我想显示防火墙是否存在..如果没有启用,用户应该收到警告..是否可以使用python代码完成?
答案 0 :(得分:2)
这是我在Redhat机器上执行的命令,防火墙关闭
[root@epmauto-165-253 ~]# service iptables status
iptables: Firewall is not running.
[root@epmauto-165-253 ~]#
[root@epmauto-165-253 ~]# python
Python 2.6.6 (r266:84292, May 1 2012, 13:52:17)
[GCC 4.4.6 20110731 (Red Hat 4.4.6-3)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import os
>>> status = os.popen("service iptables status").read()
>>> print status
iptables: Firewall is not running.
>>>
在防火墙打开时,在不同的redhat机器上执行以下命令。
[root@blr-srm-auto157 ~]# service iptables status
Table: filter
Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
2 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
3 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
4 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
5 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT)
num target prot opt source destination
1 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
[root@blr-srm-auto157 ~]# python
Python 2.6.6 (r266:84292, Apr 11 2011, 15:50:32)
[GCC 4.4.4 20100726 (Red Hat 4.4.4-13)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import os
>>> status = os.popen('service iptables status').read()
>>> print status
Table: filter
Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
2 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
3 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
4 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
5 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT)
num target prot opt source destination
1 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
>>>
答案 1 :(得分:0)
在GNU / linux中,防火墙(netfilter)是内核的一部分,所以我认为如果启用了linux,防火墙也是如此。 接下来,您可以询问netfilter是否已配置,以及是否有任何规则。为此,您可以解析iptables命令(例如iptables -L)输出。