| Server IP : 172.67.206.42 / Your IP : 104.23.243.50 Web Server : Apache System : Linux server.localhost.com 6.8.0-85-generic #85-Ubuntu SMP PREEMPT_DYNAMIC Thu Sep 18 15:26:59 UTC 2025 x86_64 User : pahana ( 1029) PHP Version : 7.4.33 Disable Function : pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare, MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : OFF | Sudo : ON | Pkexec : OFF Directory : /usr/lib/python3/dist-packages/firewall/core/ |
Upload File : |
# SPDX-License-Identifier: GPL-2.0-or-later
#
# Copyright (C) 2010-2016 Red Hat, Inc.
#
# Authors:
# Thomas Woerner <[email protected]>
"""modules backend"""
from firewall.core.prog import runProg
from firewall.core.logger import log
from firewall.config import COMMANDS
class modules:
def __init__(self):
self._load_command = COMMANDS["modprobe"]
# Use rmmod instead of modprobe -r (RHBZ#1031102)
self._unload_command = COMMANDS["rmmod"]
def __repr__(self):
return "%s" % (self.__class__)
def loaded_modules(self):
"""get all loaded kernel modules and their dependencies"""
mods = []
deps = {}
try:
with open("/proc/modules", "r") as f:
for line in f:
if not line:
break
line = line.strip()
splits = line.split()
mods.append(splits[0])
if splits[3] != "-":
deps[splits[0]] = splits[3].split(",")[:-1]
else:
deps[splits[0]] = []
except FileNotFoundError:
pass
return mods, deps # [loaded modules], {module:[dependants]}
def load_module(self, module):
log.debug2("%s: %s %s", self.__class__, self._load_command, module)
return runProg(self._load_command, [module])
def unload_module(self, module):
log.debug2("%s: %s %s", self.__class__, self._unload_command, module)
return runProg(self._unload_command, [module])
def get_deps(self, module, deps, ret):
"""get all dependants of a module"""
if module not in deps:
return
for mod in deps[module]:
self.get_deps(mod, deps, ret)
if mod not in ret:
ret.append(mod)
if module not in ret:
ret.append(module)
def get_firewall_modules(self):
"""get all loaded firewall-related modules"""
mods = []
(mods2, deps) = self.loaded_modules()
self.get_deps("nf_conntrack", deps, mods)
# these modules don't have dependants listed in /proc/modules
for bad_bad_module in ["nf_conntrack_ipv4", "nf_conntrack_ipv6"]:
if bad_bad_module in mods:
# move them to end of list, so we'll remove them later
mods.remove(bad_bad_module)
mods.insert(-1, bad_bad_module)
for mod in mods2:
if (
mod in ["ip_tables", "ip6_tables", "ebtables"]
or mod.startswith("iptable_")
or mod.startswith("ip6table_")
or mod.startswith("nf_")
or mod.startswith("xt_")
or mod.startswith("ipt_")
or mod.startswith("ip6t_")
):
self.get_deps(mod, deps, mods)
return mods
def unload_firewall_modules(self):
"""unload all firewall-related modules"""
for module in self.get_firewall_modules():
(status, ret) = self.unload_module(module)
if status != 0:
log.debug1("Failed to unload module '%s': %s" % (module, ret))