本文整理汇总了Python中zstacklib.utils.iptables.from_iptables_save函数的典型用法代码示例。如果您正苦于以下问题:Python from_iptables_save函数的具体用法?Python from_iptables_save怎么用?Python from_iptables_save使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了from_iptables_save函数的20个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于我们的系统推荐出更棒的Python代码示例。
示例1: main
def main():
usage = 'usage: python -c "from kvmagent import kdaemon; kdaemon.main()" start|stop|restart'
if len(sys.argv) != 2 or not sys.argv[1] in ['start', 'stop', 'restart']:
print usage
sys.exit(1)
global pidfile
prepare_pid_dir(pidfile)
try:
iptc = iptables.from_iptables_save()
iptc.add_rule('-A INPUT -p tcp -m tcp --dport 7070 -j ACCEPT')
# open vnc ports
iptc.add_rule('-A INPUT -p tcp -m tcp --dport 5900:6200 -j ACCEPT')
iptc.iptable_restore()
cmd = sys.argv[1]
agentdaemon = kvmagent.KvmDaemon(pidfile)
if cmd == 'start':
logger.debug('zstack-kvmagent starts')
agentdaemon.start()
elif cmd == 'stop':
logger.debug('zstack-kvmagent stops')
agentdaemon.stop()
elif cmd == 'restart':
logger.debug('zstack-kvmagent restarts')
agentdaemon.restart()
sys.exit(0)
except Exception:
logger.warning(linux.get_exception_stacktrace())
sys.exit(1)
开发者ID:zeus911,项目名称:zstack-utility,代码行数:31,代码来源:kdaemon.py
示例2: sync_eip
def sync_eip(self, req):
cmd = jsonobject.loads(req[http.REQUEST_BODY])
rsp = SyncEipRsp()
def remove_eip_chain(table):
for c in table.children:
if c.name.startswith('eip-'):
c.delete()
ipt = iptables.from_iptables_save()
nat = ipt.get_table(ipt.NAT_TABLE_NAME)
if nat:
remove_eip_chain(nat)
filter_table = ipt.get_table(ipt.FILTER_TABLE_NAME)
if filter_table:
remove_eip_chain(filter_table)
ipt.iptable_restore()
try:
for eip in cmd.eips:
self._create_eip(eip)
except virtualrouter.VirtualRouterError as e:
logger.warning(linux.get_exception_stacktrace())
rsp.error = str(e)
rsp.success = False
return jsonobject.dumps(rsp)
开发者ID:QiRaining,项目名称:zstack-utility,代码行数:27,代码来源:eip.py
示例3: main
def main():
usage = 'usage: python -c "from baremetalpxeserver import cdaemon; cdaemon.main()" start|stop|restart'
if len(sys.argv) != 2 or not sys.argv[1] in ['start', 'stop', 'restart']:
print usage
sys.exit(1)
global pidfile
prepare_pid_dir(pidfile)
try:
iptc = iptables.from_iptables_save()
iptc.add_rule('-A INPUT -p tcp -m tcp --dport 7770 -j ACCEPT')
iptc.iptable_restore()
cmd = sys.argv[1]
py_process_name = 'from baremetalpxeserver import cdaemon'
agentdaemon = pxeserveragent.PxeServerDaemon(pidfile, py_process_name)
if cmd == 'start':
logger.debug('zstack-baremetalpxeserver starts')
agentdaemon.start()
elif cmd == 'stop':
logger.debug('zstack-baremetalpxeserver stops')
agentdaemon.stop()
elif cmd == 'restart':
logger.debug('zstack-baremetalpxeserver restarts')
agentdaemon.restart()
sys.exit(0)
except Exception:
logger.warning(linux.get_exception_stacktrace())
sys.exit(1)
开发者ID:zstackorg,项目名称:zstack-utility,代码行数:30,代码来源:cdaemon.py
示例4: _apply_rules_using_iprange_match
def _apply_rules_using_iprange_match(self, cmd, iptable=None, ipset_mn=None):
if not iptable:
ipt = iptables.from_iptables_save()
else:
ipt = iptable
if not ipset_mn:
ips_mn = ipset.IPSetManager()
else:
ips_mn = ipset_mn
self._create_default_rules(ipt)
for rto in cmd.ruleTOs:
if rto.actionCode == self.ACTION_CODE_DELETE_CHAIN:
self._delete_vnic_chain(ipt, rto.vmNicInternalName)
elif rto.actionCode == self.ACTION_CODE_APPLY_RULE:
self._apply_rules_on_vnic_chain(ipt, ips_mn, rto)
else:
raise Exception('unknown action code: %s' % rto.actionCode)
self._cleanup_conntrack(rto.vmNicIp)
default_accept_rule = "-A %s -j ACCEPT" % self.ZSTACK_DEFAULT_CHAIN
ipt.remove_rule(default_accept_rule)
ipt.add_rule(default_accept_rule)
self._cleanup_stale_chains(ipt)
ips_mn.refresh_my_ipsets()
ipt.iptable_restore()
used_ipset = ipt.list_used_ipset_name()
def match_set_name(name):
return name.startswith(self.ZSTACK_IPSET_NAME_FORMAT)
ips_mn.cleanup_other_ipset(match_set_name, used_ipset)
开发者ID:zstackorg,项目名称:zstack-utility,代码行数:34,代码来源:securitygroup_plugin.py
示例5: main
def main():
usage = 'usage: python -c "from cephbackupstorage import cdaemon; cdaemon.main()" start|stop|restart'
if len(sys.argv) != 2 or not sys.argv[1] in ['start', 'stop', 'restart']:
print usage
sys.exit(1)
global pidfile
prepare_pid_dir(pidfile)
try:
iptc = iptables.from_iptables_save()
iptc.add_rule('-A INPUT -p tcp -m tcp --dport 7761 -j ACCEPT')
iptc.iptable_restore()
cmd = sys.argv[1]
agentdaemon = cephagent.CephDaemon(pidfile)
if cmd == 'start':
logger.debug('zstack-ceph-backupstorage starts')
agentdaemon.start()
elif cmd == 'stop':
logger.debug('zstack-ceph-backupstorage stops')
agentdaemon.stop()
elif cmd == 'restart':
logger.debug('zstack-ceph-backupstorage restarts')
agentdaemon.restart()
sys.exit(0)
except Exception:
logger.warning(linux.get_exception_stacktrace())
sys.exit(1)
开发者ID:ShaofeiWang,项目名称:zstack-utility,代码行数:29,代码来源:cdaemon.py
示例6: revoke_rule
def revoke_rule(self, req):
cmd = jsonobject.loads(req[http.REQUEST_BODY])
rsp = RevokePortForwardingRuleRsp()
iptc = iptables.from_iptables_save()
for to in cmd.rules:
self._revoke_rule(iptc, to)
iptc.iptable_restore()
return jsonobject.dumps(rsp)
开发者ID:QiRaining,项目名称:zstack-utility,代码行数:8,代码来源:port_forwarding.py
示例7: cleanup_unused_rules_on_host
def cleanup_unused_rules_on_host(self, req):
rsp = CleanupUnusedRulesOnHostResponse()
ipt = iptables.from_iptables_save()
self._cleanup_stale_chains(ipt)
ipt.iptable_restore()
return jsonobject.dumps(rsp)
开发者ID:QiRaining,项目名称:zstack-utility,代码行数:8,代码来源:securitygroup_plugin.py
示例8: _refresh_rules_on_host_using_iprange_match
def _refresh_rules_on_host_using_iprange_match(self, cmd):
if cmd.ruleTOs is not None:
ipt = iptables.from_iptables_save()
self._delete_all_chains(ipt)
self._apply_rules_using_iprange_match(cmd, ipt)
if cmd.ipv6RuleTOs is not None:
ip6t = iptables.from_ip6tables_save()
self._delete_all_chains(ip6t)
self._apply_rules_using_iprange_match_ip6(cmd, ip6t)
开发者ID:zstackorg,项目名称:zstack-utility,代码行数:10,代码来源:securitygroup_plugin.py
示例9: update_group_member
def update_group_member(self, req):
cmd = jsonobject.loads(req[http.REQUEST_BODY])
rsp = UpdateGroupMemberResponse()
utos4 = []
utos6 = []
for uto in cmd.updateGroupTOs:
if int(uto.ipVersion) == 4:
utos4.append(uto)
else:
utos6.append(uto)
ips_mn = ipset.IPSetManager()
ipt = iptables.from_iptables_save()
to_del_ipset_names = []
for uto in utos4:
if uto.actionCode == self.ACTION_CODE_DELETE_GROUP:
to_del_ipset_names.append(self._make_security_group_ipset_name(uto.securityGroupUuid))
elif uto.actionCode == self.ACTION_CODE_UPDATE_GROUP_MEMBER:
set_name = self._make_security_group_ipset_name(uto.securityGroupUuid)
ip_version = self.ZSTACK_IPSET_FAMILYS[int(uto.ipVersion)]
ips_mn.create_set(name=set_name, match_ips=uto.securityGroupVmIps, ip_version=ip_version)
ips_mn.refresh_my_ipsets()
if len(to_del_ipset_names) > 0:
to_del_rules = ipt.list_reference_ipset_rules(to_del_ipset_names)
for rule in to_del_rules:
ipt.remove_rule(str(rule))
ipt.iptable_restore()
ips_mn.clean_ipsets(to_del_ipset_names)
ip6s_mn = ipset.IPSetManager()
ip6t = iptables.from_ip6tables_save()
to_del_ipset_names = []
for uto in utos6:
if uto.actionCode == self.ACTION_CODE_DELETE_GROUP:
to_del_ipset_names.append(self._make_security_group_ipset_name(uto.securityGroupUuid))
elif uto.actionCode == self.ACTION_CODE_UPDATE_GROUP_MEMBER:
set_name = self._make_security_group_ipset_name(uto.securityGroupUuid)
ip_version = self.ZSTACK_IPSET_FAMILYS[int(uto.ipVersion)]
ip6s_mn.create_set(name=set_name, match_ips=uto.securityGroupVmIps, ip_version=ip_version)
ip6s_mn.refresh_my_ipsets()
if len(to_del_ipset_names) > 0:
to_del_rules = ip6t.list_reference_ipset_rules(to_del_ipset_names)
for rule in to_del_rules:
ip6t.remove_rule(str(rule))
ip6t.iptable_restore()
ip6s_mn.clean_ipsets(to_del_ipset_names)
self._cleanup_conntrack()
return jsonobject.dumps(rsp)
开发者ID:zstackorg,项目名称:zstack-utility,代码行数:53,代码来源:securitygroup_plugin.py
示例10: set_default_iptable_rules
def set_default_iptable_rules(self):
shell.call('iptables --policy INPUT DROP')
shell.call('iptables --policy FORWARD DROP')
# NOTE: 22 port of eth0 is opened in /etc/sysconfig/iptables by default
ipt = iptables.from_iptables_save()
ipt.add_rule('-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT')
ipt.add_rule('-A INPUT -i lo -j ACCEPT')
ipt.add_rule('-A INPUT -p icmp -j ACCEPT')
ipt.add_rule('-A INPUT -j REJECT --reject-with icmp-host-prohibited')
ipt.add_rule('-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT')
ipt.add_rule('-A POSTROUTING -p udp --dport bootpc -j CHECKSUM --checksum-fill', iptables.IPTables.MANGLE_TABLE_NAME)
ipt.iptable_restore()
开发者ID:ShaofeiWang,项目名称:zstack-utility,代码行数:13,代码来源:appliancevm.py
示例11: _kill_lb
def _kill_lb(self, to):
pid_file_path = self._make_pid_file_path(to.lbUuid, to.listenerUuid)
pid = linux.find_process_by_cmdline([pid_file_path])
if pid:
shell.call('kill %s' % pid)
linux.rm_file_force(pid_file_path)
linux.rm_file_force(self._make_conf_file_path(to.lbUuid, to.listenerUuid))
ipt = iptables.from_iptables_save()
ipt.delete_chain(self._make_chain_name(to))
ipt.iptable_restore()
开发者ID:zstackorg,项目名称:zstack-utility,代码行数:13,代码来源:lb.py
示例12: remove_snat
def remove_snat(self, req):
cmd = jsonobject.loads(req[http.REQUEST_BODY])
rsp = RemoveSNATRsp()
try:
iptc = iptables.from_iptables_save()
for info in cmd.natInfo:
self._remove_snat(info, iptc)
iptc.iptable_restore()
except virtualrouter.VirtualRouterError as e:
logger.warn(linux.get_exception_stacktrace())
err = 'unable to remove snat, %s' % str(e)
rsp.error = err
rsp.success = False
return jsonobject.dumps(rsp)
开发者ID:ShaofeiWang,项目名称:zstack-utility,代码行数:14,代码来源:snat.py
示例13: _default_iptable_rules
def _default_iptable_rules(self, nicname):
in_chain_name = "%s-in" % nicname
ipt = iptables.from_iptables_save()
ipt.delete_chain(in_chain_name)
ipt.add_rule('-A INPUT -i %s -j %s' % (nicname, in_chain_name))
ipt.add_rule('-A %s -m state --state RELATED,ESTABLISHED -j ACCEPT' % in_chain_name)
ipt.add_rule('-A %s -p udp -m udp --sport 68 --dport 67 -j ACCEPT' % in_chain_name)
ipt.add_rule('-A %s -p udp -m udp --sport 67 --dport 68 -j ACCEPT' % in_chain_name)
ipt.add_rule('-A %s -p udp -m udp --dport 53 -j ACCEPT' % in_chain_name)
ipt.add_rule('-A %s -p icmp -m icmp -j ACCEPT' % in_chain_name)
ipt.add_rule('-A %s -p tcp -m tcp --dport 22 -m state --state NEW -j ACCEPT' % in_chain_name)
ipt.add_rule('-A %s -j REJECT --reject-with icmp-host-prohibited' % in_chain_name)
ipt.iptable_restore()
开发者ID:ShaofeiWang,项目名称:zstack-utility,代码行数:14,代码来源:configure_nic.py
示例14: set_snat
def set_snat(self, req):
cmd = jsonobject.loads(req[http.REQUEST_BODY])
rsp = SetSNATRsp()
try:
iptc = iptables.from_iptables_save()
self._create_snat(cmd.snat, iptc)
iptc.iptable_restore()
except virtualrouter.VirtualRouterError as e:
logger.warn(linux.get_exception_stacktrace())
err = "unable to create snat, %s" % str(e)
rsp.error = err
rsp.success = False
return jsonobject.dumps(rsp)
开发者ID:zeus911,项目名称:zstack-utility,代码行数:15,代码来源:snat.py
示例15: refresh_rule
def refresh_rule(self, req):
cmd = jsonobject.loads(req[http.REQUEST_BODY])
rsp = RefreshFirewallRsp()
ipt = iptables.from_iptables_save()
# replace bootstrap 22 port rule with a more restricted one that binds to eth0's IP
ipt.remove_rule('-A INPUT -i eth0 -p tcp -m tcp --dport 22 -j ACCEPT')
eth0_ip = linux.get_ip_by_nic_name('eth0')
assert eth0_ip, 'cannot find IP of eth0'
ipt.add_rule('-A INPUT -d %s/32 -i eth0 -p tcp -m tcp --dport 22 -j ACCEPT' % eth0_ip)
chain_name = 'appliancevm'
ipt.delete_chain(chain_name)
ipt.add_rule('-A INPUT -j %s' % chain_name)
for to in cmd.rules:
if to.destIp:
nic_name = linux.get_nic_name_by_ip(to.destIp)
else:
nic_name = linux.get_nic_name_from_alias(linux.get_nic_names_by_mac(to.nicMac))
r =[]
if to.protocol == 'all' or to.protocol == 'udp':
r.append('-A %s' % chain_name)
if to.sourceIp:
r.append('-s %s' % to.sourceIp)
if to.destIp:
r.append('-d %s' % to.destIp)
r.append('-i %s -p udp -m state --state NEW -m udp --dport %s:%s -j ACCEPT' % (nic_name, to.startPort, to.endPort))
rule = ' '.join(r)
ipt.add_rule(rule)
r = []
if to.protocol == 'all' or to.protocol == 'tcp':
r.append('-A %s' % chain_name)
if to.sourceIp:
r.append('-s %s' % to.sourceIp)
if to.destIp:
r.append('-d %s' % to.destIp)
r.append('-i %s -p tcp -m state --state NEW -m tcp --dport %s:%s -j ACCEPT' % (nic_name, to.startPort, to.endPort))
rule = ' '.join(r)
ipt.add_rule(rule)
ipt.iptable_restore()
logger.debug('refreshed rules for appliance vm')
return jsonobject.dumps(rsp)
开发者ID:ShaofeiWang,项目名称:zstack-utility,代码行数:46,代码来源:appliancevm.py
示例16: apply_rules
def apply_rules(self, req):
cmd = jsonobject.loads(req[http.REQUEST_BODY])
rsp = ApplySecurityGroupRuleResponse()
try:
if cmd.ruleTOs is not None:
ipt = iptables.from_iptables_save()
self._apply_rules_using_iprange_match(cmd, ipt)
if cmd.ipv6RuleTOs is not None:
ip6t = iptables.from_ip6tables_save()
self._apply_rules_using_iprange_match_ip6(cmd, ip6t)
except iptables.IPTablesError as e:
err_log = linux.get_exception_stacktrace()
logger.warn(err_log)
rsp.error = str(e)
rsp.success = False
return jsonobject.dumps(rsp)
开发者ID:zstackorg,项目名称:zstack-utility,代码行数:18,代码来源:securitygroup_plugin.py
示例17: check_default_sg_rules
def check_default_sg_rules(self, req):
rsp = CheckDefaultSecurityGroupResponse()
ipt = iptables.from_iptables_save()
default_chain = ipt.get_chain(self.ZSTACK_DEFAULT_CHAIN)
if not default_chain:
self._create_default_rules(ipt)
ipt.iptable_restore()
ip6t = iptables.from_ip6tables_save()
default_chain6 = ip6t.get_chain(self.ZSTACK_DEFAULT_CHAIN)
if not default_chain6:
self._create_default_rules_ip6(ip6t)
ip6t.iptable_restore()
if not default_chain or not default_chain6:
self._cleanup_conntrack()
return jsonobject.dumps(rsp)
开发者ID:zstackorg,项目名称:zstack-utility,代码行数:19,代码来源:securitygroup_plugin.py
示例18: _create_eip
def _create_eip(self, eip):
ipt = iptables.from_iptables_save()
private_nic_name = linux.get_nic_name_by_mac(eip.privateMac)
vip_nic_name = linux.get_nic_name_by_ip(eip.vipIp)
guest_ip = eip.guestIp
vip = eip.vipIp
dnat_name = self._make_dnat_name(vip_nic_name, private_nic_name)
snat_name = self._make_snat_name(vip_nic_name, private_nic_name)
fwd_name = self._make_fwd_name(vip_nic_name, private_nic_name)
#def check_eip(table):
#if not table:
#return
#for chain in table.children:
#vip_nic = self._get_vip_nic_name_from_chain_name(chain.name)
#if vip_nic == vip_nic_name:
#raise virtualrouter.VirtualRouterError('eip[%s] has been occupied, this is an internal error' % vip)
#check_eip(ipt.get_table(ipt.NAT_TABLE_NAME))
#check_eip(ipt.get_table(ipt.FILTER_TABLE_NAME))
order = 999
ipt.add_rule('-A PREROUTING -d {0} -j {1}'.format(vip, dnat_name), ipt.NAT_TABLE_NAME, order=order)
ipt.add_rule('-A {0} -j DNAT --to-destination {1}'.format(dnat_name, guest_ip), ipt.NAT_TABLE_NAME, order=order)
ipt.add_rule('-A FORWARD -i {0} -o {1} -j {2}'.format(vip_nic_name, private_nic_name, fwd_name), order=order)
ipt.add_rule('-A FORWARD -i {0} -o {1} -j {2}'.format(private_nic_name, vip_nic_name, fwd_name), order=order)
ipt.add_rule('-A {0} -j ACCEPT'.format(fwd_name), order=order)
ipt.add_rule('-A POSTROUTING -s {0} -j {1}'.format(guest_ip, snat_name), ipt.NAT_TABLE_NAME, order=order)
ipt.add_rule('-A {0} -j SNAT --to-source {1}'.format(snat_name, vip), ipt.NAT_TABLE_NAME, order=order)
if eip.snatInboundTraffic:
gw_snat_name = self._make_gateway_snat_name(vip_nic_name, private_nic_name)
guest_gw_ip = linux.get_ip_by_nic_name(private_nic_name)
ipt.add_rule('-A POSTROUTING -d {0} -j {1}'.format(guest_ip, gw_snat_name), ipt.NAT_TABLE_NAME, order=order)
ipt.add_rule('-A {0} -j SNAT --to-source {1}'.format(gw_snat_name, guest_gw_ip), ipt.NAT_TABLE_NAME, order=order)
ipt.iptable_restore()
logger.debug('successfully created eip[{0}] to guest ip[{1}] from device[{2}] to device[{3}]'.format(vip, guest_ip, vip_nic_name, private_nic_name))
开发者ID:QiRaining,项目名称:zstack-utility,代码行数:42,代码来源:eip.py
示例19: _remove_eip
def _remove_eip(self, eip):
ipt = iptables.from_iptables_save()
private_nic_name = linux.get_nic_name_by_mac(eip.privateMac)
assert private_nic_name, "cannot find private nic by MAC[%s]" % eip.privateMac
vip_nic_name = linux.get_nic_name_by_ip(eip.vipIp)
assert vip_nic_name, "cannot find vip nic by IP[%s]" % eip.vipIp
guest_ip = eip.guestIp
vip = eip.vipIp
dnat_name = self._make_dnat_name(vip_nic_name, private_nic_name)
snat_name = self._make_snat_name(vip_nic_name, private_nic_name)
fwd_name = self._make_fwd_name(vip_nic_name, private_nic_name)
gw_snat_name = self._make_gateway_snat_name(vip_nic_name, private_nic_name)
ipt.delete_chain(dnat_name, ipt.NAT_TABLE_NAME)
ipt.delete_chain(snat_name, ipt.NAT_TABLE_NAME)
ipt.delete_chain(gw_snat_name, ipt.NAT_TABLE_NAME)
ipt.delete_chain(fwd_name)
ipt.iptable_restore()
logger.debug('successfully deleted eip[{0}] to guest ip[{1}] from device[{2}] to device[{3}]'.format(vip, guest_ip, vip_nic_name, private_nic_name))
开发者ID:QiRaining,项目名称:zstack-utility,代码行数:21,代码来源:eip.py
示例20: _apply_rules_using_iprange_match
def _apply_rules_using_iprange_match(self, cmd, iptable=None):
if not iptable:
ipt = iptables.from_iptables_save()
else:
ipt = iptable
self._create_default_rules(ipt)
for rto in cmd.ruleTOs:
if rto.actionCode == self.ACTION_CODE_DELETE_CHAIN:
self._delete_vnic_chain(ipt, rto.vmNicInternalName)
elif rto.actionCode == self.ACTION_CODE_APPLY_RULE:
self._apply_rules_on_vnic_chain(ipt, rto)
else:
raise Exception('unknown action code: %s' % rto.actionCode)
default_accept_rule = "-A %s -j ACCEPT" % self.ZSTACK_DEFAULT_CHAIN
ipt.remove_rule(default_accept_rule)
ipt.add_rule(default_accept_rule)
self._cleanup_stale_chains(ipt)
ipt.iptable_restore()
开发者ID:QiRaining,项目名称:zstack-utility,代码行数:22,代码来源:securitygroup_plugin.py
注:本文中的zstacklib.utils.iptables.from_iptables_save函数示例由纯净天空整理自Github/MSDocs等源码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。 |
请发表评论