1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
|
# vim: tabstop=4 shiftwidth=4 softtabstop=4 # Copyright 2010 United States Government as represented by the # Administrator of the National Aeronautics and Space Administration. # Copyright 2011 Justin Santa Barbara # All Rights Reserved. # Copyright (c) 2010 Citrix Systems, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. import os,sys,time,commands,shutil,re,traceback
from kxtools import config
from kxtools import log
LOG = log.get_logger(__name__)
cfg = config
def COMM(cmd):
# Call system commands
try :
x,y = commands.getstatusoutput(cmd)
if x = = 0 :
return y
return y
except :
LOG.error(traceback.format_exc())
def iptablesRestore():
# Effective firewall
try :
os.system( "/sbin/iptables-restore /etc/sysconfig/iptables" )
except :
LOG.error(traceback.format_exc())
def removes(sfile,dfile):
# removes files
try :
shutil.copy(sfile,dfile)
LOG.info( 'Copy %s is ok' % sfile)
except :
LOG.error(traceback.format_exc())
return 'False'
def add_filrewall(zones,ips):
CONF = cfg.load_cfg()[ 'iptables' ]
if zones ! = 'TW' :
sfile = CONF[ 'file' ]
else :
sfile = CONF[ 'fw_file' ]
for i in [ '161' , '5666' ]:
_insertFirewall(ips,zones,sfile,i)
def _insertFirewall(ips,zones,sfile,ports):
f = open (sfile).readlines()
for ip in ips:
for n,s in enumerate (f):
if re.search(ip,s) and re.search(ports,s):
break
else :
if re.search( '--dport 9090' ,s):
mes = s.split( ' ' )
a = n
role = "%s %s -s %s -m state --state NEW -m tcp -p tcp --dport %s -j ACCEPT \n" \
% (mes[ 0 ],mes[ 1 ],ip,ports)
f.insert(a,role)
break
fp = open (sfile, 'w' )
fp.writelines(f)
fp.close()
iptablesRestore()
LOG.info( " %s zone zabbix firewall is oK " % zones)
|
本文转自 swq499809608 51CTO博客,原文链接:http://blog.51cto.com/swq499809608/1401329