(self, port, family, udp, user, group)
| 229 | *(udp_ports + ('--on-port', str(port)))) |
| 230 | |
| 231 | def restore_firewall(self, port, family, udp, user, group): |
| 232 | if family not in [socket.AF_INET, socket.AF_INET6]: |
| 233 | raise Exception( |
| 234 | 'Address family "%s" unsupported by tproxy method' |
| 235 | % family_to_string(family)) |
| 236 | |
| 237 | table = "mangle" |
| 238 | |
| 239 | def _ipt(*args): |
| 240 | return ipt(family, table, *args) |
| 241 | |
| 242 | mark_chain = 'sshuttle-m-%s' % port |
| 243 | tproxy_chain = 'sshuttle-t-%s' % port |
| 244 | divert_chain = 'sshuttle-d-%s' % port |
| 245 | |
| 246 | # basic cleanup/setup of chains |
| 247 | if ipt_chain_exists(family, table, mark_chain): |
| 248 | _ipt('-D', 'OUTPUT', '-j', mark_chain) |
| 249 | _ipt('-F', mark_chain) |
| 250 | _ipt('-X', mark_chain) |
| 251 | |
| 252 | if ipt_chain_exists(family, table, tproxy_chain): |
| 253 | _ipt('-D', 'PREROUTING', '-j', tproxy_chain) |
| 254 | _ipt('-F', tproxy_chain) |
| 255 | _ipt('-X', tproxy_chain) |
| 256 | |
| 257 | if ipt_chain_exists(family, table, divert_chain): |
| 258 | _ipt('-F', divert_chain) |
| 259 | _ipt('-X', divert_chain) |
| 260 | |
| 261 | def is_supported(self): |
| 262 | if which("iptables") and which("ip6tables"): |
no test coverage detected