| 448 | return sock.getsockname() |
| 449 | |
| 450 | def setup_firewall(self, port, dnsport, nslist, family, subnets, udp, |
| 451 | user, group, tmark): |
| 452 | if family not in [socket.AF_INET, socket.AF_INET6]: |
| 453 | raise Exception( |
| 454 | 'Address family "%s" unsupported by pf method_name' |
| 455 | % family_to_string(family)) |
| 456 | if udp: |
| 457 | raise Exception("UDP not supported by pf method_name") |
| 458 | |
| 459 | if subnets: |
| 460 | includes = [] |
| 461 | # If a given subnet is both included and excluded, list the |
| 462 | # exclusion first; the table will ignore the second, opposite |
| 463 | # definition |
| 464 | for _, swidth, sexclude, snet, fport, lport \ |
| 465 | in sorted(subnets, key=subnet_weight): |
| 466 | includes.append((sexclude, b"%s/%d%s" % ( |
| 467 | snet.encode("ASCII"), |
| 468 | swidth, |
| 469 | b" port %d:%d" % (fport, lport) if fport else b""))) |
| 470 | |
| 471 | anchor = pf_get_anchor(family, port) |
| 472 | pf.add_anchors(anchor) |
| 473 | pf.add_rules(anchor, includes, port, dnsport, nslist, family) |
| 474 | pf.enable() |
| 475 | |
| 476 | def restore_firewall(self, port, family, udp, user, group): |
| 477 | if family not in [socket.AF_INET, socket.AF_INET6]: |