File: //usr/lib/python3.6/site-packages/sshuttle/methods/__pycache__/nft.cpython-36.opt-1.pyc
3
�f4_� � @ sD d dl Z d dlmZ d dlmZmZ d dlmZ G dd� de�ZdS )� N)�
subnet_weight)�nft�nonfatal)�
BaseMethodc @ s e Zd Zdd� Zdd� ZdS )�Methodc
s� |rt d��d| �� �fdd�}�} |dd� |ddd � |dd
d� |d| � |d| � |d
d| � |d
d| � x�t|tdd�D ]�\}
}}}
}}d!}|r�||kr�|ddd||f f }n|r�||kr�|ddd| f }|�r|d
| f|d|
|f df �� q�|d
| f|d|
|f ddt|� f �� q�W xv� fdd�|D �D ]`\}
}� tjk�r||d
| d| dddt|� � n*� tjk�rH|d
| d | dddt|� � �qHW d S )"NzUDP not supported by nftzsshuttle-%sc s t � �| f|�� S )N)r )�action�args)�family�table� �/usr/lib/python3.6/nft.py�_nft s z#Method.setup_firewall.<locals>._nftz add table� z add chainZ
preroutingz:{ type nat hook prerouting priority -100; policy accept; }�outputz6{ type nat hook output priority -100; policy accept; }zflush chainzadd rulezoutput jump %szprerouting jump %sT)�key�reverse�ip�protocol�tcpZdportz { %d-%d }z%dzip daddr %s/%s�returnzip ttl != 63z
redirect to :c s g | ]}|d � kr|�qS )r r )�.0�i)r r r �
<listcomp>8 s z)Method.setup_firewall.<locals>.<listcomp>zip protocol udp ip daddr %szudp dport { 53 }zip6 protocol udp ip6 daddr %s)r r r )� Exception�sortedr �str�socketZAF_INETZAF_INET6)�self�portZdnsportZnslistr Zsubnets�udp�userr
�chain�_ZswidthZsexcludeZsnetZfportZlportZ tcp_portsr r )r r
r �setup_firewall sJ
zMethod.setup_firewallc s2 |rt d��d| �� �fdd�}t|dd� d S )Nz$UDP not supported by nft method_namezsshuttle-%sc s t � �| f|�� S )N)r )r r )r r
r r r
H s z%Method.restore_firewall.<locals>._nftzdelete tabler )r r )r r r r r r
r )r r
r �restore_firewallB s
zMethod.restore_firewallN)�__name__�
__module__�__qualname__r# r$ r r r r r s 4r ) r Zsshuttle.firewallr Zsshuttle.linuxr r Zsshuttle.methodsr r r r r r �<module> s