#!/usr/bin/env python # -*- coding: utf-8 -*- """ Copyright(C) 2007 INL Written by Damien Boucard <damien.boucard AT inl.fr> This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, version 3 of the License. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, see <http://www.gnu.org/licenses/>. --- Generates iptables commands from xml file for layer 7 filtering. NuLayer7 takes an nufw acls xml file with a l7rules block as an argument. usage: nulayer7.py [options] acls.xml """ __revision__ = '0.1' __author__ = 'Damien Boucard' __copyright__ = 'Copyright 2006, INL' import sys from optparse import OptionParser from nulayer7 import l7xml, l7ipt def parse_command_line(): usage = "usage: %prog [options] acls_file.xml" parser = OptionParser(usage, version = '%prog '+ __revision__) # defining expected options parser.add_option('-o', '--output', help = "File where iptables rules will be written ('-' for stdout)", metavar = 'FILE', default = '-') ##parser.set_defaults(rescue = False, forward = '', nat_rules = '', auth_ext = False) # parsing command line (options, args) = parser.parse_args(sys.argv) # checking options if options.output == '-': options.output_file = sys.stdout else: try: options.output_file = open(options.output, 'w') except IOError, e: print >>sys.stderr, "%s: '%s'" %(e.strerror, e.filename) sys.exit(1) # checking arguments if len(args) != 2: print >>sys.stderr, "Bad number of arguments." parser.print_help() sys.exit(1) try: acls_xml = open(args[1], 'r') except IOError, e: print >>sys.stderr, "%s: '%s'" %(e.strerror, e.filename) parser.print_help() sys.exit(1) return options, acls_xml if __name__ == "__main__": options, acls_xml = parse_command_line() l7rulelist = l7xml.load(acls_xml) l7ipt.dump(l7rulelist, options.output_file) options.output_file.flush()