HEX
Server: Apache
System: Linux server2.voipitup.com.au 4.18.0-553.109.1.lve.el8.x86_64 #1 SMP Thu Mar 5 20:23:46 UTC 2026 x86_64
User: posscale (1027)
PHP: 8.2.30
Disabled: exec,passthru,shell_exec,system
$ pwd: /opt/saltstack/salt/lib/python3.10/site-packages/salt/states/__pycache__/
Upload Files
File: //opt/saltstack/salt/lib/python3.10/site-packages/salt/states/__pycache__/ipset.cpython-310.pyc
o

�N�ge&�@sTdZddlZe�e�Zdd�Zddd�Zddd	�Zdd
d�Zddd
�Z	ddd�Z
dS)a
Management of ipsets
======================

This is an ipset-specific module designed to manage IPSets for use
in IPTables Firewalls.

.. code-block:: yaml

    setname:
      ipset.set_present:
        - set_type: bitmap:ip
        - range: 192.168.0.0/16
        - comment: True

    setname:
      ipset.set_absent:
        - set_type: bitmap:ip
        - range: 192.168.0.0/16
        - comment: True

    setname_entries:
      ipset.present:
        - set_name: setname
        - entry: 192.168.0.3
        - comment: Hello
        - require:
            - ipset: baz

    setname_entries:
      ipset.present:
        - set_name: setname
        - entry:
            - 192.168.0.3
            - 192.168.1.3
        - comment: Hello
        - require:
            - ipset: baz

    setname_entries:
      ipset.absent:
        - set_name: setname
        - entry:
            - 192.168.0.3
            - 192.168.1.3
        - comment: Hello
        - require:
            - ipset: baz

    setname:
      ipset.flush:

�NcCsdtvrdSdS)z@
    Only load if the ipset module is available in __salt__
    z
ipset.versionT)Fz ipset module could not be loaded)�__salt__�rr�E/opt/saltstack/salt/lib/python3.10/site-packages/salt/states/ipset.py�__virtual__<sr�ipv4cKs�|iddd�}td|�}|dur!d|d<d|�d|��|d	<|Std
r1d|�d|��|d	<|Std|||fi|��}|durWd
|i|d<d|d<d|�d|��|d	<|Sd|d<d�||��|�|d	<|S)z�
    .. versionadded:: 2014.7.0

    Verify the set exists.

    name
        A user-defined set name.

    set_type
        The type for the set.

    family
        Networking family, either ipv4 or ipv6
    N���name�changes�result�comment�ipset.check_setTr�
ipset set z already exists for r�testz would be added for z
ipset.new_set�localer
z created successfully for Fz%Failed to create set {0} for {2}: {1}�r�__opts__�format�strip)r	�set_type�family�kwargs�ret�	set_check�commandrrr�set_presentEs(
�rcKs�|iddd�}td||�}|s!d|d<d|�d|�d	�|d
<|Stdr2d|�d|�d�|d
<|Std
||�}|rktd||�}|durZd|i|d<d|d<d�||�|d
<|Sd|d<d�||��|�|d
<|Sd|d<d�||��|�|d
<|S)z~
    .. versionadded:: 2014.7.0

    Verify the set is absent.

    family
        Networking family, either ipv4 or ipv6
    Nrrr
Trr� for z is already absentrrz would be removed�ipset.flushzipset.delete_setrr
z/ipset set {} deleted successfully for family {}Fz%Failed to delete set {0} for {2}: {1}z$Failed to flush set {0} for {2}: {1}r)r	rrrrZ	flush_setrrrr�
set_absentns:
�
�
��
�rc		Ks�|iddd�}|sd|d<d|d<|Sg}t|t�r|}n|�|�|D]�}d}d|vr4|�dd	�\}}d
|vrDd
|vrDd�|d
|�}d|vrTd|vrTd�||d�}d�||��g���}td
|d||�dur{|dd�||d|�7<q$t	dr�d|d<|dd�||d|�7<q$td|d||fi|��}d|vr�d|i|d<|dd�||d|�7<q$d|d<d�|d|||�|d<q$|S)aZ
    .. versionadded:: 2014.7.0

    Append a entry to a set

    name
        A user-defined name to call this entry by in another part of a state or
        formula. This should not be an actual entry.

    entry
        A single entry to add to a set or a list of entries to add to a set

    family
        Network family, ipv4 or ipv6.

    TrrFr�ipset entry must be specifiedr� ��timeout�
timeout {} {}�
{} comment {}�ipset.check�set_namez&entry for {} already in set {} for {}
rNz0entry {} would be added to set {} for family {}
z	ipset.add�Errorrr
z'entry {} added to set {} for family {}
z9Failed to add to entry {1} to set {0} for family {2}.
{3})
�
isinstance�list�append�splitr�join�lstriprrr)	r	�entryrrr�entries�
entry_opts�_entryrrrr�present�s^



��
��
��

���r2c		Ks�|iddd�}|sd|d<d|d<|Sg}t|t�r|}n|�|�|D]�}d}d|vr4|�dd	�\}}d
|vrDd
|vrDd�|d
|�}d|vrTd|vrTd�||d�}d�||g���}t�d
|�t	d|d||�dur�d|d<|dd�||d|�7<q$t
dr�d|d<|dd�||d|�7<q$t	d|d||fi|��}d|vr�d|i|d<d|d<|dd�||d|�7<q$d|d<d�|d|||�|d<q$|S)a
    .. versionadded:: 2014.7.0

    Remove a entry or entries from a chain

    name
        A user-defined name to call this entry by in another part of a state or
        formula. This should not be an actual entry.

    family
        Network family, ipv4 or ipv6.

    TrrFrrrr r!r"r#r$z	_entry %sr%r&z0ipset entry for {} not present in set {} for {}
rNz3ipset entry {} would be removed from set {} for {}
zipset.deleter'rr
z*ipset entry {} removed from set {} for {}
zLFailed to delete ipset entry from set {} for {}. Attempted entry was {}.
{}
)r(r)r*r+rr,r�log�debugrr)	r	r.r/rrrr0r1rrrr�absent�sr

�
���
��
���
���r5cKs�|iddd�}td|�}|dur!d|d<d|�d|��|d	<|Std
r/d�||�|d	<|Std||�rLd
|i|d<d|d<d|�d|��|d	<|Sd|d<d�||�|d	<|S)z}
    .. versionadded:: 2014.7.0

    Flush current ipset set

    family
        Networking family, either ipv4 or ipv6

    Nrrr
Frrz does not exist for rrz/ipset entries in set {} for {} would be flushedrrr
TzFlushed ipset entries from set rz0Failed to flush ipset entries from set {} for {})rrr)r	rrrrrrr�flush*s*
��r6)r)Nr)NNr)�__doc__�logging�	getLogger�__name__r3rrrr2r5r6rrrr�<module>s6

	
)
*
GK
@ Telegram