jail2ban/pfctl.py

import logging
from subprocess import run

_SUDO = '/usr/local/bin/sudo'
_PFCTL = '/sbin/pfctl'


def pfctl_cfg_read(anchor):
    cmd = [_SUDO, _PFCTL, '-a', anchor, '-sr']
    logging.info('Running %s', cmd)

    res = run(cmd, capture_output=True)

    if res and res.stdout:
        logging.info('Result: %s', res)
        res.check_returncode()
        return res.stdout.splitlines()


def pfctl_cfg_write(anchor, cfg):
    cmd = [_SUDO, _PFCTL, '-a', anchor, '-f-']
    logging.info('Running %s', cmd)
    logging.info('Config %s', cfg)

    res = run(cmd,
              input=cfg,
              capture_output=True)

    if res:
        logging.info('Result: %s', res)
        res.check_returncode()
        return res


def pfctl_table_op(anchor, **kwargs):
    table = kwargs['table']
    operation = kwargs['operation']
    value = kwargs['value'] if 'value' in kwargs else None
    cmd = [_SUDO, _PFCTL, '-a', anchor, '-t', table, '-T', operation, value]

    logging.info('Running %s', cmd)

    res = run([x for x in cmd if x is not None], capture_output=True)

    if res:
        logging.debug(res)
        res.check_returncode()
        return res.stdout.splitlines()