diff options
| author | Thomas Mangin <thomas.mangin@exa.net.uk> | 2020-04-05 14:36:29 +0100 |
|---|---|---|
| committer | Thomas Mangin <thomas.mangin@exa.net.uk> | 2020-04-06 20:22:35 +0100 |
| commit | aceb0817a65bf01669cada3ceb60d65b81607bc3 (patch) | |
| tree | 5418d4537cfc14115536315909fbb7a83277fe7a /src/conf_mode/firewall_options.py | |
| parent | 356950579c2b155f9d41c04ed63c7efde561b43a (diff) | |
| download | vyos-1x-aceb0817a65bf01669cada3ceb60d65b81607bc3.tar.gz vyos-1x-aceb0817a65bf01669cada3ceb60d65b81607bc3.zip | |
util: T2226: covert most calls from os.system to util
As little change a possible but the function call
The behaviour should be totally unchanged.
Diffstat (limited to 'src/conf_mode/firewall_options.py')
| -rwxr-xr-x | src/conf_mode/firewall_options.py | 28 |
1 files changed, 15 insertions, 13 deletions
diff --git a/src/conf_mode/firewall_options.py b/src/conf_mode/firewall_options.py index 2be80cdbf..90f004bc4 100755 --- a/src/conf_mode/firewall_options.py +++ b/src/conf_mode/firewall_options.py @@ -21,6 +21,8 @@ import copy from vyos.config import Config from vyos import ConfigError +from vyos.util import run + default_config_data = { 'intf_opts': [], @@ -85,19 +87,19 @@ def apply(tcp): target = 'VYOS_FW_OPTIONS' # always cleanup iptables - os.system('iptables --table mangle --delete FORWARD --jump {} >&/dev/null'.format(target)) - os.system('iptables --table mangle --flush {} >&/dev/null'.format(target)) - os.system('iptables --table mangle --delete-chain {} >&/dev/null'.format(target)) + run('iptables --table mangle --delete FORWARD --jump {} >&/dev/null'.format(target)) + run('iptables --table mangle --flush {} >&/dev/null'.format(target)) + run('iptables --table mangle --delete-chain {} >&/dev/null'.format(target)) # always cleanup ip6tables - os.system('ip6tables --table mangle --delete FORWARD --jump {} >&/dev/null'.format(target)) - os.system('ip6tables --table mangle --flush {} >&/dev/null'.format(target)) - os.system('ip6tables --table mangle --delete-chain {} >&/dev/null'.format(target)) + run('ip6tables --table mangle --delete FORWARD --jump {} >&/dev/null'.format(target)) + run('ip6tables --table mangle --flush {} >&/dev/null'.format(target)) + run('ip6tables --table mangle --delete-chain {} >&/dev/null'.format(target)) # Setup new iptables rules if tcp['new_chain4']: - os.system('iptables --table mangle --new-chain {} >&/dev/null'.format(target)) - os.system('iptables --table mangle --append FORWARD --jump {} >&/dev/null'.format(target)) + run('iptables --table mangle --new-chain {} >&/dev/null'.format(target)) + run('iptables --table mangle --append FORWARD --jump {} >&/dev/null'.format(target)) for opts in tcp['intf_opts']: intf = opts['intf'] @@ -109,13 +111,13 @@ def apply(tcp): # adjust TCP MSS per interface if mss: - os.system('iptables --table mangle --append {} --out-interface {} --protocol tcp ' \ + run('iptables --table mangle --append {} --out-interface {} --protocol tcp ' \ '--tcp-flags SYN,RST SYN --jump TCPMSS --set-mss {} >&/dev/null'.format(target, intf, mss)) # Setup new ip6tables rules if tcp['new_chain6']: - os.system('ip6tables --table mangle --new-chain {} >&/dev/null'.format(target)) - os.system('ip6tables --table mangle --append FORWARD --jump {} >&/dev/null'.format(target)) + run('ip6tables --table mangle --new-chain {} >&/dev/null'.format(target)) + run('ip6tables --table mangle --append FORWARD --jump {} >&/dev/null'.format(target)) for opts in tcp['intf_opts']: intf = opts['intf'] @@ -127,8 +129,8 @@ def apply(tcp): # adjust TCP MSS per interface if mss: - os.system('ip6tables --table mangle --append {} --out-interface {} --protocol tcp ' \ - '--tcp-flags SYN,RST SYN --jump TCPMSS --set-mss {} >&/dev/null'.format(target, intf, mss)) + run('ip6tables --table mangle --append {} --out-interface {} --protocol tcp ' + '--tcp-flags SYN,RST SYN --jump TCPMSS --set-mss {} >&/dev/null'.format(target, intf, mss)) return None |