1 # vim: set encoding=utf-8 et sw=4 sts=4 :
3 from formencode import Invalid
4 from formencode.validators import OneOf, CIDR, Int
6 from pymin.item import Item
7 from pymin.validatedclass import Field
8 from pymin.service.util import ListSubHandler
10 __all__ = ('FirewallHandler',)
14 def validate_python(self, value, state):
16 return OneOf.validate_python(self, value, state)
19 r"""Rule(chain, target[, src[, dst[, ...]]]) -> Rule instance.
21 chain - INPUT, OUTPUT or FORWARD.
22 target - ACCEPT, REJECT or DROP.
23 src - Source subnet as IP/mask.
24 dst - Destination subnet as IP/mask.
25 protocol - ICMP, UDP, TCP or ALL.
26 src_port - Source port (only for UDP or TCP protocols).
27 dst_port - Destination port (only for UDP or TCP protocols).
29 chain = Field(UpOneOf(['INPUT', 'OUTPUT', 'FORWARD'], not_empty=True))
30 target = Field(UpOneOf(['ACCEPT', 'REJECT', 'DROP'], not_empty=True))
31 src = Field(CIDR(if_empty=None, if_missing=None))
32 dst = Field(CIDR(if_empty=None, if_missing=None))
33 protocol = Field(UpOneOf(['ICMP', 'UDP', 'TCP', 'ALL'], if_missing=None))
34 src_port = Field(Int(min=0, max=65535, if_empty=None, if_missing=None))
35 dst_port = Field(Int(min=0, max=65535, if_empty=None, if_missing=None))
36 def chained_validator(self, fields, state):
38 if fields['protocol'] not in ('TCP', 'UDP'):
39 for name in ('src_port', 'dst_port'):
40 if fields[name] is not None:
41 errors[name] = u"Should be None if protocol " \
42 "(%(protocol)s) is not TCP or UDP" % fields
44 raise Invalid(u"You can't specify any ports if the protocol "
45 u'is not TCP or UDP', fields, state, error_dict=errors)
47 class RuleHandler(ListSubHandler):
48 r"""RuleHandler(parent) -> RuleHandler instance :: Handle a list of rules.
50 This class is a helper for FirewallHandler to do all the work related to rules
53 parent - The parent service handler.
56 handler_help = u"Manage firewall rules"
58 _cont_subhandler_attr = 'rules'
59 _cont_subhandler_class = Rule
projects / software / pymin.git / blob