
#    Unless required by applicable law or agreed to in writing, software
#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
#    License for the specific language governing permissions and limitations
#    under the License.
import os,sys,time,commands,shutil,re,traceback
from kxtools import config
from kxtools import log
LOG = log.get_logger(__name__)
cfg = config
def COMM(cmd):
    # Call system commands
    try:
        x,y = commands.getstatusoutput(cmd)
        if == 0:
            return y
        return y
    except:
        LOG.error(traceback.format_exc())
def iptablesRestore():
    # Effective firewall
    try:
        os.system("/sbin/iptables-restore /etc/sysconfig/iptables")
    except:
        LOG.error(traceback.format_exc())
def removes(sfile,dfile):
    # removes files
    try:
        shutil.copy(sfile,dfile)
        LOG.info('Copy %s is ok'%sfile)
    except:
        LOG.error(traceback.format_exc())
        return 'False'
def add_filrewall(zones,ips):
    CONF=cfg.load_cfg()['iptables']
    if zones != 'TW':
        sfile = CONF['file']
    else:
        sfile = CONF['fw_file']
    for in ['161','5666']:
        _insertFirewall(ips,zones,sfile,i)
def _insertFirewall(ips,zones,sfile,ports):
    = open(sfile).readlines()
    for ip in ips:
        for n,s in enumerate(f):
            if  re.search(ip,s) and re.search(ports,s):
                break
            else:
                if re.search('--dport 9090',s):
                    mes = s.split(' ')
                    = n
                    role = "%s %s  -s %s -m state --state NEW -m tcp -p tcp --dport %s -j ACCEPT \n" \
                        %(mes[0],mes[1],ip,ports)
                    f.insert(a,role)
                    break
    fp = open(sfile,'w')
    fp.writelines(f)
    fp.close()
    iptablesRestore()
    LOG.info(" %s zone zabbix firewall is oK "%zones)


上一篇:处女篇:ObjectDataSource+CodeSmith实现基础增删改查功能


下一篇:网站文件系统发展&&分布式文件系统fastDFS