diff options
author | Kali Kaneko <kali@leap.se> | 2017-06-08 15:36:37 -0700 |
---|---|---|
committer | Kali Kaneko (leap communications) <kali@leap.se> | 2017-06-09 00:48:40 +0200 |
commit | a003e13cec2c44160b46047d0fee8d52dfc6253f (patch) | |
tree | 6322f118707e5ce5da435873744024eee9afb3d6 /src/leap/bitmask/vpn/fw/firewall.py | |
parent | 6f961fc09dd633d0bcf5397787139c0032e0661e (diff) |
[bug] make openvpn and firewall able to launch
with these fixes, I'm able to finally launch openvpn and firewall on
osx. :)
all that's left for a minimum vpn release is packaging and installing
all the helpers in the proper place.
Diffstat (limited to 'src/leap/bitmask/vpn/fw/firewall.py')
-rw-r--r-- | src/leap/bitmask/vpn/fw/firewall.py | 47 |
1 files changed, 37 insertions, 10 deletions
diff --git a/src/leap/bitmask/vpn/fw/firewall.py b/src/leap/bitmask/vpn/fw/firewall.py index 23bdbd9..dcd956d 100644 --- a/src/leap/bitmask/vpn/fw/firewall.py +++ b/src/leap/bitmask/vpn/fw/firewall.py @@ -25,14 +25,12 @@ import subprocess from twisted.logger import Logger -from leap.bitmask.vpn.constants import IS_MAC +from leap.bitmask.vpn.constants import IS_MAC, IS_LINUX from leap.common.events import catalog, emit_async -log = Logger() - - -# TODO -- subclass it for osx/windows, not only for linux. +from leap.bitmask.vpn.launchers import darwin +log = Logger() # A regular user should not run bitmask as root, but we contemplate # this case for tests inside docker. @@ -46,7 +44,34 @@ def check_root(cmd): return cmd -class FirewallManager(object): +class _OSXFirewallManager(object): + def __init__(self, remotes): + self._remotes = list(remotes) + self._helper = darwin.HelperCommand() + + def start(self, restart=False): + gateways = [gateway for gateway, port in self._remotes] + cmd = 'firewall_start %s' % (' '.join(gateways),) + self._helper.send(cmd) + # TODO parse OK from result + return True + + def stop(self): + cmd = 'firewall_stop' + self._helper.send(cmd) + return True + + def is_up(self): + # TODO implement!!! + return True + + @property + def status(self): + # TODO implement!!! -- factor out, too + return {'status': 'on', 'error': None} + + +class _LinuxFirewallManager(object): """ Firewall manager that blocks/unblocks all the internet traffic with some @@ -100,10 +125,6 @@ class FirewallManager(object): """ Tear the firewall down using the privileged wrapper. """ - # We don't support Mac so far - if IS_MAC: - return True - cmd = [self.BITMASK_ROOT, "firewall", "stop"] cmd = check_root(cmd) exitCode = subprocess.call(cmd) @@ -133,3 +154,9 @@ class FirewallManager(object): status = 'on' return {'status': status, 'error': None} + + +if IS_LINUX: + FirewallManager = _LinuxFirewallManager +elif IS_MAC: + FirewallManager = _OSXFirewallManager |