MCPcopy Index your code
hub / github.com/sshuttle/sshuttle / restore_firewall

Method restore_firewall

sshuttle/methods/nat.py:83–119  ·  view source on GitHub ↗
(self, port, family, udp, user, group)

Source from the content-addressed store, hash-verified

81 '--dst-type', 'LOCAL')
82
83 def restore_firewall(self, port, family, udp, user, group):
84 # only ipv4 supported with NAT
85 if family != socket.AF_INET and family != socket.AF_INET6:
86 raise Exception(
87 'Address family "%s" unsupported by nat method_name'
88 % family_to_string(family))
89 if udp:
90 raise Exception("UDP not supported by nat method_name")
91
92 table = "nat"
93
94 def _ipt(*args):
95 return ipt(family, table, *args)
96
97 def _ipm(*args):
98 return ipt(family, "mangle", *args)
99
100 chain = 'sshuttle-%s' % port
101
102 # basic cleanup/setup of chains
103 if ipt_chain_exists(family, table, chain):
104 if user is not None or group is not None:
105 margs = ['-D', 'OUTPUT', '-m', 'owner']
106 if user is not None:
107 margs += ['--uid-owner', str(user)]
108 if group is not None:
109 margs += ['--gid-owner', str(group)]
110 margs += ['-j', 'MARK', '--set-mark', str(port)]
111 nonfatal(_ipm, *margs)
112
113 args = '-m', 'mark', '--mark', str(port), '-j', chain
114 else:
115 args = '-j', chain
116 nonfatal(_ipt, '-D', 'OUTPUT', *args)
117 nonfatal(_ipt, '-D', 'PREROUTING', *args)
118 nonfatal(_ipt, '-F', chain)
119 _ipt('-X', chain)
120
121 def get_supported_features(self):
122 result = super(Method, self).get_supported_features()

Callers 1

setup_firewallMethod · 0.95

Calls 3

family_to_stringFunction · 0.90
ipt_chain_existsFunction · 0.90
nonfatalFunction · 0.90

Tested by

no test coverage detected