From 95173381e785848260385e7ebd2aa55e2fb02793 Mon Sep 17 00:00:00 2001 From: Zhaohui Sun Date: Mon, 26 Jun 2023 08:48:38 +0000 Subject: [PATCH 1/4] [202012] Fix caclmgrd crash issue when applying scale cacl rules Signed-off-by: Zhaohui Sun --- src/sonic-host-services/scripts/caclmgrd | 68 +- .../caclmgrd/cacl_external_client_acl_test.py | 2 +- .../tests/caclmgrd/caclmgrd_scale_test.py | 51 + .../tests/caclmgrd/test_scale_vectors.py | 1009 +++++++++++++++++ .../tests/common/mock_configdb.py | 3 + 5 files changed, 1101 insertions(+), 32 deletions(-) create mode 100644 src/sonic-host-services/tests/caclmgrd/caclmgrd_scale_test.py create mode 100644 src/sonic-host-services/tests/caclmgrd/test_scale_vectors.py diff --git a/src/sonic-host-services/scripts/caclmgrd b/src/sonic-host-services/scripts/caclmgrd index dbde8c13e8c7..8bcc42bb6ef7 100755 --- a/src/sonic-host-services/scripts/caclmgrd +++ b/src/sonic-host-services/scripts/caclmgrd @@ -205,7 +205,7 @@ class ControlPlaneAclManager(daemon_base.DaemonBase): tcp_flags_str = tcp_flags_str[:-1] return tcp_flags_str - def generate_block_ip2me_traffic_iptables_commands(self, namespace): + def generate_block_ip2me_traffic_iptables_commands(self, namespace, config_db_connector): INTERFACE_TABLE_NAME_LIST = [ "LOOPBACK_INTERFACE", "MGMT_INTERFACE", @@ -218,7 +218,7 @@ class ControlPlaneAclManager(daemon_base.DaemonBase): # Add iptables rules to drop all packets destined for peer-to-peer interface IP addresses for iface_table_name in INTERFACE_TABLE_NAME_LIST: - iface_table = self.config_db_map[namespace].get_table(iface_table_name) + iface_table = config_db_connector.get_table(iface_table_name) if iface_table: for key, _ in iface_table.items(): if not _ip_prefix_in_key(key): @@ -431,7 +431,7 @@ class ControlPlaneAclManager(daemon_base.DaemonBase): self.log_info("Update DHCP chain: {}".format(insert_cmd)) - def get_acl_rules_and_translate_to_iptables_commands(self, namespace): + def get_acl_rules_and_translate_to_iptables_commands(self, namespace, config_db_connector): """ Retrieves current ACL tables and rules from Config DB, translates control plane ACLs into a list of iptables commands that can be run @@ -516,8 +516,8 @@ class ControlPlaneAclManager(daemon_base.DaemonBase): iptables_cmds.append(self.iptables_cmd_ns_prefix[namespace] + "ip6tables -A INPUT -p tcp --sport 179 -j ACCEPT") # Get current ACL tables and rules from Config DB - self._tables_db_info = self.config_db_map[namespace].get_table(self.ACL_TABLE) - self._rules_db_info = self.config_db_map[namespace].get_table(self.ACL_RULE) + self._tables_db_info = config_db_connector.get_table(self.ACL_TABLE) + self._rules_db_info = config_db_connector.get_table(self.ACL_RULE) num_ctrl_plane_acl_rules = 0 @@ -658,7 +658,7 @@ class ControlPlaneAclManager(daemon_base.DaemonBase): service_to_source_ip_map.update({ acl_service:{ "ipv4":ipv4_src_ip_set, "ipv6":ipv6_src_ip_set } }) # Add iptables commands to block ip2me traffic - iptables_cmds += self.generate_block_ip2me_traffic_iptables_commands(namespace) + iptables_cmds += self.generate_block_ip2me_traffic_iptables_commands(namespace, config_db_connector) # Add iptables/ip6tables commands to allow all incoming packets with TTL of 0 or 1 # This allows the device to respond to tools like tcptraceroute @@ -673,13 +673,13 @@ class ControlPlaneAclManager(daemon_base.DaemonBase): return iptables_cmds, service_to_source_ip_map - def update_control_plane_acls(self, namespace): + def update_control_plane_acls(self, namespace, config_db_connector): """ Convenience wrapper which retrieves current ACL tables and rules from Config DB, translates control plane ACLs into a list of iptables commands and runs them. """ - iptables_cmds, service_to_source_ip_map = self.get_acl_rules_and_translate_to_iptables_commands(namespace) + iptables_cmds, service_to_source_ip_map = self.get_acl_rules_and_translate_to_iptables_commands(namespace, config_db_connector) self.log_info("Issuing the following iptables commands:") for cmd in iptables_cmds: self.log_info(" " + cmd) @@ -714,30 +714,36 @@ class ControlPlaneAclManager(daemon_base.DaemonBase): updates were received during the delay window, at which point it will update iptables using the current ACL rules. """ - while True: - # Sleep for our delay interval - time.sleep(self.UPDATE_DELAY_SECS) - - with self.lock[namespace]: - if self.num_changes[namespace] > num_changes: - # More ACL table changes occurred since this thread was spawned - # spawn a new thread with the current number of changes - new_changes = self.num_changes[namespace] - num_changes - self.log_info("ACL config not stable for namespace '{}': {} changes detected in the past {} seconds. Skipping update ..." - .format(namespace, new_changes, self.UPDATE_DELAY_SECS)) - num_changes = self.num_changes[namespace] - else: - if num_changes == self.num_changes[namespace] and num_changes > 0: - self.log_info("ACL config for namespace '{}' has not changed for {} seconds. Applying updates ..." - .format(namespace, self.UPDATE_DELAY_SECS)) - self.update_control_plane_acls(namespace) - else: - self.log_error("Error updating ACLs for namespace '{}'".format(namespace)) + try: + # ConfigDBConnector is not multi thread safe. In child thread, we use another new DB connector. + new_config_db_connector = swsscommon.ConfigDBConnector(use_unix_socket_path=True, namespace=namespace) + new_config_db_connector.connect() + while True: + # Sleep for our delay interval + time.sleep(self.UPDATE_DELAY_SECS) - # Re-initialize - self.num_changes[namespace] = 0 - self.update_thread[namespace] = None - return + with self.lock[namespace]: + if self.num_changes[namespace] > num_changes: + # More ACL table changes occurred since this thread was spawned + # spawn a new thread with the current number of changes + new_changes = self.num_changes[namespace] - num_changes + self.log_info("ACL config not stable for namespace '{}': {} changes detected in the past {} seconds. Skipping update ..." + .format(namespace, new_changes, self.UPDATE_DELAY_SECS)) + num_changes = self.num_changes[namespace] + else: + if num_changes == self.num_changes[namespace] and num_changes > 0: + self.log_info("ACL config for namespace '{}' has not changed for {} seconds. Applying updates ..." + .format(namespace, self.UPDATE_DELAY_SECS)) + self.update_control_plane_acls(namespace, new_config_db_connector) + else: + self.log_error("Error updating ACLs for namespace '{}'".format(namespace)) + + # Re-initialize + self.num_changes[namespace] = 0 + self.update_thread[namespace] = None + return + finally: + new_config_db_connector.close("CONFIG_DB") def allow_bfd_protocol(self, namespace): iptables_cmds = [] diff --git a/src/sonic-host-services/tests/caclmgrd/cacl_external_client_acl_test.py b/src/sonic-host-services/tests/caclmgrd/cacl_external_client_acl_test.py index 6fbb7a8f728a..db5423ce76f7 100644 --- a/src/sonic-host-services/tests/caclmgrd/cacl_external_client_acl_test.py +++ b/src/sonic-host-services/tests/caclmgrd/cacl_external_client_acl_test.py @@ -40,7 +40,7 @@ def test_caclmgrd_external_client_acl(self, test_name, test_data, fs): self.caclmgrd.ControlPlaneAclManager.get_chain_list = mock.MagicMock(return_value=["INPUT", "FORWARD", "OUTPUT"]) caclmgrd_daemon = self.caclmgrd.ControlPlaneAclManager("caclmgrd") - iptables_rules_ret, _ = caclmgrd_daemon.get_acl_rules_and_translate_to_iptables_commands('') + iptables_rules_ret, _ = caclmgrd_daemon.get_acl_rules_and_translate_to_iptables_commands('', MockConfigDb()) self.assertEqual(set(test_data["return"]).issubset(set(iptables_rules_ret)), True) caclmgrd_daemon.iptables_cmd_ns_prefix['asic0'] = 'ip netns exec asic0' caclmgrd_daemon.namespace_docker_mgmt_ip['asic0'] = '1.1.1.1' diff --git a/src/sonic-host-services/tests/caclmgrd/caclmgrd_scale_test.py b/src/sonic-host-services/tests/caclmgrd/caclmgrd_scale_test.py new file mode 100644 index 000000000000..5769ad7c4e5f --- /dev/null +++ b/src/sonic-host-services/tests/caclmgrd/caclmgrd_scale_test.py @@ -0,0 +1,51 @@ +import os +import sys +import swsscommon + +from parameterized import parameterized +from sonic_py_common.general import load_module_from_source +from unittest import TestCase, mock +from pyfakefs.fake_filesystem_unittest import patchfs + +from .test_scale_vectors import CACLMGRD_SCALE_TEST_VECTOR +from tests.common.mock_configdb import MockConfigDb +from unittest.mock import MagicMock, patch + +DBCONFIG_PATH = '/var/run/redis/sonic-db/database_config.json' + +class TestCaclmgrdScale(TestCase): + """ + Test caclmgrd with scale cacl rules + """ + def setUp(self): + swsscommon.swsscommon.ConfigDBConnector = MockConfigDb + test_path = os.path.dirname(os.path.dirname(os.path.abspath(__file__))) + modules_path = os.path.dirname(test_path) + scripts_path = os.path.join(modules_path, "scripts") + sys.path.insert(0, modules_path) + caclmgrd_path = os.path.join(scripts_path, 'caclmgrd') + self.caclmgrd = load_module_from_source('caclmgrd', caclmgrd_path) + + @parameterized.expand(CACLMGRD_SCALE_TEST_VECTOR) + @patchfs + def test_caclmgrd_scale(self, test_name, test_data, fs): + if not os.path.exists(DBCONFIG_PATH): + fs.create_file(DBCONFIG_PATH) # fake database_config.json + + MockConfigDb.set_config_db(test_data["config_db"]) + + with mock.patch("caclmgrd.ControlPlaneAclManager.run_commands_pipe", return_value='sonic'): + with mock.patch("caclmgrd.subprocess") as mocked_subprocess: + popen_mock = mock.Mock() + popen_attrs = test_data["popen_attributes"] + popen_mock.configure_mock(**popen_attrs) + mocked_subprocess.Popen.return_value = popen_mock + mocked_subprocess.PIPE = -1 + + call_rc = test_data["call_rc"] + mocked_subprocess.call.return_value = call_rc + + caclmgrd_daemon = self.caclmgrd.ControlPlaneAclManager("caclmgrd") + caclmgrd_daemon.num_changes[''] = 150 + caclmgrd_daemon.check_and_update_control_plane_acls('', 150) + mocked_subprocess.Popen.assert_has_calls(test_data["expected_subprocess_calls"], any_order=True) diff --git a/src/sonic-host-services/tests/caclmgrd/test_scale_vectors.py b/src/sonic-host-services/tests/caclmgrd/test_scale_vectors.py new file mode 100644 index 000000000000..2f1e0f11adba --- /dev/null +++ b/src/sonic-host-services/tests/caclmgrd/test_scale_vectors.py @@ -0,0 +1,1009 @@ +from unittest.mock import call +import subprocess + +""" + caclmgrd bfd test vector +""" +CACLMGRD_SCALE_TEST_VECTOR = [ + [ + "SCALE_SESSION_TEST", + { + "config_db": { + "DEVICE_METADATA": { + "localhost": { + "type": "ToRRouter", + } + }, + "LOOPBACK_INTERFACE": {}, + "VLAN_INTERFACE": {}, + "PORTCHANNEL_INTERFACE": {}, + "INTERFACE": {}, + "FEATURE": {}, + "ACL_RULE": { + "NTP_ACL|RULE_1": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9999", + "SRC_IPV6": "2001::2/128" + }, + "NTP_ACL|RULE_2": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9998", + "SRC_IPV6": "2001::3/128" + }, + "NTP_ACL|RULE_3": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9997", + "SRC_IPV6": "2001::4/128" + }, + "NTP_ACL|RULE_4": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9996", + "SRC_IPV6": "2001::5/128" + }, + "NTP_ACL|RULE_5": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9995", + "SRC_IPV6": "2001::6/128" + }, + "NTP_ACL|RULE_6": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9994", + "SRC_IPV6": "2001::7/128" + }, + "NTP_ACL|RULE_7": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9993", + "SRC_IPV6": "2001::8/128" + }, + "NTP_ACL|RULE_8": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9992", + "SRC_IPV6": "2001::9/128" + }, + "NTP_ACL|RULE_9": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9991", + "SRC_IPV6": "2001::10/128" + }, + "NTP_ACL|RULE_10": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9990", + "SRC_IPV6": "2001::11/128" + }, + "NTP_ACL|RULE_11": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9989", + "SRC_IPV6": "2001::12/128" + }, + "NTP_ACL|RULE_12": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9988", + "SRC_IPV6": "2001::13/128" + }, + "NTP_ACL|RULE_13": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9987", + "SRC_IPV6": "2001::14/128" + }, + "NTP_ACL|RULE_14": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9986", + "SRC_IPV6": "2001::15/128" + }, + "NTP_ACL|RULE_15": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9985", + "SRC_IPV6": "2001::16/128" + }, + "NTP_ACL|RULE_16": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9984", + "SRC_IPV6": "2001::17/128" + }, + "NTP_ACL|RULE_17": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9983", + "SRC_IPV6": "2001::18/128" + }, + "NTP_ACL|RULE_18": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9982", + "SRC_IPV6": "2001::19/128" + }, + "NTP_ACL|RULE_19": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9981", + "SRC_IPV6": "2001::20/128" + }, + "NTP_ACL|RULE_20": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9980", + "SRC_IPV6": "2001::21/128" + }, + "NTP_ACL|RULE_21": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9979", + "SRC_IPV6": "2001::22/128" + }, + "NTP_ACL|RULE_22": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9978", + "SRC_IPV6": "2001::23/128" + }, + "NTP_ACL|RULE_23": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9977", + "SRC_IPV6": "2001::24/128" + }, + "NTP_ACL|RULE_24": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9976", + "SRC_IPV6": "2001::25/128" + }, + "NTP_ACL|RULE_25": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9975", + "SRC_IPV6": "2001::26/128" + }, + "NTP_ACL|RULE_26": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9974", + "SRC_IPV6": "2001::27/128" + }, + "NTP_ACL|RULE_27": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9973", + "SRC_IPV6": "2001::28/128" + }, + "NTP_ACL|RULE_28": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9972", + "SRC_IPV6": "2001::29/128" + }, + "NTP_ACL|RULE_29": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9971", + "SRC_IPV6": "2001::30/128" + }, + "NTP_ACL|RULE_30": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9970", + "SRC_IPV6": "2001::31/128" + }, + "NTP_ACL|RULE_31": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9969", + "SRC_IPV6": "2001::32/128" + }, + "NTP_ACL|RULE_32": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9968", + "SRC_IPV6": "2001::33/128" + }, + "NTP_ACL|RULE_33": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9967", + "SRC_IPV6": "2001::34/128" + }, + "NTP_ACL|RULE_34": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9966", + "SRC_IPV6": "2001::35/128" + }, + "NTP_ACL|RULE_35": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9965", + "SRC_IPV6": "2001::36/128" + }, + "NTP_ACL|RULE_36": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9964", + "SRC_IPV6": "2001::37/128" + }, + "NTP_ACL|RULE_37": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9963", + "SRC_IPV6": "2001::38/128" + }, + "NTP_ACL|RULE_38": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9962", + "SRC_IPV6": "2001::39/128" + }, + "NTP_ACL|RULE_39": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9961", + "SRC_IPV6": "2001::40/128" + }, + "NTP_ACL|RULE_40": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9960", + "SRC_IPV6": "2001::41/128" + }, + "NTP_ACL|RULE_41": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9959", + "SRC_IPV6": "2001::42/128" + }, + "NTP_ACL|RULE_42": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9958", + "SRC_IPV6": "2001::43/128" + }, + "NTP_ACL|RULE_43": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9957", + "SRC_IPV6": "2001::44/128" + }, + "NTP_ACL|RULE_44": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9956", + "SRC_IPV6": "2001::45/128" + }, + "NTP_ACL|RULE_45": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9955", + "SRC_IPV6": "2001::46/128" + }, + "NTP_ACL|RULE_46": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9954", + "SRC_IPV6": "2001::47/128" + }, + "NTP_ACL|RULE_47": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9953", + "SRC_IPV6": "2001::48/128" + }, + "NTP_ACL|RULE_48": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9952", + "SRC_IPV6": "2001::49/128" + }, + "NTP_ACL|RULE_49": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9951", + "SRC_IPV6": "2001::50/128" + }, + "NTP_ACL|RULE_50": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9950", + "SRC_IPV6": "2001::51/128" + }, + "SNMP_ACL|RULE_1": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9999", + "SRC_IPV6": "2001::2/128" + }, + "SNMP_ACL|RULE_2": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9998", + "SRC_IPV6": "2001::3/128" + }, + "SNMP_ACL|RULE_3": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9997", + "SRC_IPV6": "2001::4/128" + }, + "SNMP_ACL|RULE_4": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9996", + "SRC_IPV6": "2001::5/128" + }, + "SNMP_ACL|RULE_5": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9995", + "SRC_IPV6": "2001::6/128" + }, + "SNMP_ACL|RULE_6": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9994", + "SRC_IPV6": "2001::7/128" + }, + "SNMP_ACL|RULE_7": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9993", + "SRC_IPV6": "2001::8/128" + }, + "SNMP_ACL|RULE_8": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9992", + "SRC_IPV6": "2001::9/128" + }, + "SNMP_ACL|RULE_9": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9991", + "SRC_IPV6": "2001::10/128" + }, + "SNMP_ACL|RULE_10": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9990", + "SRC_IPV6": "2001::11/128" + }, + "SNMP_ACL|RULE_11": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9989", + "SRC_IPV6": "2001::12/128" + }, + "SNMP_ACL|RULE_12": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9988", + "SRC_IPV6": "2001::13/128" + }, + "SNMP_ACL|RULE_13": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9987", + "SRC_IPV6": "2001::14/128" + }, + "SNMP_ACL|RULE_14": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9986", + "SRC_IPV6": "2001::15/128" + }, + "SNMP_ACL|RULE_15": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9985", + "SRC_IPV6": "2001::16/128" + }, + "SNMP_ACL|RULE_16": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9984", + "SRC_IPV6": "2001::17/128" + }, + "SNMP_ACL|RULE_17": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9983", + "SRC_IPV6": "2001::18/128" + }, + "SNMP_ACL|RULE_18": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9982", + "SRC_IPV6": "2001::19/128" + }, + "SNMP_ACL|RULE_19": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9981", + "SRC_IPV6": "2001::20/128" + }, + "SNMP_ACL|RULE_20": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9980", + "SRC_IPV6": "2001::21/128" + }, + "SNMP_ACL|RULE_21": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9979", + "SRC_IPV6": "2001::22/128" + }, + "SNMP_ACL|RULE_22": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9978", + "SRC_IPV6": "2001::23/128" + }, + "SNMP_ACL|RULE_23": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9977", + "SRC_IPV6": "2001::24/128" + }, + "SNMP_ACL|RULE_24": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9976", + "SRC_IPV6": "2001::25/128" + }, + "SNMP_ACL|RULE_25": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9975", + "SRC_IPV6": "2001::26/128" + }, + "SNMP_ACL|RULE_26": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9974", + "SRC_IPV6": "2001::27/128" + }, + "SNMP_ACL|RULE_27": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9973", + "SRC_IPV6": "2001::28/128" + }, + "SNMP_ACL|RULE_28": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9972", + "SRC_IPV6": "2001::29/128" + }, + "SNMP_ACL|RULE_29": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9971", + "SRC_IPV6": "2001::30/128" + }, + "SNMP_ACL|RULE_30": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9970", + "SRC_IPV6": "2001::31/128" + }, + "SNMP_ACL|RULE_31": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9969", + "SRC_IPV6": "2001::32/128" + }, + "SNMP_ACL|RULE_32": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9968", + "SRC_IPV6": "2001::33/128" + }, + "SNMP_ACL|RULE_33": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9967", + "SRC_IPV6": "2001::34/128" + }, + "SNMP_ACL|RULE_34": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9966", + "SRC_IPV6": "2001::35/128" + }, + "SNMP_ACL|RULE_35": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9965", + "SRC_IPV6": "2001::36/128" + }, + "SNMP_ACL|RULE_36": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9964", + "SRC_IPV6": "2001::37/128" + }, + "SNMP_ACL|RULE_37": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9963", + "SRC_IPV6": "2001::38/128" + }, + "SNMP_ACL|RULE_38": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9962", + "SRC_IPV6": "2001::39/128" + }, + "SNMP_ACL|RULE_39": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9961", + "SRC_IPV6": "2001::40/128" + }, + "SNMP_ACL|RULE_40": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9960", + "SRC_IPV6": "2001::41/128" + }, + "SNMP_ACL|RULE_41": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9959", + "SRC_IPV6": "2001::42/128" + }, + "SNMP_ACL|RULE_42": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9958", + "SRC_IPV6": "2001::43/128" + }, + "SNMP_ACL|RULE_43": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9957", + "SRC_IPV6": "2001::44/128" + }, + "SNMP_ACL|RULE_44": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9956", + "SRC_IPV6": "2001::45/128" + }, + "SNMP_ACL|RULE_45": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9955", + "SRC_IPV6": "2001::46/128" + }, + "SNMP_ACL|RULE_46": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9954", + "SRC_IPV6": "2001::47/128" + }, + "SNMP_ACL|RULE_47": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9953", + "SRC_IPV6": "2001::48/128" + }, + "SNMP_ACL|RULE_48": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9952", + "SRC_IPV6": "2001::49/128" + }, + "SNMP_ACL|RULE_49": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9951", + "SRC_IPV6": "2001::50/128" + }, + "SNMP_ACL|RULE_50": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9950", + "SRC_IPV6": "2001::51/128" + }, + "SSH_ONLY|RULE_1": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9999", + "SRC_IPV6": "2001::2/128" + }, + "SSH_ONLY|RULE_2": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9998", + "SRC_IPV6": "2001::3/128" + }, + "SSH_ONLY|RULE_3": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9997", + "SRC_IPV6": "2001::4/128" + }, + "SSH_ONLY|RULE_4": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9996", + "SRC_IPV6": "2001::5/128" + }, + "SSH_ONLY|RULE_5": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9995", + "SRC_IPV6": "2001::6/128" + }, + "SSH_ONLY|RULE_6": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9994", + "SRC_IPV6": "2001::7/128" + }, + "SSH_ONLY|RULE_7": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9993", + "SRC_IPV6": "2001::8/128" + }, + "SSH_ONLY|RULE_8": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9992", + "SRC_IPV6": "2001::9/128" + }, + "SSH_ONLY|RULE_9": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9991", + "SRC_IPV6": "2001::10/128" + }, + "SSH_ONLY|RULE_10": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9990", + "SRC_IPV6": "2001::11/128" + }, + "SSH_ONLY|RULE_11": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9989", + "SRC_IPV6": "2001::12/128" + }, + "SSH_ONLY|RULE_12": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9988", + "SRC_IPV6": "2001::13/128" + }, + "SSH_ONLY|RULE_13": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9987", + "SRC_IPV6": "2001::14/128" + }, + "SSH_ONLY|RULE_14": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9986", + "SRC_IPV6": "2001::15/128" + }, + "SSH_ONLY|RULE_15": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9985", + "SRC_IPV6": "2001::16/128" + }, + "SSH_ONLY|RULE_16": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9984", + "SRC_IPV6": "2001::17/128" + }, + "SSH_ONLY|RULE_17": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9983", + "SRC_IPV6": "2001::18/128" + }, + "SSH_ONLY|RULE_18": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9982", + "SRC_IPV6": "2001::19/128" + }, + "SSH_ONLY|RULE_19": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9981", + "SRC_IPV6": "2001::20/128" + }, + "SSH_ONLY|RULE_20": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9980", + "SRC_IPV6": "2001::21/128" + }, + "SSH_ONLY|RULE_21": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9979", + "SRC_IPV6": "2001::22/128" + }, + "SSH_ONLY|RULE_22": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9978", + "SRC_IPV6": "2001::23/128" + }, + "SSH_ONLY|RULE_23": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9977", + "SRC_IPV6": "2001::24/128" + }, + "SSH_ONLY|RULE_24": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9976", + "SRC_IPV6": "2001::25/128" + }, + "SSH_ONLY|RULE_25": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9975", + "SRC_IPV6": "2001::26/128" + }, + "SSH_ONLY|RULE_26": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9974", + "SRC_IPV6": "2001::27/128" + }, + "SSH_ONLY|RULE_27": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9973", + "SRC_IPV6": "2001::28/128" + }, + "SSH_ONLY|RULE_28": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9972", + "SRC_IPV6": "2001::29/128" + }, + "SSH_ONLY|RULE_29": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9971", + "SRC_IPV6": "2001::30/128" + }, + "SSH_ONLY|RULE_30": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9970", + "SRC_IPV6": "2001::31/128" + }, + "SSH_ONLY|RULE_31": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9969", + "SRC_IPV6": "2001::32/128" + }, + "SSH_ONLY|RULE_32": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9968", + "SRC_IPV6": "2001::33/128" + }, + "SSH_ONLY|RULE_33": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9967", + "SRC_IPV6": "2001::34/128" + }, + "SSH_ONLY|RULE_34": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9966", + "SRC_IPV6": "2001::35/128" + }, + "SSH_ONLY|RULE_35": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9965", + "SRC_IPV6": "2001::36/128" + }, + "SSH_ONLY|RULE_36": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9964", + "SRC_IPV6": "2001::37/128" + }, + "SSH_ONLY|RULE_37": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9963", + "SRC_IPV6": "2001::38/128" + }, + "SSH_ONLY|RULE_38": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9962", + "SRC_IPV6": "2001::39/128" + }, + "SSH_ONLY|RULE_39": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9961", + "SRC_IPV6": "2001::40/128" + }, + "SSH_ONLY|RULE_40": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9960", + "SRC_IPV6": "2001::41/128" + }, + "SSH_ONLY|RULE_41": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9959", + "SRC_IPV6": "2001::42/128" + }, + "SSH_ONLY|RULE_42": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9958", + "SRC_IPV6": "2001::43/128" + }, + "SSH_ONLY|RULE_43": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9957", + "SRC_IPV6": "2001::44/128" + }, + "SSH_ONLY|RULE_44": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9956", + "SRC_IPV6": "2001::45/128" + }, + "SSH_ONLY|RULE_45": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9955", + "SRC_IPV6": "2001::46/128" + }, + "SSH_ONLY|RULE_46": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9954", + "SRC_IPV6": "2001::47/128" + }, + "SSH_ONLY|RULE_47": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9953", + "SRC_IPV6": "2001::48/128" + }, + "SSH_ONLY|RULE_48": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9952", + "SRC_IPV6": "2001::49/128" + }, + "SSH_ONLY|RULE_49": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9951", + "SRC_IPV6": "2001::50/128" + }, + "SSH_ONLY|RULE_50": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9950", + "SRC_IPV6": "2001::51/128" + } + }, + "ACL_TABLE": { + "NTP_ACL": { + "policy_desc": "NTP_ACL", + "services": [ + "NTP" + ], + "stage": "ingress", + "type": "CTRLPLANE" + }, + "SNMP_ACL": { + "policy_desc": "SNMP_ACL", + "services": [ + "SNMP" + ], + "stage": "ingress", + "type": "CTRLPLANE" + }, + "SSH_ONLY": { + "policy_desc": "SSH_ONLY", + "services": [ + "SSH" + ], + "stage": "ingress", + "type": "CTRLPLANE" + } + }, + }, + "expected_subprocess_calls": [ + call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::2/128', '--dport', '123', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::3/128', '--dport', '123', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::4/128', '--dport', '123', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::5/128', '--dport', '123', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::6/128', '--dport', '123', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::7/128', '--dport', '123', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::8/128', '--dport', '123', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::9/128', '--dport', '123', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::10/128', '--dport', '123', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::11/128', '--dport', '123', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::12/128', '--dport', '123', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::13/128', '--dport', '123', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::14/128', '--dport', '123', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::15/128', '--dport', '123', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::16/128', '--dport', '123', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::17/128', '--dport', '123', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::18/128', '--dport', '123', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::19/128', '--dport', '123', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::20/128', '--dport', '123', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::21/128', '--dport', '123', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::22/128', '--dport', '123', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::23/128', '--dport', '123', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::24/128', '--dport', '123', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::25/128', '--dport', '123', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::26/128', '--dport', '123', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::27/128', '--dport', '123', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::28/128', '--dport', '123', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::29/128', '--dport', '123', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::30/128', '--dport', '123', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::31/128', '--dport', '123', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::32/128', '--dport', '123', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::33/128', '--dport', '123', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::34/128', '--dport', '123', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::35/128', '--dport', '123', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::36/128', '--dport', '123', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::37/128', '--dport', '123', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::38/128', '--dport', '123', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::39/128', '--dport', '123', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::40/128', '--dport', '123', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::41/128', '--dport', '123', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::42/128', '--dport', '123', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::43/128', '--dport', '123', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::44/128', '--dport', '123', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::45/128', '--dport', '123', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::46/128', '--dport', '123', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::47/128', '--dport', '123', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::48/128', '--dport', '123', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::49/128', '--dport', '123', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::50/128', '--dport', '123', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::51/128', '--dport', '123', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::2/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::2/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::3/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::3/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::4/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::4/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::5/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::5/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::6/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::6/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::7/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::7/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::8/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::8/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::9/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::9/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::10/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::10/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::11/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::11/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::12/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::12/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::13/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::13/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::14/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::14/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::15/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::15/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::16/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::16/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::17/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::17/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::18/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::18/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::19/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::19/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::20/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::20/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::21/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::21/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::22/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::22/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::23/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::23/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::24/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::24/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::25/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::25/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::26/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::26/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::27/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::27/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::28/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::28/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::29/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::29/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::30/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::30/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::31/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::31/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::32/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::32/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::33/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::33/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::34/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::34/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::35/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::35/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::36/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::36/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::37/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::37/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::38/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::38/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::39/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::39/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::40/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::40/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::41/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::41/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::42/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::42/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::43/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::43/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::44/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::44/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::45/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::45/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::46/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::46/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::47/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::47/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::48/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::48/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::49/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::49/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::50/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::50/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::51/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::51/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::2/128', '--dport', '22', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::3/128', '--dport', '22', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::4/128', '--dport', '22', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::5/128', '--dport', '22', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::6/128', '--dport', '22', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::7/128', '--dport', '22', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::8/128', '--dport', '22', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::9/128', '--dport', '22', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::10/128', '--dport', '22', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::11/128', '--dport', '22', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::12/128', '--dport', '22', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::13/128', '--dport', '22', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::14/128', '--dport', '22', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::15/128', '--dport', '22', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::16/128', '--dport', '22', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::17/128', '--dport', '22', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::18/128', '--dport', '22', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::19/128', '--dport', '22', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::20/128', '--dport', '22', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::21/128', '--dport', '22', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::22/128', '--dport', '22', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::23/128', '--dport', '22', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::24/128', '--dport', '22', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::25/128', '--dport', '22', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::26/128', '--dport', '22', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::27/128', '--dport', '22', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::28/128', '--dport', '22', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::29/128', '--dport', '22', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::30/128', '--dport', '22', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::31/128', '--dport', '22', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::32/128', '--dport', '22', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::33/128', '--dport', '22', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::34/128', '--dport', '22', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::35/128', '--dport', '22', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::36/128', '--dport', '22', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::37/128', '--dport', '22', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::38/128', '--dport', '22', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::39/128', '--dport', '22', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::40/128', '--dport', '22', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::41/128', '--dport', '22', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::42/128', '--dport', '22', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::43/128', '--dport', '22', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::44/128', '--dport', '22', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::45/128', '--dport', '22', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::46/128', '--dport', '22', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::47/128', '--dport', '22', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::48/128', '--dport', '22', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::49/128', '--dport', '22', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::50/128', '--dport', '22', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), + call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::51/128', '--dport', '22', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE) + ], + "popen_attributes": { + 'communicate.return_value': ('output', 'error'), + }, + "call_rc": 0, + } + ] +] diff --git a/src/sonic-host-services/tests/common/mock_configdb.py b/src/sonic-host-services/tests/common/mock_configdb.py index 9b618254f9b4..a055d972a6d9 100644 --- a/src/sonic-host-services/tests/common/mock_configdb.py +++ b/src/sonic-host-services/tests/common/mock_configdb.py @@ -27,6 +27,9 @@ def get_config_db(): def connect(self, wait_for_init=True, retry_on=True): pass + def close(self, db_name): + pass + def get(self, db_id, key, field): return MockConfigDb.CONFIG_DB[key][field] From 44e4617dafab1dc18b66d8cab00a855d3f280e7a Mon Sep 17 00:00:00 2001 From: Zhaohui Sun Date: Wed, 28 Jun 2023 09:12:16 +0000 Subject: [PATCH 2/4] Replace run_commands_pipe with run_commands Signed-off-by: Zhaohui Sun --- src/sonic-host-services/tests/caclmgrd/caclmgrd_scale_test.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/sonic-host-services/tests/caclmgrd/caclmgrd_scale_test.py b/src/sonic-host-services/tests/caclmgrd/caclmgrd_scale_test.py index 5769ad7c4e5f..387944015b26 100644 --- a/src/sonic-host-services/tests/caclmgrd/caclmgrd_scale_test.py +++ b/src/sonic-host-services/tests/caclmgrd/caclmgrd_scale_test.py @@ -34,7 +34,7 @@ def test_caclmgrd_scale(self, test_name, test_data, fs): MockConfigDb.set_config_db(test_data["config_db"]) - with mock.patch("caclmgrd.ControlPlaneAclManager.run_commands_pipe", return_value='sonic'): + with mock.patch("caclmgrd.ControlPlaneAclManager.run_commands", return_value='sonic'): with mock.patch("caclmgrd.subprocess") as mocked_subprocess: popen_mock = mock.Mock() popen_attrs = test_data["popen_attributes"] From 2c8cb8cb4c868a4d03f153203191833bb8f491ba Mon Sep 17 00:00:00 2001 From: Zhaohui Sun Date: Fri, 30 Jun 2023 08:05:39 +0000 Subject: [PATCH 3/4] Fix UT test Signed-off-by: Zhaohui Sun --- .../tests/caclmgrd/caclmgrd_scale_test.py | 34 +- .../tests/caclmgrd/test_scale_vectors.py | 1957 +++++++++-------- 2 files changed, 996 insertions(+), 995 deletions(-) diff --git a/src/sonic-host-services/tests/caclmgrd/caclmgrd_scale_test.py b/src/sonic-host-services/tests/caclmgrd/caclmgrd_scale_test.py index 387944015b26..c10bd5396f8f 100644 --- a/src/sonic-host-services/tests/caclmgrd/caclmgrd_scale_test.py +++ b/src/sonic-host-services/tests/caclmgrd/caclmgrd_scale_test.py @@ -9,7 +9,7 @@ from .test_scale_vectors import CACLMGRD_SCALE_TEST_VECTOR from tests.common.mock_configdb import MockConfigDb -from unittest.mock import MagicMock, patch + DBCONFIG_PATH = '/var/run/redis/sonic-db/database_config.json' @@ -28,24 +28,24 @@ def setUp(self): @parameterized.expand(CACLMGRD_SCALE_TEST_VECTOR) @patchfs - def test_caclmgrd_scale(self, test_name, test_data, fs): + def test_caclmgrd_scale(self, test_name, test_data, fs): if not os.path.exists(DBCONFIG_PATH): fs.create_file(DBCONFIG_PATH) # fake database_config.json MockConfigDb.set_config_db(test_data["config_db"]) - with mock.patch("caclmgrd.ControlPlaneAclManager.run_commands", return_value='sonic'): - with mock.patch("caclmgrd.subprocess") as mocked_subprocess: - popen_mock = mock.Mock() - popen_attrs = test_data["popen_attributes"] - popen_mock.configure_mock(**popen_attrs) - mocked_subprocess.Popen.return_value = popen_mock - mocked_subprocess.PIPE = -1 - - call_rc = test_data["call_rc"] - mocked_subprocess.call.return_value = call_rc - - caclmgrd_daemon = self.caclmgrd.ControlPlaneAclManager("caclmgrd") - caclmgrd_daemon.num_changes[''] = 150 - caclmgrd_daemon.check_and_update_control_plane_acls('', 150) - mocked_subprocess.Popen.assert_has_calls(test_data["expected_subprocess_calls"], any_order=True) + with mock.patch("caclmgrd.subprocess") as mocked_subprocess: + popen_mock = mock.Mock() + popen_attrs = test_data["popen_attributes"] + popen_mock.configure_mock(**popen_attrs) + mocked_subprocess.Popen.return_value = popen_mock + mocked_subprocess.PIPE = -1 + + call_rc = test_data["call_rc"] + mocked_subprocess.call.return_value = call_rc + + caclmgrd_daemon = self.caclmgrd.ControlPlaneAclManager("caclmgrd") + caclmgrd_daemon.num_changes[''] = 150 + caclmgrd_daemon.check_and_update_control_plane_acls('', 150) + + mocked_subprocess.Popen.assert_has_calls(test_data["expected_subprocess_calls"], any_order=True) diff --git a/src/sonic-host-services/tests/caclmgrd/test_scale_vectors.py b/src/sonic-host-services/tests/caclmgrd/test_scale_vectors.py index 2f1e0f11adba..f02a37ab8f3f 100644 --- a/src/sonic-host-services/tests/caclmgrd/test_scale_vectors.py +++ b/src/sonic-host-services/tests/caclmgrd/test_scale_vectors.py @@ -16,989 +16,990 @@ }, "LOOPBACK_INTERFACE": {}, "VLAN_INTERFACE": {}, + "MGMT_INTERFACE": {}, "PORTCHANNEL_INTERFACE": {}, "INTERFACE": {}, "FEATURE": {}, - "ACL_RULE": { - "NTP_ACL|RULE_1": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9999", - "SRC_IPV6": "2001::2/128" - }, - "NTP_ACL|RULE_2": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9998", - "SRC_IPV6": "2001::3/128" - }, - "NTP_ACL|RULE_3": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9997", - "SRC_IPV6": "2001::4/128" - }, - "NTP_ACL|RULE_4": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9996", - "SRC_IPV6": "2001::5/128" - }, - "NTP_ACL|RULE_5": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9995", - "SRC_IPV6": "2001::6/128" - }, - "NTP_ACL|RULE_6": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9994", - "SRC_IPV6": "2001::7/128" - }, - "NTP_ACL|RULE_7": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9993", - "SRC_IPV6": "2001::8/128" - }, - "NTP_ACL|RULE_8": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9992", - "SRC_IPV6": "2001::9/128" - }, - "NTP_ACL|RULE_9": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9991", - "SRC_IPV6": "2001::10/128" - }, - "NTP_ACL|RULE_10": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9990", - "SRC_IPV6": "2001::11/128" - }, - "NTP_ACL|RULE_11": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9989", - "SRC_IPV6": "2001::12/128" - }, - "NTP_ACL|RULE_12": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9988", - "SRC_IPV6": "2001::13/128" - }, - "NTP_ACL|RULE_13": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9987", - "SRC_IPV6": "2001::14/128" - }, - "NTP_ACL|RULE_14": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9986", - "SRC_IPV6": "2001::15/128" - }, - "NTP_ACL|RULE_15": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9985", - "SRC_IPV6": "2001::16/128" - }, - "NTP_ACL|RULE_16": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9984", - "SRC_IPV6": "2001::17/128" - }, - "NTP_ACL|RULE_17": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9983", - "SRC_IPV6": "2001::18/128" - }, - "NTP_ACL|RULE_18": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9982", - "SRC_IPV6": "2001::19/128" - }, - "NTP_ACL|RULE_19": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9981", - "SRC_IPV6": "2001::20/128" - }, - "NTP_ACL|RULE_20": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9980", - "SRC_IPV6": "2001::21/128" - }, - "NTP_ACL|RULE_21": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9979", - "SRC_IPV6": "2001::22/128" - }, - "NTP_ACL|RULE_22": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9978", - "SRC_IPV6": "2001::23/128" - }, - "NTP_ACL|RULE_23": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9977", - "SRC_IPV6": "2001::24/128" - }, - "NTP_ACL|RULE_24": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9976", - "SRC_IPV6": "2001::25/128" - }, - "NTP_ACL|RULE_25": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9975", - "SRC_IPV6": "2001::26/128" - }, - "NTP_ACL|RULE_26": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9974", - "SRC_IPV6": "2001::27/128" - }, - "NTP_ACL|RULE_27": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9973", - "SRC_IPV6": "2001::28/128" - }, - "NTP_ACL|RULE_28": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9972", - "SRC_IPV6": "2001::29/128" - }, - "NTP_ACL|RULE_29": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9971", - "SRC_IPV6": "2001::30/128" - }, - "NTP_ACL|RULE_30": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9970", - "SRC_IPV6": "2001::31/128" - }, - "NTP_ACL|RULE_31": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9969", - "SRC_IPV6": "2001::32/128" - }, - "NTP_ACL|RULE_32": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9968", - "SRC_IPV6": "2001::33/128" - }, - "NTP_ACL|RULE_33": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9967", - "SRC_IPV6": "2001::34/128" - }, - "NTP_ACL|RULE_34": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9966", - "SRC_IPV6": "2001::35/128" - }, - "NTP_ACL|RULE_35": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9965", - "SRC_IPV6": "2001::36/128" - }, - "NTP_ACL|RULE_36": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9964", - "SRC_IPV6": "2001::37/128" - }, - "NTP_ACL|RULE_37": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9963", - "SRC_IPV6": "2001::38/128" - }, - "NTP_ACL|RULE_38": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9962", - "SRC_IPV6": "2001::39/128" - }, - "NTP_ACL|RULE_39": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9961", - "SRC_IPV6": "2001::40/128" - }, - "NTP_ACL|RULE_40": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9960", - "SRC_IPV6": "2001::41/128" - }, - "NTP_ACL|RULE_41": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9959", - "SRC_IPV6": "2001::42/128" - }, - "NTP_ACL|RULE_42": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9958", - "SRC_IPV6": "2001::43/128" - }, - "NTP_ACL|RULE_43": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9957", - "SRC_IPV6": "2001::44/128" - }, - "NTP_ACL|RULE_44": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9956", - "SRC_IPV6": "2001::45/128" - }, - "NTP_ACL|RULE_45": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9955", - "SRC_IPV6": "2001::46/128" - }, - "NTP_ACL|RULE_46": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9954", - "SRC_IPV6": "2001::47/128" - }, - "NTP_ACL|RULE_47": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9953", - "SRC_IPV6": "2001::48/128" - }, - "NTP_ACL|RULE_48": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9952", - "SRC_IPV6": "2001::49/128" - }, - "NTP_ACL|RULE_49": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9951", - "SRC_IPV6": "2001::50/128" - }, - "NTP_ACL|RULE_50": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9950", - "SRC_IPV6": "2001::51/128" - }, - "SNMP_ACL|RULE_1": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9999", - "SRC_IPV6": "2001::2/128" - }, - "SNMP_ACL|RULE_2": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9998", - "SRC_IPV6": "2001::3/128" - }, - "SNMP_ACL|RULE_3": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9997", - "SRC_IPV6": "2001::4/128" - }, - "SNMP_ACL|RULE_4": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9996", - "SRC_IPV6": "2001::5/128" - }, - "SNMP_ACL|RULE_5": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9995", - "SRC_IPV6": "2001::6/128" - }, - "SNMP_ACL|RULE_6": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9994", - "SRC_IPV6": "2001::7/128" - }, - "SNMP_ACL|RULE_7": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9993", - "SRC_IPV6": "2001::8/128" - }, - "SNMP_ACL|RULE_8": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9992", - "SRC_IPV6": "2001::9/128" - }, - "SNMP_ACL|RULE_9": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9991", - "SRC_IPV6": "2001::10/128" - }, - "SNMP_ACL|RULE_10": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9990", - "SRC_IPV6": "2001::11/128" - }, - "SNMP_ACL|RULE_11": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9989", - "SRC_IPV6": "2001::12/128" - }, - "SNMP_ACL|RULE_12": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9988", - "SRC_IPV6": "2001::13/128" - }, - "SNMP_ACL|RULE_13": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9987", - "SRC_IPV6": "2001::14/128" - }, - "SNMP_ACL|RULE_14": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9986", - "SRC_IPV6": "2001::15/128" - }, - "SNMP_ACL|RULE_15": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9985", - "SRC_IPV6": "2001::16/128" - }, - "SNMP_ACL|RULE_16": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9984", - "SRC_IPV6": "2001::17/128" - }, - "SNMP_ACL|RULE_17": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9983", - "SRC_IPV6": "2001::18/128" - }, - "SNMP_ACL|RULE_18": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9982", - "SRC_IPV6": "2001::19/128" - }, - "SNMP_ACL|RULE_19": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9981", - "SRC_IPV6": "2001::20/128" - }, - "SNMP_ACL|RULE_20": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9980", - "SRC_IPV6": "2001::21/128" - }, - "SNMP_ACL|RULE_21": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9979", - "SRC_IPV6": "2001::22/128" - }, - "SNMP_ACL|RULE_22": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9978", - "SRC_IPV6": "2001::23/128" - }, - "SNMP_ACL|RULE_23": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9977", - "SRC_IPV6": "2001::24/128" - }, - "SNMP_ACL|RULE_24": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9976", - "SRC_IPV6": "2001::25/128" - }, - "SNMP_ACL|RULE_25": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9975", - "SRC_IPV6": "2001::26/128" - }, - "SNMP_ACL|RULE_26": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9974", - "SRC_IPV6": "2001::27/128" - }, - "SNMP_ACL|RULE_27": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9973", - "SRC_IPV6": "2001::28/128" - }, - "SNMP_ACL|RULE_28": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9972", - "SRC_IPV6": "2001::29/128" - }, - "SNMP_ACL|RULE_29": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9971", - "SRC_IPV6": "2001::30/128" - }, - "SNMP_ACL|RULE_30": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9970", - "SRC_IPV6": "2001::31/128" - }, - "SNMP_ACL|RULE_31": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9969", - "SRC_IPV6": "2001::32/128" - }, - "SNMP_ACL|RULE_32": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9968", - "SRC_IPV6": "2001::33/128" - }, - "SNMP_ACL|RULE_33": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9967", - "SRC_IPV6": "2001::34/128" - }, - "SNMP_ACL|RULE_34": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9966", - "SRC_IPV6": "2001::35/128" - }, - "SNMP_ACL|RULE_35": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9965", - "SRC_IPV6": "2001::36/128" - }, - "SNMP_ACL|RULE_36": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9964", - "SRC_IPV6": "2001::37/128" - }, - "SNMP_ACL|RULE_37": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9963", - "SRC_IPV6": "2001::38/128" - }, - "SNMP_ACL|RULE_38": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9962", - "SRC_IPV6": "2001::39/128" - }, - "SNMP_ACL|RULE_39": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9961", - "SRC_IPV6": "2001::40/128" - }, - "SNMP_ACL|RULE_40": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9960", - "SRC_IPV6": "2001::41/128" - }, - "SNMP_ACL|RULE_41": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9959", - "SRC_IPV6": "2001::42/128" - }, - "SNMP_ACL|RULE_42": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9958", - "SRC_IPV6": "2001::43/128" - }, - "SNMP_ACL|RULE_43": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9957", - "SRC_IPV6": "2001::44/128" - }, - "SNMP_ACL|RULE_44": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9956", - "SRC_IPV6": "2001::45/128" - }, - "SNMP_ACL|RULE_45": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9955", - "SRC_IPV6": "2001::46/128" - }, - "SNMP_ACL|RULE_46": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9954", - "SRC_IPV6": "2001::47/128" - }, - "SNMP_ACL|RULE_47": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9953", - "SRC_IPV6": "2001::48/128" - }, - "SNMP_ACL|RULE_48": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9952", - "SRC_IPV6": "2001::49/128" - }, - "SNMP_ACL|RULE_49": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9951", - "SRC_IPV6": "2001::50/128" - }, - "SNMP_ACL|RULE_50": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9950", - "SRC_IPV6": "2001::51/128" - }, - "SSH_ONLY|RULE_1": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9999", - "SRC_IPV6": "2001::2/128" - }, - "SSH_ONLY|RULE_2": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9998", - "SRC_IPV6": "2001::3/128" - }, - "SSH_ONLY|RULE_3": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9997", - "SRC_IPV6": "2001::4/128" - }, - "SSH_ONLY|RULE_4": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9996", - "SRC_IPV6": "2001::5/128" - }, - "SSH_ONLY|RULE_5": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9995", - "SRC_IPV6": "2001::6/128" - }, - "SSH_ONLY|RULE_6": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9994", - "SRC_IPV6": "2001::7/128" - }, - "SSH_ONLY|RULE_7": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9993", - "SRC_IPV6": "2001::8/128" - }, - "SSH_ONLY|RULE_8": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9992", - "SRC_IPV6": "2001::9/128" - }, - "SSH_ONLY|RULE_9": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9991", - "SRC_IPV6": "2001::10/128" - }, - "SSH_ONLY|RULE_10": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9990", - "SRC_IPV6": "2001::11/128" - }, - "SSH_ONLY|RULE_11": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9989", - "SRC_IPV6": "2001::12/128" - }, - "SSH_ONLY|RULE_12": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9988", - "SRC_IPV6": "2001::13/128" - }, - "SSH_ONLY|RULE_13": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9987", - "SRC_IPV6": "2001::14/128" - }, - "SSH_ONLY|RULE_14": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9986", - "SRC_IPV6": "2001::15/128" - }, - "SSH_ONLY|RULE_15": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9985", - "SRC_IPV6": "2001::16/128" - }, - "SSH_ONLY|RULE_16": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9984", - "SRC_IPV6": "2001::17/128" - }, - "SSH_ONLY|RULE_17": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9983", - "SRC_IPV6": "2001::18/128" - }, - "SSH_ONLY|RULE_18": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9982", - "SRC_IPV6": "2001::19/128" - }, - "SSH_ONLY|RULE_19": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9981", - "SRC_IPV6": "2001::20/128" - }, - "SSH_ONLY|RULE_20": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9980", - "SRC_IPV6": "2001::21/128" - }, - "SSH_ONLY|RULE_21": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9979", - "SRC_IPV6": "2001::22/128" - }, - "SSH_ONLY|RULE_22": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9978", - "SRC_IPV6": "2001::23/128" - }, - "SSH_ONLY|RULE_23": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9977", - "SRC_IPV6": "2001::24/128" - }, - "SSH_ONLY|RULE_24": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9976", - "SRC_IPV6": "2001::25/128" - }, - "SSH_ONLY|RULE_25": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9975", - "SRC_IPV6": "2001::26/128" - }, - "SSH_ONLY|RULE_26": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9974", - "SRC_IPV6": "2001::27/128" - }, - "SSH_ONLY|RULE_27": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9973", - "SRC_IPV6": "2001::28/128" - }, - "SSH_ONLY|RULE_28": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9972", - "SRC_IPV6": "2001::29/128" - }, - "SSH_ONLY|RULE_29": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9971", - "SRC_IPV6": "2001::30/128" - }, - "SSH_ONLY|RULE_30": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9970", - "SRC_IPV6": "2001::31/128" - }, - "SSH_ONLY|RULE_31": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9969", - "SRC_IPV6": "2001::32/128" - }, - "SSH_ONLY|RULE_32": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9968", - "SRC_IPV6": "2001::33/128" - }, - "SSH_ONLY|RULE_33": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9967", - "SRC_IPV6": "2001::34/128" - }, - "SSH_ONLY|RULE_34": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9966", - "SRC_IPV6": "2001::35/128" - }, - "SSH_ONLY|RULE_35": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9965", - "SRC_IPV6": "2001::36/128" - }, - "SSH_ONLY|RULE_36": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9964", - "SRC_IPV6": "2001::37/128" - }, - "SSH_ONLY|RULE_37": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9963", - "SRC_IPV6": "2001::38/128" - }, - "SSH_ONLY|RULE_38": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9962", - "SRC_IPV6": "2001::39/128" - }, - "SSH_ONLY|RULE_39": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9961", - "SRC_IPV6": "2001::40/128" - }, - "SSH_ONLY|RULE_40": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9960", - "SRC_IPV6": "2001::41/128" - }, - "SSH_ONLY|RULE_41": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9959", - "SRC_IPV6": "2001::42/128" - }, - "SSH_ONLY|RULE_42": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9958", - "SRC_IPV6": "2001::43/128" - }, - "SSH_ONLY|RULE_43": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9957", - "SRC_IPV6": "2001::44/128" - }, - "SSH_ONLY|RULE_44": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9956", - "SRC_IPV6": "2001::45/128" - }, - "SSH_ONLY|RULE_45": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9955", - "SRC_IPV6": "2001::46/128" - }, - "SSH_ONLY|RULE_46": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9954", - "SRC_IPV6": "2001::47/128" - }, - "SSH_ONLY|RULE_47": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9953", - "SRC_IPV6": "2001::48/128" - }, - "SSH_ONLY|RULE_48": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9952", - "SRC_IPV6": "2001::49/128" - }, - "SSH_ONLY|RULE_49": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9951", - "SRC_IPV6": "2001::50/128" - }, - "SSH_ONLY|RULE_50": { - "PACKET_ACTION": "DROP", - "PRIORITY": "9950", - "SRC_IPV6": "2001::51/128" - } - }, - "ACL_TABLE": { - "NTP_ACL": { - "policy_desc": "NTP_ACL", - "services": [ - "NTP" - ], - "stage": "ingress", - "type": "CTRLPLANE" - }, - "SNMP_ACL": { - "policy_desc": "SNMP_ACL", - "services": [ - "SNMP" - ], - "stage": "ingress", - "type": "CTRLPLANE" - }, - "SSH_ONLY": { - "policy_desc": "SSH_ONLY", - "services": [ - "SSH" - ], - "stage": "ingress", - "type": "CTRLPLANE" - } - }, + "ACL_RULE": { + "NTP_ACL|RULE_1": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9999", + "SRC_IPV6": "2001::2/128" + }, + "NTP_ACL|RULE_2": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9998", + "SRC_IPV6": "2001::3/128" + }, + "NTP_ACL|RULE_3": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9997", + "SRC_IPV6": "2001::4/128" + }, + "NTP_ACL|RULE_4": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9996", + "SRC_IPV6": "2001::5/128" + }, + "NTP_ACL|RULE_5": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9995", + "SRC_IPV6": "2001::6/128" + }, + "NTP_ACL|RULE_6": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9994", + "SRC_IPV6": "2001::7/128" + }, + "NTP_ACL|RULE_7": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9993", + "SRC_IPV6": "2001::8/128" + }, + "NTP_ACL|RULE_8": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9992", + "SRC_IPV6": "2001::9/128" + }, + "NTP_ACL|RULE_9": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9991", + "SRC_IPV6": "2001::10/128" + }, + "NTP_ACL|RULE_10": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9990", + "SRC_IPV6": "2001::11/128" + }, + "NTP_ACL|RULE_11": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9989", + "SRC_IPV6": "2001::12/128" + }, + "NTP_ACL|RULE_12": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9988", + "SRC_IPV6": "2001::13/128" + }, + "NTP_ACL|RULE_13": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9987", + "SRC_IPV6": "2001::14/128" + }, + "NTP_ACL|RULE_14": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9986", + "SRC_IPV6": "2001::15/128" + }, + "NTP_ACL|RULE_15": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9985", + "SRC_IPV6": "2001::16/128" + }, + "NTP_ACL|RULE_16": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9984", + "SRC_IPV6": "2001::17/128" + }, + "NTP_ACL|RULE_17": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9983", + "SRC_IPV6": "2001::18/128" + }, + "NTP_ACL|RULE_18": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9982", + "SRC_IPV6": "2001::19/128" + }, + "NTP_ACL|RULE_19": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9981", + "SRC_IPV6": "2001::20/128" + }, + "NTP_ACL|RULE_20": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9980", + "SRC_IPV6": "2001::21/128" + }, + "NTP_ACL|RULE_21": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9979", + "SRC_IPV6": "2001::22/128" + }, + "NTP_ACL|RULE_22": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9978", + "SRC_IPV6": "2001::23/128" + }, + "NTP_ACL|RULE_23": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9977", + "SRC_IPV6": "2001::24/128" + }, + "NTP_ACL|RULE_24": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9976", + "SRC_IPV6": "2001::25/128" + }, + "NTP_ACL|RULE_25": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9975", + "SRC_IPV6": "2001::26/128" + }, + "NTP_ACL|RULE_26": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9974", + "SRC_IPV6": "2001::27/128" + }, + "NTP_ACL|RULE_27": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9973", + "SRC_IPV6": "2001::28/128" + }, + "NTP_ACL|RULE_28": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9972", + "SRC_IPV6": "2001::29/128" + }, + "NTP_ACL|RULE_29": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9971", + "SRC_IPV6": "2001::30/128" + }, + "NTP_ACL|RULE_30": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9970", + "SRC_IPV6": "2001::31/128" + }, + "NTP_ACL|RULE_31": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9969", + "SRC_IPV6": "2001::32/128" + }, + "NTP_ACL|RULE_32": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9968", + "SRC_IPV6": "2001::33/128" + }, + "NTP_ACL|RULE_33": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9967", + "SRC_IPV6": "2001::34/128" + }, + "NTP_ACL|RULE_34": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9966", + "SRC_IPV6": "2001::35/128" + }, + "NTP_ACL|RULE_35": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9965", + "SRC_IPV6": "2001::36/128" + }, + "NTP_ACL|RULE_36": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9964", + "SRC_IPV6": "2001::37/128" + }, + "NTP_ACL|RULE_37": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9963", + "SRC_IPV6": "2001::38/128" + }, + "NTP_ACL|RULE_38": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9962", + "SRC_IPV6": "2001::39/128" + }, + "NTP_ACL|RULE_39": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9961", + "SRC_IPV6": "2001::40/128" + }, + "NTP_ACL|RULE_40": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9960", + "SRC_IPV6": "2001::41/128" + }, + "NTP_ACL|RULE_41": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9959", + "SRC_IPV6": "2001::42/128" + }, + "NTP_ACL|RULE_42": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9958", + "SRC_IPV6": "2001::43/128" + }, + "NTP_ACL|RULE_43": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9957", + "SRC_IPV6": "2001::44/128" + }, + "NTP_ACL|RULE_44": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9956", + "SRC_IPV6": "2001::45/128" + }, + "NTP_ACL|RULE_45": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9955", + "SRC_IPV6": "2001::46/128" + }, + "NTP_ACL|RULE_46": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9954", + "SRC_IPV6": "2001::47/128" + }, + "NTP_ACL|RULE_47": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9953", + "SRC_IPV6": "2001::48/128" + }, + "NTP_ACL|RULE_48": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9952", + "SRC_IPV6": "2001::49/128" + }, + "NTP_ACL|RULE_49": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9951", + "SRC_IPV6": "2001::50/128" + }, + "NTP_ACL|RULE_50": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9950", + "SRC_IPV6": "2001::51/128" + }, + "SNMP_ACL|RULE_1": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9999", + "SRC_IPV6": "2001::2/128" + }, + "SNMP_ACL|RULE_2": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9998", + "SRC_IPV6": "2001::3/128" + }, + "SNMP_ACL|RULE_3": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9997", + "SRC_IPV6": "2001::4/128" + }, + "SNMP_ACL|RULE_4": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9996", + "SRC_IPV6": "2001::5/128" + }, + "SNMP_ACL|RULE_5": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9995", + "SRC_IPV6": "2001::6/128" + }, + "SNMP_ACL|RULE_6": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9994", + "SRC_IPV6": "2001::7/128" + }, + "SNMP_ACL|RULE_7": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9993", + "SRC_IPV6": "2001::8/128" + }, + "SNMP_ACL|RULE_8": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9992", + "SRC_IPV6": "2001::9/128" + }, + "SNMP_ACL|RULE_9": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9991", + "SRC_IPV6": "2001::10/128" + }, + "SNMP_ACL|RULE_10": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9990", + "SRC_IPV6": "2001::11/128" + }, + "SNMP_ACL|RULE_11": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9989", + "SRC_IPV6": "2001::12/128" + }, + "SNMP_ACL|RULE_12": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9988", + "SRC_IPV6": "2001::13/128" + }, + "SNMP_ACL|RULE_13": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9987", + "SRC_IPV6": "2001::14/128" + }, + "SNMP_ACL|RULE_14": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9986", + "SRC_IPV6": "2001::15/128" + }, + "SNMP_ACL|RULE_15": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9985", + "SRC_IPV6": "2001::16/128" + }, + "SNMP_ACL|RULE_16": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9984", + "SRC_IPV6": "2001::17/128" + }, + "SNMP_ACL|RULE_17": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9983", + "SRC_IPV6": "2001::18/128" + }, + "SNMP_ACL|RULE_18": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9982", + "SRC_IPV6": "2001::19/128" + }, + "SNMP_ACL|RULE_19": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9981", + "SRC_IPV6": "2001::20/128" + }, + "SNMP_ACL|RULE_20": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9980", + "SRC_IPV6": "2001::21/128" + }, + "SNMP_ACL|RULE_21": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9979", + "SRC_IPV6": "2001::22/128" + }, + "SNMP_ACL|RULE_22": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9978", + "SRC_IPV6": "2001::23/128" + }, + "SNMP_ACL|RULE_23": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9977", + "SRC_IPV6": "2001::24/128" + }, + "SNMP_ACL|RULE_24": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9976", + "SRC_IPV6": "2001::25/128" + }, + "SNMP_ACL|RULE_25": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9975", + "SRC_IPV6": "2001::26/128" + }, + "SNMP_ACL|RULE_26": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9974", + "SRC_IPV6": "2001::27/128" + }, + "SNMP_ACL|RULE_27": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9973", + "SRC_IPV6": "2001::28/128" + }, + "SNMP_ACL|RULE_28": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9972", + "SRC_IPV6": "2001::29/128" + }, + "SNMP_ACL|RULE_29": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9971", + "SRC_IPV6": "2001::30/128" + }, + "SNMP_ACL|RULE_30": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9970", + "SRC_IPV6": "2001::31/128" + }, + "SNMP_ACL|RULE_31": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9969", + "SRC_IPV6": "2001::32/128" + }, + "SNMP_ACL|RULE_32": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9968", + "SRC_IPV6": "2001::33/128" + }, + "SNMP_ACL|RULE_33": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9967", + "SRC_IPV6": "2001::34/128" + }, + "SNMP_ACL|RULE_34": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9966", + "SRC_IPV6": "2001::35/128" + }, + "SNMP_ACL|RULE_35": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9965", + "SRC_IPV6": "2001::36/128" + }, + "SNMP_ACL|RULE_36": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9964", + "SRC_IPV6": "2001::37/128" + }, + "SNMP_ACL|RULE_37": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9963", + "SRC_IPV6": "2001::38/128" + }, + "SNMP_ACL|RULE_38": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9962", + "SRC_IPV6": "2001::39/128" + }, + "SNMP_ACL|RULE_39": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9961", + "SRC_IPV6": "2001::40/128" + }, + "SNMP_ACL|RULE_40": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9960", + "SRC_IPV6": "2001::41/128" + }, + "SNMP_ACL|RULE_41": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9959", + "SRC_IPV6": "2001::42/128" + }, + "SNMP_ACL|RULE_42": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9958", + "SRC_IPV6": "2001::43/128" + }, + "SNMP_ACL|RULE_43": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9957", + "SRC_IPV6": "2001::44/128" + }, + "SNMP_ACL|RULE_44": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9956", + "SRC_IPV6": "2001::45/128" + }, + "SNMP_ACL|RULE_45": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9955", + "SRC_IPV6": "2001::46/128" + }, + "SNMP_ACL|RULE_46": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9954", + "SRC_IPV6": "2001::47/128" + }, + "SNMP_ACL|RULE_47": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9953", + "SRC_IPV6": "2001::48/128" + }, + "SNMP_ACL|RULE_48": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9952", + "SRC_IPV6": "2001::49/128" + }, + "SNMP_ACL|RULE_49": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9951", + "SRC_IPV6": "2001::50/128" + }, + "SNMP_ACL|RULE_50": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9950", + "SRC_IPV6": "2001::51/128" + }, + "SSH_ONLY|RULE_1": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9999", + "SRC_IPV6": "2001::2/128" + }, + "SSH_ONLY|RULE_2": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9998", + "SRC_IPV6": "2001::3/128" + }, + "SSH_ONLY|RULE_3": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9997", + "SRC_IPV6": "2001::4/128" + }, + "SSH_ONLY|RULE_4": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9996", + "SRC_IPV6": "2001::5/128" + }, + "SSH_ONLY|RULE_5": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9995", + "SRC_IPV6": "2001::6/128" + }, + "SSH_ONLY|RULE_6": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9994", + "SRC_IPV6": "2001::7/128" + }, + "SSH_ONLY|RULE_7": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9993", + "SRC_IPV6": "2001::8/128" + }, + "SSH_ONLY|RULE_8": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9992", + "SRC_IPV6": "2001::9/128" + }, + "SSH_ONLY|RULE_9": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9991", + "SRC_IPV6": "2001::10/128" + }, + "SSH_ONLY|RULE_10": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9990", + "SRC_IPV6": "2001::11/128" + }, + "SSH_ONLY|RULE_11": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9989", + "SRC_IPV6": "2001::12/128" + }, + "SSH_ONLY|RULE_12": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9988", + "SRC_IPV6": "2001::13/128" + }, + "SSH_ONLY|RULE_13": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9987", + "SRC_IPV6": "2001::14/128" + }, + "SSH_ONLY|RULE_14": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9986", + "SRC_IPV6": "2001::15/128" + }, + "SSH_ONLY|RULE_15": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9985", + "SRC_IPV6": "2001::16/128" + }, + "SSH_ONLY|RULE_16": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9984", + "SRC_IPV6": "2001::17/128" + }, + "SSH_ONLY|RULE_17": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9983", + "SRC_IPV6": "2001::18/128" + }, + "SSH_ONLY|RULE_18": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9982", + "SRC_IPV6": "2001::19/128" + }, + "SSH_ONLY|RULE_19": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9981", + "SRC_IPV6": "2001::20/128" + }, + "SSH_ONLY|RULE_20": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9980", + "SRC_IPV6": "2001::21/128" + }, + "SSH_ONLY|RULE_21": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9979", + "SRC_IPV6": "2001::22/128" + }, + "SSH_ONLY|RULE_22": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9978", + "SRC_IPV6": "2001::23/128" + }, + "SSH_ONLY|RULE_23": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9977", + "SRC_IPV6": "2001::24/128" + }, + "SSH_ONLY|RULE_24": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9976", + "SRC_IPV6": "2001::25/128" + }, + "SSH_ONLY|RULE_25": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9975", + "SRC_IPV6": "2001::26/128" + }, + "SSH_ONLY|RULE_26": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9974", + "SRC_IPV6": "2001::27/128" + }, + "SSH_ONLY|RULE_27": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9973", + "SRC_IPV6": "2001::28/128" + }, + "SSH_ONLY|RULE_28": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9972", + "SRC_IPV6": "2001::29/128" + }, + "SSH_ONLY|RULE_29": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9971", + "SRC_IPV6": "2001::30/128" + }, + "SSH_ONLY|RULE_30": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9970", + "SRC_IPV6": "2001::31/128" + }, + "SSH_ONLY|RULE_31": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9969", + "SRC_IPV6": "2001::32/128" + }, + "SSH_ONLY|RULE_32": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9968", + "SRC_IPV6": "2001::33/128" + }, + "SSH_ONLY|RULE_33": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9967", + "SRC_IPV6": "2001::34/128" + }, + "SSH_ONLY|RULE_34": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9966", + "SRC_IPV6": "2001::35/128" + }, + "SSH_ONLY|RULE_35": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9965", + "SRC_IPV6": "2001::36/128" + }, + "SSH_ONLY|RULE_36": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9964", + "SRC_IPV6": "2001::37/128" + }, + "SSH_ONLY|RULE_37": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9963", + "SRC_IPV6": "2001::38/128" + }, + "SSH_ONLY|RULE_38": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9962", + "SRC_IPV6": "2001::39/128" + }, + "SSH_ONLY|RULE_39": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9961", + "SRC_IPV6": "2001::40/128" + }, + "SSH_ONLY|RULE_40": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9960", + "SRC_IPV6": "2001::41/128" + }, + "SSH_ONLY|RULE_41": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9959", + "SRC_IPV6": "2001::42/128" + }, + "SSH_ONLY|RULE_42": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9958", + "SRC_IPV6": "2001::43/128" + }, + "SSH_ONLY|RULE_43": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9957", + "SRC_IPV6": "2001::44/128" + }, + "SSH_ONLY|RULE_44": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9956", + "SRC_IPV6": "2001::45/128" + }, + "SSH_ONLY|RULE_45": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9955", + "SRC_IPV6": "2001::46/128" + }, + "SSH_ONLY|RULE_46": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9954", + "SRC_IPV6": "2001::47/128" + }, + "SSH_ONLY|RULE_47": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9953", + "SRC_IPV6": "2001::48/128" + }, + "SSH_ONLY|RULE_48": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9952", + "SRC_IPV6": "2001::49/128" + }, + "SSH_ONLY|RULE_49": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9951", + "SRC_IPV6": "2001::50/128" + }, + "SSH_ONLY|RULE_50": { + "PACKET_ACTION": "DROP", + "PRIORITY": "9950", + "SRC_IPV6": "2001::51/128" + } + }, + "ACL_TABLE": { + "NTP_ACL": { + "policy_desc": "NTP_ACL", + "services": [ + "NTP" + ], + "stage": "ingress", + "type": "CTRLPLANE" + }, + "SNMP_ACL": { + "policy_desc": "SNMP_ACL", + "services": [ + "SNMP" + ], + "stage": "ingress", + "type": "CTRLPLANE" + }, + "SSH_ONLY": { + "policy_desc": "SSH_ONLY", + "services": [ + "SSH" + ], + "stage": "ingress", + "type": "CTRLPLANE" + } + }, }, "expected_subprocess_calls": [ - call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::2/128', '--dport', '123', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::3/128', '--dport', '123', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::4/128', '--dport', '123', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::5/128', '--dport', '123', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::6/128', '--dport', '123', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::7/128', '--dport', '123', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::8/128', '--dport', '123', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::9/128', '--dport', '123', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::10/128', '--dport', '123', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::11/128', '--dport', '123', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::12/128', '--dport', '123', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::13/128', '--dport', '123', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::14/128', '--dport', '123', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::15/128', '--dport', '123', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::16/128', '--dport', '123', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::17/128', '--dport', '123', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::18/128', '--dport', '123', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::19/128', '--dport', '123', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::20/128', '--dport', '123', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::21/128', '--dport', '123', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::22/128', '--dport', '123', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::23/128', '--dport', '123', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::24/128', '--dport', '123', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::25/128', '--dport', '123', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::26/128', '--dport', '123', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::27/128', '--dport', '123', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::28/128', '--dport', '123', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::29/128', '--dport', '123', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::30/128', '--dport', '123', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::31/128', '--dport', '123', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::32/128', '--dport', '123', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::33/128', '--dport', '123', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::34/128', '--dport', '123', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::35/128', '--dport', '123', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::36/128', '--dport', '123', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::37/128', '--dport', '123', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::38/128', '--dport', '123', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::39/128', '--dport', '123', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::40/128', '--dport', '123', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::41/128', '--dport', '123', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::42/128', '--dport', '123', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::43/128', '--dport', '123', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::44/128', '--dport', '123', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::45/128', '--dport', '123', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::46/128', '--dport', '123', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::47/128', '--dport', '123', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::48/128', '--dport', '123', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::49/128', '--dport', '123', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::50/128', '--dport', '123', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::51/128', '--dport', '123', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::2/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::2/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::3/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::3/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::4/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::4/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::5/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::5/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::6/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::6/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::7/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::7/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::8/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::8/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::9/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::9/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::10/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::10/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::11/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::11/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::12/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::12/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::13/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::13/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::14/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::14/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::15/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::15/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::16/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::16/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::17/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::17/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::18/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::18/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::19/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::19/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::20/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::20/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::21/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::21/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::22/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::22/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::23/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::23/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::24/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::24/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::25/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::25/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::26/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::26/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::27/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::27/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::28/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::28/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::29/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::29/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::30/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::30/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::31/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::31/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::32/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::32/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::33/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::33/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::34/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::34/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::35/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::35/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::36/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::36/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::37/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::37/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::38/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::38/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::39/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::39/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::40/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::40/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::41/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::41/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::42/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::42/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::43/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::43/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::44/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::44/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::45/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::45/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::46/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::46/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::47/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::47/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::48/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::48/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::49/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::49/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::50/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::50/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::51/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'udp', '-s', '2001::51/128', '--dport', '161', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::2/128', '--dport', '22', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::3/128', '--dport', '22', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::4/128', '--dport', '22', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::5/128', '--dport', '22', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::6/128', '--dport', '22', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::7/128', '--dport', '22', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::8/128', '--dport', '22', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::9/128', '--dport', '22', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::10/128', '--dport', '22', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::11/128', '--dport', '22', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::12/128', '--dport', '22', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::13/128', '--dport', '22', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::14/128', '--dport', '22', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::15/128', '--dport', '22', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::16/128', '--dport', '22', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::17/128', '--dport', '22', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::18/128', '--dport', '22', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::19/128', '--dport', '22', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::20/128', '--dport', '22', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::21/128', '--dport', '22', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::22/128', '--dport', '22', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::23/128', '--dport', '22', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::24/128', '--dport', '22', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::25/128', '--dport', '22', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::26/128', '--dport', '22', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::27/128', '--dport', '22', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::28/128', '--dport', '22', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::29/128', '--dport', '22', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::30/128', '--dport', '22', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::31/128', '--dport', '22', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::32/128', '--dport', '22', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::33/128', '--dport', '22', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::34/128', '--dport', '22', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::35/128', '--dport', '22', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::36/128', '--dport', '22', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::37/128', '--dport', '22', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::38/128', '--dport', '22', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::39/128', '--dport', '22', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::40/128', '--dport', '22', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::41/128', '--dport', '22', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::42/128', '--dport', '22', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::43/128', '--dport', '22', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::44/128', '--dport', '22', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::45/128', '--dport', '22', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::46/128', '--dport', '22', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::47/128', '--dport', '22', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::48/128', '--dport', '22', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::49/128', '--dport', '22', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::50/128', '--dport', '22', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE), - call(['ip6tables', '-A', 'INPUT', '-p', 'tcp', '-s', '2001::51/128', '--dport', '22', '-j', 'DROP'], universal_newlines=True, stdout=subprocess.PIPE) + call("ip6tables -A INPUT -p udp -s 2001::2/128 --dport 123 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p udp -s 2001::3/128 --dport 123 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p udp -s 2001::4/128 --dport 123 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p udp -s 2001::5/128 --dport 123 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p udp -s 2001::6/128 --dport 123 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p udp -s 2001::7/128 --dport 123 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p udp -s 2001::8/128 --dport 123 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p udp -s 2001::9/128 --dport 123 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p udp -s 2001::10/128 --dport 123 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p udp -s 2001::11/128 --dport 123 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p udp -s 2001::12/128 --dport 123 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p udp -s 2001::13/128 --dport 123 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p udp -s 2001::14/128 --dport 123 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p udp -s 2001::15/128 --dport 123 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p udp -s 2001::16/128 --dport 123 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p udp -s 2001::17/128 --dport 123 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p udp -s 2001::18/128 --dport 123 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p udp -s 2001::19/128 --dport 123 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p udp -s 2001::20/128 --dport 123 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p udp -s 2001::21/128 --dport 123 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p udp -s 2001::22/128 --dport 123 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p udp -s 2001::23/128 --dport 123 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p udp -s 2001::24/128 --dport 123 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p udp -s 2001::25/128 --dport 123 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p udp -s 2001::26/128 --dport 123 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p udp -s 2001::27/128 --dport 123 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p udp -s 2001::28/128 --dport 123 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p udp -s 2001::29/128 --dport 123 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p udp -s 2001::30/128 --dport 123 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p udp -s 2001::31/128 --dport 123 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p udp -s 2001::32/128 --dport 123 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p udp -s 2001::33/128 --dport 123 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p udp -s 2001::34/128 --dport 123 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p udp -s 2001::35/128 --dport 123 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p udp -s 2001::36/128 --dport 123 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p udp -s 2001::37/128 --dport 123 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p udp -s 2001::38/128 --dport 123 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p udp -s 2001::39/128 --dport 123 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p udp -s 2001::40/128 --dport 123 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p udp -s 2001::41/128 --dport 123 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p udp -s 2001::42/128 --dport 123 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p udp -s 2001::43/128 --dport 123 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p udp -s 2001::44/128 --dport 123 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p udp -s 2001::45/128 --dport 123 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p udp -s 2001::46/128 --dport 123 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p udp -s 2001::47/128 --dport 123 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p udp -s 2001::48/128 --dport 123 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p udp -s 2001::49/128 --dport 123 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p udp -s 2001::50/128 --dport 123 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p udp -s 2001::51/128 --dport 123 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p tcp -s 2001::2/128 --dport 161 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p udp -s 2001::2/128 --dport 161 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p tcp -s 2001::3/128 --dport 161 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p udp -s 2001::3/128 --dport 161 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p tcp -s 2001::4/128 --dport 161 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p udp -s 2001::4/128 --dport 161 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p tcp -s 2001::5/128 --dport 161 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p udp -s 2001::5/128 --dport 161 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p tcp -s 2001::6/128 --dport 161 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p udp -s 2001::6/128 --dport 161 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p tcp -s 2001::7/128 --dport 161 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p udp -s 2001::7/128 --dport 161 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p tcp -s 2001::8/128 --dport 161 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p udp -s 2001::8/128 --dport 161 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p tcp -s 2001::9/128 --dport 161 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p udp -s 2001::9/128 --dport 161 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p tcp -s 2001::10/128 --dport 161 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p udp -s 2001::10/128 --dport 161 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p tcp -s 2001::11/128 --dport 161 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p udp -s 2001::11/128 --dport 161 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p tcp -s 2001::12/128 --dport 161 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p udp -s 2001::12/128 --dport 161 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p tcp -s 2001::13/128 --dport 161 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p udp -s 2001::13/128 --dport 161 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p tcp -s 2001::14/128 --dport 161 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p udp -s 2001::14/128 --dport 161 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p tcp -s 2001::15/128 --dport 161 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p udp -s 2001::15/128 --dport 161 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p tcp -s 2001::16/128 --dport 161 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p udp -s 2001::16/128 --dport 161 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p tcp -s 2001::17/128 --dport 161 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p udp -s 2001::17/128 --dport 161 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p tcp -s 2001::18/128 --dport 161 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p udp -s 2001::18/128 --dport 161 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p tcp -s 2001::19/128 --dport 161 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p udp -s 2001::19/128 --dport 161 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p tcp -s 2001::20/128 --dport 161 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p udp -s 2001::20/128 --dport 161 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p tcp -s 2001::21/128 --dport 161 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p udp -s 2001::21/128 --dport 161 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p tcp -s 2001::22/128 --dport 161 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p udp -s 2001::22/128 --dport 161 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p tcp -s 2001::23/128 --dport 161 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p udp -s 2001::23/128 --dport 161 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p tcp -s 2001::24/128 --dport 161 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p udp -s 2001::24/128 --dport 161 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p tcp -s 2001::25/128 --dport 161 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p udp -s 2001::25/128 --dport 161 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p tcp -s 2001::26/128 --dport 161 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p udp -s 2001::26/128 --dport 161 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p tcp -s 2001::27/128 --dport 161 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p udp -s 2001::27/128 --dport 161 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p tcp -s 2001::28/128 --dport 161 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p udp -s 2001::28/128 --dport 161 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p tcp -s 2001::29/128 --dport 161 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p udp -s 2001::29/128 --dport 161 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p tcp -s 2001::30/128 --dport 161 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p udp -s 2001::30/128 --dport 161 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p tcp -s 2001::31/128 --dport 161 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p udp -s 2001::31/128 --dport 161 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p tcp -s 2001::32/128 --dport 161 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p udp -s 2001::32/128 --dport 161 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p tcp -s 2001::33/128 --dport 161 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p udp -s 2001::33/128 --dport 161 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p tcp -s 2001::34/128 --dport 161 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p udp -s 2001::34/128 --dport 161 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p tcp -s 2001::35/128 --dport 161 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p udp -s 2001::35/128 --dport 161 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p tcp -s 2001::36/128 --dport 161 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p udp -s 2001::36/128 --dport 161 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p tcp -s 2001::37/128 --dport 161 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p udp -s 2001::37/128 --dport 161 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p tcp -s 2001::38/128 --dport 161 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p udp -s 2001::38/128 --dport 161 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p tcp -s 2001::39/128 --dport 161 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p udp -s 2001::39/128 --dport 161 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p tcp -s 2001::40/128 --dport 161 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p udp -s 2001::40/128 --dport 161 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p tcp -s 2001::41/128 --dport 161 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p udp -s 2001::41/128 --dport 161 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p tcp -s 2001::42/128 --dport 161 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p udp -s 2001::42/128 --dport 161 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p tcp -s 2001::43/128 --dport 161 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p udp -s 2001::43/128 --dport 161 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p tcp -s 2001::44/128 --dport 161 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p udp -s 2001::44/128 --dport 161 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p tcp -s 2001::45/128 --dport 161 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p udp -s 2001::45/128 --dport 161 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p tcp -s 2001::46/128 --dport 161 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p udp -s 2001::46/128 --dport 161 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p tcp -s 2001::47/128 --dport 161 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p udp -s 2001::47/128 --dport 161 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p tcp -s 2001::48/128 --dport 161 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p udp -s 2001::48/128 --dport 161 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p tcp -s 2001::49/128 --dport 161 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p udp -s 2001::49/128 --dport 161 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p tcp -s 2001::50/128 --dport 161 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p udp -s 2001::50/128 --dport 161 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p tcp -s 2001::51/128 --dport 161 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p udp -s 2001::51/128 --dport 161 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p tcp -s 2001::2/128 --dport 22 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p tcp -s 2001::3/128 --dport 22 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p tcp -s 2001::4/128 --dport 22 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p tcp -s 2001::5/128 --dport 22 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p tcp -s 2001::6/128 --dport 22 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p tcp -s 2001::7/128 --dport 22 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p tcp -s 2001::8/128 --dport 22 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p tcp -s 2001::9/128 --dport 22 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p tcp -s 2001::10/128 --dport 22 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p tcp -s 2001::11/128 --dport 22 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p tcp -s 2001::12/128 --dport 22 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p tcp -s 2001::13/128 --dport 22 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p tcp -s 2001::14/128 --dport 22 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p tcp -s 2001::15/128 --dport 22 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p tcp -s 2001::16/128 --dport 22 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p tcp -s 2001::17/128 --dport 22 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p tcp -s 2001::18/128 --dport 22 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p tcp -s 2001::19/128 --dport 22 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p tcp -s 2001::20/128 --dport 22 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p tcp -s 2001::21/128 --dport 22 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p tcp -s 2001::22/128 --dport 22 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p tcp -s 2001::23/128 --dport 22 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p tcp -s 2001::24/128 --dport 22 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p tcp -s 2001::25/128 --dport 22 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p tcp -s 2001::26/128 --dport 22 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p tcp -s 2001::27/128 --dport 22 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p tcp -s 2001::28/128 --dport 22 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p tcp -s 2001::29/128 --dport 22 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p tcp -s 2001::30/128 --dport 22 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p tcp -s 2001::31/128 --dport 22 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p tcp -s 2001::32/128 --dport 22 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p tcp -s 2001::33/128 --dport 22 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p tcp -s 2001::34/128 --dport 22 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p tcp -s 2001::35/128 --dport 22 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p tcp -s 2001::36/128 --dport 22 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p tcp -s 2001::37/128 --dport 22 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p tcp -s 2001::38/128 --dport 22 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p tcp -s 2001::39/128 --dport 22 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p tcp -s 2001::40/128 --dport 22 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p tcp -s 2001::41/128 --dport 22 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p tcp -s 2001::42/128 --dport 22 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p tcp -s 2001::43/128 --dport 22 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p tcp -s 2001::44/128 --dport 22 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p tcp -s 2001::45/128 --dport 22 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p tcp -s 2001::46/128 --dport 22 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p tcp -s 2001::47/128 --dport 22 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p tcp -s 2001::48/128 --dport 22 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p tcp -s 2001::49/128 --dport 22 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p tcp -s 2001::50/128 --dport 22 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE), + call("ip6tables -A INPUT -p tcp -s 2001::51/128 --dport 22 -j DROP", shell=True, universal_newlines=True, stdout=subprocess.PIPE) ], "popen_attributes": { 'communicate.return_value': ('output', 'error'), From a7a7b915a854086796e0c460215efff42b8370f4 Mon Sep 17 00:00:00 2001 From: Zhaohui Sun Date: Mon, 3 Jul 2023 03:11:02 +0000 Subject: [PATCH 4/4] Add missing parameter for update_control_plane_acls Signed-off-by: Zhaohui Sun --- src/sonic-host-services/scripts/caclmgrd | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/sonic-host-services/scripts/caclmgrd b/src/sonic-host-services/scripts/caclmgrd index 8bcc42bb6ef7..27ff4c44d54c 100755 --- a/src/sonic-host-services/scripts/caclmgrd +++ b/src/sonic-host-services/scripts/caclmgrd @@ -803,7 +803,7 @@ class ControlPlaneAclManager(daemon_base.DaemonBase): # Loop through all asic namespaces (if present) and host namespace (DEFAULT_NAMESPACE) for namespace in list(self.config_db_map.keys()): # Unconditionally update control plane ACLs once at start on given namespace - self.update_control_plane_acls(namespace) + self.update_control_plane_acls(namespace, self.config_db_map[namespace]) # Connect to Config DB of given namespace acl_db_connector = swsscommon.DBConnector("CONFIG_DB", 0, False, namespace) # Subscribe to notifications when ACL tables changes