Firewall applier working with host mode

2025-03-21 18:50:38 +03:00 · 2020-06-25 17:22:48 +04:00 · 2020-06-25 17:22:48 +04:00 · beb3ae9359
commit beb3ae9359
parent 0f8db2fdcb
1 changed files with 21 additions and 1 deletions
--- a/gpoa/frontend/appliers/firewall_rule.py
+++ b/gpoa/frontend/appliers/firewall_rule.py
@ -56,6 +56,7 @@ class Protocol(Enum):
 class FirewallMode(Enum):
    ROUTER = 'router'
    GATEWAY = 'gateway'
+    HOST = 'host'

 # This shi^Wthing named alterator-net-iptables is unable to work in
 # multi-threaded environment
@ -70,8 +71,27 @@ class FirewallRule:
        self.properties = getprops(data_array[1:])

    def apply(self):
+        tcp_command = []
+        udp_command = []
+
        for port in self.ports:
-            portcmd = [self.__alterator_command, 'write', '-t', '+{}'.format(port), '-u', '+{}'.format(port)]
+            tcp_port = '{}'.format(port)
+            udp_port = '{}'.format(port)
+
+            if PortState.OPEN.value == self.properties['action']:
+                tcp_port = '+' + tcp_port
+                udp_port = '+' + udp_port
+            if PortState.CLOSE.value == self.properties['action']:
+                tcp_port = '-' + tcp_port
+                udp_port = '-' + udp_port
+
+            portcmd = [
+                  self.__alterator_command
+                , 'write'
+                , '-m', FirewallMode.HOST.value
+                , '-t', '+{}'.format(port)
+                , '-u', '+{}'.format(port)
+            ]
            proc = subprocess.Popen(portcmd)
            proc.wait()