在linux上使用python确定防火墙的存在

时间:2013-02-07 05:23:56

标签: python linux

我想显示防火墙是否存在..如果没有启用,用户应该收到警告..是否可以使用python代码完成?

2 个答案:

答案 0 :(得分:2)

这是我在Redhat机器上执行的命令,防火墙关闭

[root@epmauto-165-253 ~]# service iptables status
iptables: Firewall is not running.
[root@epmauto-165-253 ~]#
[root@epmauto-165-253 ~]# python
Python 2.6.6 (r266:84292, May  1 2012, 13:52:17)
[GCC 4.4.6 20110731 (Red Hat 4.4.6-3)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import os
>>> status = os.popen("service iptables status").read()
>>> print status
iptables: Firewall is not running.

>>>

在防火墙打开时,在不同的redhat机器上执行以下命令。

[root@blr-srm-auto157 ~]# service iptables status
Table: filter
Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination
1    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
2    ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0
3    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
4    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:22
5    REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT)
num  target     prot opt source               destination
1    REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination

[root@blr-srm-auto157 ~]# python
Python 2.6.6 (r266:84292, Apr 11 2011, 15:50:32)
[GCC 4.4.4 20100726 (Red Hat 4.4.4-13)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import os
>>> status = os.popen('service iptables status').read()
>>> print status
Table: filter
Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination
1    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
2    ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0
3    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
4    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:22
5    REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT)
num  target     prot opt source               destination
1    REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination


>>>

答案 1 :(得分:0)

在GNU / linux中,防火墙(netfilter)是内核的一部分,所以我认为如果启用了linux,防火墙也是如此。 接下来,您可以询问netfilter是否已配置,以及是否有任何规则。为此,您可以解析iptables命令(例如iptables -L)输出。