=== modified file 'src/backend_iptables.py' --- src/backend_iptables.py 2013-03-11 05:07:36 +0000 +++ src/backend_iptables.py 2013-12-05 00:29:23 +0000 @@ -373,20 +373,21 @@ if show_count and r.direction == "out": attribs.append(r.direction) if len(attribs) > 0: - attrib_str = " (%s)" % (', '.join(attribs)) + attrib_str = "(%s)" % (', '.join(attribs)) # now construct the rule output string if show_count: tmp_str += "[%2d] " % (count) dir_str = r.direction.upper() + message_str = r.message if r.direction == "in" and not verbose and not show_count: dir_str = "" - tmp_str += "%-26s %-12s%s%s\n" % (location['dst'], \ - " ".join([r.action.upper(), \ - dir_str]), \ - location['src'], attrib_str) - + tmp_str_fmt = "%-26s %-12s %-26s %s\n" + tmp_str += tmp_str_fmt % (location['dst'], \ + " ".join([r.action.upper(), dir_str]), \ + " ".join([location['src'], attrib_str]),\ + message_str) # Show the list in the order given if a numbered list, otherwise # split incoming and outgoing rules if show_count: @@ -405,15 +406,18 @@ str_to = _("To") str_from = _("From") str_action = _("Action") - rules_header_fmt = "%-26s %-12s%s\n" + str_message = _("Message") + rules_header_fmt = "%-26s %-12s %-26s %s\n" - rules_header = rules_header_fmt % (str_to, str_action, str_from) + rules_header = rules_header_fmt % (str_to, str_action, str_from, + str_message) if show_count: rules_header += " " rules_header += rules_header_fmt % \ ("-" * len(str_to), \ "-" * len(str_action), \ - "-" * len(str_from)) + "-" * len(str_from), \ + "-" * len(str_message)) full_str += rules_header @@ -629,9 +633,21 @@ raise UFWError(err_msg) pat_tuple = re.compile(r'^### tuple ###\s*') + #ramnes: match and group "^rule" + " #This is a message$" + message_tuple = re.compile('^([^#]+) #([^#]+)\n') for line in orig: if pat_tuple.match(line): + message = "" tupl = pat_tuple.sub('', line) + if message_tuple.match(tupl): + try: + tmp = message_tuple.findall(tupl)[0] + message = tmp[1] + tupl = tmp[0] + except IndexError: + wmsg = _("Skipping malformed tuple: %s") % (tupl) + warn(wmsg) + continue tmp = re.split(r'\s+', tupl.strip()) if len(tmp) < 6 or len(tmp) > 9: wmsg = _("Skipping malformed tuple (bad length): %s") \ @@ -651,10 +667,12 @@ try: if len(tmp) < 8: rule = UFWRule(tmp[0], tmp[1], tmp[2], tmp[3], - tmp[4], tmp[5], dtype) + tmp[4], tmp[5], dtype, + message=message) else: rule = UFWRule(tmp[0], tmp[1], tmp[2], tmp[3], - tmp[4], tmp[5], dtype) + tmp[4], tmp[5], dtype, + message=message) # Removed leading [sd]app_ and unescape spaces pat_space = re.compile('%20') if tmp[6] != "-": @@ -760,11 +778,6 @@ tstr = "\n### tuple ### %s %s %s %s %s %s %s" % \ (action, r.protocol, r.dport, r.dst, r.sport, r.src, \ r.direction) - if r.interface_in != "": - tstr += "_%s" % (r.interface_in) - if r.interface_out != "": - tstr += "_%s" % (r.interface_out) - ufw.util.write_to_file(fd, tstr + "\n") else: pat_space = re.compile(' ') dapp = "-" @@ -777,11 +790,13 @@ (action, r.protocol, r.dport, r.dst, r.sport, r.src, \ dapp, sapp, r.direction) - if r.interface_in != "": - tstr += "_%s" % (r.interface_in) - if r.interface_out != "": - tstr += "_%s" % (r.interface_out) - ufw.util.write_to_file(fd, tstr + "\n") + if r.interface_in != "": + tstr += "_%s" % (r.interface_in) + if r.interface_out != "": + tstr += "_%s" % (r.interface_out) + if r.message != "": + tstr += " #%s" % (r.message) + ufw.util.write_to_file(fd, tstr + "\n") chain_suffix = "input" if r.direction == "out": === modified file 'src/common.py' --- src/common.py 2013-03-03 07:37:54 +0000 +++ src/common.py 2013-12-04 06:48:13 +0000 @@ -41,7 +41,7 @@ class UFWRule: '''This class represents firewall rules''' def __init__(self, action, protocol, dport="any", dst="0.0.0.0/0", - sport="any", src="0.0.0.0/0", direction="in"): + sport="any", src="0.0.0.0/0", direction="in", message=""): # Be sure to update dup_rule accordingly... self.remove = False self.updated = False @@ -60,6 +60,7 @@ self.interface_in = "" self.interface_out = "" self.direction = "" + self.message = "" try: self.set_action(action) self.set_protocol(protocol) @@ -68,6 +69,7 @@ self.set_src(src) self.set_dst(dst) self.set_direction(direction) + self.set_message(message) except UFWError: raise @@ -99,6 +101,7 @@ rule.interface_in = self.interface_in rule.interface_out = self.interface_out rule.direction = self.direction + rule.message = self.message return rule @@ -331,6 +334,10 @@ err_msg = _("Unsupported direction '%s'") % (direction) raise UFWError(err_msg) + def set_message(self, message): + '''Sets message of the rule''' + self.message = message + def normalize(self): '''Normalize src and dst to standard form''' changed = False === modified file 'src/parser.py' --- src/parser.py 2013-12-03 17:03:40 +0000 +++ src/parser.py 2013-12-05 04:05:48 +0000 @@ -187,7 +187,10 @@ rule.set_position(insert_pos) except Exception: raise - if nargs == 2: + if nargs == 2 or (nargs == 4 and argv[2] in ['-m', 'message']): + if nargs == 4: + rule.set_message(argv[3]) + # Short form where only app or port/proto is given if ufw.applications.valid_profile_name(argv[1]): # Check if name collision with /etc/services. If so, use @@ -224,6 +227,10 @@ err_msg = _("Invalid port with protocol '%s'") % \ (rule.protocol) raise UFWError(err_msg) + + elif nargs == 3 and argv.count('-m') + argv.count('message') != 0: + err_msg = _("Message missing") + raise UFWError(err_msg) elif (nargs + 1) % 2 != 0: err_msg = _("Wrong number of arguments") raise UFWError(err_msg) @@ -233,7 +240,8 @@ raise UFWError(err_msg) else: # Full form with PF-style syntax - keys = [ 'proto', 'from', 'to', 'port', 'app', 'in', 'out' ] + keys = [ 'proto', 'from', 'to', 'port', 'app', 'in', 'out', + 'message', '-m' ] # quick check if argv.count("to") > 1 or \ @@ -242,6 +250,7 @@ argv.count("port") > 2 or \ argv.count("in") > 1 or \ argv.count("out") > 1 or \ + argv.count("message") + argv.count("-m") > 1 or \ argv.count("app") > 2 or \ argv.count("app") > 0 and argv.count("proto") > 0: err_msg = _("Improper rule syntax") @@ -356,6 +365,14 @@ # changes err_msg = _("Invalid 'port' clause") raise UFWError(err_msg) + elif arg == "message" or arg == "-m": + if i+1 < nargs: + tmp = argv[i+1] + rule.set_message(tmp) + else: + err_msg = _("Message missing") + raise UFWError(err_msg) + i += 1 # Figure out the type of rule (IPv4, IPv6, or both) this is