mirror of
https://github.com/sshuttle/sshuttle.git
synced 2025-01-08 06:59:32 +01:00
Make firewall messages consistent
This commit is contained in:
Brian May
parent
d07a775d50
commit
f7682d4c33
@ -88,7 +88,7 @@ def setup_daemon():
|
|||||||
def main(method_name, syslog):
|
def main(method_name, syslog):
|
||||||
stdin, stdout = setup_daemon()
|
stdin, stdout = setup_daemon()
|
||||||
|
|
||||||
debug1('Starting firewall with Python version %s\n'
|
debug1('firewall manager: Starting firewall with Python version %s\n'
|
||||||
% platform.python_version())
|
% platform.python_version())
|
||||||
|
|
||||||
if method_name == "auto":
|
if method_name == "auto":
|
||||||
@ -100,7 +100,7 @@ def main(method_name, syslog):
|
|||||||
ssyslog.start_syslog()
|
ssyslog.start_syslog()
|
||||||
ssyslog.stderr_to_syslog()
|
ssyslog.stderr_to_syslog()
|
||||||
|
|
||||||
debug1('firewall manager ready method name %s.\n' % method.name)
|
debug1('firewall manager: ready method name %s.\n' % method.name)
|
||||||
stdout.write('READY %s\n' % method.name)
|
stdout.write('READY %s\n' % method.name)
|
||||||
stdout.flush()
|
stdout.flush()
|
||||||
|
|
||||||
@ -125,7 +125,7 @@ def main(method_name, syslog):
|
|||||||
except:
|
except:
|
||||||
raise Fatal('firewall: expected route or NSLIST but got %r' % line)
|
raise Fatal('firewall: expected route or NSLIST but got %r' % line)
|
||||||
subnets.append((int(family), int(width), bool(int(exclude)), ip))
|
subnets.append((int(family), int(width), bool(int(exclude)), ip))
|
||||||
debug2('Got subnets: %r\n' % subnets)
|
debug2('firewall manager: Got subnets: %r\n' % subnets)
|
||||||
|
|
||||||
nslist = []
|
nslist = []
|
||||||
if line != 'NSLIST\n':
|
if line != 'NSLIST\n':
|
||||||
@ -141,8 +141,8 @@ def main(method_name, syslog):
|
|||||||
except:
|
except:
|
||||||
raise Fatal('firewall: expected nslist or PORTS but got %r' % line)
|
raise Fatal('firewall: expected nslist or PORTS but got %r' % line)
|
||||||
nslist.append((int(family), ip))
|
nslist.append((int(family), ip))
|
||||||
debug2('Got partial nslist: %r\n' % nslist)
|
debug2('firewall manager: Got partial nslist: %r\n' % nslist)
|
||||||
debug2('Got nslist: %r\n' % nslist)
|
debug2('firewall manager: Got nslist: %r\n' % nslist)
|
||||||
|
|
||||||
if not line.startswith('PORTS '):
|
if not line.startswith('PORTS '):
|
||||||
raise Fatal('firewall: expected PORTS but got %r' % line)
|
raise Fatal('firewall: expected PORTS but got %r' % line)
|
||||||
@ -164,7 +164,7 @@ def main(method_name, syslog):
|
|||||||
assert(dnsport_v4 >= 0)
|
assert(dnsport_v4 >= 0)
|
||||||
assert(dnsport_v4 <= 65535)
|
assert(dnsport_v4 <= 65535)
|
||||||
|
|
||||||
debug2('Got ports: %d,%d,%d,%d\n'
|
debug2('firewall manager: Got ports: %d,%d,%d,%d\n'
|
||||||
% (port_v6, port_v4, dnsport_v6, dnsport_v4))
|
% (port_v6, port_v4, dnsport_v6, dnsport_v4))
|
||||||
|
|
||||||
line = stdin.readline(128)
|
line = stdin.readline(128)
|
||||||
@ -175,15 +175,16 @@ def main(method_name, syslog):
|
|||||||
|
|
||||||
_, _, udp = line.partition(" ")
|
_, _, udp = line.partition(" ")
|
||||||
udp = bool(int(udp))
|
udp = bool(int(udp))
|
||||||
debug2('Got udp: %r\n' % udp)
|
debug2('firewall manager: Got udp: %r\n' % udp)
|
||||||
|
|
||||||
try:
|
try:
|
||||||
do_wait = None
|
debug1('firewall manager: setting up.\n')
|
||||||
debug1('firewall manager: starting transproxy.\n')
|
|
||||||
|
|
||||||
|
do_wait = None
|
||||||
nslist_v6 = [i for i in nslist if i[0] == socket.AF_INET6]
|
nslist_v6 = [i for i in nslist if i[0] == socket.AF_INET6]
|
||||||
subnets_v6 = [i for i in subnets if i[0] == socket.AF_INET6]
|
subnets_v6 = [i for i in subnets if i[0] == socket.AF_INET6]
|
||||||
if port_v6 > 0:
|
if port_v6 > 0:
|
||||||
|
debug2('firewall manager: setting up IPv6.\n')
|
||||||
do_wait = method.setup_firewall(
|
do_wait = method.setup_firewall(
|
||||||
port_v6, dnsport_v6, nslist_v6,
|
port_v6, dnsport_v6, nslist_v6,
|
||||||
socket.AF_INET6, subnets_v6, udp)
|
socket.AF_INET6, subnets_v6, udp)
|
||||||
@ -193,11 +194,13 @@ def main(method_name, syslog):
|
|||||||
nslist_v4 = [i for i in nslist if i[0] == socket.AF_INET]
|
nslist_v4 = [i for i in nslist if i[0] == socket.AF_INET]
|
||||||
subnets_v4 = [i for i in subnets if i[0] == socket.AF_INET]
|
subnets_v4 = [i for i in subnets if i[0] == socket.AF_INET]
|
||||||
if port_v4 > 0:
|
if port_v4 > 0:
|
||||||
|
debug2('firewall manager: setting up IPv4.\n')
|
||||||
do_wait = method.setup_firewall(
|
do_wait = method.setup_firewall(
|
||||||
port_v4, dnsport_v4, nslist_v4,
|
port_v4, dnsport_v4, nslist_v4,
|
||||||
socket.AF_INET, subnets_v4, udp)
|
socket.AF_INET, subnets_v4, udp)
|
||||||
elif len(subnets_v4) > 0:
|
elif len(subnets_v4) > 0:
|
||||||
debug1('IPv4 subnets defined but IPv4 disabled\n')
|
debug1('firewall manager: '
|
||||||
|
'IPv4 subnets defined but IPv4 disabled\n')
|
||||||
|
|
||||||
stdout.write('STARTED\n')
|
stdout.write('STARTED\n')
|
||||||
|
|
||||||
@ -218,10 +221,11 @@ def main(method_name, syslog):
|
|||||||
if line.startswith('HOST '):
|
if line.startswith('HOST '):
|
||||||
(name, ip) = line[5:].strip().split(',', 1)
|
(name, ip) = line[5:].strip().split(',', 1)
|
||||||
hostmap[name] = ip
|
hostmap[name] = ip
|
||||||
|
debug2('firewall manager: setting up /etc/hosts.\n')
|
||||||
rewrite_etc_hosts(port_v6 or port_v4)
|
rewrite_etc_hosts(port_v6 or port_v4)
|
||||||
elif line:
|
elif line:
|
||||||
if not method.firewall_command(line):
|
if not method.firewall_command(line):
|
||||||
raise Fatal('expected EOF, got %r' % line)
|
raise Fatal('firewall: expected command, got %r' % line)
|
||||||
else:
|
else:
|
||||||
break
|
break
|
||||||
finally:
|
finally:
|
||||||
@ -236,7 +240,8 @@ def main(method_name, syslog):
|
|||||||
method.setup_firewall(port_v6, 0, [], socket.AF_INET6, [], udp)
|
method.setup_firewall(port_v6, 0, [], socket.AF_INET6, [], udp)
|
||||||
except:
|
except:
|
||||||
try:
|
try:
|
||||||
debug1("Error trying to undo IPv6 firewall\n")
|
debug1("firewall manager: "
|
||||||
|
"Error trying to undo IPv6 firewall.\n")
|
||||||
for line in traceback.format_exc().splitlines():
|
for line in traceback.format_exc().splitlines():
|
||||||
debug1("---> %s\n" % line)
|
debug1("---> %s\n" % line)
|
||||||
except:
|
except:
|
||||||
@ -247,9 +252,10 @@ def main(method_name, syslog):
|
|||||||
debug2('firewall manager: undoing IPv4 changes.\n')
|
debug2('firewall manager: undoing IPv4 changes.\n')
|
||||||
except:
|
except:
|
||||||
try:
|
try:
|
||||||
debug1("Error trying to undo IPv4 firewall\n")
|
debug1("firewall manager: "
|
||||||
|
"Error trying to undo IPv4 firewall.\n")
|
||||||
for line in traceback.format_exc().splitlines():
|
for line in traceback.format_exc().splitlines():
|
||||||
debug1("---> %s\n" % line)
|
debug1("firewall manager: ---> %s\n" % line)
|
||||||
except:
|
except:
|
||||||
pass
|
pass
|
||||||
|
|
||||||
@ -258,8 +264,9 @@ def main(method_name, syslog):
|
|||||||
restore_etc_hosts(port_v6 or port_v4)
|
restore_etc_hosts(port_v6 or port_v4)
|
||||||
except:
|
except:
|
||||||
try:
|
try:
|
||||||
debug1("Error trying to undo IPv4 firewall\n")
|
debug1("firewall manager: "
|
||||||
|
"Error trying to undo /etc/hosts changes.\n")
|
||||||
for line in traceback.format_exc().splitlines():
|
for line in traceback.format_exc().splitlines():
|
||||||
debug1("---> %s\n" % line)
|
debug1("firewall manager: ---> %s\n" % line)
|
||||||
except:
|
except:
|
||||||
pass
|
pass
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user