(self, anchor, includes, port, dnsport, nslist, family)
| 209 | super(FreeBsd, self)._add_anchor_rule(kind, name, pr=pr) |
| 210 | |
| 211 | def add_rules(self, anchor, includes, port, dnsport, nslist, family): |
| 212 | inet_version = self._inet_version(family) |
| 213 | lo_addr = self._lo_addr(family) |
| 214 | |
| 215 | tables = [] |
| 216 | translating_rules = [ |
| 217 | b'rdr pass on lo0 %s proto tcp from ! %s to %s ' |
| 218 | b'-> %s port %r' % (inet_version, lo_addr, subnet, lo_addr, port) |
| 219 | for exclude, subnet in includes if not exclude |
| 220 | ] |
| 221 | filtering_rules = [ |
| 222 | b'pass out route-to lo0 %s proto tcp ' |
| 223 | b'to %s keep state' % (inet_version, subnet) |
| 224 | if not exclude else |
| 225 | b'pass out %s proto tcp to %s' % (inet_version, subnet) |
| 226 | for exclude, subnet in includes |
| 227 | ] |
| 228 | |
| 229 | if nslist: |
| 230 | tables.append( |
| 231 | b'table <dns_servers> {%s}' % |
| 232 | b','.join([ns[1].encode("ASCII") for ns in nslist])) |
| 233 | translating_rules.append( |
| 234 | b'rdr pass on lo0 %s proto udp to <dns_servers> ' |
| 235 | b'port 53 -> %s port %r' % (inet_version, lo_addr, dnsport)) |
| 236 | filtering_rules.append( |
| 237 | b'pass out route-to lo0 %s proto udp to ' |
| 238 | b'<dns_servers> port 53 keep state' % inet_version) |
| 239 | |
| 240 | rules = b'\n'.join(tables + translating_rules + filtering_rules) \ |
| 241 | + b'\n' |
| 242 | |
| 243 | super(FreeBsd, self).add_rules(anchor, rules) |
| 244 | |
| 245 | |
| 246 | class OpenBsd(Generic): |
nothing calls this directly
no test coverage detected