# Rodeo

Rodeo is one of TACC's OpenStack Virtual Machine (VM) host systems. OpenStack has a firewall for each VM, that allows it to determine what traffic is allowed in and out of the system. Firewall rules consist of an action (`ALLOW` or `DENY`), a direction (`INGRESS` or `EGRESS`) and a port number (or `ALL` for all ports). For example, let's say a VM has these rules:

```
DENY INGRESS ALL,ALLOW EGRESS ALL,ALLOW INGRESS 22
```

This means that by default, all incoming traffic will be denied. All outbound traffic will be allowed. Incoming traffic on port 22 will be allowed. There are a total of 65,535 ports that are all assumed to be closed in both directions to begin with. The ordering of the rules matters. For example, the same traffic would not be allowed if the rule was written:

```
ALLOW INGRESS 22,ALLOW EGRESS ALL,DENY INGRESS ALL
```

This is because `DENY INGRESS ALL` turned off all ingress ports after `ALLOW INGRESS 22` opened port 22.

### Input

Your program must read input from a file `rodeo.dat`. The first line of the input file will be an integer *`N`* specifying the number of test cases. The next *`N`* lines will each be individual test cases. A test case consists of a series of rules, separated by commas. This will be followed by a semicolon, and then one test traffic case that is either `INBOUND` or `OUTBOUND` followed by a port number.

### Output

For each test case, print either `ALLOWED` or `DENIED` if the packet was allowed to pass through the Firewall given the test case's rules.

### Sample Input from File `rodeo.dat`

```
7
DENY INGRESS ALL,ALLOW EGRESS ALL,ALLOW INGRESS 22;INBOUND 22
DENY INGRESS ALL,ALLOW EGRESS ALL,ALLOW INGRESS 22;OUTBOUND 22
ALLOW INGRESS 22,ALLOW EGRESS ALL,DENY INGRESS ALL;INBOUND 22
DENY INGRESS ALL,DENY EGRESS ALL,ALLOW EGRESS 22;OUTBOUND 80
DENY INGRESS ALL,ALLOW EGRESS ALL,DENY EGRESS 22;OUTBOUND 80
ALLOW INGRESS ALL,DENY INGRESS 135,ALLOW EGRESS ALL;INBOUND 135
DENY INGRESS ALL,ALLOW INGRESS 22,ALLOW INGRESS 443;INBOUND 22
```

### Sample Output to Screen

```
ALLOWED
ALLOWED
DENIED
DENIED
ALLOWED
DENIED
ALLOWED
```

In [7]:
file = open("rodeo.dat")
cases = [ line.strip() for line in file ][1:]
for case in cases:
    splits = case.split(';')
    rules = splits[0]
    test = splits[1]
    inbound = []
    outbound = []
    for rule in rules.split(','):
        tokens = rule.split(' ')
        if tokens[1] == "INGRESS":
            if tokens[0] == "DENY":
                if tokens[2] == "ALL":
                    inbound = []
                elif int(tokens[2]) in inbound:
                    inbound.remove(int(tokens[2]))
            else:
                if tokens[2] == "ALL":
                    inbound = [ i for i in range(65535)]
                elif not (int(tokens[2]) in inbound):
                    inbound.append(int(tokens[2]))
        else:
            if tokens[0] == "DENY":
                if tokens[2] == "ALL":
                    outbound = []
                elif int(tokens[2]) in outbound:
                    outbound.remove(int(tokens[2]))
            else:
                if tokens[2] == "ALL":
                    outbound = [i for i in range(65535)]
                elif not (int(tokens[2]) in outbound):
                    outbound.append(int(tokens[2]))
    test_direction = test.split()[0]
    test_port = int(test.split()[1])
    if test_direction == "INBOUND":
        if test_port in inbound:
            print("ALLOWED")
        else:
            print("DENIED")
    else:
        if test_port in outbound:
            print("ALLOWED")
        else:
            print("DENIED")

ALLOWED
ALLOWED
DENIED
DENIED
ALLOWED
DENIED
ALLOWED
