#fdSrSSKrSSKrSSKrSSKrSSKrSSKrSSKJrJ r SSK J r J r J r JrJrJr SSKr"SS\R&R(5rg)z-backend_iptables.py: iptables backend for ufwN)UFWErrorUFWRule)warndebugmsgcmdcmd_pipe _findpathc\rSrSrSrSSjrSrSrSrSSjr S r S r S r S r S rSrSrSSjrSSjrSrSSjrSrSrSrSrg)UFWBackendIptableszInstance class for UFWBackendNc S[RR-S-UlX lX0l0n[ [RRU5n[RRUS5US'[RRUS5US'[RRUS5US'[RRUS 5US '[RRUS 5US '[RRUS 5US'[RR[ [RRU5S5US'[RRRUSXX#S9 ////S.UlSHnSnUS:Xa"UR!5(aXv- nOUS:XaM-SH7nSH.n U<SU<SU <3n URUR#U 5 M0 M9 URSR#US-5 URSR#US-5 M /SQUlSUlg )!z!UFWBackendIptables initializationz# z _comment #zufw/user.rulesruleszufw/before.rules before_ruleszufw/after.rules after_ruleszufw/user6.rulesrules6zufw/before6.rules before6_ruleszufw/after6.rules after6_ruleszufw-initinitiptables)rootdirdatadir)beforeuseraftermisc)46ufwr)rrrinputoutputforward-z -logging-rz -logging-denyz-logging-allow)-mlimit--limitz3/minute-jLOG --log-prefixz[UFW LIMIT BLOCK]N)rcommon programName comment_strrrr config_dirospathjoin state_dirbackend UFWBackend__init__chainsuse_ipv6appendufw_user_limit_logufw_user_limit_log_text) selfdryrunrrfilesr.ver chain_prefixloctargetchains 6/usr/lib/python3/dist-packages/ufw/backend_iptables.pyr5UFWBackendIptables.__init__ s#**"8"88<G  szz44g> j2BCg " Z9K Ln!ww||J8IJm'',,z3DEh!#j:M!No " Z9K Ln  Yszz/C/CW%M%/1f  ''j&07 ( J"$R"bI C Lcz==?? 'LCZ2VLEKK$++E2=3 KK  & &|o'E F KK  & &|6F'F G"#3(;$c[S5nURSS:XaUS- nU$URSS:XaUS- nU$URSS:XaUS- nU$US - nU$) zGet current policyz New profiles:default_application_policyacceptz allowdropz denyrejectz rejectz skip)_defaults)r;rstrs rCget_default_application_policy1UFWBackendIptables.get_default_application_policyPs! ==5 6( B H D ]]7 8F B GOD  ]]7 8H D I D  GOD rEc UR(GdUS:wa%US:waUS:wa[S5U-n[U5eUS:wa%US:waUS:wa[S5U-n[U5eS nUS:XaS nOUS:XaS nS nS nUS:Xa)URURS SU-S5 SnSnOWUS:Xa)URURS SU-S5 SnSnO(URURS SU-S5 SnSn[ R"S U-5nURSURS4Hn[RRU5n U Sn U SHhn URU 5(a0[RRXRXk55 MI[RRX5 Mj [RRU 5 M [S5X!S.-n U [S5- n U $![ a ef=f![ a ef=f![ a ef=f![ a ef=f![ a ef=f)zSets default policy of firewallallowdenyrJzUnsupported policy '%s'incomingoutgoingroutedz%Unsupported policy for direction '%s'INPUTOUTPUTFORWARDrLzDEFAULT_%s_POLICYz"ACCEPT"z UFW BLOCKz UFW ALLOWz"REJECT"z"DROP"rrtmporigz5Default %(direction)s policy changed to '%(policy)s' ) directionpolicyz*(be sure to update your rules accordingly))r<rKr set_defaultr= Exceptionrecompilerutil open_filessearch write_to_filesub close_files) r;r]r\err_msgrB old_log_str new_log_strpatffnsfdlinerMs rCset_default_policy%UFWBackendIptables.set_default_policy^s{{{ Vv%5&H:L56&Aw''J&9 +BH$CD&(w''EJ& h&!KK $$TZZ %;,?5,I,8: * ) 8#$$TZZ %;,?5,I,8: * ) $$TZZ %;,?5,I,68 * ) **S;./Cjj/N1KL((--a0CZKDzz$''..r77;3MN..r8 ( HH((-M$IJ )<> >?? _!!!!!s<#H6#H)#H8II H&) H58 I I I"cUR(a!S[S5-nUS[S5-- nU$UR5 /SQn/n/nUS:XaURS5 /SQn/SQnGOUS :XaS H+nURS U-5 URS U-5 M- S H+nURS U-5 URS U-5 M- SH+nURSU-5 URSU-5 M- SHnURSU-5 M GOUS:Xa3SH+nURSU-5 URSU-5 M- GOUS:XaSH+nURSU-5 URSU-5 M- URSS(a"URS5 URS5 URSS(a"URS5 URS5 GOUS :Xa2SH+nURS!U-5 URS"U-5 M- OUS#:XaSH{nURS$U-5 URS%U-5 URS&U-5 URS'U-5 URS(U-5 URS)U-5 M} URS*5 URS+5 URS,5 URS-5 S.U-nUHnS/U;a=UR S/5upUS0U -- n[ UR/U-USU /-5upO[ UR/U-U/-5upX+- nUS:waUS1- nU S2:wdM|[U5e US:XdUR5(aUS3- nUHnS/U;a=UR S/5upUS0U -- n[ UR/U-USU /-5upO[ UR/U-U/-5upX+- nUS:waUS1- nU S2:wdM|[U5e U$)4z'Show current running status of firewall> zChecking raw iptables zChecking raw ip6tables )-nz-vz-x-Lrawz-t)filternatmanglerv)rwryrvbuiltins)rVrXrWz filter:%s) PREROUTINGrVrXrW POSTROUTINGz mangle:%s)r{rWzraw:%s)r{r|rWznat:%sr)r!r#r"z ufw-before-%szufw6-before-%sr ufw-user-%s ufw6-user-%sr&rzufw-user-limit-acceptufw-user-limitrzufw6-user-limit-acceptufw6-user-limitrz ufw-after-%sz ufw6-after-%sloggingzufw-before-logging-%szufw6-before-logging-%szufw-user-logging-%szufw6-user-logging-%szufw-after-logging-%szufw6-after-logging-%szufw-logging-allowzufw-logging-denyzufw6-logging-allowzufw6-logging-denyz IPV4 (%s): :z(%s)  rz IPV6: ) r<rKinitcapsr8capssplitrrrr7 ip6tables) r; rules_typeoutargsitemsitems6cbitrcrZs rCget_running_raw"UFWBackendIptables.get_running_raws! ;;455C 4!677 7CJ '   KK 6E0F : %3 [1_- kAo.4% [1_- kAo.%. X\* hl+.= X\*= 8 #3 _q01 .2346 !3 ]Q./ nq014yy!#& 45 -.yy!#& 67 /0 7 "3 ^a/0 o1249 $3 4q89 6:; 2Q67 4q89 3a78 59: 4 LL, - LL+ , MM. / MM- . +Aaxw!}$$ 6!T1 EF S$ 6! <=  JCU"t Qwsm#  $--// = C!8WWS\FQ7a=(C #T]]Od$:aq\$I JIR #T^^$4t$;qc$A BIR &4KC7"3-' rEc SnUR(a6S[S5-nUR5(aUS[S5-- nU$[S5nSHn[URSSU-S /5upcUS :Xa [S 5s $US :wa[ US U--5eUR5(dMb[UR SSU-S /5upgUS :wdM[ US-5e SnSn Sn URUR-n S n 0n U GH;nSn0nSnSnU(dMURS:wdURS:wa-SnUR5nUU ;a[SU-5 M[SU U'SGHnSUU'SnSnUS:XaYURnU(d9URS:wa)URnUR(a US:XaUS- nOeURnOXUR nU(d9URS:wa)URnUR(a US:XaUS- nO UR"nUS:wa US:waUUU'US:wGaUUS:XaUUU'OUU==SU-- ss'U(a*UR$S:waUU==SUR$-- ss'U(aUS:Xa[URS:waKUU==SUR-- ss'UR(aUS:Xa UU==S- ss'UU==S- ss'US:Xa[URS:waKUU==SUR-- ss'UR(aUS:Xa UU==S- ss'UU==S- ss'US:XaUS:XdUS:Xa~SUU'U(a^UR$S:waNURUR :Xa4URUR":XaUU==SUR$-- ss'US:Xa UU==S- ss'OU(aDUR$S:wa4URUR":XaUU==SUR$-- ss'OGUR(a6UR S:Xa&URS:XaSUU;a UU==S- ss'UR&(aiUS:Xa*UR(S:waUU==SUR(-- ss'US:Xa0UR*S:waUU==SUR*-- ss'GMGMGMUS:Xa*UR(S:waUU==SUR(-- ss'US:XdGMUR*S:wdGMUU==SUR*-- ss'GM /nSnUR,(dUR.R15S :XaUR,(a)UR3UR,R155 U(a+UR.S :XaUR3UR.5 [5U5S :aS!S"R7U5-nU(aUS#U -- nUR.R95nUR&(aS$nUR.S%:Xa!UR&(dU(d U(dSnSnUR:S:waS&UR=5-nUUS<S'SSR7UR>R95U/5<S(US<S'U<U<S)3- nU(aX- nO/UR&(aX- n OUR.S :XaX- n OX- nU S - n GM> US:wd U S:wdU S:waS*nU(aUS+- n[S,5n[S-5n[S.5nS/nUUUU4-nU(aUS+- nUUS0[5U5-S0[5U5-S0[5U5-4-- nUU- nUS:waUU- nUS:waU S:waU[S)5- nU S:waUU - nUS:waU S:waU[S)5- nU S:waUU - nUnU(auURA5un n![S15URC5URCS25URCS3S5S4.-n"URE5n#[S55U!U"U#US6.-$[S75U-$)8zShow ufw managed rulesrYrszChecking iptables zChecking ip6tables problem runningr rur}rtzStatus: inactiverz iptables: %s r~ ip6tablesTFzSkipping found tuple '%s')dstsrcrz::/0 (v6)z 0.0.0.0/0any /z (%s)rAnywherez on %srz (%s)z, z[%2d] FWDinz # %s2612rz z ToFromActionz%-26s %-12s%s r$zCDefault: %(in)s (incoming), %(out)s (outgoing), %(routed)s (routed)r"r#)rrrUz0Status: active %(log)s %(pol)s %(app)s%(status)s)logpolappstatuszStatus: active%s)#r<rKr7rrrrrrdappsapp get_app_tuplerrv6dportrsportprotocolr# interface_in interface_outlogtyper\lowerr8lenr1uppercomment get_commentaction get_loglevel_get_default_policyrN)$r;verbose show_countrrhr\rout6sstr_outstr_rtercount app_rulesrtmp_strlocationtupl show_protor@portrZattribs attrib_strdir_strr-full_strstr_tostr_from str_actionrules_header_fmt rules_headerlevel logging_str policy_strapp_policy_strs$ rC get_statusUFWBackendIptables.get_statuss ;;011C}}ta 6777J%&7IT]]D)Y7?@IRQw+,,qw):c)BBCC}} $..$!/9!=t"EF 7"7\#9::8  T[[( AGHDJ" " " (9$5>?&*IdO' " %<%%C"qvv| vv44C6M GOD ww%%C"qvv| vv44C6M GOD ww+%#-$'HSM5=}*(,   t3 !ajjE&9  qzz)99 %>M ttv (  8 $SMS0M%>M ttv (  8 $SMS0M5=k)SF](2 &!***=55AEE>agg.@$SMS1::-==M&=$SMW4M&!***=77agg-$SMS1::-==MTTaeevo!%%6/hsm3SMW,M99e|"(<  Q^^)DD e|2(=  Q__)EE )>|e|"(<  Q^^)DD e|2(=  Q__)EE q(tGJyyAKK--/5899NN199??#45!++"6NN1;;/w!?J8u--kk'')Gyy{{d"199:KyyB% 7 8E?03!((..:J:A:C1D080; = =G 99&G[[E)&GLA QJEil 7gmw"}HG#tWFyH8J0 +vz8.LLL' , 3v;. 3z?2 3x=022 2L  $HBwA Bw7b=AdG#"}G#Bw7b=AdG#"}G#A #'#4#4#6 UK12&*%=%=%?&*&>&>x&H)-)A)A)BF*HIJJ"@@BNJK)*,;< <'(A. .rEcUR(a[S[S5-5 g/nURURS5 UR beUR bXURS5 URUR 5 URS5 URUR 5 URS5 [U5up#US:wa[S U-5n[U5eg) zStop the firewallrsrunning ufw-initrN --rootdir --datadirz force-stoprproblem running ufw-init %s) r<rrKr8r=rrrrr;rrrrhs rC stop_firewall UFWBackendIptables.stop_firewalls ;; q+,, -D KK 6* +||'DLL,D K( DLL) K( DLL) KK %D IRQw:S@Aw''rEcpUR(a[S[S5-5 g/nURURS5 UR beUR bXURS5 URUR 5 URS5 URUR 5 URS5 [U5up#US:wa[S U-5n[U5eS UR;d4URS [URR55;aURS 5 gURURS 5 g![a [S 5n[U5ef=f![a [S 5n[U5ef=f)zStart the firewallrsrrNrrstartrrloglevellowzCould not set LOGLEVELzCould not load logging rules)r<rrKr8r=rrrrrLlist loglevelskeys set_loglevelr_update_loggingrs rCstart_firewall!UFWBackendIptables.start_firewallse ;; q+,, -D KK 6* +||'DLL,D K( DLL) K( DLL) KK D IRQw:S@Aw''.}}Z(T^^5H5H5J0KK,%%e, ,'' j(AB !, 89G"7++, !, >?G"7++,s>E0F0!F!F5cUR(agUR5 SnURnU(aSnURnSHynUS:XdUS:Xa@U(aURSS(dM/U(dURSS(dMO[ US S US -U-/5upVUS :wdMn[ S 5 g g)zCheck if all chains existFrufw6)r!r"r#r& limit-acceptr&rrrrtru-user-rz_need_reload: forcing reloadT)r<rrrrrr)r;rprefixexerBrrs rC _need_reloadUFWBackendIptables._need_reloads ;; mm F..CNE5N#:dii05DIIg$6s$;S$fx.?%.GHIIRQw45OrEc[S5nUR(a-[S5 UR5(a [S5 ggUR 5(aUR SH+nUR USU/5 UR USU/5 M- [SURS/URS /5up4US :wa[US -5eUR5(a>[SURS /URS /5up4US :wa[US -5eggg![a [U5ef=f)zReload firewall rules filerz> | iptables-restorez> | ip6tables-restorer-F-Zcatrrtrz iptablesrrN) rKr<rr7 is_enabledr6 _chain_cmdr_rr r=iptables_restoreip6tables_restore)r;rhrrrs rC_reload_user_rules%UFWBackendIptables._reload_user_rules:s;%& ;; & '}}+, __   (V,AOOAay1OOAay1-!%G)@IRQww455}}$eTZZ-A%B&*&<&D00Ec /n[R"S5n[R"S5n[R"S5nURU5(aURU5(aURU5(a2URUR SUR SU555 O!URUR SU55 URUR SU55 O3URUR SU55 OURU5 [R"S5n[R"S 5n [R"S 5n S n [ U5GHHupURU 5(dMUR S U 5R 5nUR5S :XaSnOUR5S:XaSnOSnU <SU<S3nU RU 5(dSU-nUR SU 5XL'URXR SU-S-U-U 55 URXR SU-S-U-UR SU 555 URXR SU-S-U-UR SU-U 555 GMK [R"S5n[ U5HupURU 5(dMUR SU 5nUR SU-S-U 5nUR SU-S -U 5nUXL'URU U5 URU U5 M U$)!z5Return list of iptables rules appropriate for sendingz-p all zport z-j (REJECT(_log(-all)?)?)z-p tcp z-j \1 --reject-with tcp-resetz-p udp rYz(.*)-j ([A-Z]+)_log(-all)?(.*)z-j [A-Z]+_log-allz(-A|-D) ([a-zA-Z0-9\-]+)z'-m limit --limit 3/min --limit-burst 10\2rHALLOWr&LIMITBLOCKz -j LOG --log-prefix "[UFW ] "z-m conntrack --ctstate NEW z \1-j \2\4z\1-j z-user-logging-z\1 z \1-j RETURN\1z -j LIMITz+ -m conntrack --ctstate NEW -m recent --setzL -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j z -user-limitz -j z-user-limit-accept) r`rardr8rf enumeratestriprinsert)r;frulersuffixsnippets pat_protopat_port pat_rejectpat_log pat_logall pat_chain limit_argsrrr]lstr pat_limittmp1tmp2tmp3s rC_get_rules_from_formatted,UFWBackendIptables._get_rules_from_formattedVs#JJz* ::h'ZZ <=   E " "u%%$$U++OOIMM)"'G% !OOIMM)U$CD i ?@ b% 89 OOE "**>?ZZ 45 JJ:; > h'DA~~a   UA.446<<>X-$F\\^w.$F$F?I!((++84?D%kk,: ;;x&/@/?0@BH0IJK$MN==&1A2BDJ2K18^1224$56==&1A2BDJ2K18UT\11M$OP+(4JJ|, h'DA"" }}%R%&( }}&,.4&57D&EFGI!}}Vf_7K%KQO" 4(4((rEc/nURXU5n[R"S5n[U5HupxUR UR SU5R 55 URU5(dMLXGR S5 XGR UR SU5RSS55 XG==UR SU5R 5- ss'M U$)zLReturn list of iptables rules appropriate for sending as arguments to cmd() z(.*) --log-prefix (".* ")(.*)rr*r"rYz\3) rr`rarr8rfrmatchreplace) r;r rr r  str_snippetsrkrrs rC_get_lists_from_formatted,UFWBackendIptables._get_lists_from_formatteds55eVL jj9:l+DA OOCGGE1-335 6yy|| "">2 ""3775!#4#<##/#6#6s2w#?#?#0#7#7B#@#@),B c(:1(=(G(G(LQ(O%1),B c(:1(=(G(G(LQ(O%2%(W%7%7%>%>36r73D3DS3I!3LL%(W%7%7%?%?47G4E4Ec4J14MM$(J$,%%(VF&+G"f}*.)/c):1)="3x!|'.vs1vs1vs1v/21vs1vug/6(8(/vs1vs1vs1v/21vs1vug/6(8-/JJu,= #&q6S=09 c3q60JDI#&q6S=09 c3q60JDI+r1 $ 2 24 F,2 $ 2 25- H 8 44 KK- KK..t4 KK. JJ--d3c"f JJL{ (<=Cw'' (\ (%'()G'H)-(/H N$ %s Q9DQ+$Q(+#RRcURSnU(aURSn[R"U[R5(d[ SU-5n[ U5e[ RRU5nUR5 SnURnU(aSnURnUR(a[RR!5nOUSn[ RR#US5 [ RR#USU-S -5 [ RR#USU-S -5 [ RR#USU-S -5 [ RR#USU-S -5 [ RR#USU-S -5 [ RR#USU-S-5 [ RR#USU-S-5 [ RR#USU-S-5 [ RR#USU-S-5 [ RR#USU-S-5 [ RR#USU-S-5 [ RR#USU-S-5 [ RR#USU-S-5 [ RR#USU-S-5 US:XaUR$SS(dUS:XacUR$SS(aL[ RR#USU-S-5 [ RR#USU-S-5 [ RR#US5 UGHYnUR&n UR((aSUR&-n UR*S:waU SUR*-- n Sn UR,S:XaUR.S:Xa UR0n OUR,S:wa/UR.S:waS UR,<S!UR.<3n OOUR,S:wa XR0<SUR,<3- n OXR0<SUR.<3- n UR2S:XaUR4S:XaS"U <S#UR6<S#UR8<S#UR:<S#UR<<S#UR><S#U <3n UR@S:waU S$UR@-- n [ RR#X{S%-5 GO[BRD"S#5n S&n UR2(aU RGS'UR25n S&nUR4(aU RGS'UR45nS"U <S#UR6<S#UR8<S#UR:<S#UR<<S#UR><S#U <S#U<S#U <3n UR@S:waU S$UR@-- n [ RR#X{S%-5 S(nUR((aS)nOUR0S*:XaS+nU<S,U<3nS-U<S#URI5<S%3nURKUUU5H#n[ RR#UU5 M% GM\ [ RR#US.5 [ RR#US/5 URMURNS05nUHunnn[QU5S1:a US1S2:XaM!URSUS&-5(dM<[ RR#US#RUU5RWS3S45RWS5S65S%-5 M [ RR#US75 US:XaUR$SS(dUS:XGa UR$SS(a[ RR#US85 URNS0S9:waU[ RR#US-U-S:-S#RUURX5-S;-URZ-S<-5 [ RR#US-U-S=-5 [ RR#US-U-S>-5 [ RR#US?5 [ RR#US@5 UR(a![ RR]USA5 gB[ RR]U5 gB![a ef=f![a ef=f![a ef=f)Cz.Write out new rules to file to user chain filerrz'%s' is not writablerrrZz*filter rz-user-input - [0:0] z-user-output - [0:0] z-user-forward - [0:0] z-before-logging-input - [0:0] z-before-logging-output - [0:0] z -before-logging-forward - [0:0] z-user-logging-input - [0:0] z-user-logging-output - [0:0] z-user-logging-forward - [0:0] z-after-logging-input - [0:0] z-after-logging-output - [0:0] z-after-logging-forward - [0:0] z-logging-deny - [0:0] z-logging-allow - [0:0] r&rrz-user-limit - [0:0] z-user-limit-accept - [0:0] z### RULES ### zroute:rYrKr(z!out_z ### tuple ### rz comment=%srr$r.r!r#rr"rz-A z ### END RULES ### z ### LOGGING ### rr-D[z"[z] rz### END LOGGING ### z ### RATE LIMITING ### offz -user-limit z "z " z-user-limit -j REJECT z-user-limit-accept -j ACCEPT z### END RATE LIMITING ### zCOMMIT FN)/r=r/accessW_OKrKrrrbrcr_rrrr<sysstdoutfilenorerrr#rrrr\rrrrrrrrr`rarf format_ruler_get_logging_rulesrLrr1r1rr9r:rg)r;r rules_filerhrmr?rrnrrifaceststrr>rr chain_suffixrBrule_strrlrules_trqs rC _write_rulesUFWBackendIptables._write_rulessFZZ( H-JyyRWW--.*=>G7# # ((%%j1C    !LKKE ;;""$BUB r;/ r3#58O#OP r3#5)A$B C r3#5)B$C D r3#5)J$K L r3#5)K$L M r3#5)L$M N r3#5)H$I J r3#5)I$J K r3#5)J$K L r3#5)I$J K r3#5)J$K L r3#5)K$L M r3#5)B$C D r3#5)C$D E E !dii&8&= F "tyy'9#'> HH " "2s\'9-D(E F HH " "2s\'9-K(L M r#45AXXFyy!AHH,yyB# /)F~~#2(=2%!//R*?+,>>1??K>>R'annEEFaooFFFvv|" ajj!''155!''15599?MAII55D&&r$;7JJsO 66$==7D66$==7D AGGQUUAGGQUUdF,99?MAII55D&&r$;7"Lyy( %' $0,?E',ammo>H33Hl4@B&&r1-Bcl r#:; r#89 ..t}}Z/HIH GAq!1vzaddl||L3.//&&rHHQK''T2::4G   r#:; E !dii&8&= F "tyy'9#'> HH " "2'B C}}Z(E1&&r5%,&(6,7$"9"9:,;,"&!=!=,>AH,HI HH " "2u|';2(3 4 HH " "2u|';9(: ; HH " "2'D E r:. {{$$S%0$$S)o   n   B   s**g ,g/1g>g> g,/ g;> h cUR5 SnUR(akUR5(d[S5n[ U5eUR S:Xa/UR SS(d[S5UR -$O?UR S:Xa/UR SS(d[S5UR -$UR(a6URS:wa&URS :wa[S 5n[ U5e/nS nS nURnURn UR(aGURS :a+URS:wdURS:wa [S 5$URnU S:dU [U5:a[S5U -n[ U5eU S:a'UR (a[S5n[ U5eUR#5 Sn S n Sn Sn UGHnUR#5 UR&UR(URUR4nX:XaXU SS:XaU SS:XaU S:dUSS:Xa USS:XdX:wa$Sn UR+UR-55 Sn OU S- n Un U S- n [.R0"X5nUS:aU S- n US:XaFU(d?U (d8SnUR (d"UR+UR-55 GMGMUS:Xa&UR (aUR2S:XaSnGM@US:a>UR (d-U (d&SnSnUR+UR-55 GMUR+U5 GM U (a*U S:a#[S5nUR(aUS- nU$OU(d0UR (dUR+UR-55 U(dEUR (a4UR4(d#[S5nUR(aUS- nU$U(a;UR (d*U(d#[S5nUR(aUS- nU$UR(aXPlOXPl UR7UR5 [S5nUR(a [S5nUR95(GaUR4(GdSnU(d'UR;UR5(dU (adSnU (aU[S5- nOU[S5- nUR(aUS- nU(aUR=5 OU[S 5- nOU(a^UR (aMS!n[S"5nUR(aUS- nU(aUR=5 SnO;U[S 5- nO,U(d%U(dUR (d S#n[S$5nUS:wGaUR>nS%nUR(aUR@nS&nUS- nS'nURB(aS(nOURDS):XaS*nU<S+U<3n[S,5n[GUS-US./5unnUS:wa [ U5eU<S/U<S/URI5<3n[JRL"S05nUROUUU5Hn[GU/U-5unnUS:wa%[QU[RRT5 [ U5 US#:XdMHURWS/RYU55(dMoUR[S1S/RYU55nUS!US2S3/5unnUS:wdM[]S4U-5 M U$![$a ef=f![$a ef=f![a e[$a [S5n[ U5 GNZf=f![$a ef=f![$a ef=f)5a(Updates firewall with rule by: * appending the rule to the chain if new rule and firewall enabled * deleting the rule from the chain if found and firewall enabled * inserting the rule if possible and firewall enabled * updating user rules file * reloading the user rules file if rule is modified rYz)Adding IPv6 rule failed: IPv6 not enabledr&rz#Skipping unsupported IPv6 '%s' rulerz#Skipping unsupported IPv4 '%s' ruleudptcpz/Must specify 'tcp' or 'udp' with multiple portsFz1.4z:Skipping IPv6 application rule. Need at least iptables 1.4rzInvalid position '%d'z Cannot specify insert and deleter)rYrYrYrYr'r+Tz Skipping inserting existing rulerz"Could not delete non-existent rulezSkipping adding existing rulezCouldn't update rules filez Rules updatedzRules updated (v6)z Rule insertedz Rule updatedz (skipped reloading firewall)rCz Rule deleted-Az Rule addedrrr!r#rr"r!Could not update running firewallrurtrz(-A +)(ufw6?-user-[a-z\-]+)(.*)rr(RETURNzFAILOK: -D %s -j RETURN)/rrr7rKrrrmultirrpositioniptables_versionrrrrremove normalizer_rrr8dup_rulerrrr<rTrrrrrr#r\rrKr`rarrrHstderrrdr1rfr)r;r= allow_reloadrMrhnewrulesfoundmodifiedrr^rinsertedmatcheslastrcurrentretflagrr?rPrBrrrQrrrs rCset_ruleUFWBackendIptables.set_rules  77==??GHw''{{g%dii.@.E>?4;;OO{{g%dii.@.E>?4;;OO ::$--50T]]e5KIJG7# # == 77$$u,$))r/26))r/UVVKKE a<8c%j0/0H=G7# # a77GOD t{{88977GOD 77"K!J    dgg &! 77)*D ??  T[[[D4,,TWW55Ao..DAn--D77GOD//1A=>>D4;;(77GOD//1DA=>>D8DKKrzmm$ 77..C#)LGOD& <<#,L^^u,#+L(4lC?@dE4 89 S7"7++)-ud6F6F6HI**%GH778D8DFA!$SEAIIRQwC, )t|sxx{(C(C#KKsxx{;$'dAtX(F$G S7!";q"ABF [     T   45G W  2% %sB'__)0_8`)1`8 _&) _58*`&%`&) `58 acr/n/nU(a URnO URnUR5nURU5 UR 5 UR 5nUHKnUR5nUR 5 UR 5n X:XdM:UR U5 MM U$)z@Return a list of UFWRules from the system based on template rule)rrrbr3rarr8) r;templaterrrnormrrrZ tmp_tuples rCget_app_rules_from_system,UFWBackendIptables.get_app_rules_from_systems KKEJJE  " B !!#A**,C MMO))+I   % rEcURnURS5(a URn[U/U-5upVUS:wa/[ SU-5nU(a[ SU-5 g[ U5eg)zPerform command on chainrrzCould not perform '%s'zFAILOK: N)rr1rrrKrr)r;rBrfail_okrrrrhs rCrUFWBackendIptables._chain_cmdsnmm   F # #..C %  70D9:Gj7*+w'' rEcUR(agUR5 /nURU5nUR SS9 UR SS9 UR5(dg[ S5nURSURS-URS -URS -HnURUS US /5 M URSURS -URS -H+nURUS U/5 URUSU/5 M- UHbupEnSn[U5S:a USS:XaSnUS:Xa'[U5S:aURUS/USS-SS9 URXEU5 Md SHnURSS(aUS:Xd!URSS(dM9US:XdMAURUSU/UR-URS-/-SS9 URSS:wdMURUSU/UR-URS-/-SS9 M g![a ef=f![ a e[a [ S5n[ U5 GN?f=f![a [ U5ef=f![a [ U5ef=f![a [ U5ef=f)z#Update loglevel of running firewallNF)rTz&Couldn't update rules file for loggingr[rrrrrurtrrrrC delete_firstr)rw)rrr&rrrrrrrE-I)r<rrLr_rTrrKrr6rrrr9r:rL) r;rrules_trhrrrSrwrBs rCr!UFWBackendIptables.update_loggings ;;   --e4G       '     &  78X&V)<< ;;w  "&++f"56A (D!T?36 $[[*T[[-AA{{6"#D!9-D!9-#GA!G1vzaddl (&3q6A:OOAv!"~tODg.;E '"3'E5E,E '"3''E5F,Fe} $ 7 7(8!%!=!=!C D(E)- .==,5OOED%=$($;$;,<%)%A%AC%G$H,I-1$2;e      @AG W   (w'' ( $7# # $ (w'' (sAII(:JAJ2?K  I%(*JJJ/2K K!c|/nU[URR55;a[S5U-n[ U5eUS:Xa0UR SHnUR USUSS/S/5 M U$UR SHnUR USUSS/S /5 M /S QnURUURS :Ga/nURUURS :aUnUR S HnSHnURU5(dMURU5S:XdURU5S:Xa!SnUR USUSSSU/U-S /5 MfURUURS:dMSnUR USUSSSU/U-S /5 M M /nURUURS :aUnUR SHnURS5(aSnOyURS5(acSnURUURS:a UR USUSSSSSS/U-S /5 O!UR USUSSSSSSSS/ U-S /5 UR USUSSSW/U-S /5 M URUURS:a/nURUURS:aUnURUURS :a/SQU-nS nUR S!H nUR USUSSSU/U-S /5 M" U$)"z%Get rules for specified logging levelzInvalid log level '%s'rErr{r(r\rzrCrY)r%r&r'z3/minz --limit-burst10rhighrr rJrRz [UFW BLOCK] rZr)r*mediumz [UFW ALLOW] rrQr% conntrack --ctstateINVALIDz[UFW AUDIT INVALID] full)r%rrNEWz [UFW AUDIT] r) rrrrKrr6r8endswithr) r;rr|rhrrlargsrrs rCrL%UFWBackendIptables._get_logging_ruless T^^0023 301U;G7# # E>[[(D!T8#>% DNN5$9 9E~~e$t~~f'=="[[)7Azz!}}33A6(B33A6&@%3F#NNAau0>0H050679,;<"^^E2dnnX6NN%3F#NNAau0>0H050679,;<8* E~~e$t~~f'=="[[(::g&&+FZZ''+F~~e,t~~h/GGD!T;,7,0(,<>C,DEG(IJ D!T;,7,0%,:,B ,D ). ,. 02 (34 D!T5$2F$<>C$DEG IJ#)* >>% DNN8$< <E~~e$t~~f'=="~~e$t~~f'==?*L#F[[*D!T5$2F$<>C$DEG IJ+rEc .Sn[[RRUR5n/nUR HnUR UR S5(dM(URUR U5 [RRUS[RRUR U55n[RRU5(aM[S5U-n[U5e [R "S5nUHInU<SU<3n[RR#U5(dM2[S5U-n[U5e UHSnU<SU<3nU[S5[RRU5US .-- n[R$"XE5 MU UGHnU<SU<3n[&R("[RRUS[RRU55[RR+U55 [&R,"X5 [R."U5n U [.R0n U [.R6-(aU[S 5U-- nMU [.R8-(dGMU[S 5U-- nGM U$![2a [S 5U-n [5U 5 GMBf=f) zReset the firewallrYz.rulesrzCould not find '%s'. Abortingz %Y%m%d_%H%M%S.z'%s' already exists. Abortingz"Backing up '%(old)s' to '%(new)s' )oldnewzCouldn't stat '%s'zWARN: '%s' is world writablezWARN: '%s' is world readable)r rr+ share_dirrr=rr8r/r0r1basenameisfilerKrtimestrftimeexistsrenameshutilcopydirnamecopymodestatST_MODEr_rS_IWOTHS_IROTH) r;resrallfilesrfnrhextrstatinfomoder?s rCresetUFWBackendIptables.resethsdcjj22DLLA A::a=))(33 OODJJqM *i gg..tzz!}=?B77>>"%%;<Cw''mmO, As#Bww~~b!!;<Cw'' As#B 1:;WW--a0<> >C IIa  A$C KK Y %'WW%5%5a%8:* , OOC # 771: - dll"q78A>> $$q78A>>%(  12a8X s%)K,,#LL)r6r-rrrrr9r:)NN)FF)F)T)__name__ __module__ __qualname____firstlineno____doc__r5rNrprrrrrrrrr@rTrnrtrrrLr__static_attributes__rErCr r sx'.;` IV[zc/J($,B8;8BH$cJgRcJ0 (H2TXt8rEr )rr/r`rrrHr ufw.commonrrufw.utilrrrrr r ufw.backendrr3r4r rrErCrs@3" (??B//BrE