# vim: tabstop=4 shiftwidth=4 softtabstop=4 # Copyright 2010 United States Government as represented by the # Administrator of the National Aeronautics and Space Administration. # Copyright 2011 Justin Santa Barbara # All Rights Reserved. # Copyright (c) 2010 Citrix Systems, Inc. # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain # a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the # License for the specific language governing permissions and limitations # under the License. import os,sys,time,commands,shutil,re,traceback from kxtools import config from kxtools import log LOG = log.get_logger(__name__) cfg = config def COMM(cmd): # Call system commands try: x,y = commands.getstatusoutput(cmd) if x == 0: return y return y except: LOG.error(traceback.format_exc()) def iptablesRestore(): # Effective firewall try: os.system("/sbin/iptables-restore /etc/sysconfig/iptables") except: LOG.error(traceback.format_exc()) def removes(sfile,dfile): # removes files try: shutil.copy(sfile,dfile) LOG.info('Copy %s is ok'%sfile) except: LOG.error(traceback.format_exc()) return 'False' def add_filrewall(zones,ips): CONF=cfg.load_cfg()['iptables'] if zones != 'TW': sfile = CONF['file'] else: sfile = CONF['fw_file'] for i in ['161','5666']: _insertFirewall(ips,zones,sfile,i) def _insertFirewall(ips,zones,sfile,ports): f = open(sfile).readlines() for ip in ips: for n,s in enumerate(f): if re.search(ip,s) and re.search(ports,s): break else: if re.search('--dport 9090',s): mes = s.split(' ') a = n role = "%s %s -s %s -m state --state NEW -m tcp -p tcp --dport %s -j ACCEPT \n" \ %(mes[0],mes[1],ip,ports) f.insert(a,role) break fp = open(sfile,'w') fp.writelines(f) fp.close() iptablesRestore() LOG.info(" %s zone zabbix firewall is oK "%zones)
python 处理linux iptables 策略
原创swq499809608 博主文章分类:Python Shell GO ©著作权
©著作权归作者所有:来自51CTO博客作者swq499809608的原创作品,请联系作者获取转载授权,否则将追究法律责任
提问和评论都可以,用心的回复会被更多人看到
评论
发布评论
相关文章
-
Linux防火墙iptables的策略
参考网
html 重启 centos