module ipset pour le support d'ipset dans le firewall

Ignore-this: 353f74db3e3f9f554ddfb160f18da843 darcs-hash:20110227093211-b6d5f-6a81e7c83d7c533b9380358f571699d7bcbc5b92.gz
2011-02-27 10:32:11 +01:00 · 2011-02-27 10:32:11 +01:00 · 74caa032a9
commit 74caa032a9
parent 852db3b217
1 changed files with 78 additions and 0 deletions
--- a/gestion/gen_confs/ipset.py
+++ b/gestion/gen_confs/ipset.py
@ -0,0 +1,78 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+# The authors of this code are
+#
+# Permission to use, copy, and modify this software with or without fee
+# is hereby granted, provided that this entire notice is included in
+# all source code copies of any software which is or includes a copy or
+# modification of this software.
+#
+# THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRSS OR
+# IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY
+# REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE
+# MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR
+# PURPOSE.
+
+
+
+import sys
+sys.path.append('/usr/scripts/gestion')
+sys.path.append('/usr/scripts/lc_ldap')
+
+import syslog
+import commands
+import lock
+
+import lc_ldap
+import config
+import secrets
+
+class IpsetError(Exception):
+    # Gestion des erreurs d'ipset
+    def __init__(self,cmd,err_code,output):
+        self.cmd=cmd
+        self.err_code=err_code
+        self.output=output
+        syslog.syslog(syslog.LOG_ERR,"%s : status %s,%s" % (cmd,err_code,output))
+    def __str__(self):
+        return "%s\n  status : %s\n  %s" % (self.cmd,self.err_code,self.output)
+        
+class Ipset(object):
+    ipset="/usr/sbin/ipset"
+    def __init__(self,set,type,typeopt=''):
+        self.set=set
+        self.type=type
+        self.typeoption=typeopt
+        
+    def call(self,cmd,arg=''):
+        """Appel système à ipset"""
+        cmd_line="%s %s %s %s" % (ipset,cmd,self.set,arg)
+        syslog.syslog(syslog.LOG_INFO,"ipset: %s, %s" % (self.set,arg))
+        status,output=commands.getstatusoutput(cmd_line)
+        if status:
+            raise IpsetError(cmd_line,status,output)
+        return output
+    
+    def create(self,opt=''):
+        self.call("-N","%s %s" % (self.type, self.typeopt))
+
+    def add(self,arg):
+        self.call("-A",arg)
+        
+    def list(self):
+        output=self.call("-L").splitlines()
+        list=[]
+        for line in output[6:]:
+            if line=='Bindings:':
+                break
+            list.append(line)
+        return list
+        
+    def delete(self,ip):
+        """Delete an IP"""
+        self.call("-D",ip)
+        
+    def flush(self):
+        self.call("-F")
+    
+