~gC0SSKJrJrJr "SS\\5rg))PluginIndependentPlugin SoSPredicatecD\rSrSrSrSrSrSrSrSr Sr S r S r S r S rg )FirewallTables aCollects information about local firewall tables, such as iptables, and nf_tables (via nft). Note that this plugin does _not_ collect firewalld information, which is handled by a separate plugin. Collections from this plugin are largely gated byt the presence of relevant kernel modules - for example, the plugin will not collect the nf_tables ruleset if both the `nf_tables` and `nfnetlink` kernel modules are not currently loaded (unless using the --allow-system-changes option). zfirewall tablesfirewall_tables)networksystem) /etc/nftables) ip_tables ip6_tables nf_tables nfnetlinkebtablescPSU-nSU-S-nURU[XS/S9S9 g)zCollecting iptables rules for a table loads either kernel module of the table name (for kernel <= 3), or nf_tables (for kernel >= 4). If neither module is present, the rules must be empty.iptable_z iptables -t  -nvLrkmodspredNadd_cmd_outputrself tablenamemodnamecmds D/usr/lib/python3/dist-packages/sos/report/plugins/firewall_tables.pycollect_iptableFirewallTables.collect_iptablesA y(y(72  dK*@A  CcPSU-nSU-S-nURU[XS/S9S9 g)z%Same as function above, but for ipv6 ip6table_z ip6tables -t rrrrNrrs r collect_ip6tableFirewallTables.collect_ip6table*sA ) )G3  dK*@A  Cr#cB[USS/SS0S9nURSUSS9$) zJCollects nftables rulesets with 'nft' commands if the modules are present rrrall)rrequiredznft -a list rulesetT)rchanges)rcollect_cmd_output)rnft_preds r collect_nftablesFirewallTables.collect_nftables3sB  '2K&@*15)9;&&'<8/3'5 5r#cUR5n//S.nUSS:XaUSOSnUR5HVnUR5SSn[U5S:XdM'USS:XdM2USU;dM=X%SR US 5 MX S nS n[ US S S9nUR 5n SSS5 W R5H)n USS:XdMXS;dMURU 5 M+ Sn [ U S S S9n U R 5n SSS5 U R5H)n USS:XdMXS;dMURU 5 M+ USS:wd SUS;aURS[USS/S9S9 USS:wd SUS;aURS[USS/S9S9 UR/SQ5 g!,(df  GN=f![a Un GN.f=f!,(df  N=f![a Un Nf=f)N)ipip6statusroutputtablezmangle filter nat z/proc/net/ip_tables_namesrzUTF-8)encodingr1z/proc/net/ip6_tables_namesr2filterziptables -vnxLiptable_filterrrrzip6tables -vnxLip6table_filter)r z/etc/sysconfig/nftables.confz/etc/nftables.conf) r. splitlinessplitlenappendopenreadIOErrorr!r&rr add_copy_spec) rnft_list nft_ip_tables nft_lineslinewordsdefault_ip_tablesproc_net_ip_tablesifileip_tables_namesr7proc_net_ip6_tablesipfiles r setupFirewallTables.setup>s8 ((*!"- *28*<*AHX&r ((*DJJL1%E5zQ58w#6!H -Ah'..uQx8 +4 0!< (#@E"'**,A%//1E!Q&5$4G+G$$U+2 0"> )3AV"(++-B%//1E!Q&5%4H+H%%e,2 H  "h-2E&E    !$/?.MN   H  "h-2F&F   !!$/@+.NO     EA@ 0/O 0BA 0/O 0s` G G1G7 G<G+G< GGG G('G(+ G95G<9G<< H  H N)__name__ __module__ __qualname____firstlineno____doc__ short_desc plugin_nameprofilesfiles kernel_modsr!r&r.rR__static_attributes__rTr#r rr s:#J#K$H EK CC 59 r#rN)sos.report.pluginsrrrrrTr#r rasIHk V.k r#