#fd|SrSSKrSSKrSSKrSSKJr SSKrSSKJrJ r J r SSK J r SSK rSrSr"SS 5rg) z'frontend.py: frontend interface for ufwN)UFWError)errorwarnmsg)UFWBackendIptablesc[RR5nSH1nUR[RR U55 M3 SH1nUR[RR U55 M3 SH1nUR[RR U55 M3 SH1nUR[RRU55 M3 SH1nUR[RRU55 M3 SH1nUR[RRU55 M3 /SQnUH_nUR[RRU55 UR[RRU55 Ma [U5S:anS nXR5S :XaSnXR5S :wa>XR5S :wa(XR5U;aURUS 5 [U5S:dS U;a#[U5S:a[SSS9 [!5eUR#US S5nU$![$a#n[SUR&-5 SnAW$SnAf[(a [SSS9 ef=f)zEParse command. Returns tuple for action, rule, ip_version and dryrun.) enabledisablehelpz--helpz-hversionz --versionreloadreset)listinfodefaultupdate)onofflowmediumhighfull)allowdenyreject)Nverbosenumbered)rawz before-rulesz user-rulesz after-rulesz logging-rulesbuiltins listeningadded)rlimitrrinsertdeleteprepend --dry-runrrouteruleznot enough argsF)do_exitNz%szInvalid syntax)ufwparser UFWParserregister_commandUFWCommandBasic UFWCommandAppUFWCommandLoggingUFWCommandDefaultUFWCommandStatusUFWCommandShowUFWCommandRuleUFWCommandRouteRulelenlowerr#r ValueError parse_commandrvalue Exception)argvpi rule_commandsidxpres ./usr/lib/python3/dist-packages/ufw/frontend.pyr<r<sV A  3::55a89 3 3::33A673< 3::77:;<) 3::77:;)+ 3::66q9:+A 3::44Q78A  M  3::44Q78 3::99!<=  4y1} 9??  +C 9??  ) 9??  ' 9??  - KKV $ 4y1},TQ /l __T!"X & I   dagg I  . sJ K(KKc*[S0S[RR_SS_SS_SS_SS_S S _S S _S S_SS_SS_SS_SS_SS_SS_SS_SS_SS_0S S!_S"S#_S$S%_S&S'_S(S(_S)S)_S*S*_S+S,_S-S._S/S0_S1S2_S3S3_S4S5_S6S7_S8S9_S:S;_SS?0E-5nU$)@zPrint help messagea+ Usage: %(progname)s %(command)s %(commands)s: %(enable)-31s enables the firewall %(disable)-31s disables the firewall %(default)-31s set default policy %(logging)-31s set logging to %(level)s %(allow)-31s add allow %(rule)s %(deny)-31s add deny %(rule)s %(reject)-31s add reject %(rule)s %(limit)-31s add limit %(rule)s %(delete)-31s delete %(urule)s %(insert)-31s insert %(urule)s at %(number)s %(prepend)-31s prepend %(urule)s %(route)-31s add route %(urule)s %(route-delete)-31s delete route %(urule)s %(route-insert)-31s insert route %(urule)s at %(number)s %(reload)-31s reload firewall %(reset)-31s reset firewall %(status)-31s show firewall status %(statusnum)-31s show firewall status as numbered list of %(rules)s %(statusverbose)-31s show verbose firewall status %(show)-31s show firewall report %(version)-31s display version information %(appcommands)s: %(applist)-31s list application profiles %(appinfo)-31s show information on %(profile)s %(appupdate)-31s update %(profile)s %(appdefault)-31s set default application policy prognamecommandCOMMANDcommandsCommandsr r rz default ARGloggingz logging LEVELlevelLEVELrz allow ARGSr*rz deny ARGSrz reject ARGSr"z limit ARGSr$zdelete RULE|NUMuruleRULEr#zinsert NUM RULEr%z prepend RULEr)z route RULEz route-deletezroute delete RULE|NUMz route-insertzroute insert NUM RULEnumberNUMr rstatus statusnumzstatus numberedrulesRULES statusverbosezstatus verboseshowzshow ARGr appcommandszApplication profile commandsapplistzapp listappinfozapp info PROFILEprofilePROFILE appupdatezapp update PROFILE appdefaultzapp default ARG)_r-common programName)help_msgs rFget_command_helprees>"* CJJ**"* I"* Z"* 8"* I "* M "* O "* '"* ,"* "* "* ="* ,"* $"* &"* $"* N!"*" ,#"*$ 0%"*& 0'"*( 5)"** 8+"*, '-"*. 8/"*0 '1"*2 '3"*4 *5"*6 7"*8 I9"*: 6;"*< J="*> &?"*@ IA"*B *C"*D (E"*?A+A,HF c\rSrSrSrSSjrSrSrSrSSjr SS jr S r S r S r SS jrSSjrSrSrSrSrSrSrSrSSjrSrg) UFWFrontendUINcUS:Xa[XUS9UlO[SU-5e[ S5Ul[ S5Ul[ S5Ulg![a ef=f)Niptables)rootdirdatadirzUnsupported backend type '%s'nyyes)rbackendr>rranorqyes_full)selfdryrun backend_typermrns rF__init__UFWFrontend.__init__sk : % 1&:A C :lKL LC&S6%   s A A#cSnSnU(aSnSnU(aURR5(a&U(d!URR5(aSnU(a5URRURRSSU5 SnU(anURR5 US:wa@URRURRSSS5 [ U5 [S 5nU$URR5 [S 5nU$![an[ UR 5 SnANSnAff=f![anU(a UR nSnANSnAff=f![an[ UR 5 SnANSnAff=f![an[ UR 5 SnANSnAff=f) zYToggles ENABLED state in /ufw/ufw.conf and starts or stops running firewall. rsrqFTconfENABLEDNz0Firewall is active and enabled on system startupz/Firewall stopped and disabled on system startup) rr is_enabled set_defaultfilesrrr=start_firewallra stop_firewall)ruenabledres config_strchangedrE error_strs rF set_enabledUFWFrontend.set_enableds J DLL3355DLL3355G   ((););F)C)2J@   ( ++- B#LL,,T\\-?-?-G-6> i FGC   **,EFC A agg  ( !I ( #!''NN# agg s`&4D9$E%4FF;9 E"EE"% F /FF  F8F33F8; G$GG$cBSnURRX5nURR5(a4URR5 URR 5 U$![ a n[ UR5 SnAU$SnAff=f)zSets default policy of firewallr{N)rrset_default_policyr~rrrrr=)rupolicy directionrrEs rFrUFWFrontend.set_default_policys~ ,,11&DC||&&(( **, ++-   !''NN  sA.A44 B>BBcSnURRU5nU$![a n[UR5 SnAU$SnAff=f)zSets log level of firewallr{N)rr set_loglevelrrr=)rurNrrEs rFrUFWFrontend.set_loglevelsK ,,++E2C   !''NN  ! A AA cURRX5nU$![a n[UR5 SnAW$SnAff=f)zShows status of firewallN)rr get_statusrrr=)rur show_countoutrEs rFrUFWFrontend.get_status sF ,,))'>C   !''NN   A AA cURRU5nU$![a n[UR5 SnAW$SnAff=f)zShows raw output of firewallN)rrget_running_rawrrr=)ru rules_typerrEs rF get_show_rawUFWFrontend.get_show_rawsF ,,..z:C   !''NN  rc  Sn[RRURR 55nURR5n[UR55nUR5 UGHnURR 5(dUS;aM+USU-- n[X&R55nUR5 UGHnX&UGHn U Sn U RS5(aM!U RS5(aM9Sn USU-- nU S :XdU S :XaUS - nS U S-n O'US U -- n[RRU 5n US[RR!U S5-- n[R"R%SUSSUU SSS9n U R'UR)S55 U S:waU R+SU 5 U R-5 URR/U 5n [1U 5S:a`US- nU HUnUS:dM US- [1U5:dMUSU[R2R4R7XNS- 54-- nMW US- nGM GM GM URR 5(d[RR9S5 U$![ a [ S5n[U5ef=f)zBShows listening services and incoming rules that might affect themr{zCould not get listening status)tcp6udp6z%s: laddrz127.z::1z %s z0.0.0.0z::z* z%s/0z%s z(%s)exerNr+inF)actionprotocoldportdstrforward6r r'z [%2d] %s z)Skipping tcp6 and udp6 (IPv6 is disabled))r-utilparse_netstat_outputrruse_ipv6r>rar get_rulesrkeyssort startswithget_if_from_ipospathbasenamerbUFWRuleset_v6endswith set_interface normalize get_matchingr9r.r7 get_commanddebug)rurderr_msgrV protocolsprotoportsportitemaddrifnamer*matchingrAs rFget_show_listeningUFWFrontend.get_show_listenings $--dll.C.C.EFA  &&(N E<<((**u8H/H 7e$ $C)E JJLHTND=D??622??511!#w~-9, 4KC#)T']#;D54</C%(XX%<%&,&%&C&.t Y+ j||$$&& HHNNF G A $89G7# # $s 7K""!LcURR5n[S5n[U5S:XaU[S5-$/nURR5HnUR(a-S[ R RRU5-nO)[ R RRU5nXS;aMqURU5 USU-- nM U$)z!Shows added rules to the firewallz9Added user rules (see 'ufw status' for running firewall):rz (None)route %sz ufw %s) rrrrar9rr-r.r8rr7append)rurVrr!rrstrs rFget_show_addedUFWFrontend.get_show_addedfs &&(KL u:?:& &'')Ayy! 66BB1EFzz00<R@"U5 GM U(dX5- nU$[U5S:Xa [CU5 U$Sn[E[GU S-55nUR'5 UHDnU S:dM UU(dMUUR5nSUlUR7UU5 MF U[S5- nU(aU[S5- nOU[S5- n[U5e![(a ef=f![anUR:nSnSnA GMSnAff=f![(a- Sn[S5W RI5-n[AU5 Mf=f)zUpdates firewall with ruler{v4Fv6TbothzInvalid IP version '%s'rz"Could not delete non-existent rulez (v6)rzInvalid position ''r'zIPv6 support not enabledNz Rule changed after normalizationzCould not back out rule '%s'z" Error applying application rules.z# Some rules could not be unapplied.z( Attempted rules successfully unapplied.)%dappsapprremoverrget_app_rules_from_systemrmatchrarr9rvdup_rule set_actionr set_logtypelogtypeget_app_rules_from_templatepositionreverser>get_rules_count enumeratestrr set_positionrset_rulefind_other_positionr=updatedwarningsrrrrange format_rule)rur* ip_versionrrtmprVtmprules tmprules6xrpprev6rcount set_error pos_err_msgnum_v4num_v6rAbeginuser_posr@rEwarn_msg undo_errorindexesj backout_rules rFrUFWFrontend.set_rules 99?tyyB LL H2 ;;;!T)#'<<#I#ICG$P#t+#'<<#I#ICG$O#v-#'<<#I#ICG$P$(LL$J$JCG%O "*A%.()','(wwqzz+0D$,OOA$6 &/"*#$$=">*"M&w//8})$,,2E2E DE%-"%C # (4/"%-C # (61"%*s"2W"?ZZ1_v1E'3qzz?S+@@K"*;"77"ll33A6#v-#$::#r>).!! AENN51!"h.?!% @ @ (6 1E 94!AA 1u !q 1!"q 1"ll33A6 !xxHqL%)\\%A%A%%HFNN8a<8#r>).!! AENN51!"ajj1n::/!% @ @AF!HA 1u !q5y 9!"q 1"94KC !xxAJJ,?#r>NN1::+>?||44Q77"#$=">*"M&w//zzR'%*aZFaKQu-!T)Z6-A"ll33A6#t+"#$>"?&w//"#$=">*"M&w// yyy?@ h'G%J JC> =Z1_ 'N8 1J5q>*G OO 19q#(8#4#4#6L*.L'' lJ?  q>? ?G1BCC1GHH7# #Y  H ''  6%'%) #$%C#D%&]]_$5X 'srCa= A7a= a=a="A1a=;a="B:b Cb 9H8b 2Bb 55b *b4= b  b1b,,b143c+*c+cP[U5nURR 5nUS::dU[ U5:a[S5U-n[U5eURRU5nU(d[S5U-n[U5eSUlSnUR(aSnSnU(Gd"UR(a-S[RRRU5-n O)[RRRU5n [S5U UR UR"S .-n [%U [&R(S S 9 [&R*R-5R/5R15n U S :wa<XR R/5:waXR2R/5:waS nS n U(aUR5Xg5n U $[S5n U $![a [S5U-n[U5ef=f)z Delete rulezCould not find rule '%s'rzCould not find rule '%d'Trrrz=Deleting: %(rule)s Proceed with operation (%(yes)s|%(no)s)? )r*rqrsFoutputnewlinerpr{Aborted)intr>rarrrrr9get_rule_by_numberrrrr-r.r8rr7rqrsrsysstdoutstdinreadliner:striprtr) rurRforcerorrVr*rproceedrpromptansrs rF delete_ruleUFWFrontend.delete_ruleOs $F A  &&( 6QU^23a7G7# #||..q123a7G7# #  77J||! 66BB4HIzz00<>tyyII"#$:";&w//J 0 0;;agg++>>tyyII"#$:";&w//J 0s4-A N A P P A*O<<P RA*Q>>RcSnURRU5nU$![a n[UR5 SnAU$SnAff=f)z+Sets default application policy of firewallr{N)rrset_default_application_policyrrr=)rurrrEs rFr*UFWFrontend.set_default_application_policysK ,,==fEC   !''NN  rc[URRR55nUR 5 [ S5nUH nUSU-- nM U$)z*Display list of known application profileszAvailable applications: %s)rrrprofilesrrra)runamesrros rFget_application_list UFWFrontend.get_application_listsPT\\**//12 *+A HN "D rfc&/nUS:Xa>[URRR55nUR 5 OK[ R RU5(d[S5n[U5eURU5 SnUGHnXPRR;dURRU(d[S5U-n[U5e[ R RUURRU5(d[S5n[U5eU[S5U-- nU[S5[ R RURRU5-- nU[S5[ R RURRU5-- n[ R RURRU5n[U5S :d S US ;aU[S 5- nOU[S 5- nUH nUSU-- nM XR[U5S - :wdGMUS- nGM [ R R#U5$)zDisplay information on profileallrr{zCould not find profile '%s'zInvalid profilez Profile: %s z Title: %s zDescription: %s r',rzPorts:zPort:r"z -- )rrrr#rrr-rrrarrverify_profile get_titleget_description get_portsr9r wrap_text)rupnamer$rrnamerr@s rFget_application_info UFWFrontend.get_application_infos6 E>..3356E JJL##66u==23w'' LL D<<000<<((.9:dCw''##224||$$T*,,-.w'' Ao&$/ /D Am$(8(8(B(B(, (=(=d(C)EF FD A+,-0-=-=-M-M-1\\-B-B4-H.JK KD$$..t||/D/DT/JKE5zA~a( #' "A&SZ\** $;>xx!!$''rfcSnSnSnURR(a%[RR 5(aSnUS:Xa~[ URRR55nUR5 UH:nURRU5upxU(dM)US:waUS- nX'- nUnM< O(URRU5up$US:waUS- nU(a_URR5(a@U(a+URR5 U[S5- nU$U[S5- nU$![ a SnGN#f=f![ a ef=f)Refresh application profiler{TFr(rrzSkipped reloading firewall)rr do_checksr-r under_sshr>rr#rrupdate_app_ruler~_reload_user_rulesra) rur]r allow_reloadtrigger_reloadr#r@rfounds rFapplication_updateUFWFrontend.application_updates\  !||%%#((*<*<*>*>$  e DLL116689H MMO#||;;A> 5byt KD%*N &*\\%A%A'%J "Trz  dll5577LL335-.. 677 ? !!L  !2!sAE"E/ E,+E,/ E;cSnSnUS:Xa[S5n[U5eURRSnUS:Xa*[R R SU<SU<S35 U$US :XaS nO+US :XaS nO"US :XaS nO[S5U-n[U5eS/nURR(aURS5 XcU/- n[U5nSUR;a9URURURSURS5nU$URURSS5nU$![a ef=f)r4r{r(z%Cannot specify 'all' with '--add-new'default_application_policyskipz Policy is 'z', not adding profile 'racceptrdroprrzUnknown policy '%s'r-r(r*iptype)rarrrdefaultsr-rrrvrr<r>datarr)rur]rrrrargsrDs rFapplication_addUFWFrontend.application_addBsT e ?@G7# #,,''(DE f  HHNN"G- .K  F  F  F-.':G7# #y <<   KK $ '## t$B RWW >>"))RWWV_"$''("35D  >>"))R4D    s  E EcSnUS:XaURS5nU$US:XaURS5nU$US:XaURS5nU$US:XaURS 5nU$US :XaUR5nU$US :XaURU5nU$US :XdUS :XaAURU5nSnUS :XaUR U5nUS:wa US:waUS- nXE-nU$[ S5U-n[ U5e)zgPerform action on profile. action and profile are usually based on return values from parse_command(). r{z default-allowrz default-denyrzdefault-rejectrz default-skipr@rrrzupdate-with-newrr)rr%r1r<rGrar)rurr]rstr1str2rs rFdo_application_action!UFWFrontend.do_application_actionlsM _ $55g>C0 /~ %55f=C, +' '55h?C( '~ %55f=C$ #v ++-C  v ++G4C x 6->#>**73DD**++G4rzdbj +C  12f=G7# #rfcSnURR(a[RR 5(a[ S5UR URS.-n[U[RSS9 [RR5R5R5nUS:wa X0R :waX0R:waSnU$)z6If running under ssh, prompt the user for confirmationTzWCommand may disrupt existing ssh connections. Proceed with operation (%(yes)s|%(no)s)? rqrsFrrp)rrr5r-rr6rarqrsrrrr r r:r rt)rur rrs rFcontinue_under_sshUFWFrontend.continue_under_sshs << ! !chh&8&8&:&:CD $8:F szz5 9))$$&,,.446CczcXXo#2Frfc8Sn[S5URURS.-nURR(aH[ R R5(a%[S5URURS.-nURR(aU(d[[ R RU5[RSS9 [RR5R5R5nUS:wa+X@R:waX@R :wa [S5nU$URR#5(aX R%S5- nURR'5nU$) zReset the firewallr{zTResetting all rules to installed defaults. Proceed with operation (%(yes)s|%(no)s)? rOzResetting all rules to installed defaults. This may disrupt existing ssh connections. Proceed with operation (%(yes)s|%(no)s)? Frrpr)rarqrsrrr5r-rr6rr.rrr r r:r rtr~rr)rur rrrs rFrUFWFrontend.resets)23 HHDGG46 << ! !chh&8&8&:&:67!%8:F << ! !% ""6*3::u M))$$&,,.446CczcXXo#2F l << " " $ $ ##E* *Cll  " rf)rrrsrqrt)rlNN)FF)r)F)__name__ __module__ __qualname____firstlineno____doc__rxrrrrrrrrrrrr%r1r<rGrLrPr__static_attributes__rfrFrhrhsv ,6'+! 4l FP:JX/bTl,(\)V(T@ rfrh)rXrrr ufw.commonrufw.utilr-rrrufw.backend_iptablesr ufw.parserr<rerhrZrfrFr_s?-" %%3EPEPD D rf