diff options
| author | Christian Poessinger <christian@poessinger.com> | 2020-04-07 08:27:36 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-04-07 08:27:36 +0200 |
| commit | 09ad28b28c9ebd9308cfe9048686b3b0ef9cfd9c (patch) | |
| tree | 6e7b0971ecd8859cff864b3ebb37f86f8ba288f5 /src/conf_mode/firewall_options.py | |
| parent | e0f13b79a669e7fc8cadac8757b2f5fbbf51dc99 (diff) | |
| parent | 7256810914e6664bf92041dcd7c3daf649ce0001 (diff) | |
| download | vyos-1x-09ad28b28c9ebd9308cfe9048686b3b0ef9cfd9c.tar.gz vyos-1x-09ad28b28c9ebd9308cfe9048686b3b0ef9cfd9c.zip | |
Merge pull request #307 from thomas-mangin/T2226
util: T2226: convert all call to use vyos.util.{popen, cmd, run}
Diffstat (limited to 'src/conf_mode/firewall_options.py')
| -rwxr-xr-x | src/conf_mode/firewall_options.py | 28 |
1 files changed, 15 insertions, 13 deletions
diff --git a/src/conf_mode/firewall_options.py b/src/conf_mode/firewall_options.py index 2be80cdbf..90f004bc4 100755 --- a/src/conf_mode/firewall_options.py +++ b/src/conf_mode/firewall_options.py @@ -21,6 +21,8 @@ import copy from vyos.config import Config from vyos import ConfigError +from vyos.util import run + default_config_data = { 'intf_opts': [], @@ -85,19 +87,19 @@ def apply(tcp): target = 'VYOS_FW_OPTIONS' # always cleanup iptables - os.system('iptables --table mangle --delete FORWARD --jump {} >&/dev/null'.format(target)) - os.system('iptables --table mangle --flush {} >&/dev/null'.format(target)) - os.system('iptables --table mangle --delete-chain {} >&/dev/null'.format(target)) + run('iptables --table mangle --delete FORWARD --jump {} >&/dev/null'.format(target)) + run('iptables --table mangle --flush {} >&/dev/null'.format(target)) + run('iptables --table mangle --delete-chain {} >&/dev/null'.format(target)) # always cleanup ip6tables - os.system('ip6tables --table mangle --delete FORWARD --jump {} >&/dev/null'.format(target)) - os.system('ip6tables --table mangle --flush {} >&/dev/null'.format(target)) - os.system('ip6tables --table mangle --delete-chain {} >&/dev/null'.format(target)) + run('ip6tables --table mangle --delete FORWARD --jump {} >&/dev/null'.format(target)) + run('ip6tables --table mangle --flush {} >&/dev/null'.format(target)) + run('ip6tables --table mangle --delete-chain {} >&/dev/null'.format(target)) # Setup new iptables rules if tcp['new_chain4']: - os.system('iptables --table mangle --new-chain {} >&/dev/null'.format(target)) - os.system('iptables --table mangle --append FORWARD --jump {} >&/dev/null'.format(target)) + run('iptables --table mangle --new-chain {} >&/dev/null'.format(target)) + run('iptables --table mangle --append FORWARD --jump {} >&/dev/null'.format(target)) for opts in tcp['intf_opts']: intf = opts['intf'] @@ -109,13 +111,13 @@ def apply(tcp): # adjust TCP MSS per interface if mss: - os.system('iptables --table mangle --append {} --out-interface {} --protocol tcp ' \ + run('iptables --table mangle --append {} --out-interface {} --protocol tcp ' \ '--tcp-flags SYN,RST SYN --jump TCPMSS --set-mss {} >&/dev/null'.format(target, intf, mss)) # Setup new ip6tables rules if tcp['new_chain6']: - os.system('ip6tables --table mangle --new-chain {} >&/dev/null'.format(target)) - os.system('ip6tables --table mangle --append FORWARD --jump {} >&/dev/null'.format(target)) + run('ip6tables --table mangle --new-chain {} >&/dev/null'.format(target)) + run('ip6tables --table mangle --append FORWARD --jump {} >&/dev/null'.format(target)) for opts in tcp['intf_opts']: intf = opts['intf'] @@ -127,8 +129,8 @@ def apply(tcp): # adjust TCP MSS per interface if mss: - os.system('ip6tables --table mangle --append {} --out-interface {} --protocol tcp ' \ - '--tcp-flags SYN,RST SYN --jump TCPMSS --set-mss {} >&/dev/null'.format(target, intf, mss)) + run('ip6tables --table mangle --append {} --out-interface {} --protocol tcp ' + '--tcp-flags SYN,RST SYN --jump TCPMSS --set-mss {} >&/dev/null'.format(target, intf, mss)) return None |