kunsi/bundlewrap
1
0
Fork 0
Code Issues 1 Pull requests 2 Releases Activity

rework iptables configuration
All checks were successful
bundlewrap/pipeline/head This commit looks good
Details

Browse source
This commit is contained in:
Franzi 2021-03-21 10:30:04 +01:00
parent d3ea06c3e8
commit b943d2d465
Signed by: kunsi
GPG key ID: 12E3D2136B818350
8 changed files with 93 additions and 98 deletions
Download patch file Download diff file Expand all files Collapse all files

34
bundles/transmission/metadata.py
View file

@ -1,3 +1,5 @@
from bundlewrap.metadata import atomic
defaults = {
'apt': {
'packages': {
@ -34,37 +36,15 @@ defaults = {
@metadata_reactor.provides(
'iptables/bundle_rules/transmission',
'iptables/port_rules',
)
def iptables(metadata):
identifiers = metadata.get('transmission/restrict-to', set())
rules = set()
rules.add('iptables_both -A INPUT -p udp --dport {} -j ACCEPT'.format(
metadata.get('transmission/config/peer-port'),
))
rules.add('iptables_both -A INPUT -p tcp --dport {} -j ACCEPT'.format(
metadata.get('transmission/config/peer-port'),
))
if identifiers:
for identifier in sorted(identifiers):
resolved = repo.libs.tools.resolve_identifier(repo, identifier)
for address in resolved['ipv4']:
rules.add('iptables -A INPUT -p tcp -s {} --dport {} -j ACCEPT'.format(
address,
metadata.get('transmission/config/rpc-port'),
))
else:
rules.add('iptables -A INPUT -p tcp --dport {} -j ACCEPT'.format(
metadata.get('transmission/config/rpc-port'),
))
return {
'iptables': {
'bundle_rules': {
'transmission': list(sorted(rules)),
'port_rules': {
str(metadata.get('transmission/config/peer-port')): set('*'),
str(metadata.get('transmission/config/peer-port')) + '/udp': set('*'),
str(metadata.get('transmission/config/rpc-port')): atomic(metadata.get('transmission/restrict-to', set('*'))),
},
},
}