3 Yj@sdgZddlZddlZddlZddlZddlmZddlmZddl m Z m Z m Z ddl mZmZmZddlmZmZmZddlmZmZmZdd lmZmZmZdd lmZmZm Z dd lm!Z!dd l"m#Z#Gd dde$Z%dS)FirewallConfigN)config)log)IcmpTypeicmptype_readericmptype_writer)Serviceservice_readerservice_writer)Zone zone_reader zone_writer)IPSet ipset_reader ipset_writer)Helper helper_reader helper_writer)Policy policy_reader policy_writer)errors) FirewallErrorc@s$eZdZddZddZddZddZd d Zd d Zd dZ ddZ ddZ ddZ ddZ ddZddZddZddZdd Zd!d"Zd#d$Zd%d&Zd'd(Zd)d*Zd+d,Zd-d.Zd/d0Zd1d2Zd3d4Zd5d6Zd7d8Zd9d:Zd;d<Z d=d>Z!d?d@Z"dAdBZ#dCdDZ$dEdFZ%dGdHZ&dIdJZ'dKdLZ(dMdNZ)dOdPZ*dQdRZ+dSdTZ,dUdVZ-dWdXZ.dYdZZ/d[d\Z0d]d^Z1d_d`Z2dadbZ3dcddZ4dedfZ5dgdhZ6didjZ7dkdlZ8dmdnZ9dodpZ:dqdrZ;dsdtZdydzZ?d{d|Z@d}d~ZAddZBddZCddZDddZEddZFddZGddZHddZIddZJddZKddZLddZMddZNddZOddZPddZQddZRddZSddZTddZUddZVddZWddZXddZYddZZddZ[ddZ\ddZ]ddZ^ddZ_ddZ`ddZaddZbdd„ZcddĄZdddƄZedS)rcCs||_|jdS)N)_fw_FirewallConfig__init_vars)selffwr/usr/lib/python3.6/fw_config.py__init__(szFirewallConfig.__init__cCsHd|j|j|j|j|j|j|j|j|j|j |j |j |j |j |j|jfS)Nz>%s(%r, %r, %r, %r, %r, %r, %r, %r, %r, %r, %r, %r, %r, %r, %r)) __class___ipsets _icmptypes _services_zones_helpersZpolicy_objects_builtin_ipsets_builtin_icmptypes_builtin_services_builtin_zones_builtin_helpers_builtin_policy_objects_firewalld_conf _policies_direct)rrrr__repr__,s zFirewallConfig.__repr__cCs^i|_i|_i|_i|_i|_i|_i|_i|_i|_i|_ i|_ i|_ d|_ d|_ d|_dS)N)r!r"r#r$r%_policy_objectsr&r'r(r)r*r+r,r-r.)rrrrZ __init_vars6szFirewallConfig.__init_varscCs4x,t|jjD]}|j|j|j|=qWx,t|jjD]}|j|j|j|=q>Wx,t|jjD]}|j|j|j|=qlWx,t|jjD]}|j|j|j|=qWx,t|jjD]}|j|j|j|=qWx,t|jjD]}|j|j|j|=qWx.t|j jD]}|j |j|j |=q$Wx.t|j jD]}|j |j|j |=qTWx.t|j jD]}|j |j|j |=qWx.t|j jD]}|j |j|j |=qW|j r|j j|` d|_ |jr |jj|`d|_|jr(|jj|`d|_|jdS)N)listr&keyscleanupr!r'r"r(r#r)r$r*r%r,r-r.r)rxrrrr3GsV         zFirewallConfig.cleanupcCs |jjjS)N)rpoliciesZquery_lockdown)rrrrlockdown_enabled~szFirewallConfig.lockdown_enabledcCs|jjj||S)N)rr5 access_check)rkeyvaluerrrr7szFirewallConfig.access_checkcCs ||_dS)N)r,)rconfrrrset_firewalld_confsz!FirewallConfig.set_firewalld_confcCs|jS)N)r,)rrrrget_firewalld_confsz!FirewallConfig.get_firewalld_confcCs(tjjtjs|jjn |jjdS)N)ospathexistsrZFIREWALLD_CONFr,clearread)rrrrupdate_firewalld_confs z$FirewallConfig.update_firewalld_confcCs ||_dS)N)r-)rr5rrr set_policiesszFirewallConfig.set_policiescCs|jS)N)r-)rrrr get_policiesszFirewallConfig.get_policiescCs,tjjtjs|jjjn |jjjdS)N) r=r>r?rZLOCKDOWN_WHITELISTr-Zlockdown_whitelistr3rA)rrrrupdate_lockdown_whitelistsz(FirewallConfig.update_lockdown_whitelistcCs ||_dS)N)r.)rZdirectrrr set_directszFirewallConfig.set_directcCs|jS)N)r.)rrrr get_directszFirewallConfig.get_directcCs(tjjtjs|jjn |jjdS)N)r=r>r?rZFIREWALLD_DIRECTr.r3rA)rrrr update_directs zFirewallConfig.update_directcCs$ttt|jjt|jjS)N)sortedsetr1r!r2r&)rrrr get_ipsetsszFirewallConfig.get_ipsetscCs$|jr||j|j<n ||j|j<dS)N)builtinr&namer!)robjrrr add_ipsetszFirewallConfig.add_ipsetcCs8||jkr|j|S||jkr(|j|Sttj|dS)N)r!r&rr INVALID_IPSET)rrMrrr get_ipsets     zFirewallConfig.get_ipsetcCst|j|jkrttj|jnB|j|j|kr@ttjd|jn|j|jkr^ttjd|j|j||j|jS)Nzself._ipsets[%s] != objz'%s' not a built-in ipset)rMr!rr NO_DEFAULTSr& _remove_ipset)rrNrrrload_ipset_defaultss    z"FirewallConfig.load_ipset_defaultscCs|jS)N) export_config)rrNrrrget_ipset_configszFirewallConfig.get_ipset_configcCsj|jrPtj|}|j|tj|_d|_|j|jkr:d|_|j|t||S|j|t||SdS)NF) rLcopy import_configrETC_FIREWALLD_IPSETSr>defaultrOr)rrNr:r4rrrset_ipset_configs     zFirewallConfig.set_ipset_configcCsx||jks||jkr$ttjd|t}|j||j|||_d||_ t j |_ d|_ d|_t||j||S)Nznew_ipset(): '%s'z%s.xmlFT)r!r&rr NAME_CONFLICTr check_namerXrMfilenamerrYr>rLrZrrO)rrMr:r4rrr new_ipsets     zFirewallConfig.new_ipsetcCstjj|}tjj|}tjj|s|tjkrx|jjD]D}|j|}|j |kr:|j|=|j |j krvd|j |j fSd|fSq:WnHxF|j jD]8}|j |}|j |kr|j |=|j |jkrd|fSdSqWdSt j d|yt||}Wn0tk r}zt jd||dSd}~XnX|j |j krJ|j |jkrJ|j|d|fS|tjkr|j |jkr|j|j j|_||j|j <d|fS|j |j kr|j |j =||j |j <|j |jkrd|fSd Sd S) NupdateremovezLoading ipset file '%s'z"Failed to load ipset file '%s': %snew)NN)NN)NN)NN)NN)r=r>basenamedirnamer?rrYr!r2r^rMr&rdebug1r ExceptionerrorrOrZ)rrMr^r>r4rNmsgrrrupdate_ipset_from_pathsP                z%FirewallConfig.update_ipset_from_pathcCs|j|jkrttj|j|jtjkr>ttjd|jtjfd|j|jf}yt j |d|Wn:t k r}zt j d||tj|WYdd}~XnX|j|j=dS)Nz '%s' != '%s'z %s/%s.xmlz%s.oldzBackup of file '%s' failed: %s)rMr!rrrPr>rrYINVALID_DIRECTORYshutilmoverfrrgr=ra)rrNrMrhrrrrS8s   zFirewallConfig._remove_ipsetcCs$|js|j r ttjd|jdS)Nz'%s' is built-in ipset)rLrZrrZ BUILTIN_IPSETrM)rrNrrrcheck_builtin_ipsetIsz"FirewallConfig.check_builtin_ipsetcCs|j||j|dS)N)rmrS)rrNrrr remove_ipsetNs zFirewallConfig.remove_ipsetcCs$|j||j||}|j||S)N)rm _copy_ipsetrS)rrNrMr_rrr rename_ipsetRs   zFirewallConfig.rename_ipsetcCs|j||jS)N)r_rU)rrNrMrrrroXszFirewallConfig._copy_ipsetcCs$ttt|jjt|jjS)N)rIrJr1r"r2r')rrrr get_icmptypes]szFirewallConfig.get_icmptypescCs$|jr||j|j<n ||j|j<dS)N)rLr'rMr")rrNrrr add_icmptypeaszFirewallConfig.add_icmptypecCs8||jkr|j|S||jkr(|j|Sttj|dS)N)r"r'rrINVALID_ICMPTYPE)rrMrrr get_icmptypegs     zFirewallConfig.get_icmptypecCst|j|jkrttj|jnB|j|j|kr@ttjd|jn|j|jkr^ttjd|j|j||j|jS)Nzself._icmptypes[%s] != objz'%s' not a built-in icmptype)rMr"rrrRr'_remove_icmptype)rrNrrrload_icmptype_defaultsns    z%FirewallConfig.load_icmptype_defaultscCs|jS)N)rU)rrNrrrget_icmptype_configzsz"FirewallConfig.get_icmptype_configcCsj|jrPtj|}|j|tj|_d|_|j|jkr:d|_|j|t||S|j|t||SdS)NF) rLrWrXrETC_FIREWALLD_ICMPTYPESr>rZrrr)rrNr:r4rrrset_icmptype_config}s     z"FirewallConfig.set_icmptype_configcCsx||jks||jkr$ttjd|t}|j||j|||_d||_ t j |_ d|_ d|_t||j||S)Nznew_icmptype(): '%s'z%s.xmlFT)r"r'rrr\rr]rXrMr^rrxr>rLrZrrr)rrMr:r4rrr new_icmptypes     zFirewallConfig.new_icmptypecCstjj|}tjj|}tjj|s|tjkrx|jjD]D}|j|}|j |kr:|j|=|j |j krvd|j |j fSd|fSq:WnHxF|j jD]8}|j |}|j |kr|j |=|j |jkrd|fSdSqWdSt j d|yt||}Wn0tk r}zt jd||dSd}~XnX|j |j krJ|j |jkrJ|j|d|fS|tjkr|j |jkr|j|j j|_||j|j <d|fS|j |j kr|j |j =||j |j <|j |jkrd|fSd Sd S) Nr`razLoading icmptype file '%s'z%Failed to load icmptype file '%s': %srb)NN)NN)NN)NN)NN)r=r>rcrdr?rrxr"r2r^rMr'rrerrfrgrrrZ)rrMr^r>r4rNrhrrrupdate_icmptype_from_pathsP                z(FirewallConfig.update_icmptype_from_pathcCs|j|jkrttj|j|jtjkr>ttjd|jtjfd|j|jf}yt j |d|Wn:t k r}zt j d||tj|WYdd}~XnX|j|j=dS)Nz '%s' != '%s'z %s/%s.xmlz%s.oldzBackup of file '%s' failed: %s)rMr"rrrsr>rrxrjrkrlrfrrgr=ra)rrNrMrhrrrrus  zFirewallConfig._remove_icmptypecCs$|js|j r ttjd|jdS)Nz'%s' is built-in icmp type)rLrZrrZBUILTIN_ICMPTYPErM)rrNrrrcheck_builtin_icmptypesz%FirewallConfig.check_builtin_icmptypecCs|j||j|dS)N)r|ru)rrNrrrremove_icmptypes zFirewallConfig.remove_icmptypecCs$|j||j||}|j||S)N)r|_copy_icmptyperu)rrNrMrzrrrrename_icmptypes   zFirewallConfig.rename_icmptypecCs|j||jS)N)rzrU)rrNrMrrrr~szFirewallConfig._copy_icmptypecCs$ttt|jjt|jjS)N)rIrJr1r#r2r()rrrr get_services szFirewallConfig.get_servicescCs$|jr||j|j<n ||j|j<dS)N)rLr(rMr#)rrNrrr add_serviceszFirewallConfig.add_servicecCs<||jkr|j|S||jkr(|j|Sttjd|dS)Nzget_service(): '%s')r#r(rrINVALID_SERVICE)rrMrrr get_services     zFirewallConfig.get_servicecCst|j|jkrttj|jnB|j|j|kr@ttjd|jn|j|jkr^ttjd|j|j||j|jS)Nzself._services[%s] != objz'%s' not a built-in service)rMr#rrrRr(_remove_service)rrNrrrload_service_defaultss    z$FirewallConfig.load_service_defaultscCsr|j}g}x\tdD]P}|j|d|krN|jtjt||j|dq|j||j|dqWt|S)Nr)export_config_dictrangeIMPORT_EXPORT_STRUCTUREappendrWdeepcopygetattrtuple)rrN conf_dict conf_listirrrget_service_config's"z!FirewallConfig.get_service_configcCs|jS)N)r)rrNrrrget_service_config_dict3sz&FirewallConfig.get_service_config_dictcCsi}x&t|D]\}}|||j|d<qW|jr|tj|}|j|tj|_d|_|j|jkrfd|_|j |t ||S|j|t ||SdS)NrF) enumeraterrLrWimport_config_dictrETC_FIREWALLD_SERVICESr>rZrr )rrNr:rrr9r4rrrset_service_config6s      z!FirewallConfig.set_service_configcCsj|jrPtj|}|j|tj|_d|_|j|jkr:d|_|j|t||S|j|t||SdS)NF) rLrWrrrr>rZrr )rrNr:r4rrrset_service_config_dictJs     z&FirewallConfig.set_service_config_dictcCs||jks||jkr$ttjd|i}x&t|D]\}}||tj|d<q2Wt}|j||j |||_ d||_ t j |_d|_d|_t||j||S)Nznew_service(): '%s'rz%s.xmlFT)r#r(rrr\rrrr]rrMr^rrr>rLrZr r)rrMr:rrr9r4rrr new_serviceZs"     zFirewallConfig.new_servicecCsx||jks||jkr$ttjd|t}|j||j|||_d||_ t j |_ d|_ d|_t||j||S)Nznew_service(): '%s'z%s.xmlFT)r#r(rrr\rr]rrMr^rrr>rLrZr r)rrMr:r4rrrnew_service_dictqs     zFirewallConfig.new_service_dictcCstjj|}tjj|}tjj|s|tjkrx|jjD]D}|j|}|j |kr:|j|=|j |j krvd|j |j fSd|fSq:WnHxF|j jD]8}|j |}|j |kr|j |=|j |jkrd|fSdSqWdSt j d|yt||}Wn0tk r}zt jd||dSd}~XnX|j |j krJ|j |jkrJ|j|d|fS|tjkr|j |jkr|j|j j|_||j|j <d|fS|j |j kr|j |j =||j |j <|j |jkrd|fSd Sd S) Nr`razLoading service file '%s'z$Failed to load service file '%s': %srb)NN)NN)NN)NN)NN)r=r>rcrdr?rrr#r2r^rMr(rrer rfrgrrZ)rrMr^r>r4rNrhrrrupdate_service_from_pathsP                z'FirewallConfig.update_service_from_pathcCs|j|jkrttj|j|jtjkr>ttjd|jtjfd|j|jf}yt j |d|Wn:t k r}zt j d||tj|WYdd}~XnX|j|j=dS)Nz '%s' != '%s'z %s/%s.xmlz%s.oldzBackup of file '%s' failed: %s)rMr#rrrr>rrrjrkrlrfrrgr=ra)rrNrMrhrrrrs  zFirewallConfig._remove_servicecCs$|js|j r ttjd|jdS)Nz'%s' is built-in service)rLrZrrZBUILTIN_SERVICErM)rrNrrrcheck_builtin_servicesz$FirewallConfig.check_builtin_servicecCs|j||j|dS)N)rr)rrNrrrremove_services zFirewallConfig.remove_servicecCs$|j||j||}|j||S)N)r _copy_servicer)rrNrMrrrrrename_services   zFirewallConfig.rename_servicecCs|j||jS)N)rr)rrNrMrrrrszFirewallConfig._copy_servicecCs$ttt|jjt|jjS)N)rIrJr1r$r2r))rrrr get_zonesszFirewallConfig.get_zonescCs$|jr||j|j<n ||j|j<dS)N)rLr)rMr$)rrNrrradd_zoneszFirewallConfig.add_zonecCs(||jkr|j|=||jkr$|j|=dS)N)r)r$)rrMrrr forget_zones  zFirewallConfig.forget_zonecCs<||jkr|j|S||jkr(|j|Sttjd|dS)Nzget_zone(): %s)r$r)rr INVALID_ZONE)rrMrrrget_zones     zFirewallConfig.get_zonecCst|j|jkrttj|jnB|j|j|kr@ttjd|jn|j|jkr^ttjd|j|j||j|jS)Nzself._zones[%s] != objz'%s' not a built-in zone)rMr$rrrRr) _remove_zone)rrNrrrload_zone_defaultss    z!FirewallConfig.load_zone_defaultscCsr|j}g}x\tdD]P}|j|d|krN|jtjt||j|dq|j||j|dqWt|S)Nr)rrrrrWrrr)rrNrrrrrrget_zone_configs"zFirewallConfig.get_zone_configcCs|jS)N)r)rrNrrrget_zone_config_dictsz#FirewallConfig.get_zone_config_dictcCsi}x&t|D]\}}|||j|d<qW|jrtj|}||_|j|tj|_d|_|j|jkrld|_ |j |t ||S||_|j|t ||SdS)NrF) rrrLrW fw_configrrETC_FIREWALLD_ZONESr>rZrr )rrNr:rrr9r4rrrset_zone_config s$     zFirewallConfig.set_zone_configcCsv|jrVtj|}||_|j|tj|_d|_|j|jkr@d|_|j|t ||S||_|j|t ||SdS)NF) rLrWrrrrr>rZrr )rrNr:r4rrrset_zone_config_dict6s     z#FirewallConfig.set_zone_config_dictcCs||jks||jkr$ttjd|i}x&t|D]\}}||tj|d<q2Wt}||_|j ||j |||_ d||_ t j|_d|_d|_t||j||S)Nznew_zone(): '%s'rz%s.xmlFT)r$r)rrr\rr rrr]rrMr^rrr>rLrZr r)rrMr:rrr9r4rrrnew_zoneHs"    zFirewallConfig.new_zonecCs~||jks||jkr$ttjd|t}||_|j||j|||_ d||_ t j |_ d|_d|_t||j||S)Nznew_zone(): '%s'z%s.xmlFT)r$r)rrr\r rr]rrMr^rrr>rLrZr r)rrMr:r4rrr new_zone_dict_s    zFirewallConfig.new_zone_dictcCstjj|}tjj|}tjj|s|jtjrx|jj D]D}|j|}|j |kr<|j|=|j |j krxd|j |j fSd|fSqrcrdr? startswithrrr$r2r^rMr)rrer rfrgrlenrrZ)rrMr^r>r4rNrhrrrupdate_zone_from_pathrsZ                z$FirewallConfig.update_zone_from_pathcCs|j|jkrttj|j|jjtjs@ttj d|jtjfd|j|jf}yt j |d|Wn:t k r}zt jd||tj|WYdd}~XnX|j|j=dS)Nz'%s' doesn't start with '%s'z %s/%s.xmlz%s.oldzBackup of file '%s' failed: %s)rMr$rrrr>rrrrjrkrlrfrrgr=ra)rrNrMrhrrrrs zFirewallConfig._remove_zonecCs$|js|j r ttjd|jdS)Nz'%s' is built-in zone)rLrZrrZ BUILTIN_ZONErM)rrNrrrcheck_builtin_zonesz!FirewallConfig.check_builtin_zonecCs|j||j|dS)N)rr)rrNrrr remove_zones zFirewallConfig.remove_zonec CsN|j||j}|j|y|j||}Wn|j|j|YnX|S)N)rrrrrM)rrNrMZobj_confrrrr rename_zones  zFirewallConfig.rename_zonecCs$ttt|jjt|jjS)N)rIrJr1r0r2r+)rrrrget_policy_objectssz!FirewallConfig.get_policy_objectscCs$|jr||j|j<n ||j|j<dS)N)rLr+rMr0)rrNrrradd_policy_objectsz FirewallConfig.add_policy_objectcCs<||jkr|j|S||jkr(|j|Sttjd|dS)Nzget_policy_object(): %s)r0r+rrINVALID_POLICY)rrMrrrget_policy_objects     z FirewallConfig.get_policy_objectcCst|j|jkrttj|jnB|j|j|kr@ttjd|jn|j|jkr^ttjd|j|j||j|jS)Nzself._policy_objects[%s] != objz'%s' not a built-in policy)rMr0rrrRr+_remove_policy_object)rrNrrrload_policy_object_defaultss    z*FirewallConfig.load_policy_object_defaultscCs|jS)N)r)rrNrrrget_policy_object_config_dictsz,FirewallConfig.get_policy_object_config_dictcCsv|jrVtj|}||_|j|tj|_d|_|j|jkr@d|_|j|t ||S||_|j|t ||SdS)NF) rLrWrrrETC_FIREWALLD_POLICIESr>rZrr)rrNr:r4rrrset_policy_object_config_dicts     z,FirewallConfig.set_policy_object_config_dictcCs~||jks||jkr$ttjd|t}||_|j||j|||_ d||_ t j |_ d|_d|_t||j||S)Nznew_policy_object(): '%s'z%s.xmlFT)r0r+rrr\rrr]rrMr^rrr>rLrZrr)rrMr:r4rrrnew_policy_object_dicts    z%FirewallConfig.new_policy_object_dictcCstjj|}tjj|}tjj|s|jtjrx|jj D]D}|j|}|j |kr<|j|=|j |j krxd|j |j fSd|fSqrcrdr?rrrr0r2r^rMr+rrerrfrgrrrrZ)rrMr^r>r4rNrhrrrupdate_policy_object_from_path,sZ                z-FirewallConfig.update_policy_object_from_pathcCs|j|jkrttj|j|jjtjs@ttj d|jtjfd|j|jf}yt j |d|Wn:t k r}zt jd||tj|WYdd}~XnX|j|j=dS)Nz'%s' doesn't start with '%s'z %s/%s.xmlz%s.oldzBackup of file '%s' failed: %s)rMr0rrrr>rrrrjrkrlrfrrgr=ra)rrNrMrhrrrrys z$FirewallConfig._remove_policy_objectcCs$|js|j r ttjd|jdS)Nz'%s' is built-in policy)rLrZrrZBUILTIN_POLICYrM)rrNrrrcheck_builtin_policy_objectsz*FirewallConfig.check_builtin_policy_objectcCs|j||j|dS)N)rr)rrNrrrremove_policy_objects z#FirewallConfig.remove_policy_objectcCs$|j||j||}|j||S)N)r_copy_policy_objectr)rrNrMZnew_policy_objectrrrrename_policy_objects   z#FirewallConfig.rename_policy_objectcCs|j||jS)N)rr)rrNrMrrrrsz"FirewallConfig._copy_policy_objectcCs$ttt|jjt|jjS)N)rIrJr1r%r2r*)rrrr get_helpersszFirewallConfig.get_helperscCs$|jr||j|j<n ||j|j<dS)N)rLr*rMr%)rrNrrr add_helperszFirewallConfig.add_helpercCs8||jkr|j|S||jkr(|j|Sttj|dS)N)r%r*rrINVALID_HELPER)rrMrrr get_helpers     zFirewallConfig.get_helpercCst|j|jkrttj|jnB|j|j|kr@ttjd|jn|j|jkr^ttjd|j|j||j|jS)Nzself._helpers[%s] != objz'%s' not a built-in helper)rMr%rrrRr*_remove_helper)rrNrrrload_helper_defaultss    z#FirewallConfig.load_helper_defaultscCs|jS)N)rU)rrNrrrget_helper_configsz FirewallConfig.get_helper_configcCsj|jrPtj|}|j|tj|_d|_|j|jkr:d|_|j|t||S|j|t||SdS)NF) rLrWrXrETC_FIREWALLD_HELPERSr>rZrr)rrNr:r4rrrset_helper_configs     z FirewallConfig.set_helper_configcCsx||jks||jkr$ttjd|t}|j||j|||_d||_ t j |_ d|_ d|_t||j||S)Nznew_helper(): '%s'z%s.xmlFT)r%r*rrr\rr]rXrMr^rrr>rLrZrr)rrMr:r4rrr new_helpers     zFirewallConfig.new_helpercCstjj|}tjj|}tjj|s|tjkrx|jjD]D}|j|}|j |kr:|j|=|j |j krvd|j |j fSd|fSq:WnHxF|j jD]8}|j |}|j |kr|j |=|j |jkrd|fSdSqWdSt j d|yt||}Wn0tk r}zt jd||dSd}~XnX|j |j krJ|j |jkrJ|j|d|fS|tjkr|j |jkr|j|j j|_||j|j <d|fS|j |j kr|j |j =||j |j <|j |jkrd|fSd Sd S) Nr`razLoading helper file '%s'z#Failed to load helper file '%s': %srb)NN)NN)NN)NN)NN)r=r>rcrdr?rrr%r2r^rMr*rrerrfrgrrZ)rrMr^r>r4rNrhrrrupdate_helper_from_pathsP                z&FirewallConfig.update_helper_from_pathcCs|j|jkrttj|j|jtjkr>ttjd|jtjfd|j|jf}yt j |d|Wn:t k r}zt j d||tj|WYdd}~XnX|j|j=dS)Nz '%s' != '%s'z %s/%s.xmlz%s.oldzBackup of file '%s' failed: %s)rMr%rrrr>rrrjrkrlrfrrgr=ra)rrNrMrhrrrr&s   zFirewallConfig._remove_helpercCs$|js|j r ttjd|jdS)Nz'%s' is built-in helper)rLrZrrZBUILTIN_HELPERrM)rrNrrrcheck_builtin_helper7sz#FirewallConfig.check_builtin_helpercCs|j||j|dS)N)rr)rrNrrr remove_helper<s zFirewallConfig.remove_helpercCs$|j||j||}|j||S)N)r _copy_helperr)rrNrMrrrr rename_helper@s   zFirewallConfig.rename_helpercCs|j||jS)N)rrU)rrNrMrrrrFszFirewallConfig._copy_helperN)f__name__ __module__ __qualname__rr/rr3r6r7r;r<rBrCrDrErFrGrHrKrOrQrTrVr[r_rirSrmrnrprorqrrrtrvrwryrzr{rur|r}rr~rrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr's 7 E E  E  M M E)&__all__rWr=Zos.pathrkZfirewallrZfirewall.core.loggerrZfirewall.core.io.icmptyperrrZfirewall.core.io.servicerr r Zfirewall.core.io.zoner r r Zfirewall.core.io.ipsetrrrZfirewall.core.io.helperrrrZfirewall.core.io.policyrrrrZfirewall.errorsrobjectrrrrrs