MCPcopy
hub / github.com/sshuttle/sshuttle / setup_firewall

Method setup_firewall

sshuttle/methods/pf.py:450–474  ·  view source on GitHub ↗
(self, port, dnsport, nslist, family, subnets, udp,
                       user, group, tmark)

Source from the content-addressed store, hash-verified

448 return sock.getsockname()
449
450 def setup_firewall(self, port, dnsport, nslist, family, subnets, udp,
451 user, group, tmark):
452 if family not in [socket.AF_INET, socket.AF_INET6]:
453 raise Exception(
454 'Address family "%s" unsupported by pf method_name'
455 % family_to_string(family))
456 if udp:
457 raise Exception("UDP not supported by pf method_name")
458
459 if subnets:
460 includes = []
461 # If a given subnet is both included and excluded, list the
462 # exclusion first; the table will ignore the second, opposite
463 # definition
464 for _, swidth, sexclude, snet, fport, lport \
465 in sorted(subnets, key=subnet_weight):
466 includes.append((sexclude, b"%s/%d%s" % (
467 snet.encode("ASCII"),
468 swidth,
469 b" port %d:%d" % (fport, lport) if fport else b"")))
470
471 anchor = pf_get_anchor(family, port)
472 pf.add_anchors(anchor)
473 pf.add_rules(anchor, includes, port, dnsport, nslist, family)
474 pf.enable()
475
476 def restore_firewall(self, port, family, udp, user, group):
477 if family not in [socket.AF_INET, socket.AF_INET6]:

Callers 7

test_setup_firewallFunction · 0.45
test_setup_firewallFunction · 0.45
test_mainFunction · 0.45
mainFunction · 0.45

Calls 5

family_to_stringFunction · 0.90
pf_get_anchorFunction · 0.85
add_anchorsMethod · 0.45
add_rulesMethod · 0.45
enableMethod · 0.45

Tested by 6

test_setup_firewallFunction · 0.36
test_setup_firewallFunction · 0.36
test_mainFunction · 0.36