# vim: tabstop=4 shiftwidth=4 softtabstop=4
# Copyright 2010 United States Government as represented by the
# Administrator of the National Aeronautics and Space Administration.
# Copyright 2011 Justin Santa Barbara
# All Rights Reserved.
# Copyright (c) 2010 Citrix Systems, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
import os,sys,time,commands,shutil,re,traceback
from kxtools import config
from kxtools import log
LOG = log.get_logger(__name__)
cfg = config
def COMM(cmd):
# Call system commands
try:
x,y = commands.getstatusoutput(cmd)
if x == 0:
return y
return y
except:
LOG.error(traceback.format_exc())
def iptablesRestore():
# Effective firewall
try:
os.system("/sbin/iptables-restore /etc/sysconfig/iptables")
except:
LOG.error(traceback.format_exc())
def removes(sfile,dfile):
# removes files
try:
shutil.copy(sfile,dfile)
LOG.info(‘Copy %s is ok‘%sfile)
except:
LOG.error(traceback.format_exc())
return ‘False‘
def add_filrewall(zones,ips):
CONF=cfg.load_cfg()[‘iptables‘]
if zones != ‘TW‘:
sfile = CONF[‘file‘]
else:
sfile = CONF[‘fw_file‘]
for i in [‘161‘,‘5666‘]:
_insertFirewall(ips,zones,sfile,i)
def _insertFirewall(ips,zones,sfile,ports):
f = open(sfile).readlines()
for ip in ips:
for n,s in enumerate(f):
if re.search(ip,s) and re.search(ports,s):
break
else:
if re.search(‘--dport 9090‘,s):
mes = s.split(‘ ‘)
a = n
role = "%s %s -s %s -m state --state NEW -m tcp -p tcp --dport %s -j ACCEPT \n" %(mes[0],mes[1],ip,ports)
f.insert(a,role)
break
fp = open(sfile,‘w‘)
fp.writelines(f)
fp.close()
iptablesRestore()
LOG.info(" %s zone zabbix firewall is oK "%zones)
原文:http://swq499809608.blog.51cto.com/797714/1401329