[firewall_new,ipset] Lors de la génération du pare-feu, on restaure les ipsets plutôt que d'ajouter les ips une à une.

Ignore-this: 29d8a044a6bfcc23724de9831213d1b darcs-hash:20130125184040-3a55a-cee42abc272c8710a20845b9f3c46189b22fdf5f.gz
2013-01-25 19:40:40 +01:00 · 2013-01-25 19:40:40 +01:00 · 9e16d81848
commit 9e16d81848
parent 14ac4f12ac
2 changed files with 45 additions and 5 deletions
--- a/gestion/gen_confs/ipset.py
+++ b/gestion/gen_confs/ipset.py
@ -68,6 +68,25 @@ class Ipset(object):
    def delete(self,ip):
        """Delete an IP"""
        self.call("-D",ip)
+        
+    def restore(self,rules): 
+        """ restore le set courrant"""
+        rules_str=self.restore_format(rules)
+        create_str="-N %s %s %s" % (self.set,self.type,self.typeopt)
+        str="%s\n%s\nCOMMIT\n" % (create_str,rules_str)
+        path='/tmp/ipset_%s' % self.set
+        f=open(path, 'w+')
+        f.write(str)
+        f.close()
+        try:
+            self.flush()
+            self.destroy()
+        except IpsetError: pass
+        cmd="cat %s | %s -R" % (path,self.ipset)
+        status,output=commands.getstatusoutput(cmd)
+        if status:
+            raise IpsetError(cmd,status,output)
+        return output

    def flush(self):
        self.call("-F")
@ -75,4 +94,6 @@ class Ipset(object):
    def destroy(self):
        self.call("-X")

+    def restore_format(self,rules):
+        return '\n'.join(["-A %s %s,%s" % (self.set,ip,mac) for (ip,mac) in rules])