From 11c2a78835c593baf5e6de1381b8302bab6a66c4 Mon Sep 17 00:00:00 2001
From: Kload <kload@kload.fr>
Date: Sat, 9 Mar 2013 13:01:54 +0100
Subject: [PATCH] Firewall code sexyness

---
 yunohost_firewall.py | 141 +++++++++++++++++--------------------------
 1 file changed, 54 insertions(+), 87 deletions(-)

diff --git a/yunohost_firewall.py b/yunohost_firewall.py
index 9bf7733a..6674d588 100644
--- a/yunohost_firewall.py
+++ b/yunohost_firewall.py
@@ -17,64 +17,66 @@ from yunohost import YunoHostError, win_msg
 
 
 
-def firewall_allow(protocol=None,port=None,ipv6=None,upnp=False):
+def firewall_allow(protocol=None, port=None, ipv6=None, upnp=False):
     """
     Allow port in iptables
 
     Keyword arguments:
         protocol -- Protocol used
-        port    -- Port to open
-        ipv6    -- Boolean ipv6
-        upnp    --Boolean upnp
-    
+        port -- Port to open
+        ipv6 -- Boolean ipv6
+        upnp -- Boolean upnp
+
     Return
         Dict
 
     """
-    port=int(port)
+    port = int(port)
     if (upnp):
         add_portmapping(protocol, upnp, ipv6)
-    
-    if port<65536 and port>0:
+
+    if 0 < port < 65536:
         if protocol == "Both":
-            update_yml(port,'TCP','a',ipv6)
-            update_yml(port,'UDP','a',ipv6) 
+            update_yml(port, 'TCP', 'a', ipv6)
+            update_yml(port, 'UDP', 'a', ipv6)
 
         else:
-            update_yml(port,protocol,'a',ipv6)
+            update_yml(port, protocol, 'a', ipv6)
 
         win_msg(_("Port successfully openned"))
 
     else:
-        raise YunoHostError(22,_("Port not between 1 and 65535 : ")+str(port))
+        raise YunoHostError(22, _("Port not between 1 and 65535 : ")+ str(port))
 
     return firewall_reload(upnp)
 
-def firewall_disallow(protocol=None,port=None,ipv6=None,upnp=False):
+
+def firewall_disallow(protocol=None, port=None, ipv6=None, upnp=False):
     """
     Disallow port in iptables
 
     Keyword arguments:
         protocol -- Protocol used
-        port    -- Port to open
-        ipv6    -- Boolean ipv6
-        upnp    --Boolan upnp
+        port -- Port to open
+        ipv6 -- Boolean ipv6
+        upnp -- Boolan upnp
 
     Return
         Dict
 
     """
 
-    port=int(port)
-    if protocol == "Both":  
-        update_yml(port,'TCP','r',ipv6)
-        update_yml(port,'UDP','r',ipv6)
+    port = int(port)
+    if protocol == "Both":
+        update_yml(port, 'TCP', 'r', ipv6)
+        update_yml(port, 'UDP', 'r', ipv6)
     else:
-        update_yml(port,protocol,'r',ipv6)
+        update_yml(port, protocol, 'r', ipv6)
     win_msg(_("Port successfully closed"))
 
     return firewall_reload(upnp)
 
+
 def firewall_list():
     """
     Allow port in iptables
@@ -95,60 +97,34 @@ def firewall_reload(upnp=False):
     Reload iptables configuration
 
     Keyword arguments:
-        upnp    --Boolean upnp
+        upnp -- Boolean upnp
 
     Return
         Dict
     '''
-    with open('firewall.yml','r') as f:
+    with open('firewall.yml', 'r') as f:
         firewall = yaml.load(f)
 
     os.system ("iptables -P INPUT ACCEPT")
     os.system ("iptables -F")
     os.system ("iptables -X")
-    
+
     if 22 not in firewall['ipv4']['TCP']:
-        update_yml(22,'TCP','a',False)
+        update_yml(22, 'TCP', 'a', False)
 
 
     os.system ("ip6tables -P INPUT ACCEPT")
     os.system ("ip6tables -F")
     os.system ("ip6tables -X")
-    
+
     if 22 not in firewall['ipv6']['TCP']:
-        update_yml(22,'TCP','a',False)
+        update_yml(22, 'TCP', 'a', False)
 
 
-    add_portmapping('TCP',upnp,False);
-    add_portmapping('UDP',upnp,False);
-    add_portmapping('TCP',upnp,True);
-    add_portmapping('UDP',upnp,True);
-
-    """for i,port in enumerate (firewall['ipv4']['TCP']):
-        os.system ("iptables -A INPUT -p tcp -i eth0 --dport "+ str(port) +" -j ACCEPT")
-        if upnp:
-            add_portmapping(port,'TCP',upnp)
-
-
-
-    for i,port in enumerate (firewall['ipv4']['UDP']):
-        os.system ("iptables -A INPUT -p udp -i eth0 --dport "+ str(port) +" -j ACCEPT")
-        if upnp:
-            add_portmapping(port,'UDP',upnp)
-
-
-    for i,port in enumerate (firewall['ipv6']['TCP']):
-        os.system ("ip6tables -A INPUT -p tcp -i eth0 --dport "+ str(port) +" -j ACCEPT")
-        if upnp:
-            add_portmapping(port,'TCP',upnp)
-
-
-
-    for i,port in enumerate (firewall['ipv6']['UDP']):
-        os.system ("ip6tables -A INPUT -p udp -i eth0 --dport "+ str(port) +" -j ACCEPT")
-        if upnp:
-            add_portmapping(port,'UDP',upnp)"""
-
+    add_portmapping('TCP', upnp, False);
+    add_portmapping('UDP', upnp, False);
+    add_portmapping('TCP', upnp, True);
+    add_portmapping('UDP', upnp, True);
 
     os.system ("iptables -P INPUT DROP")
     os.system ("ip6tables -P INPUT DROP")
@@ -157,7 +133,8 @@ def firewall_reload(upnp=False):
 
     return firewall_list()
 
-def update_yml(port=None,protocol=None,mode=None,ipv6=None):
+
+def update_yml(port=None, protocol=None, mode=None, ipv6=None):
     """
     Update firewall.yml
     Keyword arguments:
@@ -169,12 +146,10 @@ def update_yml(port=None,protocol=None,mode=None,ipv6=None):
     Return
         None
     """
-    if ipv6:
-        ip = 'ipv6'
-    else:
-        ip = 'ipv4'
+    if ipv6: ip = 'ipv6'
+    else:    ip = 'ipv4'
 
-    with open('firewall.yml','r') as f:
+    with open('firewall.yml', 'r') as f:
         firewall = yaml.load(f)
 
     if mode == 'a':
@@ -182,26 +157,25 @@ def update_yml(port=None,protocol=None,mode=None,ipv6=None):
             firewall[ip][protocol].append(port)
 
         else:
-            raise YunoHostError(22,_("Port already openned :")+str(port))
+            raise YunoHostError(22,_("Port already openned :")+ str(port))
 
     else:
         if port in firewall[ip][protocol]:
             firewall[ip][protocol].remove(port)
 
         else:
-            raise YunoHostError(22,_("Port already closed :")+str(port))
+            raise YunoHostError(22,_("Port already closed :")+ str(port))
 
     firewall[ip][protocol].sort()
 
     os.system("mv firewall.yml firewall.yml.old")
 
-    with open('firewall.yml','w') as f:
-        yaml.dump(firewall,f)
+    with open('firewall.yml', 'w') as f:
+        yaml.dump(firewall, f)
 
-def add_portmapping(protocol=None,upnp=False,ipv6=None):
+
+def add_portmapping(protocol=None, upnp=False, ipv6=None):
     """
-
-
     Send a port mapping rules to igd device
     Keyword arguments:
         protocol -- Protocol used
@@ -212,9 +186,9 @@ def add_portmapping(protocol=None,upnp=False,ipv6=None):
     """
     os.system ("iptables -P INPUT ACCEPT")
     if upnp:
-        upnp=miniupnpc.UPnP()
-        upnp.discoverdelay=200
-        nbigd= upnp.discover()
+        upnp = miniupnpc.UPnP()
+        upnp.discoverdelay = 200
+        nbigd = upnp.discover()
         if nbigd:
             try:
                 upnp.selectigd()
@@ -226,27 +200,20 @@ def add_portmapping(protocol=None,upnp=False,ipv6=None):
             raise YunoHostError(22,_("Can't connect to the igd device"))
 
         # list the redirections :
-        i = 0
-        for i in (0,100):
+        for i in xrange(100):
             p = upnp.getgenericportmapping(i)
-            if p==None:
-                break
-            port=p[0]
-            proto=p[1]
-            upnp.deleteportmapping(port,proto);
-            i += 1
+            if p is None: break
+            upnp.deleteportmapping(p[0], p[1])
 
 
-    if ipv6:
-        ip = 'ipv6'
-    else:
-        ip = 'ipv4'
-    with open('firewall.yml','r') as f:
+    if ipv6: ip = 'ipv6'
+    else:    ip = 'ipv4'
+    with open('firewall.yml', 'r') as f:
         firewall = yaml.load(f)
 
     for i,port in enumerate (firewall[ip][protocol]):
         os.system ("iptables -A INPUT -p "+ protocol +" -i eth0 --dport "+ str(port) +" -j ACCEPT")
         if upnp:
-            upnp.addportmapping(port,protocol,upnp.lanaddr,port,'yunohost firewall : port %u' % port, '')
+            upnp.addportmapping(port, protocol, upnp.lanaddr, port, 'yunohost firewall : port %u' % port, '')
 
     os.system ("iptables -P INPUT DROP")