3 Yjy@sddlZddlZddlmZmZmZddlmZddlm Z ddl m Z ddl m Z mZmZmZmZmZmZmZmZddlmZmZmZddlmZdd lmZdd lmZGd d d e Z!dS) N) SHORTCUTSDEFAULT_ZONE_TARGETSOURCE_IPSET_TYPES)FirewallTransaction)Policy)log) Rich_Service Rich_Port Rich_ProtocolRich_SourcePortRich_ForwardPortRich_IcmpBlock Rich_IcmpTypeRich_Masquerade Rich_Mark) checkIPnMask checkIP6nMask check_mac)errors) FirewallError)LastUpdatedOrderedDictc@sNeZdZdZddZddZddZdd Zd d Zd d Z ddZ ddZ ddZ ddZ ddZddZddZddZddd Zd!d"Zd#d$Zd%d&Zdd'd(Zd)d*Zd+d,Zd-d.Zdd/d0Zdd1d2Zd3d4Zd5d6Zd7d8Zd9d:Zd;d<Z d=d>Z!dd@dAZ"dBdCZ#ddDdEZ$ddFdGZ%ddHdIZ&dJdKZ'dLdMZ(dNdOZ)ddQdRZ*ddSdTZ+ddUdVZ,dWdXZ-ddYdZZ.dd[d\Z/d]d^Z0d_d`Z1dadbZ2ddcddZ3dedfZ4dgdhZ5didjZ6dkdlZ7dmdnZ8dodpZ9ddqdrZ:dsdtZ;dudvZd{d|Z?d}d~Z@ddZAdddZBddZCddZDddZEddZFdddZGddZHddZIddZJdddZKddZLddZMddZNdddZOddZPddZQdddZRdddZSdddZTddZUdddZVddZWddZXddZYdddZZddZ[ddZ\ddZ]ddZ^ddZ_dddZ`ddZaddd„ZbddĄZcddƄZddS) FirewallZonercCs||_i|_i|_dS)N)_fw_zones_zone_policies)selffwr/usr/lib/python3.6/fw_zone.py__init__&szFirewallZone.__init__cCsd|j|jfS)Nz%s(%r)) __class__r)rrrr__repr__+szFirewallZone.__repr__cCs|jj|jjdS)N)rclearr)rrrrcleanup.s zFirewallZone.cleanupcCs t|jS)N)rr)rrrrnew_transaction2szFirewallZone.new_transactioncCsdj||dS)Nzzone_{fromZone}_{toZone})fromZonetoZone)format)rr%r&rrrpolicy_name_from_zones5sz#FirewallZone.policy_name_from_zonescCst|jjS)N)sortedrkeys)rrrr get_zones:szFirewallZone.get_zonescCs8g}x.|jD]"}|j|s&|j|r|j|qW|S)N)r+list_interfaces list_sourcesappend)rZ active_zoneszonerrrget_active_zones=s zFirewallZone.get_active_zonescCs6|j|}x&|jD]}||j|jdkr|SqWdS)N interfaces)_FirewallZone__interface_idrsettings)r interface interface_idr/rrrget_zone_of_interfaceDs   z"FirewallZone.get_zone_of_interfacecCs6|j|}x&|jD]}||j|jdkr|SqWdS)Nsources)_FirewallZone__source_idrr3)rsource source_idr/rrrget_zone_of_sourceLs   zFirewallZone.get_zone_of_sourcecCs|jj|}|j|S)N)r check_zoner)rr/zrrrget_zoneTs zFirewallZone.get_zonecCsBt}|j|_|j|||_|j|_|j|_|g|_|g|_xd D]}||jkr~|d kr~|d kr~t ||t j t ||qD|d kr||jkr|d krt ||t j t ||qD||jko|d ko|dkrt ||t j t ||qD|dkrDg|_ xB|j D]8}|j||}||j|j|kr|j jt j |qWqDW|S)Nservicesports masquerade forward_ports source_ports icmp_blocksrules protocolsHOSTANY)r?r@rArBrCrDrErF)r?r@rCrDrF)rA)rDrB)rE)rnameZderived_from_zoner(ZONE_POLICY_PRIORITYZprioritytargetZ ingress_zonesZ egress_zonessetattrcopydeepcopygetattrrE_rich_rule_to_policiesr.)rz_objr%r&p_objZsettingruleZcurrent_policyrrrpolicy_obj_from_zone_objXs6    z%FirewallZone.policy_obj_from_zone_objcCsddd D|_||j|j<g|j|j<xX|jdfd|jf|jdfgD]8\}}|j|||}|jjj||j|jj|jqFW|j |jdS) NcSsi|] }t|qSr)r).0xrrr sz)FirewallZone.add_zone..r1r7icmp_block_inversionforwardrGrH)r1r7rXrY) r3rrIrrTrpolicyZ add_policyr.copy_permanent_to_runtime)robjr%r&rRrrradd_zone~s   zFirewallZone.add_zonecCsn|j|}x|jD]}|j||ddqWx|jD]}|j||ddq2W|jrZ|j||jrj|j|dS)NF) allow_apply) rr1 add_interfacer7 add_sourcerY add_forwardrXadd_icmp_block_inversion)rr/r\argrrrr[s    z&FirewallZone.copy_permanent_to_runtimecCs8|j|}|jr|j||jj|j|=|j|=dS)N)rappliedunapply_zone_settingsr3r"r)rr/r\rrr remove_zones    zFirewallZone.remove_zoneNcCsVxP|jD]D}|j|}t|jdks4t|jdkr tjd||j||dq WdS)NrzApplying zone '%s')use_transaction)r+rlenr1r7rdebug1apply_zone_settings)rrgr/rQrrr apply_zoness   zFirewallZone.apply_zonescCs|j|}||_dS)N)rrd)rr/rdr\rrrset_zone_applieds zFirewallZone.set_zone_appliedcCsd|kr dS|jd}t|dkr&dSd}x tD]}|dt|kr0|}q0W|dk r|d|jkrhdSt|dkst|dkr|dd kr|d|fSdS) N_rprerdenyallowpost)rqrrrrsrt)splitrhrr+)rchainZsplits_chainrVrrrzone_from_chains      zFirewallZone.zone_from_chaincCst|j|}|dkrdS|\}}|d kr0|}d}n4|d krB|}d}n"|d krTd}|}nttjd||j|||fS) N PREROUTING FORWARD_INrHINPUTrG POSTROUTING FORWARD_OUTz&chain '%s' can't be mapped to a policy)ryrz)r{)r|r})rxrrZ INVALID_CHAINr()rrvrVr/rwr%r&rrrpolicy_from_chains zFirewallZone.policy_from_chainc Csj|dkrf|j|}|dk rf|j|\}}|dkr:|j}n|}|jjj|d||||dkrf|jddS)Nipv4ipv6T)rr)r~r$rrZZgen_chain_rulesexecute) ripvtablervrgrVrZrw transactionrrrcreate_zone_base_by_chains  z&FirewallZone.create_zone_base_by_chaincCstj||d}|S)N)Zdatesendertimeout)time)rrrretrrrZ__gen_settingsszFirewallZone.__gen_settingscCs |j|jS)N)r>r3)rr/rrr get_settingsszFirewallZone.get_settingscCs|j|}x|D]z}xt||D]h}|dkr<|j||||q|dkr`|j|||d|d|q|dkrlqq|dkrvqtjd|||qWqW|r|j|||dS)Nr1r7rrorXrYz3Zone '%s': Unknown setting '%s:%s', unable to apply)r _interface_sourcerZwarning_icmp_block_inversion)renabler/rr3keyargsrrr_zone_settingss  zFirewallZone._zone_settingscCs|jj|}|j|}|jr dSd|_|dkr8|j}n|}x2|j|D]$}tjd|||jjj ||dqHW|j d|||dkr|j ddS)NTz+Applying policy (%s) derived from zone '%s')rg) rr<rrdr$rrrirZapply_policy_settingsrr)rr/rg_zoner\rrZrrrrjs   z FirewallZone.apply_zone_settingscCs|jj|}|j|}|js dS|dkr2|j}n|}x$|j|D]}|jjj||dqBW|jd|||dkr||j ddS)N)rgFT) rr<rrdr$rrZunapply_policy_settingsrr)rr/rgrr\rrZrrrre,s   z"FirewallZone.unapply_zone_settingscCs~|j|}|j|}g}x\tdD]P}|j|d|krZ|jtjt||j|dq"|j||j|dq"Wt|S)zH :return: exported config updated with runtime settings r) r>get_config_with_settings_dictrangeZIMPORT_EXPORT_STRUCTUREr.rMrNrOtuple)rr/r\Z conf_dictZ conf_listirrrget_config_with_settings?s  "z%FirewallZone.get_config_with_settingsc Cs|j|j}|dtkr"d|d<|j||j||j||j||j||j||j ||j ||j ||j ||j ||j|d }|jj||S)zH :return: exported config updated with runtime settings rKdefault) r?r@rDrArBr1r7 rules_strrFrCrXrY)r>Zexport_config_dictr list_services list_portslist_icmp_blocksquery_masqueradelist_forward_portsr,r- list_ruleslist_protocolslist_source_portsquery_icmp_block_inversion query_forwardrZ'combine_runtime_with_permanent_settings)rr/Z permanentZruntimerrrrOs  z*FirewallZone.get_config_with_settings_dictc sddlmdfdd }fdd}jjfjjfjjfjj fj j fj j fjjf||fjjfjjfjjfjjfd }j|}jj||\}} xv| D]n} t| | tr$xX| | D]:} t| tr || d|f| q|| d|| qWq|| d|qWx|D]} t|| trx|| D]l} | dkr|| d|| |d nDt| tr|| d|f| d|d n|| d|| d|d q\Wn6| dkr|| d||d n|| d|d|d q>WdS)Nr) Rich_Rulecsj||dd|ddS)N)rule_strr)rr)add_rule)r/rrr)rrrradd_rule_wrapperhszDFirewallZone.set_config_with_settings_dict..add_rule_wrappercsj||ddS)N)r) remove_rule)r/r)rrrrremove_rule_wrapperjszGFirewallZone.set_config_with_settings_dict..remove_rule_wrapper) r?r@rDrArBr1r7rrFrCrXrYror1r7)r)rrrX)rN)r1r7)rX)firewall.core.richr add_serviceremove_serviceadd_port remove_portadd_icmp_blockremove_icmp_blockadd_masqueraderemove_masqueradeadd_forward_portremove_forward_portr_remove_interfacer` remove_source add_protocolremove_protocoladd_source_portremove_source_portrbremove_icmp_block_inversionraremove_forwardrrZget_added_and_removed_settings isinstancelistr) rr/r3rrrZ setting_to_fnZ old_settingsZ add_settingsZremove_settingsrrr)rrrset_config_with_settings_dictesF                    z*FirewallZone.set_config_with_settings_dictcCs|jj|dS)N)rcheck_interface)rr4rrrrszFirewallZone.check_interfacecCs\|jj|}|j|}|j|}||jdkrX|jd|}d|krX|ddk rX|dSdS)Nr1r)rr<rr2r3)rr/r4r_objr5r3rrrinterface_get_senders   z!FirewallZone.interface_get_sendercCs|j||S)N)r)rr4rrrZ__interface_ids zFirewallZone.__interface_idTc Cs|jj|jj|}|j|}|j|}||jdkrLttjd||f|j |dk rjttj d|t j d||f|dkr|j } n|} |j r|r|j|| d| j|j|d|r|jd||| |j||||| j|j|||dkr| jd|S)Nr1z'%s' already bound to '%s'z'%s' already bound to a zonez&Setting zone of interface '%s' to '%s')rgFT)r check_panicr<rr2r3rrZONE_ALREADY_SETr6 ZONE_CONFLICTrrir$rdrjadd_failrlr!_FirewallZone__register_interface#_FirewallZone__unregister_interfacer) rr/r4rrgr^rrr5rrrrr_s8            zFirewallZone.add_interfacecCs6|jd||jd|<| p"|dk|jd|d<dS)Nrr1 __default__)_FirewallZone__gen_settingsr3)rrr5r/rrrrZ__register_interfacesz!FirewallZone.__register_interfacecCsR|jj|j|}|jj|}||kr,|S|dk r@|j|||j|||}|S)N)rrr6r<rr_)rr/r4r _old_zone _new_zonerrrrchange_zone_of_interfaces    z%FirewallZone.change_zone_of_interfacecCsz|jj|dkr|j}n|}|j|||jd|d|dd|dk rd|dkrd|jd|d|dd|dkrv|jddS)NT+)r.rF)rrr$rjrr)rZold_zoneZnew_zonergrrrrchange_default_zones   z FirewallZone.change_default_zonec Cs|jj|j|}|dkr,ttjd||dkr8|n |jj|}||krbttjd|||f|dkrt|j}n|}|j |}|j |}|j |j |||j d||||dkr|jd|S)Nz'%s' is not in any zonerz"remove_interface(%s, %s): zoi='%s'FT)rrr6rrZUNKNOWN_INTERFACEr<rr$rr2add_postrrr) rr/r4rgZzoirrrr5rrrrs(       zFirewallZone.remove_interfacecCs||jdkr|jd|=dS)Nr1)r3)rrr5rrrZ__unregister_interfacesz#FirewallZone.__unregister_interfacecCs|j||j|dkS)Nr1)r2r)rr/r4rrrquery_interfaceszFirewallZone.query_interfacecCs|j|djS)Nr1)rr*)rr/rrrr,"szFirewallZone.list_interfacesFcCsxt|r dSt|rdSt|r$dS|jdrh|j|dd|rV|j|dd|j|ddSttj |dS)Nrrrzipset:) rrr startswith_check_ipset_type_for_source_check_ipset_applied _ipset_familyrrZ INVALID_ADDR)rr9rdrrr check_source's zFirewallZone.check_sourcecCs|j||d}||fS)N)rd)r)rr9rdrrrrZ __source_id6szFirewallZone.__source_idc Cs|jj|jj|}|j|}t|r0|j}|j||d}||jdkr`tt j d||f|j |dk r~tt j d||dkr|j } n|} |j r|r|j|| d| j|j|d|r|jd||d|d | |j||||| j|j|||dkr| jd|S) N)rdr7z'%s' already bound to '%s'z'%s' already bound to a zone)rgFTrro)rrr<rrupperr8r3rrrr;rr$rdrjrrlr_FirewallZone__register_source _FirewallZone__unregister_sourcer) rr/r9rrgr^rrr:rrrrr`:s4        zFirewallZone.add_sourcecCs6|jd||jd|<| p"|dk|jd|d<dS)Nrr7rr)rr3)rrr:r/rrrrZ__register_sourceaszFirewallZone.__register_sourcecCsb|jj|j|}|jj|}||kr,|St|r<|j}|dk rP|j|||j|||}|S)N)rrr;r<rrrr`)rr/r9rrrrrrrchange_zone_of_sourcegs    z"FirewallZone.change_zone_of_sourcec Cs|jjt|r|j}|j|}|dkrsz-FirewallZone.list_sources..r7)rr*)rr/rrrr-szFirewallZone.list_sourcesc sxjjD]}|jsq xPj|D]B}x<jjj|D]*\}} |j|||||| |} |j|| q8Wq$Wj|d}j |dr |d kr |j |||d|d} |j|| q WxΈjjj D]}|jjj |kr|jjj |krq|jjjkrdjjj|jrd| rsz)FirewallZone._interface..cs|jjjkojjj|S)N)rrZrr)r)rrrrs)rr)renabled_backendspolicies_supportedrrZ#_get_table_chains_for_zone_dispatchZ!build_zone_source_interface_rules add_rulesr(rbuild_zone_forward_rules"get_policies_not_derived_from_zonelist_ingress_zoneslist_egress_zonesr get_policyrdrhr,r_ingress_egress_zonesr) rrr/r4rr.backendrZrrvrEr)rrrs2 $zFirewallZone._interfacecCs$|j|dkrdS|jjj|ddS)Nzhash:macF)rd) _ipset_typeripsetZ get_family)rrIrrrrszFirewallZone._ipset_familycCs|jjj|ddS)NF)rd)rrZget_type)rrIrrrrszFirewallZone._ipset_typecCsdj|g|jjj|S)N,)joinrrZ get_dimension)rrIflagrrr_ipset_match_flagsszFirewallZone._ipset_match_flagscCs|jjj|S)N)rrZ check_applied)rrIrrrrsz!FirewallZone._check_ipset_appliedcCs*|j|}|tkr&ttjd||fdS)Nz.ipset '%s' with type '%s' not usable as source)rrrrZ INVALID_IPSET)rrIZ_typerrrrs  z)FirewallZone._check_ipset_type_for_sourcec sx|rjj|gnjjD]}|js*qxNj|D]@}x:jjj|D](\}} |j|||||| } |j|| qJWq6Wj |d}j |dr|j |||d|d} |j|| qWxΈjjj D]}|jjj |kr|jjj|krq|jjjkrljjj|jrl| rDtj|dkrDjjj||dn&jjjd|||jfdd |q|r|jfd d |qWdS) NrHrYr)r9ro)rgFcs |jjjkojjjd|S)NT)rrZrr)r)rrrrsz&FirewallZone._source..cs|jjjkojjj|S)N)rrZrr)r)rrrr s)rget_backend_by_ipvrrrrZrZbuild_zone_source_address_rulesrr(rrrrrrrrdrhr-rrr) rrr/rr9rrrZrrvrEr)rrrs2"  $zFirewallZone._sourcecCs0|jj|}|j|d}|jjj|||||S)NrG)rr<r(rZr)rr/servicerrp_namerrrr s  zFirewallZone.add_servicecCs,|jj|}|j|d}|jjj|||S)NrG)rr<r(rZr)rr/rrrrrrs  zFirewallZone.remove_servicecCs(|jj|}|j|d}|jjj||S)NrG)rr<r(rZ query_service)rr/rrrrrrs  zFirewallZone.query_servicecCs&|jj|}|j|d}|jjj|S)NrG)rr<r(rZr)rr/rrrrrs  zFirewallZone.list_servicescCs2|jj|}|j|d}|jjj||||||S)NrG)rr<r(rZr)rr/portprotocolrrrrrrr#s  zFirewallZone.add_portcCs.|jj|}|j|d}|jjj||||S)NrG)rr<r(rZr)rr/rrrrrrr)s  zFirewallZone.remove_portcCs*|jj|}|j|d}|jjj|||S)NrG)rr<r(rZ query_port)rr/rrrrrrr/s  zFirewallZone.query_portcCs&|jj|}|j|d}|jjj|S)NrG)rr<r(rZr)rr/rrrrr4s  zFirewallZone.list_portscCs2|jj|}|j|d}|jjj||||||S)NrG)rr<r(rZr)rr/ source_portrrrrrrrr9s  zFirewallZone.add_source_portcCs.|jj|}|j|d}|jjj||||S)NrG)rr<r(rZr)rr/rrrrrrr?s  zFirewallZone.remove_source_portcCs*|jj|}|j|d}|jjj|||S)NrG)rr<r(rZquery_source_port)rr/rrrrrrrEs  zFirewallZone.query_source_portcCs&|jj|}|j|d}|jjj|S)NrG)rr<r(rZr)rr/rrrrrJs  zFirewallZone.list_source_portscCs|jj|}t|jtkr(|j|dgSt|jttt t gkrL|j|dgSt|jt t gkrv|j|d|j|dgSt|jt gkr|j|dgSt|jtgkr|jd|gS|jdkr|j|dgStdt|jdS)NrHrGz Rich rule type (%s) not handled.)rr<typeactionrr(elementrr r r r rr rr)rr/rSrrrrPOs    z#FirewallZone._rich_rule_to_policiescCs.x(|j||D]}|jjj||||qW|S)N)rPrrZr)rr/rSrrrrrrrbszFirewallZone.add_rulecCs*x$|j||D]}|jjj||qW|S)N)rPrrZr)rr/rSrrrrrgszFirewallZone.remove_rulecCs2d}x(|j||D]}|o(|jjj||}qW|S)NT)rPrrZ query_rule)rr/rSrrrrrrlszFirewallZone.query_rulecCs^|jj|}t}xB|j|d|j|d|jd|gD]}|jt|jjj|q6Wt|S)NrHrG)rr<setr(updaterZrr)rr/rrrrrrrs   zFirewallZone.list_rulescCs0|jj|}|j|d}|jjj|||||S)NrG)rr<r(rZr)rr/rrrrrrrr{s  zFirewallZone.add_protocolcCs,|jj|}|j|d}|jjj|||S)NrG)rr<r(rZr)rr/rrrrrrs  zFirewallZone.remove_protocolcCs(|jj|}|j|d}|jjj||S)NrG)rr<r(rZquery_protocol)rr/rrrrrr s  zFirewallZone.query_protocolcCs&|jj|}|j|d}|jjj|S)NrG)rr<r(rZr)rr/rrrrrs  zFirewallZone.list_protocolscCs.|jj|}|jd|}|jjj||||S)NrH)rr<r(rZr)rr/rrrrrrrs  zFirewallZone.add_masqueradecCs*|jj|}|jd|}|jjj||S)NrH)rr<r(rZr)rr/rrrrrs  zFirewallZone.remove_masqueradecCs&|jj|}|jd|}|jjj|S)NrH)rr<r(rZr)rr/rrrrrs  zFirewallZone.query_masqueradec Cs6|jj|}|j|d}|jjj||||||||S)NrH)rr<r(rZr) rr/rrtoporttoaddrrrrrrrrs   zFirewallZone.add_forward_portcCs2|jj|}|j|d}|jjj||||||S)NrH)rr<r(rZr)rr/rrr r rrrrrs  z FirewallZone.remove_forward_portcCs.|jj|}|j|d}|jjj|||||S)NrH)rr<r(rZquery_forward_port)rr/rrr r rrrrr s  zFirewallZone.query_forward_portcCs&|jj|}|j|d}|jjj|S)NrH)rr<r(rZr)rr/rrrrrs  zFirewallZone.list_forward_portscCsP|jj|}|j|d}|jjj|||||j|d}|jjj|||||S)NrGrH)rr<r(rZr)rr/icmprrrrrrrs    zFirewallZone.add_icmp_blockcCsH|jj|}|j|d}|jjj|||j|d}|jjj|||S)NrGrH)rr<r(rZr)rr/r rrrrrs    zFirewallZone.remove_icmp_blockcCsD|jj|}|j|d}|j|d}|jjj||oB|jjj||S)NrGrH)rr<r(rZquery_icmp_block)rr/r  p_name_host p_name_fwdrrrrs    zFirewallZone.query_icmp_blockcCsH|jj|}|j|d}|j|d}tt|jjj||jjj|S)NrGrH)rr<r(r)rrZr)rr/rrrrrrs    zFirewallZone.list_icmp_blockscCsH|jj|}|j|d}|jjj|||j|d}|jjj|||S)NrGrH)rr<r(rZrb)rr/rrrrrrbs    z%FirewallZone.add_icmp_block_inversioncCsL|jj|}|j|d}|jjj||||j|d}|jjj|||dS)NrGrH)rr<r(rZr)rrr/rrrrrrs    z"FirewallZone._icmp_block_inversioncCsD|jj|}|j|d}|jjj||j|d}|jjj||S)NrGrH)rr<r(rZr)rr/rrrrrs    z(FirewallZone.remove_icmp_block_inversioncCs@|jj|}|j|d}|j|d}|jjj|o>|jjj|S)NrGrH)rr<r(rZr)rr/rrrrrrs    z'FirewallZone.query_icmp_block_inversionc Cs|j|d}xT|j|jdD]@}x:|jjD],}|js:q.|j|||d|d}|j||q.WqWxj|j|jdD]V\}} xL|r|jj|gn|jjD],}|jsq|j|||d| d}|j||qWqtWdS)NrHr1r)r4r7)r9) r(rr3rrrrrr) rrr/rrr4rrErr9rrr_forwards "zFirewallZone._forwardcCsdS)NTr)rrrrZ __forward_idszFirewallZone.__forward_idc Cs|jj|}|jj||jj|j|}|j}||jdkrRttj d||dkrd|j }n|}|j r||j d|||j |||||j|j|||dkr|jd|S)NrYzforward already enabled in '%s'T)rr<Z check_timeoutrr_FirewallZone__forward_idr3rrZALREADY_ENABLEDr$rdr_FirewallZone__register_forwardr!_FirewallZone__unregister_forwardr) rr/rrrgrr forward_idrrrrras$       zFirewallZone.add_forwardcCs|j|||jd|<dS)NrY)rr3)rrrrrrrrZ__register_forward.szFirewallZone.__register_forwardcCs|jj|}|jj|j|}|j}||jdkrFttjd||dkrX|j }n|}|j rp|j d|||j |j |||dkr|jd|S)NrYzforward not enabled in '%s'FT)rr<rrrr3rrZ NOT_ENABLEDr$rdrrrr)rr/rgrrrrrrrr2s       zFirewallZone.remove_forwardcCs||jdkr|jd|=dS)NrY)r3)rrrrrrZ__unregister_forwardKsz!FirewallZone.__unregister_forwardcCs|j|j|dkS)NrY)rr)rr/rrrrOszFirewallZone.query_forward)N)N)N)N)NNT)N)N)N)F)F)NNT)N)N)F)rN)rN)rN)rN)rN)rN)NNrN)NN)NN)rN)N)rNN)N)e__name__ __module__ __qualname__rJrr!r#r$r(r+r0r6r;r>rTr]r[rfrkrlrxr~rrrrrjrerrrrrr2r_rrrrrrr,rr8r`rrrrrr-rrrrrrrrrrrrrrrrrrrrPrrrrrrr rrrrrrr rrrrrrbrrrrrrarrrrrrrrr#s&     8  (      &   ,(               r)"rrMZfirewall.core.baserrrZfirewall.core.fw_transactionrZfirewall.core.io.policyrZfirewall.core.loggerrrrr r r r r rrrZfirewall.functionsrrrZfirewallrZfirewall.errorsrZfirewall.fw_typesrobjectrrrrrs   ,