3 Yjb@sVdgZddlmZmZddlZeejd<ddlZddlZddlZddl Z ddl Z ddl m Z ddlmZddlmZddlmZdd lmZdd lmZmZmZmZdd lmZdd lmZmZm Z m!Z!m"Z"m#Z#m$Z$dd l%m&Z&ddl'm(Z(ddl)m*Z*ddl+m,Z,ddl-m.Z.m/Z/m0Z0ddl1m2Z2ddl m3Z3ddl4m5Z5Gddde jj6j7Z8dS) FirewallD)GLibGObjectNZgobject)config)Firewall) Rich_Rule)log)FirewallClientZoneSettings)dbus_handle_exceptionsdbus_service_methodhandle_exceptionsFirewallDBusException)FirewallDConfig)dbus_to_pythoncommand_of_sendercontext_of_sender uid_of_sender user_of_uid%dbus_introspection_prepare_properties!dbus_introspection_add_properties) check_config)IPSet)IcmpType)Helper)nm_get_bus_namenm_get_connection_of_interfacenm_set_zone_of_connection)ifcfg_set_zone_of_interface)errors) FirewallErrorcs"eZdZdZdZejjZe fddZ ddZ e ddZ e d d Z ed d Zed dZeddZeddZeddZeejdddedddZeejdddedddZejjjejjeejdd edd!d"Zejjejd#d$d%d&Zejjjejjeej dd'edfd(d) Z!ejjjejjeejj"d*d*dedd+d,Z#ejjjejjeejj"d*d*dedd-d.Z$ejjejj"ed/d0Z%ejjjejjeejj"d*d*dedd1d2Z&ejjjejjeejj"d*d*dedd3d4Z'ejjjejj(eejj)d*d*dedd5d6Z*ejjjejj(eejj)d*d*dedd7d8Z+ejjjejj,eejj)d*d9dedd:d;Z-ejjejj)d*d$edd?Z/ejjjejj(eejj)dd*dedd@dAZ0ejjjejj(eejj)dd*deddBdCZ1ejjjejj,eejj)dd9deddDdEZ2ejjjejj,eejj)d*dFdeddGdHZ3ejjejj)dd$edIdJZ4ejjejj)dd$edKdLZ5ejjjejj(eejj)dMd*deddNdOZ6ejjjejj(eejj)dMd*deddPdQZ7ejjjejj,eejj)dMd9deddRdSZ8ejjjejj,eejj)d*dTdeddUdVZ9ejjejj)dMd$edWdXZ:ejjejj)dMd$edYdZZ;ejjjejj(eejj)dd*dedd[d\Zejjjejj,eejj)d*dFdeddadbZ?ejjejj)dd$edcddZ@ejjejj)dd$ededfZAejjjejj(eejj)dd*deddgdhZBejjjejj(eejj)dd*deddidjZCejjjejj,eejj)dd9deddkdlZDejjjejj,eejj)d*dFdeddmdnZEejjejj)dd$edodpZFejjejj)dd$edqdrZGejjjejjeejj"d*d*deddsdtZHejjjejjeejj"d*d*deddudvZIejjjejjeejj"d*d9deddwdxZJejjejj"d*d$edydzZKejjejj"d*d$ed{d|ZLejjjejjMeejj"dd}dedd~dZNejjjejjMeejjOdddedddZPejjjejjMeejjOdd edddZQejjejjOdd$eddZRejjjejjMeejjSdddedddZTejjjejjMeejjSdd edddZUejjejjSdd$eddZVejjjejjeejj"d*dFdedddZWejjjejjMeejj"dddedddZXejjjejjMeejj"dddedddZYejjjejjeejj"d*dFdedddZZejjjejjMeejj"de[j\dedddZ]ejjjejjMeejj"d*ddedddZ^ejjjejjeejj"dd*dedddZ_ejjejj"dd$eddZ`ejjjejjMeejj"d*ddedddZaejjjejjeejj"dd*dedddZbejjejj"dd$eddZcejjjejjeejj"d*ddedddZdejjjejjeejj"dd*dedddZeejjejj"dd$eddZfejjjejjeejjSd*dFdedddZgejjjejjeejjSd*ddedddZhejjjejjeejjOd*dFdedddZiejjjejjeejjOd*ddedddZjejjjejjeejjOdddedddZkejjjejjeejjOdddedddZlejjjejjMeejjOdd9dedddZmejjjejjeejjOdddedddZnejjjejjeejjOdddedddZoejjjejjeejjOdddedddZpejjjejjeejjOdddedddZqejjjejjMeejjOdd9deddd„ZrejjjejjMeejjOddFdedddĄZsejjejjOdd$eddƄZtejjejjOdd$eddȄZuejjejjOdd$eddʄZvejjejjOdd$edd̄ZwejjjejjeejjOdddeddd΄ZxejjjejjeejjOdddedddЄZyejjjejjeejjOdddeddd҄ZzejjjejjMeejjOdd9dedddԄZ{ejjjejjMeejjOddFdedddքZ|ejjejjOdd$edd؄Z}ejjejjOdd$eddڄZ~ejjejjOdd$edd܄ZeddބZejjjejjeejjOdddedddZejjjejjeejjOdddedddZejjjejjMeejjOdd9dedddZejjjejjMeejjOddFdedddZejjejjOdd$eddZejjejjOdd$eddZeddZejjjejjeejjOdddedddZejjjejjeejjOdddedddZejjjejjMeejjOdd9dedddZejjjejjMeejjOddFdedddZejjejjOdd$eddZejjejjOdd$eddZeddZejjjejjeejjOdddedddZejjjejjeejjOdddedddZejjjejjMeejjOdd9dedddZejjjejjMeejjOdddedddZejjejjOdd$eddd ZejjejjOdd$ed d Zed d ZejjjejjeejjOdddedddZejjjejjeejjOdddedddZejjjejjMeejjOdd9dedddZejjjejjMeejjOddFdedddZejjejjOdd$edddZejjejjOdd$eddZeddZejjjejjeejjOdddedddZejjjejjeejjOdddedddZejjjejjMeejjOdd9dedd d!ZejjjejjMeejjOdddedd"d#ZejjejjOdd$edd$d%ZejjejjOdd$ed&d'Zed(d)ZejjjejjeejjOd*ddedd+d,ZejjjejjeejjOdddedd-d.ZejjjejjMeejjOdd9dedd/d0ZejjejjOd*d$edd1d2ZejjejjOdd$ed3d4Zed5d6ZejjjejjeejjOd7ddedd8d9ZejjjejjeejjOd:dded d;d<ZejjjejjMeejjOd:d9ded d=d>ZejjjejjMeejjOddded d?d@ZejjejjOd7d$ed dAdBZejjejjOd:d$edCdDZedEdFZejjjejjeejjOddded dGdHZejjjejjeejjOdddeddIdJZejjjejjMeejjOdd9deddKdLZejjjejjMeejjOddFdeddMdNZejjejjOdd$eddOdPZejjejjOdd$edQdRZejjjejjeejjOdddeddSdTZejjjejjeejjOdddeddUdVZejjjejjMeejjOdd9deddWdXZejjejjOdd$edYdZZejjejjOdd$ed[d\Zejjjejjeejjdd*dedd]d^Zejjjejjeejjdd*dedd_d`Zejjjejjeejjdd9deddadbZejjjejjeejjddFdeddcddZejjjejjeejjd*dededdfdgZejjejjdd$edhdiZejjejjdd$edjdkZejjjejjeejjdld*deddmdnZejjjejjeejjdld*deddodpZejjjejjeejjdd*deddqdrZejjjejjeejjdld9deddsdtZejjjejjeejjddudeddvdwZejjjejjeejjd*dxdeddydzZejjejjdld$ed{d|Zejjejjdld$ed}d~Zejjjejjeejjddded ddZejjjejjeejjdd*ded!ddZejjjejjeejjdd*ded"ddZejjjejjeejjdd9ded#ddZejjjejjeejjd*dded$ddZejjjejjeejjd*d*ded%ddZejjjejjeejjddded&ddZejjejjdd$eddZejjejjdd$eddZejjjejj׃eejj"d*d*ded'ddZejjjejjeejjdd9ded(ddZejjjejjeejjd*dFded)ddZejjjejjMeejjdej\ded*ddZejjjejjeejjdd*ded+ddZejjjejjeejjdd*ded,ddZejjjejjeejjdd9ded-ddZejjjejjeejjddFded.ddZejjjejjeejjِdd ed/ddZejjejjdd$eddZejjejjdd$eddZejjjejjeejj"d*dFded0ddZejjjejjMeejj"dej\ded1ddZZS(2rzFirewallD main classTcs`tt|j||t|_|d|_|d|_|jt|t j j t |jj |jt j j |_ dS)Nr)superr__init__rfwbusnamepathstartrrdbusDBUS_INTERFACErZDBUS_PATH_CONFIG)selfargskwargs) __class__/usr/lib/python3.6/firewalld.pyr"Is   zFirewallD.__init__cCs |jdS)N)stop)r)r-r-r.__del__TszFirewallD.__del__cCstjdi|_|jjS)Nzstart())rdebug1 _timeoutsr#r&)r)r-r-r.r&Ws zFirewallD.startcCstjd|jjS)Nzstop())rr1r#r/)r)r-r-r.r/_s zFirewallD.stopcCs|jjjr|dkr"tjddStj}t||}|jjjd|rHdSt ||}|jjjd|rfdSt |}|jjjd|rdSt ||}|jjjd|rdSt t jddS)Nz&Lockdown not possible, sender not set.contextuidusercommandzlockdown is enabled)r#policiesquery_lockdownrerrorr'Z SystemBusrZ access_checkrrrrrZ ACCESS_DENIED)r)senderZbusr3r4r5r6r-r-r. accessCheckhs$     zFirewallD.accessCheckcCs&||jkri|j|<||j||<dS)N)r2)r)zonextagr-r-r. addTimeouts  zFirewallD.addTimeoutcCs<||jkr8||j|kr8tj|j|||j||=dS)N)r2r source_remove)r)r<r=r-r-r. removeTimeoutszFirewallD.removeTimeoutcCsTxD|jD]:}x&|j|D]}tj|j||qW|j|jqW|jjdS)N)r2rr@clear)r)r<r=r-r-r.cleanup_timeoutss  zFirewallD.cleanup_timeoutscCsd|dkrtjtjS|dkr6tjdtjjtjjfS|dkrNtj|jjS|dkrhtj|jj dS|dkrtj |jj dS|d krtj|jj d S|d krtj|jj S|d krtj |jj dS|d krtj|jjS|dkrtj|jjS|dkrtj |jjdS|dkr$tjdS|dkr:tjidS|dkrPtjidStjjd|dS)Nversioninterface_versionz%d.%dstateIPv4ipv4 IPv4ICMPTypessIPv6ipv6 IPv6_rpfilter IPv6ICMPTypesBRIDGEr IPSetTypesnf_conntrack_helper_settingFnf_conntrack_helperssasnf_nat_helperszDorg.freedesktop.DBus.Error.InvalidArgs: Property '%s' does not exist)r'StringrVERSIONZDBUS_INTERFACE_VERSIONZDBUS_INTERFACE_REVISIONr#Z get_stateZBooleanZis_ipv_enabledZArrayZipv4_supported_icmp_typesZipv6_rpfilter_enabledZipv6_supported_icmp_typesZebtables_enabledZ ipset_enabledZipset_supported_types Dictionary exceptions DBusException)r)Zpropr-r-r. _get_propertys@          zFirewallD._get_propertyZssv) in_signature out_signatureNcCs~t|t}t|t}tjd|||tjjkr8|j|S|tjjtjj tjj tjj gkrjtj j d|ntj j d|dS)NzGet('%s', '%s')zDorg.freedesktop.DBus.Error.InvalidArgs: Property '%s' does not existzJorg.freedesktop.DBus.Error.UnknownInterface: Interface '%s' does not exist)rstrrr1rr'r(rZDBUS_INTERFACE_ZONEDBUS_INTERFACE_DIRECTDBUS_INTERFACE_POLICIESDBUS_INTERFACE_IPSETrXrY)r)interface_name property_namer:r-r-r.Gets      z FirewallD.GetrJza{sv}cCst|t}tjd|i}|tjjkrDxNdD]}|j|||<q,Wn2|tjjtjj tjj tjj gkrfntj j d|tj|ddS)Nz GetAll('%s')rDrErFrGrKrMrOrrPrQrRrTrIrNzJorg.freedesktop.DBus.Error.UnknownInterface: Interface '%s' does not existZsv) signature)rDrErFrGrKrMrOrrPrQrRrTrIrN)rr^rr1rr'r(rZr_r`rarbrXrYrW)r)rcr:retr=r-r-r.GetAlls&    zFirewallD.GetAllZssv)r\cCst|t}t|t}t|}tjd||||j||tjjkrn|dkr\tjj d|qtjj d|nB|tjj tjj tjj tjj gkrtjj d|ntjj d|dS)NzSet('%s', '%s', '%s')rDrErFrGrKrMrOrrPrQrRrTrIrNzGorg.freedesktop.DBus.Error.PropertyReadOnly: Property '%s' is read-onlyzDorg.freedesktop.DBus.Error.InvalidArgs: Property '%s' does not existzJorg.freedesktop.DBus.Error.UnknownInterface: Interface '%s' does not exist)rDrErFrGrKrMrOrrPrQrRrTrIrN)rr^rr1r;rr'r(rXrYr_r`rarb)r)rcrdZ new_valuer:r-r-r.Sets:         z FirewallD.Setzsa{sv}as)rfcCs.t|t}t|}t|}tjd|||dS)Nz#PropertiesChanged('%s', '%s', '%s'))rr^rr1)r)rcZchanged_propertiesZinvalidated_propertiesr-r-r.PropertiesChangeds  zFirewallD.PropertiesChanged)r]cs4tjdtt|j|j|jj}t||t j j S)Nz Introspect()) rZdebug2r!r Introspectr%r$Zget_busrrr'r()r)r:data)r,r-r.rk&s   zFirewallD.IntrospectcCs*tjd|jj|jj|jdS)z#Reload the firewall rules. zreload()N)rr1r#reloadrReloaded)r)r:r-r-r.rn4s   zFirewallD.reloadcCs,tjd|jjd|jj|jdS)zCompletely reload the firewall. Completely reload the firewall: Stops firewall, unloads modules and starts the firewall again. zcompleteReload()TN)rr1r#rnrro)r)r:r-r-r.completeReloadCs   zFirewallD.completeReloadcCstjddS)Nz Reloaded())rr1)r)r-r-r.roSszFirewallD.ReloadedcCstjdt|jdS)z&Check permanent configuration zcheckPermanentConfig()N)rr1rr#)r)r:r-r-r.checkPermanentConfigXs zFirewallD.checkPermanentConfigc Cstjdd}|jj}x|jjjD]}|j|}yj||kr|jj|}|j |krptjd||j |qtjd|ntjd||jj ||Wq&t k r}ztj d||fd}WYdd}~Xq&Xq&W|jj}x|jjjD]}|j|}yn||krR|jj|}|j |krBtjd ||j |ntjd |ntjd ||jj||Wqt k r}ztj d ||fd}WYdd}~XqXqW|jj}x|jjjD]}yx|j|}||kr&|jj|}|j |krtjd ||j |ntjd|ntjd||jj||Wn:t k r~}ztj d||fd}WYdd}~XnXqW|jj}t}x|jjjD]}|j|}t|} |dk r~d} xH| j D]<} |jjj!|| |krtjd|| f| j"| d} qWxV| j D]J} y,t#| } | rNt$|| rN| j"| d} Wnt k rfYnXq W| r~~| j%}x| j D]} t&|| qWyP||kr|jj'|}tjd||j(|ntjd||jj)||Wn:t k r&}ztj d||fd}WYdd}~XnXqW|jj*}x|jj+j,D]}|j-|}yB||krx|jj.|}|j |ntjd||jj/||Wn:t k r}ztj d||fd}WYdd}~XnXqFW|jj0}x|jj1j2D]}|j3|}yn||krN|jj4|}|j |kr>tjd||j |ntjd|ntjd||jj5||Wn:t k r}ztj d||fd}WYdd}~XnXqW|jj6j7|jj6j8|jj6j9f}y6|jj |krtjd|jj |n tjdWn6t k r<}ztj d|d}WYdd}~XnX|jj:j;j<}y6|jj |krvtjd|jj=|n tjdWn6t k r}ztj d |d}WYdd}~XnX|rt>t?j@dS)!z-Make runtime configuration permanent zcopyRuntimeToPermanent()FzCopying service '%s' settingsz$Service '%s' is identical, ignoring.zCreating service '%s'z/Runtime To Permanent failed on service '%s': %sTNzCopying icmptype '%s' settingsz%IcmpType '%s' is identical, ignoring.zCreating icmptype '%s'z0Runtime To Permanent failed on icmptype '%s': %szCopying ipset '%s' settingsz"IPSet '%s' is identical, ignoring.zCreating ipset '%s'z-Runtime To Permanent failed on ipset '%s': %szEZone '%s': interface binding for '%s' has been added by NM, ignoring.zCopying zone '%s' settingszCreating zone '%s'z,Runtime To Permanent failed on zone '%s': %szCreating policy '%s'z.Runtime To Permanent failed on policy '%s': %szCopying helper '%s' settingsz#Helper '%s' is identical, ignoring.zCreating helper '%s'z.Runtime To Permanent failed on helper '%s': %szCopying direct configurationz,Direct configuration is identical, ignoring.z7Runtime To Permanent failed on direct configuration: %szCopying policies configurationz.Policies configuration is identical, ignoring.z9Runtime To Permanent failed on policies configuration: %s)Arr1rZgetServiceNamesr#service get_servicesgetServiceSettingsZgetServiceByNameZ getSettingsupdate addService ExceptionwarningZgetIcmpTypeNamesicmptype get_icmptypesgetIcmpTypeSettingsZgetIcmpTypeByNameZ addIcmpTypeZ getIPSetNamesipset get_ipsetsgetIPSetSettingsZgetIPSetByNameZaddIPSetZ getZoneNamesrr< get_zonesgetZoneSettings2r getInterfacesZinterface_get_senderremoveInterfacerrZgetSettingsDictrZ getZoneByNameZupdate2ZaddZone2ZgetPolicyNamespolicy"get_policies_not_derived_from_zonegetPolicySettingsZgetPolicyByNameZ addPolicyZgetHelperNameshelper get_helpersgetHelperSettingsZgetHelperByNameZ addHelperdirectget_all_chains get_all_rulesget_all_passthroughsr7lockdown_whitelist export_configZsetLockdownWhitelistrrZRT_TO_PERM_FAILED) r)r:r9Z config_namesnameZconfZconf_objeZ nm_bus_namesettingsZchanged interfaceZ connectionr-r-r.runtimeToPermanentds$                                               zFirewallD.runtimeToPermanentcCs,tjd|j||jjj|jdS)z!Enable lockdown policies zpolicies.enableLockdown()N)rr1r;r#r7Zenable_lockdownLockdownEnabled)r)r:r-r-r.enableLockdown2s   zFirewallD.enableLockdowncCs,tjd|j||jjj|jdS)z"Disable lockdown policies zpolicies.disableLockdown()N)rr1r;r#r7Zdisable_lockdownLockdownDisabled)r)r:r-r-r.disableLockdown>s   zFirewallD.disableLockdownbcCstjd|jjjS)z+Retuns True if lockdown is enabled zpolicies.queryLockdown())rr1r#r7r8)r)r:r-r-r. queryLockdownJs zFirewallD.queryLockdowncCstjddS)NzLockdownEnabled())rr1)r)r-r-r.rUszFirewallD.LockdownEnabledcCstjddS)NzLockdownDisabled())rr1)r)r-r-r.rZszFirewallD.LockdownDisabledcCs@t|t}tjd||j||jjjj||j |dS)zAdd lockdown command z*policies.addLockdownWhitelistCommand('%s')N) rr^rr1r;r#r7rZ add_commandLockdownWhitelistCommandAdded)r)r6r:r-r-r.addLockdownWhitelistCommandcs   z%FirewallD.addLockdownWhitelistCommandcCs@t|t}tjd||j||jjjj||j |dS)z Remove lockdown command z-policies.removeLockdownWhitelistCommand('%s')N) rr^rr1r;r#r7rZremove_commandLockdownWhitelistCommandRemoved)r)r6r:r-r-r.removeLockdownWhitelistCommandps   z(FirewallD.removeLockdownWhitelistCommandcCs(t|t}tjd||jjjj|S)zQuery lockdown command z,policies.queryLockdownWhitelistCommand('%s'))rr^rr1r#r7rZ has_command)r)r6r:r-r-r.queryLockdownWhitelistCommand}s z'FirewallD.queryLockdownWhitelistCommandascCstjd|jjjjS)zAdd lockdown command z'policies.getLockdownWhitelistCommands())rr1r#r7rZ get_commands)r)r:r-r-r.getLockdownWhitelistCommandss z&FirewallD.getLockdownWhitelistCommandscCstjd|dS)Nz#LockdownWhitelistCommandAdded('%s'))rr1)r)r6r-r-r.rsz'FirewallD.LockdownWhitelistCommandAddedcCstjd|dS)Nz%LockdownWhitelistCommandRemoved('%s'))rr1)r)r6r-r-r.rsz)FirewallD.LockdownWhitelistCommandRemovedicCs@t|t}tjd||j||jjjj||j |dS)zAdd lockdown uid z&policies.addLockdownWhitelistUid('%s')N) rintrr1r;r#r7rZadd_uidLockdownWhitelistUidAdded)r)r4r:r-r-r.addLockdownWhitelistUids   z!FirewallD.addLockdownWhitelistUidcCs@t|t}tjd||j||jjjj||j |dS)zRemove lockdown uid z)policies.removeLockdownWhitelistUid('%s')N) rrrr1r;r#r7rZ remove_uidLockdownWhitelistUidRemoved)r)r4r:r-r-r.removeLockdownWhitelistUids   z$FirewallD.removeLockdownWhitelistUidcCs(t|t}tjd||jjjj|S)zQuery lockdown uid z(policies.queryLockdownWhitelistUid('%s'))rrrr1r#r7rZhas_uid)r)r4r:r-r-r.queryLockdownWhitelistUids z#FirewallD.queryLockdownWhitelistUidZaicCstjd|jjjjS)zAdd lockdown uid z#policies.getLockdownWhitelistUids())rr1r#r7rZget_uids)r)r:r-r-r.getLockdownWhitelistUidss z"FirewallD.getLockdownWhitelistUidscCstjd|dS)NzLockdownWhitelistUidAdded(%d))rr1)r)r4r-r-r.rsz#FirewallD.LockdownWhitelistUidAddedcCstjd|dS)NzLockdownWhitelistUidRemoved(%d))rr1)r)r4r-r-r.rsz%FirewallD.LockdownWhitelistUidRemovedcCs@t|t}tjd||j||jjjj||j |dS)zAdd lockdown user z'policies.addLockdownWhitelistUser('%s')N) rr^rr1r;r#r7rZadd_userLockdownWhitelistUserAdded)r)r5r:r-r-r.addLockdownWhitelistUsers   z"FirewallD.addLockdownWhitelistUsercCs@t|t}tjd||j||jjjj||j |dS)zRemove lockdown user z*policies.removeLockdownWhitelistUser('%s')N) rr^rr1r;r#r7rZ remove_userLockdownWhitelistUserRemoved)r)r5r:r-r-r.removeLockdownWhitelistUsers   z%FirewallD.removeLockdownWhitelistUsercCs(t|t}tjd||jjjj|S)zQuery lockdown user z)policies.queryLockdownWhitelistUser('%s'))rr^rr1r#r7rZhas_user)r)r5r:r-r-r.queryLockdownWhitelistUsers z$FirewallD.queryLockdownWhitelistUsercCstjd|jjjjS)zAdd lockdown user z$policies.getLockdownWhitelistUsers())rr1r#r7rZ get_users)r)r:r-r-r.getLockdownWhitelistUserss z#FirewallD.getLockdownWhitelistUserscCstjd|dS)Nz LockdownWhitelistUserAdded('%s'))rr1)r)r5r-r-r.rsz$FirewallD.LockdownWhitelistUserAddedcCstjd|dS)Nz"LockdownWhitelistUserRemoved('%s'))rr1)r)r5r-r-r.rsz&FirewallD.LockdownWhitelistUserRemovedcCs@t|t}tjd||j||jjjj||j |dS)zAdd lockdown context z*policies.addLockdownWhitelistContext('%s')N) rr^rr1r;r#r7rZ add_contextLockdownWhitelistContextAdded)r)r3r:r-r-r.addLockdownWhitelistContexts   z%FirewallD.addLockdownWhitelistContextcCs@t|t}tjd||j||jjjj||j |dS)z Remove lockdown context z-policies.removeLockdownWhitelistContext('%s')N) rr^rr1r;r#r7rZremove_contextLockdownWhitelistContextRemoved)r)r3r:r-r-r.removeLockdownWhitelistContext's   z(FirewallD.removeLockdownWhitelistContextcCs(t|t}tjd||jjjj|S)zQuery lockdown context z,policies.queryLockdownWhitelistContext('%s'))rr^rr1r#r7rZ has_context)r)r3r:r-r-r.queryLockdownWhitelistContext4s z'FirewallD.queryLockdownWhitelistContextcCstjd|jjjjS)zAdd lockdown context z'policies.getLockdownWhitelistContexts())rr1r#r7rZ get_contexts)r)r:r-r-r.getLockdownWhitelistContexts@s z&FirewallD.getLockdownWhitelistContextscCstjd|dS)Nz#LockdownWhitelistContextAdded('%s'))rr1)r)r3r-r-r.rKsz'FirewallD.LockdownWhitelistContextAddedcCstjd|dS)Nz%LockdownWhitelistContextRemoved('%s'))rr1)r)r3r-r-r.rPsz)FirewallD.LockdownWhitelistContextRemovedcCs*tjd|j||jj|jdS)znEnable panic mode. All ingoing and outgoing connections and packets will be blocked. zenablePanicMode()N)rr1r;r#Zenable_panic_modePanicModeEnabled)r)r:r-r-r.enablePanicModeYs   zFirewallD.enablePanicModecCs*tjd|j||jj|jdS)zDisable panic mode. Enables normal mode: Allowed ingoing and outgoing connections will not be blocked anymore zdisablePanicMode()N)rr1r;r#Zdisable_panic_modePanicModeDisabled)r)r:r-r-r.disablePanicModegs   zFirewallD.disablePanicModecCstjd|jjS)NzqueryPanicMode())rr1r#Zquery_panic_mode)r)r:r-r-r.queryPanicModevs zFirewallD.queryPanicModecCstjddS)NzPanicModeEnabled())rr1)r)r-r-r.rszFirewallD.PanicModeEnabledcCstjddS)NzPanicModeDisabled())rr1)r)r-r-r.rszFirewallD.PanicModeDisabledz&(sssbsasa(ss)asba(ssss)asasasasa(ss)b)cCs$t|t}tjd||jjj|S)NzgetZoneSettings(%s))rr^rr1r#r<Zget_config_with_settings)r)r<r:r-r-r.getZoneSettingss  zFirewallD.getZoneSettingscCs$t|t}tjd||jjj|S)NzgetZoneSettings2(%s))rr^rr1r#r<get_config_with_settings_dict)r)r<r:r-r-r.rs  zFirewallD.getZoneSettings2zsa{sv}cCsBt|t}tjd||j||jjj||||j||dS)NzsetZoneSettings2(%s)) rr^rr1r;r#r<set_config_with_settings_dict ZoneUpdated)r)r<rr:r-r-r.setZoneSettings2s    zFirewallD.setZoneSettings2cCstjd||fdS)Nzzone.ZoneUpdated('%s', '%s'))rr1)r)r<rr-r-r.rszFirewallD.ZoneUpdatedcCs$t|t}tjd||jjj|S)Nzpolicy.getPolicySettings(%s))rr^rr1r#rr)r)rr:r-r-r.rs  zFirewallD.getPolicySettingscCsBt|t}tjd||j||jjj||||j||dS)Nzpolicy.setPolicySettings(%s)) rr^rr1r;r#rr PolicyUpdated)r)rrr:r-r-r.setPolicySettingss    zFirewallD.setPolicySettingscCstjd||fdS)Nz policy.PolicyUpdated('%s', '%s'))rr1)r)rrr-r-r.rszFirewallD.PolicyUpdatedcCstjd|jjjS)NzlistServices())rr1r#rrrs)r)r:r-r-r. listServicess zFirewallD.listServicesz(sssa(ss)asa{ss}asa(ss))cCst|t}tjd||jjj|}|j}g}x\tdD]P}|j |d|krr|j t j t ||j |dq:|j ||j |dq:Wt|S)NzgetServiceSettings(%s)r)rr^rr1r#rr get_serviceexport_config_dictrangeZIMPORT_EXPORT_STRUCTUREappendcopydeepcopygetattrtuple)r)rrr:objZ conf_dictZ conf_listrr-r-r.rts  "zFirewallD.getServiceSettingscCs,t|t}tjd||jjj|}|jS)NzgetServiceSettings2(%s))rr^rr1r#rrrr)r)rrr:rr-r-r.getServiceSettings2s  zFirewallD.getServiceSettings2cCstjd|jjjS)NzlistIcmpTypes())rr1r#ryrz)r)r:r-r-r. listIcmpTypess zFirewallD.listIcmpTypescCs(t|t}tjd||jjj|jS)NzgetIcmpTypeSettings(%s))rr^rr1r#ryZ get_icmptyper)r)ryr:r-r-r.r{s  zFirewallD.getIcmpTypeSettingscCstjd|jjS)NzgetLogDenied())rr1r#Zget_log_denied)r)r:r-r-r. getLogDenied s zFirewallD.getLogDeniedcCsXt|t}tjd||j||jj||j||jj|j j|j dS)NzsetLogDenied('%s')) rr^rr1r;r#Zset_log_deniedLogDeniedChangedrnrro)r)valuer:r-r-r. setLogDenieds      zFirewallD.setLogDeniedcCstjd|dS)NzLogDeniedChanged('%s'))rr1)r)rr-r-r.r"szFirewallD.LogDeniedChangedcCstjddS)NzgetAutomaticHelpers()no)rr1)r)r:r-r-r.getAutomaticHelpers+s zFirewallD.getAutomaticHelperscCs&t|t}tjd||j|dS)NzsetAutomaticHelpers('%s'))rr^rr1r;)r)rr:r-r-r.setAutomaticHelpers6s zFirewallD.setAutomaticHelperscCstjd|dS)NzAutomaticHelpersChanged('%s'))rr1)r)rr-r-r.AutomaticHelpersChangedBsz!FirewallD.AutomaticHelpersChangedcCstjd|jjS)NzgetDefaultZone())rr1r#Zget_default_zone)r)r:r-r-r.getDefaultZoneKs zFirewallD.getDefaultZonecCs<t|t}tjd||j||jj||j|dS)NzsetDefaultZone('%s'))rr^rr1r;r#Zset_default_zoneDefaultZoneChanged)r)r<r:r-r-r.setDefaultZoneTs    zFirewallD.setDefaultZonecCstjd|dS)NzDefaultZoneChanged('%s'))rr1)r)r<r-r-r.r`szFirewallD.DefaultZoneChangedcCstjd|jjjS)Nzpolicy.getPolicies())rr1r#rr)r)r:r-r-r. getPoliciesks zFirewallD.getPoliciesz a{sa{sas}}cCs\tjdi}xH|jjjD]8}i||<|jjj|||d<|jjj|||d<qW|S)Nzpolicy.getActivePolicies()Z ingress_zonesZ egress_zones)rr1r#rZ)get_active_policies_not_derived_from_zoneZlist_ingress_zonesZlist_egress_zones)r)r:r7rr-r-r.getActivePoliciesss zFirewallD.getActivePoliciescCstjd|jjjS)Nzzone.getZones())rr1r#r<r)r)r:r-r-r.getZoness zFirewallD.getZonescCstjdi}x||jjjD]l}|jjj|}|jjj|}t|t|dkri||<t|dkrp|||d<t|dkr|||d<qW|S)Nzzone.getActiveZones()r interfacessources)rr1r#r<rlist_interfaces list_sourceslen)r)r:Zzonesr<rrr-r-r.getActiveZoness    zFirewallD.getActiveZonescCs2t|t}tjd||jjj|}|r.|SdS)zReturn the zone an interface belongs to. :Parameters: `interface` : str Name of the interface :Returns: str. The name of the zone. zzone.getZoneOfInterface('%s')rm)rr^rr1r#r<Zget_zone_of_interface)r)rr:r<r-r-r.getZoneOfInterfaces zFirewallD.getZoneOfInterfacecCs2t|t}tjd||jjj|}|r.|SdS)Nzzone.getZoneOfSource('%s')rm)rr^rr1r#r<Zget_zone_of_source)r)sourcer:r<r-r-r.getZoneOfSources  zFirewallD.getZoneOfSourcecCsdS)NFr-)r)r<r:r-r-r. isImmutableszFirewallD.isImmutablecCsRt|t}t|t}tjd||f|j||jjj|||}|j|||S)zPAdd an interface to a zone. If zone is empty, use default zone. zzone.addInterface('%s', '%s')) rr^rr1r;r#r<Z add_interfaceInterfaceAdded)r)r<rr:_zoner-r-r. addInterfaces    zFirewallD.addInterfacecCs"t|t}t|t}|j|||S)zChange a zone an interface is part of. If zone is empty, use default zone. This function is deprecated, use changeZoneOfInterface instead )rr^changeZoneOfInterface)r)r<rr:r-r-r. changeZones  zFirewallD.changeZonecCsRt|t}t|t}tjd||f|j||jjj|||}|j|||S)z[Change a zone an interface is part of. If zone is empty, use default zone. z&zone.changeZoneOfInterface('%s', '%s')) rr^rr1r;r#r<Zchange_zone_of_interfaceZoneOfInterfaceChanged)r)r<rr:rr-r-r.rs    zFirewallD.changeZoneOfInterfacecCsPt|t}t|t}tjd||f|j||jjj||}|j|||S)zkRemove interface from a zone. If zone is empty, remove from zone the interface belongs to. z zone.removeInterface('%s', '%s')) rr^rr1r;r#r<Zremove_interfaceInterfaceRemoved)r)r<rr:rr-r-r.rs    zFirewallD.removeInterfacecCs6t|t}t|t}tjd||f|jjj||S)z^Return true if an interface is in a zone. If zone is empty, use default zone. zzone.queryInterface('%s', '%s'))rr^rr1r#r<Zquery_interface)r)r<rr:r-r-r.queryInterfaces  zFirewallD.queryInterfacecCs&t|t}tjd||jjj|S)z]Return the list of interfaces of a zone. If zone is empty, use default zone. zzone.getInterfaces('%s'))rr^rr1r#r<r)r)r<r:r-r-r.rs zFirewallD.getInterfacescCstjd||fdS)Nzzone.InterfaceAdded('%s', '%s'))rr1)r)r<rr-r-r.r+szFirewallD.InterfaceAddedcCstjd||fdS)z, This signal is deprecated. zzone.ZoneChanged('%s', '%s')N)rr1)r)r<rr-r-r. ZoneChanged0szFirewallD.ZoneChangedcCs"tjd||f|j||dS)Nz'zone.ZoneOfInterfaceChanged('%s', '%s'))rr1r)r)r<rr-r-r.r8s z FirewallD.ZoneOfInterfaceChangedcCstjd||fdS)Nz!zone.InterfaceRemoved('%s', '%s'))rr1)r)r<rr-r-r.r?szFirewallD.InterfaceRemovedcCsRt|t}t|t}tjd||f|j||jjj|||}|j|||S)zLAdd a source to a zone. If zone is empty, use default zone. zzone.addSource('%s', '%s')) rr^rr1r;r#r<Z add_source SourceAdded)r)r<rr:rr-r-r. addSourceHs    zFirewallD.addSourcecCsRt|t}t|t}tjd||f|j||jjj|||}|j|||S)zXChange a zone an source is part of. If zone is empty, use default zone. z#zone.changeZoneOfSource('%s', '%s')) rr^rr1r;r#r<Zchange_zone_of_sourceZoneOfSourceChanged)r)r<rr:rr-r-r.changeZoneOfSourceYs    zFirewallD.changeZoneOfSourcecCsPt|t}t|t}tjd||f|j||jjj||}|j|||S)zeRemove source from a zone. If zone is empty, remove from zone the source belongs to. zzone.removeSource('%s', '%s')) rr^rr1r;r#r<Z remove_source SourceRemoved)r)r<rr:rr-r-r. removeSourcejs    zFirewallD.removeSourcecCs6t|t}t|t}tjd||f|jjj||S)z[Return true if an source is in a zone. If zone is empty, use default zone. zzone.querySource('%s', '%s'))rr^rr1r#r<Z query_source)r)r<rr:r-r-r. querySource{s  zFirewallD.querySourcecCs&t|t}tjd||jjj|S)zZReturn the list of sources of a zone. If zone is empty, use default zone. zzone.getSources('%s'))rr^rr1r#r<r)r)r<r:r-r-r. getSourcess zFirewallD.getSourcescCstjd||fdS)Nzzone.SourceAdded('%s', '%s'))rr1)r)r<rr-r-r.rszFirewallD.SourceAddedcCstjd||fdS)Nz$zone.ZoneOfSourceChanged('%s', '%s'))rr1)r)r<rr-r-r.rszFirewallD.ZoneOfSourceChangedcCstjd||fdS)Nzzone.SourceRemoved('%s', '%s'))rr1)r)r<rr-r-r.rszFirewallD.SourceRemovedcCsHtjd||f|j||=t|d}|jjj|||j||dS)Nz%zone.disableTimedRichRule('%s', '%s'))rule_str)rr1r2rr#r< remove_ruleRichRuleRemoved)r)r<rulerr-r-r.disableTimedRichRules   zFirewallD.disableTimedRichRuleZssicCst|t}t|t}t|t}tjd||ft|d}|jjj|||}|dkrtt j ||j ||}|j ||||j ||||S)Nzzone.addRichRule('%s', '%s'))rr)rr^rrr1rr#r<add_rulertimeout_add_secondsrr? RichRuleAdded)r)r<rtimeoutr:rrr>r-r-r. addRichRules     zFirewallD.addRichRulecCs\t|t}t|t}tjd||ft|d}|jjj||}|j|||j |||S)Nzzone.removeRichRule('%s', '%s'))r) rr^rr1rr#r<rrAr)r)r<rr:rrr-r-r.removeRichRules     zFirewallD.removeRichRulecCs@t|t}t|t}tjd||ft|d}|jjj||S)Nzzone.queryRichRule('%s', '%s'))r)rr^rr1rr#r< query_rule)r)r<rr:rr-r-r. queryRichRules    zFirewallD.queryRichRulecCs&t|t}tjd||jjj|S)Nzzone.getRichRules('%s'))rr^rr1r#r<Z list_rules)r)r<r:r-r-r. getRichRuless zFirewallD.getRichRulescCstjd|||fdS)Nz"zone.RichRuleAdded('%s', '%s', %d))rr1)r)r<rrr-r-r.rszFirewallD.RichRuleAddedcCstjd||fdS)Nz zone.RichRuleRemoved('%s', '%s'))rr1)r)r<rr-r-r.rszFirewallD.RichRuleRemovedcCs>tjd||f|j||=|jjj|||j||dS)Nz$zone.disableTimedService('%s', '%s'))rr1r2r#r<remove_serviceServiceRemoved)r)r<rrr-r-r.disableTimedServices zFirewallD.disableTimedServicecCst|t}t|t}t|t}tjd|||f|j||jjj||||}|dkrxt j ||j ||}|j ||||j ||||S)Nzzone.addService('%s', '%s', %d)r)rr^rrr1r;r#r<Z add_servicerrrr? ServiceAdded)r)r<rrrr:rr>r-r-r.rvs     zFirewallD.addServicecCs\t|t}t|t}tjd||f|j||jjj||}|j|||j |||S)Nzzone.removeService('%s', '%s')) rr^rr1r;r#r<rrAr)r)r<rrr:rr-r-r. removeServices     zFirewallD.removeServicecCs6t|t}t|t}tjd||f|jjj||S)Nzzone.queryService('%s', '%s'))rr^rr1r#r<Z query_service)r)r<rrr:r-r-r. queryService&s  zFirewallD.queryServicecCs&t|t}tjd||jjj|S)Nzzone.getServices('%s'))rr^rr1r#r<Z list_services)r)r<r:r-r-r. getServices1s zFirewallD.getServicescCstjd|||fdS)Nz!zone.ServiceAdded('%s', '%s', %d))rr1)r)r<rrrr-r-r.r=szFirewallD.ServiceAddedcCstjd||fdS)Nzzone.ServiceRemoved('%s', '%s'))rr1)r)r<rrr-r-r.rCszFirewallD.ServiceRemovedcCsHtjd|||f|j|||f=|jjj||||j|||dS)Nz'zone.disableTimedPort('%s', '%s', '%s'))rr1r2r#r< remove_port PortRemoved)r)r<portprotocolr-r-r.disableTimedPortLs zFirewallD.disableTimedPortZsssicCst|t}t|t}t|t}t|t}tjd|||f|j||jjj|||||}|dkrt j ||j |||}|j |||f||j |||||S)Nzzone.addPort('%s', '%s', '%s')r)rr^rrr1r;r#r<Zadd_portrrrr? PortAdded)r)r<rrrr:rr>r-r-r.addPortTs       zFirewallD.addPortZssscCspt|t}t|t}t|t}tjd|||f|j||jjj|||}|j|||f|j ||||S)Nz!zone.removePort('%s', '%s', '%s')) rr^rr1r;r#r<r rAr )r)r<rrr:rr-r-r. removePortks    zFirewallD.removePortcCsDt|t}t|t}t|t}tjd|||f|jjj|||S)Nz zone.queryPort('%s', '%s', '%s'))rr^rr1r#r<Z query_port)r)r<rrr:r-r-r. queryPort}s    zFirewallD.queryPortZaascCs&t|t}tjd||jjj|S)Nzzone.getPorts('%s'))rr^rr1r#r<Z list_ports)r)r<r:r-r-r.getPortss zFirewallD.getPortsrcCstjd||||fdS)Nz$zone.PortAdded('%s', '%s', '%s', %d))rr1)r)r<rrrr-r-r.rszFirewallD.PortAddedcCstjd|||fdS)Nz"zone.PortRemoved('%s', '%s', '%s'))rr1)r)r<rrr-r-r.r szFirewallD.PortRemovedcCs>tjd||f|j||=|jjj|||j||dS)Nz%zone.disableTimedProtocol('%s', '%s'))rr1r2r#r<remove_protocolProtocolRemoved)r)r<rr-r-r.disableTimedProtocols zFirewallD.disableTimedProtocolcCst|t}t|t}t|t}tjd||f|j||jjj||||}|dkrvt j ||j ||}|j ||||j ||||S)Nzzone.enableProtocol('%s', '%s')r)rr^rrr1r;r#r<Z add_protocolrrrr? ProtocolAdded)r)r<rrr:rr>r-r-r. addProtocols     zFirewallD.addProtocolcCs\t|t}t|t}tjd||f|j||jjj||}|j|||j |||S)Nzzone.removeProtocol('%s', '%s')) rr^rr1r;r#r<rrAr)r)r<rr:rr-r-r.removeProtocols     zFirewallD.removeProtocolcCs6t|t}t|t}tjd||f|jjj||S)Nzzone.queryProtocol('%s', '%s'))rr^rr1r#r<Zquery_protocol)r)r<rr:r-r-r. queryProtocols  zFirewallD.queryProtocolcCs&t|t}tjd||jjj|S)Nzzone.getProtocols('%s'))rr^rr1r#r<Zlist_protocols)r)r<r:r-r-r. getProtocolss zFirewallD.getProtocolscCstjd|||fdS)Nz"zone.ProtocolAdded('%s', '%s', %d))rr1)r)r<rrr-r-r.rszFirewallD.ProtocolAddedcCstjd||fdS)Nz zone.ProtocolRemoved('%s', '%s'))rr1)r)r<rr-r-r.rszFirewallD.ProtocolRemovedcCsJtjd|||f|j|d||f=|jjj||||j|||dS)Nz-zone.disableTimedSourcePort('%s', '%s', '%s')sport)rr1r2r#r<remove_source_portSourcePortRemoved)r)r<rrr-r-r.disableTimedSourcePorts z FirewallD.disableTimedSourcePortcCst|t}t|t}t|t}t|t}tjd|||f|j||jjj|||||}|dkrt j ||j |||}|j |d||f||j |||||S)Nz$zone.addSourcePort('%s', '%s', '%s')rr)rr^rrr1r;r#r<Zadd_source_portrrr!r?SourcePortAdded)r)r<rrrr:rr>r-r-r. addSourcePorts         zFirewallD.addSourcePortcCsrt|t}t|t}t|t}tjd|||f|j||jjj|||}|j|d||f|j ||||S)Nz'zone.removeSourcePort('%s', '%s', '%s')r) rr^rr1r;r#r<rrAr )r)r<rrr:rr-r-r.removeSourcePorts      zFirewallD.removeSourcePortcCsDt|t}t|t}t|t}tjd|||f|jjj|||S)Nz&zone.querySourcePort('%s', '%s', '%s'))rr^rr1r#r<Zquery_source_port)r)r<rrr:r-r-r.querySourcePort)s      zFirewallD.querySourcePortcCs&t|t}tjd||jjj|S)Nzzone.getSourcePorts('%s'))rr^rr1r#r<Zlist_source_ports)r)r<r:r-r-r.getSourcePorts6s zFirewallD.getSourcePortscCstjd||||fdS)Nz*zone.SourcePortAdded('%s', '%s', '%s', %d))rr1)r)r<rrrr-r-r.r"BszFirewallD.SourcePortAddedcCstjd|||fdS)Nz(zone.SourcePortRemoved('%s', '%s', '%s'))rr1)r)r<rrr-r-r.r Hs zFirewallD.SourcePortRemovedcCs(|j|d=|jjj||j|dS)N masquerade)r2r#r<remove_masqueradeMasqueradeRemoved)r)r<r-r-r.disableTimedMasqueradeRs z FirewallD.disableTimedMasqueradeZsicCstt|t}t|t}tjd||j||jjj|||}|dkrdt j ||j |}|j |d||j |||S)Nzzone.addMasquerade('%s')rr')rr^rrr1r;r#r<Zadd_masqueraderrr*r?MasqueradeAdded)r)r<rr:rr>r-r-r. addMasqueradeXs     zFirewallD.addMasqueradecCsJt|t}tjd||j||jjj|}|j|d|j ||S)Nzzone.removeMasquerade('%s')r') rr^rr1r;r#r<r(rAr))r)r<r:rr-r-r.removeMasqueradels    zFirewallD.removeMasqueradecCs&t|t}tjd||jjj|S)Nzzone.queryMasquerade('%s'))rr^rr1r#r<Zquery_masquerade)r)r<r:r-r-r.queryMasquerade{s zFirewallD.queryMasqueradecCstjd||fdS)Nzzone.MasqueradeAdded('%s', %d))rr1)r)r<rr-r-r.r+szFirewallD.MasqueradeAddedcCstjd|dS)Nzzone.MasqueradeRemoved('%s'))rr1)r)r<r-r-r.r)szFirewallD.MasqueradeRemovedcCs@|j|||||f=|jjj||||||j|||||dS)N)r2r#r<remove_forward_portForwardPortRemoved)r)r<rrtoporttoaddrr-r-r.disable_forward_portszFirewallD.disable_forward_portZsssssic Cst|t}t|t}t|t}t|t}t|t}t|t}tjd|||||f|j||jjj|||||||}|dkrt j ||j |||||} |j |||||f| |j |||||||S)Nz1zone.addForwardPort('%s', '%s', '%s', '%s', '%s')r)rr^rrr1r;r#r<Zadd_forward_portrrr3r?ForwardPortAdded) r)r<rrr1r2rr:rr>r-r-r.addForwardPorts&        zFirewallD.addForwardPortZssssscCst|t}t|t}t|t}t|t}t|t}tjd|||||f|j||jjj|||||}|j|||||f|j ||||||S)Nz4zone.removeForwardPort('%s', '%s', '%s', '%s', '%s')) rr^rr1r;r#r<r/rAr0)r)r<rrr1r2r:rr-r-r.removeForwardPorts      zFirewallD.removeForwardPortcCs`t|t}t|t}t|t}t|t}t|t}tjd|||||f|jjj|||||S)Nz3zone.queryForwardPort('%s', '%s', '%s', '%s', '%s'))rr^rr1r#r<Zquery_forward_port)r)r<rrr1r2r:r-r-r.queryForwardPorts     zFirewallD.queryForwardPortcCs&t|t}tjd||jjj|S)Nzzone.getForwardPorts('%s'))rr^rr1r#r<Zlist_forward_ports)r)r<r:r-r-r.getForwardPortss zFirewallD.getForwardPortscCstjd||||||fdS)Nz7zone.ForwardPortAdded('%s', '%s', '%s', '%s', '%s', %d))rr1)r)r<rrr1r2rr-r-r.r4szFirewallD.ForwardPortAddedcCstjd|||||fdS)Nz5zone.ForwardPortRemoved('%s', '%s', '%s', '%s', '%s'))rr1)r)r<rrr1r2r-r-r.r0szFirewallD.ForwardPortRemovedcCs>tjd||f|j||=|jjj|||j||dS)Nz&zone.disableTimedIcmpBlock('%s', '%s'))rr1r2r#r<remove_icmp_blockIcmpBlockRemoved)r)r<icmpr:r-r-r.disableTimedIcmpBlocks zFirewallD.disableTimedIcmpBlockcCst|t}t|t}t|t}tjd||f|j||jjj||||}|dkrxt j ||j |||}|j ||||j ||||S)Nz zone.enableIcmpBlock('%s', '%s')r)rr^rrr1r;r#r<Zadd_icmp_blockrrr<r?IcmpBlockAdded)r)r<r;rr:rr>r-r-r. addIcmpBlocks      zFirewallD.addIcmpBlockcCs\t|t}t|t}tjd||f|j||jjj||}|j|||j |||S)Nz zone.removeIcmpBlock('%s', '%s')) rr^rr1r;r#r<r9rAr:)r)r<r;r:rr-r-r.removeIcmpBlocks     zFirewallD.removeIcmpBlockcCs6t|t}t|t}tjd||f|jjj||S)Nzzone.queryIcmpBlock('%s', '%s'))rr^rr1r#r<Zquery_icmp_block)r)r<r;r:r-r-r.queryIcmpBlock&s  zFirewallD.queryIcmpBlockcCs&t|t}tjd||jjj|S)Nzzone.getIcmpBlocks('%s'))rr^rr1r#r<Zlist_icmp_blocks)r)r<r:r-r-r. getIcmpBlocks1s zFirewallD.getIcmpBlockscCstjd|||fdS)Nz#zone.IcmpBlockAdded('%s', '%s', %d))rr1)r)r<r;rr-r-r.r==szFirewallD.IcmpBlockAddedcCstjd||fdS)Nz!zone.IcmpBlockRemoved('%s', '%s'))rr1)r)r<r;r-r-r.r:CszFirewallD.IcmpBlockRemovedcCs@t|t}tjd||j||jjj||}|j||S)Nz zone.addIcmpBlockInversion('%s')) rr^rr1r;r#r<Zadd_icmp_block_inversionIcmpBlockInversionAdded)r)r<r:rr-r-r.addIcmpBlockInversionLs    zFirewallD.addIcmpBlockInversioncCs>t|t}tjd||j||jjj|}|j||S)Nz#zone.removeIcmpBlockInversion('%s')) rr^rr1r;r#r<Zremove_icmp_block_inversionIcmpBlockInversionRemoved)r)r<r:rr-r-r.removeIcmpBlockInversionZs    z"FirewallD.removeIcmpBlockInversioncCs&t|t}tjd||jjj|S)Nz"zone.queryIcmpBlockInversion('%s'))rr^rr1r#r<Zquery_icmp_block_inversion)r)r<r:r-r-r.queryIcmpBlockInversionhs z!FirewallD.queryIcmpBlockInversioncCstjd|dS)Nz"zone.IcmpBlockInversionAdded('%s'))rr1)r)r<r-r-r.rBrsz!FirewallD.IcmpBlockInversionAddedcCstjd|dS)Nz$zone.IcmpBlockInversionRemoved('%s'))rr1)r)r<r-r-r.rDwsz#FirewallD.IcmpBlockInversionRemovedcCs`t|t}t|t}t|t}tjd|||f|j||jjj||||j|||dS)Nz!direct.addChain('%s', '%s', '%s')) rr^rr1r;r#rZ add_chain ChainAdded)r)ipvtablechainr:r-r-r.addChains    zFirewallD.addChaincCs`t|t}t|t}t|t}tjd|||f|j||jjj||||j|||dS)Nz$direct.removeChain('%s', '%s', '%s')) rr^rr1r;r#rZ remove_chain ChainRemoved)r)rHrIrJr:r-r-r. removeChains    zFirewallD.removeChaincCsDt|t}t|t}t|t}tjd|||f|jjj|||S)Nz#direct.queryChain('%s', '%s', '%s'))rr^rr1r#rZ query_chain)r)rHrIrJr:r-r-r. queryChains    zFirewallD.queryChaincCs6t|t}t|t}tjd||f|jjj||S)Nzdirect.getChains('%s', '%s'))rr^rr1r#rZ get_chains)r)rHrIr:r-r-r. getChainss  zFirewallD.getChainsza(sss)cCstjd|jjjS)Nzdirect.getAllChains())rr1r#rr)r)r:r-r-r. getAllChainss zFirewallD.getAllChainscCstjd|||fdS)Nz#direct.ChainAdded('%s', '%s', '%s'))rr1)r)rHrIrJr-r-r.rGszFirewallD.ChainAddedcCstjd|||fdS)Nz%direct.ChainRemoved('%s', '%s', '%s'))rr1)r)rHrIrJr-r-r.rLs zFirewallD.ChainRemovedZsssiascCst|t}t|t}t|t}t|t}tdd|D}tjd||||dj|f|j||jj j ||||||j |||||dS)Ncss|]}t|tVqdS)N)rr^).0rr-r-r. sz$FirewallD.addRule..z*direct.addRule('%s', '%s', '%s', %d, '%s')z',') rr^rrrr1joinr;r#rr RuleAdded)r)rHrIrJpriorityr*r:r-r-r.addRules     zFirewallD.addRulecCst|t}t|t}t|t}t|t}tdd|D}tjd||||dj|f|j||jj j ||||||j |||||dS)Ncss|]}t|tVqdS)N)rr^)rQrr-r-r.rRsz'FirewallD.removeRule..z-direct.removeRule('%s', '%s', '%s', %d, '%s')z',') rr^rrrr1rSr;r#rr RuleRemoved)r)rHrIrJrUr*r:r-r-r. removeRules     zFirewallD.removeRulecCst|t}t|t}t|t}tjd|||f|j|xF|jjj|||D]0\}}|jjj||||||j |||||qPWdS)Nz$direct.removeRules('%s', '%s', '%s')) rr^rr1r;r#r get_rulesrrW)r)rHrIrJr:rUr*r-r-r. removeRuless    zFirewallD.removeRulescCsnt|t}t|t}t|t}t|t}tdd|D}tjd||||dj|f|jjj |||||S)Ncss|]}t|tVqdS)N)rr^)rQrr-r-r.rR sz&FirewallD.queryRule..z,direct.queryRule('%s', '%s', '%s', %d, '%s')z',') rr^rrrr1rSr#rr)r)rHrIrJrUr*r:r-r-r. queryRules    zFirewallD.queryRuleza(ias)cCsDt|t}t|t}t|t}tjd|||f|jjj|||S)Nz!direct.getRules('%s', '%s', '%s'))rr^rr1r#rrY)r)rHrIrJr:r-r-r.getRules s    zFirewallD.getRulesz a(sssias)cCstjd|jjjS)Nzdirect.getAllRules())rr1r#rr)r)r:r-r-r. getAllRules s zFirewallD.getAllRulescCs"tjd||||dj|fdS)Nz,direct.RuleAdded('%s', '%s', '%s', %d, '%s')z',')rr1rS)r)rHrIrJrUr*r-r-r.rT" szFirewallD.RuleAddedcCs"tjd||||dj|fdS)Nz.direct.RuleRemoved('%s', '%s', '%s', %d, '%s')z',')rr1rS)r)rHrIrJrUr*r-r-r.rW( szFirewallD.RuleRemovedrScCst|t}tdd|D}tjd|dj|f|j|y|jjj ||St k r}zh|d krzt ddd d g}n t d d g}t|}|j t jkrtt ||@d krtj|t|WYdd}~XnXdS) Ncss|]}t|tVqdS)N)rr^)rQrr-r-r.rR9 sz(FirewallD.passthrough..zdirect.passthrough('%s', '%s')z','rHrLz-Cz--checkz-Lz--listr)rHrL)rr^rrr1rSr;r#r passthroughrsetcoderZCOMMAND_FAILEDrrxr )r)rHr*r:r9Z query_argsmsgr-r-r.r^2 s"      zFirewallD.passthroughcCs\t|}tdd|D}tjd|dj|f|j||jjj|||j ||dS)Ncss|]}t|VqdS)N)r)rQrr-r-r.rRT sz+FirewallD.addPassthrough..z!direct.addPassthrough('%s', '%s')z',') rrrr1rSr;r#rZadd_passthroughPassthroughAdded)r)rHr*r:r-r-r.addPassthroughM s zFirewallD.addPassthroughcCs\t|}tdd|D}tjd|dj|f|j||jjj|||j ||dS)Ncss|]}t|VqdS)N)r)rQrr-r-r.rRb sz.FirewallD.removePassthrough..z$direct.removePassthrough('%s', '%s')z',') rrrr1rSr;r#rZremove_passthroughPassthroughRemoved)r)rHr*r:r-r-r.removePassthrough[ s zFirewallD.removePassthroughcCsBt|}tdd|D}tjd|dj|f|jjj||S)Ncss|]}t|VqdS)N)r)rQrr-r-r.rRp sz-FirewallD.queryPassthrough..z#direct.queryPassthrough('%s', '%s')z',')rrrr1rSr#rZquery_passthrough)r)rHr*r:r-r-r.queryPassthroughi s zFirewallD.queryPassthroughza(sas)cCstjd|jjjS)Nzdirect.getAllPassthroughs())rr1r#rr)r)r:r-r-r.getAllPassthroughsu s zFirewallD.getAllPassthroughscCs.tjdxt|jD]}|j|qWdS)Nzdirect.removeAllPassthroughs())rr1reversedrgre)r)r:r^r-r-r.removeAllPassthroughs~ s zFirewallD.removeAllPassthroughscCs"t|}tjd||jjj|S)Nzdirect.getPassthroughs('%s'))rrr1r#rZget_passthroughs)r)rHr:r-r-r.getPassthroughs s zFirewallD.getPassthroughscCstjd|dj|fdS)Nz#direct.PassthroughAdded('%s', '%s')z',')rr1rS)r)rHr*r-r-r.rb szFirewallD.PassthroughAddedcCstjd|dj|fdS)Nz%direct.PassthroughRemoved('%s', '%s')z',')rr1rS)r)rHr*r-r-r.rd szFirewallD.PassthroughRemovedcCsdS)z PK_ACTION_ALL implies all other actions, i.e. once a subject is authorized for PK_ACTION_ALL it's also authorized for any other action. Use-case is GUI (RHBZ#994729). Nr-)r)r:r-r-r. authorizeAll s zFirewallD.authorizeAllcCs$t|}tjd||jjj|S)Nzipset.queryIPSet('%s'))rrr1r#r|Z query_ipset)r)r|r:r-r-r. queryIPSet szFirewallD.queryIPSetcCstjd|jjjS)Nzipsets.getIPSets())rr1r#r|r})r)r:r-r-r. getIPSets s zFirewallD.getIPSetscCs(t|t}tjd||jjj|jS)NzgetIPSetSettings(%s))rr^rr1r#r|Z get_ipsetr)r)r|r:r-r-r.r~ s  zFirewallD.getIPSetSettingscCsLt|}t|}tjd||f|j||jjj|||j||dS)Nzipset.addEntry('%s', '%s'))rrr1r;r#r|Z add_entry EntryAdded)r)r|entryr:r-r-r.addEntry s  zFirewallD.addEntrycCsLt|}t|}tjd||f|j||jjj|||j||dS)Nzipset.removeEntry('%s', '%s'))rrr1r;r#r|Z remove_entry EntryRemoved)r)r|ror:r-r-r. removeEntry s  zFirewallD.removeEntrycCs2t|}t|}tjd||f|jjj||S)Nzipset.queryEntry('%s', '%s'))rrr1r#r|Z query_entry)r)r|ror:r-r-r. queryEntry szFirewallD.queryEntrycCs$t|}tjd||jjj|S)Nzipset.getEntries('%s'))rrr1r#r| get_entries)r)r|r:r-r-r. getEntries szFirewallD.getEntriescCst|}t|t}tjd|dj||jjj|}|jjj||t |}t |}x||D]}|j ||q^Wx||D]}|j ||q|WdS)Nzipset.setEntries('%s', '[%s]'),) rlistrr1rSr#r|rtZ set_entriesr_rnrq)r)r|Zentriesr:Z old_entriesZold_entries_setZ entries_setror-r-r. setEntries s zFirewallD.setEntriescCs&t|}t|}tjd||fdS)Nzipset.EntryAdded('%s', '%s'))rrr1)r)r|ror-r-r.rn szFirewallD.EntryAddedcCs&t|}t|}tjd||fdS)Nzipset.EntryRemoved('%s', '%s'))rrr1)r)r|ror-r-r.rq szFirewallD.EntryRemovedcCstjd|jjjS)Nzhelpers.getHelpers())rr1r#rr)r)r:r-r-r. getHelpers! s zFirewallD.getHelperscCs(t|t}tjd||jjj|jS)NzgetHelperSettings(%s))rr^rr1r#rZ get_helperr)r)rr:r-r-r.r* s  zFirewallD.getHelperSettings)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)r)N)N)N)N)r)N)N)N)N)r)N)N)N)r)N)N)N)N)r)N)N)N)N)r)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)__name__ __module__ __qualname____doc__Z persistentrr'ZPK_ACTION_CONFIGZdefault_polkit_auth_requiredr r"r0r&r/r r;r?rArCrZr ZPROPERTIES_IFACErerhslipZpolkitZ require_authrirrsignalrjZPK_ACTION_INFOZINTROSPECTABLE_IFACErkr(rnrprorqrZPK_ACTION_POLICIESrarrZPK_ACTION_POLICIES_INFOrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrZPK_ACTION_CONFIG_INFOrr_rrrZDBUS_INTERFACE_POLICYrrrrrtrrrZDBUS_SIGNATUREr{rrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrvr r r rrrrrrrrr rrrrrrrr!r#r$r%r&r"r r*r,r-r.r+r)r3r5r6r7r8r4r0r<r>r?r@rAr=r:rCrErFrBrDZPK_ACTION_DIRECTr`rKrMZPK_ACTION_DIRECT_INFOrNrOrPrGrLrVrXrZr[r\r]rTrWr^rcrerfrgrirjrbrdZ PK_ACTION_ALLrkrbrlrmrr~rprrrsrurxrnrqryrr __classcell__r-r-)r,r.rAs      0 "         K                                                                                                                                                                           )9__all__Z gi.repositoryrrsysmodulesrr'Z dbus.serviceZ slip.dbusr~Zslip.dbus.serviceZfirewallrZfirewall.core.fwrZfirewall.core.richrZfirewall.core.loggerrZfirewall.clientr Zfirewall.server.decoratorsr r r r Zfirewall.server.configrZfirewall.dbus_utilsrrrrrrrZfirewall.core.io.functionsrZfirewall.core.io.ipsetrZfirewall.core.io.icmptyperZfirewall.core.io.helperrZfirewall.core.fw_nmrrrZfirewall.core.fw_ifcfgrrZfirewall.errorsrrrZObjectrr-r-r-r.s2       $