(self, port, family, udp, user, group)
| 81 | '--dst-type', 'LOCAL') |
| 82 | |
| 83 | def restore_firewall(self, port, family, udp, user, group): |
| 84 | # only ipv4 supported with NAT |
| 85 | if family != socket.AF_INET and family != socket.AF_INET6: |
| 86 | raise Exception( |
| 87 | 'Address family "%s" unsupported by nat method_name' |
| 88 | % family_to_string(family)) |
| 89 | if udp: |
| 90 | raise Exception("UDP not supported by nat method_name") |
| 91 | |
| 92 | table = "nat" |
| 93 | |
| 94 | def _ipt(*args): |
| 95 | return ipt(family, table, *args) |
| 96 | |
| 97 | def _ipm(*args): |
| 98 | return ipt(family, "mangle", *args) |
| 99 | |
| 100 | chain = 'sshuttle-%s' % port |
| 101 | |
| 102 | # basic cleanup/setup of chains |
| 103 | if ipt_chain_exists(family, table, chain): |
| 104 | if user is not None or group is not None: |
| 105 | margs = ['-D', 'OUTPUT', '-m', 'owner'] |
| 106 | if user is not None: |
| 107 | margs += ['--uid-owner', str(user)] |
| 108 | if group is not None: |
| 109 | margs += ['--gid-owner', str(group)] |
| 110 | margs += ['-j', 'MARK', '--set-mark', str(port)] |
| 111 | nonfatal(_ipm, *margs) |
| 112 | |
| 113 | args = '-m', 'mark', '--mark', str(port), '-j', chain |
| 114 | else: |
| 115 | args = '-j', chain |
| 116 | nonfatal(_ipt, '-D', 'OUTPUT', *args) |
| 117 | nonfatal(_ipt, '-D', 'PREROUTING', *args) |
| 118 | nonfatal(_ipt, '-F', chain) |
| 119 | _ipt('-X', chain) |
| 120 | |
| 121 | def get_supported_features(self): |
| 122 | result = super(Method, self).get_supported_features() |
no test coverage detected