1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
# vim: tabstop=4 shiftwidth=4 softtabstop=4
# Copyright 2010 United States Government as represented by the
# Administrator of the National Aeronautics and Space Administration.
# Copyright 2011 Justin Santa Barbara
# All Rights Reserved.
# Copyright (c) 2010 Citrix Systems, Inc.
#
#    Licensed under the Apache License, Version 2.0 (the "License"); you may
#    not use this file except in compliance with the License. You may obtain
#    a copy of the License at
#
#         http://www.apache.org/licenses/LICENSE-2.0
#
#    Unless required by applicable law or agreed to in writing, software
#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
#    License for the specific language governing permissions and limitations
#    under the License.
import  os,sys,time,commands,shutil,re,traceback
from  kxtools  import  config
from  kxtools  import  log
LOG  =  log.get_logger(__name__)
cfg  =  config
def  COMM(cmd):
     # Call system commands
     try :
         x,y  =  commands.getstatusoutput(cmd)
         if  = =  0 :
             return  y
         return  y
     except :
         LOG.error(traceback.format_exc())
def  iptablesRestore():
     # Effective firewall
     try :
         os.system( "/sbin/iptables-restore /etc/sysconfig/iptables" )
     except :
         LOG.error(traceback.format_exc())
def  removes(sfile,dfile):
     # removes files
     try :
         shutil.copy(sfile,dfile)
         LOG.info( 'Copy %s is ok' % sfile)
     except :
         LOG.error(traceback.format_exc())
         return  'False'
def  add_filrewall(zones,ips):
     CONF = cfg.load_cfg()[ 'iptables' ]
     if  zones ! =  'TW' :
         sfile  =  CONF[ 'file' ]
     else :
         sfile  =  CONF[ 'fw_file' ]
     for  in  [ '161' , '5666' ]:
         _insertFirewall(ips,zones,sfile,i)
def  _insertFirewall(ips,zones,sfile,ports):
     =  open (sfile).readlines()
     for  ip  in  ips:
         for  n,s  in  enumerate (f):
             if   re.search(ip,s)  and  re.search(ports,s):
                 break
             else :
                 if  re.search( '--dport 9090' ,s):
                     mes  =  s.split( ' ' )
                     =  n
                     role  =  "%s %s  -s %s -m state --state NEW -m tcp -p tcp --dport %s -j ACCEPT \n"  \
                         % (mes[ 0 ],mes[ 1 ],ip,ports)
                     f.insert(a,role)
                     break
     fp  =  open (sfile, 'w' )
     fp.writelines(f)
     fp.close()
     iptablesRestore()
     LOG.info( " %s zone zabbix firewall is oK " % zones)