id_0ddlmZmZmZGddeeZy))PluginIndependentPlugin SoSPredicatec<eZdZdZdZdZdZdZdZdZ dZ dZ d Z y ) firewall_tablesaCollects information about local firewall tables, such as iptables, and nf_tables (via nft). Note that this plugin does _not_ collect firewalld information, which is handled by a separate plugin. Collections from this plugin are largely gated byt the presence of relevant kernel modules - for example, the plugin will not collect the nf_tables ruleset if both the `nf_tables` and `nfnetlink` kernel modules are not currently loaded (unless using the --allow-system-changes option). zfirewall tables)networksystem) /etc/nftables) ip_tables ip6_tables nf_tables nfnetlinkebtablesc^d|z}d|zdz}|j|t||dgy)z Collecting iptables rules for a table loads either kernel module of the table name (for kernel <= 3), or nf_tables (for kernel >= 4). If neither module is present, the rules must be empty.iptable_z iptables -t  -nvLr kmodspredNadd_cmd_outputrself tablenamemodnamecmds D/usr/lib/python3/dist-packages/sos/report/plugins/firewall_tables.pycollect_iptablezfirewall_tables.collect_iptablesC y(y(72  d7K*@A  Cc^d|z}d|zdz}|j|t||dgy)z& Same as function above, but for ipv6 ip6table_z ip6tables -t rr rrNrrs rcollect_ip6tablez firewall_tables.collect_ip6table*sC ) )G3  d7K*@A  Cr cNt|ddgddi}|jd|dS) zS Collects nftables rulesets with 'nft' commands if the modules are present r rrall)rrequiredznft list rulesetT)rchanges)rcollect_cmd_output)rnft_preds rcollect_nftablesz firewall_tables.collect_nftables3sB  '2K&@*15)9;&&'9/3'5 5r c|j}ggd}|ddk(r|dnd}|jD]]}|jdd}t|dk(s%|ddk(s.|d|j vsD||dj |d _d } t d j}|jD]$}|ddk(s ||d vs|j|& t d j}|jD]$}|ddk(s ||dvs|j|&|ddk7sd|d vr |jdt|ddg|ddk7sd|dvr |jdt|ddg|jgdy#t$r|}YwxYw#t$r|}YwxYw)N)ipip6statusroutputtablezmangle filter z/proc/net/ip_tables_namesr,z/proc/net/ip6_tables_namesr-filterziptables -vnxLiptable_filterr rrzip6tables -vnxLip6table_filter)r z/etc/sysconfig/nftables.confz/etc/nftables.conf)r* splitlinessplitlenkeysappendopenreadIOErrorrr#rr add_copy_spec) rnft_list nft_ip_tables nft_lineslinewordsdefault_ip_tablesip_tables_namesr2s rsetupzfirewall_tables.setup>s" ((*!"- *28*<*AHX&r ((* 9DJJL1%E5zQ58w#6!H 2 2 44eAh'..uQx8  9/ 0"#>?DDFO%//1 ,E!Q&5M$4G+G$$U+ , 0"#?@EEGO%//1 -E!Q&5M%4H+H%%e, - H  "h-2E&E    !$/?.MN   H  "h-2F&F   !!$/@+.NO     = 0/O 0 0/O 0s$F+)F=+ F:9F:= G  G N) __name__ __module__ __qualname____doc__ short_desc plugin_nameprofilesfiles kernel_modsrr#r*rHr rrr s:#J#K$H EK CC 55 r rN)sos.report.pluginsrrrrrRr rrTsIHg f/g r