diff -up firewalld-0.3.9/src/firewall/client.py.RHBZ#1127706 firewalld-0.3.9/src/firewall/client.py
--- firewalld-0.3.9/src/firewall/client.py.RHBZ#1127706 2014-09-30 01:05:32.495984835 +0200
+++ firewalld-0.3.9/src/firewall/client.py 2014-09-30 01:09:08.587824840 +0200
@@ -323,6 +323,271 @@ class FirewallClientConfigZone(object):
def rename(self, name):
self.fw_zone.rename(name)
+ # version
+
+ @slip.dbus.polkit.enable_proxy
+ @handle_exceptions
+ def getVersion(self):
+ return self.fw_zone.getVersion()
+
+ @slip.dbus.polkit.enable_proxy
+ @handle_exceptions
+ def setVersion(self, version):
+ self.fw_zone.setVersion(version)
+
+ # short
+
+ @slip.dbus.polkit.enable_proxy
+ @handle_exceptions
+ def getShort(self):
+ return self.fw_zone.getShort()
+
+ @slip.dbus.polkit.enable_proxy
+ @handle_exceptions
+ def setShort(self, short):
+ self.fw_zone.setShort(short)
+
+ # description
+
+ @slip.dbus.polkit.enable_proxy
+ @handle_exceptions
+ def getDescription(self):
+ return self.fw_zone.getDescription()
+
+ @slip.dbus.polkit.enable_proxy
+ @handle_exceptions
+ def setDescription(self, description):
+ self.fw_zone.setDescription(description)
+
+ # target
+
+ @slip.dbus.polkit.enable_proxy
+ @handle_exceptions
+ def getTarget(self):
+ return self.fw_zone.getTarget()
+
+ @slip.dbus.polkit.enable_proxy
+ @handle_exceptions
+ def setTarget(self, target):
+ self.fw_zone.setTarget(target)
+
+ # service
+
+ @slip.dbus.polkit.enable_proxy
+ @handle_exceptions
+ def getServices(self):
+ return self.fw_zone.getServices()
+
+ @slip.dbus.polkit.enable_proxy
+ @handle_exceptions
+ def setServices(self, services):
+ self.fw_zone.setServices(services)
+
+ @slip.dbus.polkit.enable_proxy
+ @handle_exceptions
+ def addService(self, service):
+ self.fw_zone.addService(service)
+
+ @slip.dbus.polkit.enable_proxy
+ @handle_exceptions
+ def removeService(self, service):
+ self.fw_zone.removeService(service)
+
+ @slip.dbus.polkit.enable_proxy
+ @handle_exceptions
+ def queryService(self, service):
+ return self.fw_zone.queryService(service)
+
+ # port
+
+ @slip.dbus.polkit.enable_proxy
+ @handle_exceptions
+ def getPorts(self):
+ return self.fw_zone.getPorts()
+
+ @slip.dbus.polkit.enable_proxy
+ @handle_exceptions
+ def setPorts(self, ports):
+ self.fw_zone.setPorts(ports)
+
+ @slip.dbus.polkit.enable_proxy
+ @handle_exceptions
+ def addPort(self, port, protocol):
+ self.fw_zone.addPort(port, protocol)
+
+ @slip.dbus.polkit.enable_proxy
+ @handle_exceptions
+ def removePort(self, port, protocol):
+ self.fw_zone.removePort(port, protocol)
+
+ @slip.dbus.polkit.enable_proxy
+ @handle_exceptions
+ def queryPort(self, port, protocol):
+ return self.fw_zone.queryPort(port, protocol)
+
+ # icmp block
+
+ @slip.dbus.polkit.enable_proxy
+ @handle_exceptions
+ def getIcmpBlocks(self):
+ return self.fw_zone.getIcmpBlocks()
+
+ @slip.dbus.polkit.enable_proxy
+ @handle_exceptions
+ def setIcmpBlocks(self, icmptypes):
+ self.fw_zone.setIcmpBlocks(icmptypes)
+
+ @slip.dbus.polkit.enable_proxy
+ @handle_exceptions
+ def addIcmpBlock(self, icmptype):
+ self.fw_zone.addIcmpBlock(icmptype)
+
+ @slip.dbus.polkit.enable_proxy
+ @handle_exceptions
+ def removeIcmpBlock(self, icmptype):
+ self.fw_zone.removeIcmpBlock(icmptype)
+
+ @slip.dbus.polkit.enable_proxy
+ @handle_exceptions
+ def queryIcmpBlock(self, icmptype):
+ return self.fw_zone.queryIcmpBlock(icmptype)
+
+ # masquerade
+
+ @slip.dbus.polkit.enable_proxy
+ @handle_exceptions
+ def getMasquerade(self):
+ return self.fw_zone.getMasquerade()
+
+ @slip.dbus.polkit.enable_proxy
+ @handle_exceptions
+ def setMasquerade(self, masquerade):
+ self.fw_zone.setMasquerades(masquerade)
+
+ @slip.dbus.polkit.enable_proxy
+ @handle_exceptions
+ def addMasquerade(self):
+ self.fw_zone.addMasquerade()
+
+ @slip.dbus.polkit.enable_proxy
+ @handle_exceptions
+ def removeMasquerade(self):
+ self.fw_zone.removeMasquerade()
+
+ @slip.dbus.polkit.enable_proxy
+ @handle_exceptions
+ def queryMasquerade(self):
+ return self.fw_zone.queryMasquerade()
+
+ # forward port
+
+ @slip.dbus.polkit.enable_proxy
+ @handle_exceptions
+ def getForwardPorts(self):
+ return self.fw_zone.getForwardPorts()
+
+ @slip.dbus.polkit.enable_proxy
+ @handle_exceptions
+ def setForwardPorts(self, ports):
+ self.fw_zone.setForwardPorts(ports)
+
+ @slip.dbus.polkit.enable_proxy
+ @handle_exceptions
+ def addForwardPort(self, port, protocol, toport, toaddr):
+ self.fw_zone.addForwardPort(port, protocol, toport, toaddr)
+
+ @slip.dbus.polkit.enable_proxy
+ @handle_exceptions
+ def removeForwardPort(self, port, protocol, toport, toaddr):
+ self.fw_zone.removeForwardPort(port, protocol, toport, toaddr)
+
+ @slip.dbus.polkit.enable_proxy
+ @handle_exceptions
+ def queryForwardPort(self, port, protocol, toport, toaddr):
+ return self.fw_zone.queryForwardPort(port, protocol, toport, toaddr)
+
+ # interface
+
+ @slip.dbus.polkit.enable_proxy
+ @handle_exceptions
+ def getInterfaces(self):
+ return self.fw_zone.getInterfaces()
+
+ @slip.dbus.polkit.enable_proxy
+ @handle_exceptions
+ def setInterfaces(self, interfaces):
+ self.fw_zone.setInterfaces(interfaces)
+
+ @slip.dbus.polkit.enable_proxy
+ @handle_exceptions
+ def addInterface(self, interface):
+ self.fw_zone.addInterface(interface)
+
+ @slip.dbus.polkit.enable_proxy
+ @handle_exceptions
+ def removeInterface(self, interface):
+ self.fw_zone.removeInterface(interface)
+
+ @slip.dbus.polkit.enable_proxy
+ @handle_exceptions
+ def queryInterface(self, interface):
+ return self.fw_zone.queryInterface(interface)
+
+ # source
+
+ @slip.dbus.polkit.enable_proxy
+ @handle_exceptions
+ def getSources(self):
+ return self.fw_zone.getSources()
+
+ @slip.dbus.polkit.enable_proxy
+ @handle_exceptions
+ def setSources(self, sources):
+ self.fw_zone.setSources(sources)
+
+ @slip.dbus.polkit.enable_proxy
+ @handle_exceptions
+ def addSource(self, source):
+ self.fw_zone.addSource(source)
+
+ @slip.dbus.polkit.enable_proxy
+ @handle_exceptions
+ def removeSource(self, source):
+ self.fw_zone.removeSource(source)
+
+ @slip.dbus.polkit.enable_proxy
+ @handle_exceptions
+ def querySource(self, source):
+ return self.fw_zone.querySource(source)
+
+ # rich rule
+
+ @slip.dbus.polkit.enable_proxy
+ @handle_exceptions
+ def getRichRules(self):
+ return self.fw_zone.getRichRules()
+
+ @slip.dbus.polkit.enable_proxy
+ @handle_exceptions
+ def setRichRules(self, rules):
+ self.fw_zone.setRichRules(rules)
+
+ @slip.dbus.polkit.enable_proxy
+ @handle_exceptions
+ def addRichRule(self, rule):
+ self.fw_zone.addRichRule(rule)
+
+ @slip.dbus.polkit.enable_proxy
+ @handle_exceptions
+ def removeRichRule(self, rule):
+ self.fw_zone.removeRichRule(rule)
+
+ @slip.dbus.polkit.enable_proxy
+ @handle_exceptions
+ def queryRichRule(self, rule):
+ return self.fw_zone.queryRichRule(rule)
+
+
# service config settings
class FirewallClientServiceSettings(object):
@@ -467,6 +732,130 @@ class FirewallClientConfigService(object
def rename(self, name):
self.fw_service.rename(name)
+ # version
+
+ @slip.dbus.polkit.enable_proxy
+ @handle_exceptions
+ def getVersion(self):
+ return self.fw_service.getVersion()
+
+ @slip.dbus.polkit.enable_proxy
+ @handle_exceptions
+ def setVersion(self, version):
+ self.fw_service.setVersion(version)
+
+ # short
+
+ @slip.dbus.polkit.enable_proxy
+ @handle_exceptions
+ def getShort(self):
+ return self.fw_service.getShort()
+
+ @slip.dbus.polkit.enable_proxy
+ @handle_exceptions
+ def setShort(self, short):
+ self.fw_service.setShort(short)
+
+ # description
+
+ @slip.dbus.polkit.enable_proxy
+ @handle_exceptions
+ def getDescription(self):
+ return self.fw_service.getDescription()
+
+ @slip.dbus.polkit.enable_proxy
+ @handle_exceptions
+ def setDescription(self, description):
+ self.fw_service.setDescription(description)
+
+ # port
+
+ @slip.dbus.polkit.enable_proxy
+ @handle_exceptions
+ def getPorts(self):
+ return self.fw_service.getPorts()
+
+ @slip.dbus.polkit.enable_proxy
+ @handle_exceptions
+ def setPorts(self, ports):
+ self.fw_service.setPorts(ports)
+
+ @slip.dbus.polkit.enable_proxy
+ @handle_exceptions
+ def addPort(self, port, protocol):
+ self.fw_service.addPort(port, protocol)
+
+ @slip.dbus.polkit.enable_proxy
+ @handle_exceptions
+ def removePort(self, port, protocol):
+ self.fw_service.removePort(port, protocol)
+
+ @slip.dbus.polkit.enable_proxy
+ @handle_exceptions
+ def queryPort(self, port, protocol):
+ return self.fw_service.queryPort(port, protocol)
+
+ # module
+
+ @slip.dbus.polkit.enable_proxy
+ @handle_exceptions
+ def getModules(self):
+ return self.fw_service.getModules()
+
+ @slip.dbus.polkit.enable_proxy
+ @handle_exceptions
+ def setModules(self, modules):
+ self.fw_service.setModules(modules)
+
+ @slip.dbus.polkit.enable_proxy
+ @handle_exceptions
+ def addModule(self, module, protocol):
+ self.fw_service.addModule(module, protocol)
+
+ @slip.dbus.polkit.enable_proxy
+ @handle_exceptions
+ def removeModule(self, module, protocol):
+ self.fw_service.removeModule(module, protocol)
+
+ @slip.dbus.polkit.enable_proxy
+ @handle_exceptions
+ def queryModule(self, module, protocol):
+ return self.fw_service.queryModule(module, protocol)
+
+ # destination
+
+ @slip.dbus.polkit.enable_proxy
+ @handle_exceptions
+ def getDestinations(self):
+ return self.fw_service.getDestinations()
+
+ @slip.dbus.polkit.enable_proxy
+ @handle_exceptions
+ def setDestinations(self, destinations):
+ self.fw_service.setDestinations(destinations)
+
+ @slip.dbus.polkit.enable_proxy
+ @handle_exceptions
+ def getDestination(self, destination):
+ return self.fw_service.getDestination(destination)
+
+ @slip.dbus.polkit.enable_proxy
+ @handle_exceptions
+ def setDestination(self, destination, address):
+ self.fw_service.setDestination(destination, address)
+
+ @slip.dbus.polkit.enable_proxy
+ @handle_exceptions
+ def removeDestination(self, destination):
+ self.fw_service.removeDestination(destination, address)
+
+ @slip.dbus.polkit.enable_proxy
+ @handle_exceptions
+ def queryDestination(self, destination, address):
+ return self.fw_service.queryDestination(destination, address)
+
+
+
# icmptype config settings
class FirewallClientIcmpTypeSettings(object):
@@ -582,6 +971,70 @@ class FirewallClientConfigIcmpType(objec
def rename(self, name):
self.fw_icmptype.rename(name)
+ # version
+
+ @slip.dbus.polkit.enable_proxy
+ @handle_exceptions
+ def getVersion(self):
+ return self.fw_icmptype.getVersion()
+
+ @slip.dbus.polkit.enable_proxy
+ @handle_exceptions
+ def setVersion(self, version):
+ self.fw_icmptype.setVersion(version)
+
+ # short
+
+ @slip.dbus.polkit.enable_proxy
+ @handle_exceptions
+ def getShort(self):
+ return self.fw_icmptype.getShort()
+
+ @slip.dbus.polkit.enable_proxy
+ @handle_exceptions
+ def setShort(self, short):
+ self.fw_icmptype.setShort(short)
+
+ # description
+
+ @slip.dbus.polkit.enable_proxy
+ @handle_exceptions
+ def getDescription(self):
+ return self.fw_icmptype.getDescription()
+
+ @slip.dbus.polkit.enable_proxy
+ @handle_exceptions
+ def setDescription(self, description):
+ self.fw_icmptype.setDescription(description)
+
+ # destination
+
+ @slip.dbus.polkit.enable_proxy
+ @handle_exceptions
+ def getDestinations(self):
+ return self.fw_icmptype.getDestinations()
+
+ @slip.dbus.polkit.enable_proxy
+ @handle_exceptions
+ def setDestinations(self, destinations):
+ self.fw_icmptype.setDestinations(destinations)
+
+ @slip.dbus.polkit.enable_proxy
+ @handle_exceptions
+ def addDestination(self, destination, address):
+ self.fw_icmptype.addDestination(destination, address)
+
+ @slip.dbus.polkit.enable_proxy
+ @handle_exceptions
+ def removeDestination(self, destination):
+ self.fw_icmptype.removeDestination(destination, address)
+
+ @slip.dbus.polkit.enable_proxy
+ @handle_exceptions
+ def queryDestination(self, destination, address):
+ return self.fw_icmptype.queryDestination(destination, address)
+
+
# config.policies lockdown whitelist
class FirewallClientPoliciesLockdownWhitelist(object):
@@ -690,6 +1143,99 @@ class FirewallClientConfigPolicies(objec
def setLockdownWhitelist(self, settings):
self.fw_policies.setLockdownWhitelist(tuple(settings.settings))
+ # command
+
+ @slip.dbus.polkit.enable_proxy
+ @handle_exceptions
+ def addLockdownWhitelistCommand(self, command):
+ self.fw_policies.addLockdownWhitelistCommand(command)
+
+ @slip.dbus.polkit.enable_proxy
+ @handle_exceptions
+ def removeLockdownWhitelistCommand(self, command):
+ self.fw_policies.removeLockdownWhitelistCommand(command)
+
+ @slip.dbus.polkit.enable_proxy
+ @handle_exceptions
+ def queryLockdownWhitelistCommand(self, command):
+ return dbus_to_python(self.fw_policies.queryLockdownWhitelistCommand(command))
+
+ @slip.dbus.polkit.enable_proxy
+ @handle_exceptions
+ def getLockdownWhitelistCommands(self):
+ return dbus_to_python(self.fw_policies.getLockdownWhitelistCommands())
+
+ # context
+
+ @slip.dbus.polkit.enable_proxy
+ @handle_exceptions
+ def addLockdownWhitelistContext(self, context):
+ self.fw_policies.addLockdownWhitelistContext(context)
+
+ @slip.dbus.polkit.enable_proxy
+ @handle_exceptions
+ def removeLockdownWhitelistContext(self, context):
+ self.fw_policies.removeLockdownWhitelistContext(context)
+
+ @slip.dbus.polkit.enable_proxy
+ @handle_exceptions
+ def queryLockdownWhitelistContext(self, context):
+ return dbus_to_python(self.fw_policies.queryLockdownWhitelistContext(context))
+
+ @slip.dbus.polkit.enable_proxy
+ @handle_exceptions
+ def getLockdownWhitelistContexts(self):
+ return dbus_to_python(self.fw_policies.getLockdownWhitelistContexts())
+
+ # user
+
+ @slip.dbus.polkit.enable_proxy
+ @handle_exceptions
+ def addLockdownWhitelistUser(self, user):
+ self.fw_policies.addLockdownWhitelistUser(user)
+
+ @slip.dbus.polkit.enable_proxy
+ @handle_exceptions
+ def removeLockdownWhitelistUser(self, user):
+ self.fw_policies.removeLockdownWhitelistUser(user)
+
+ @slip.dbus.polkit.enable_proxy
+ @handle_exceptions
+ def queryLockdownWhitelistUser(self, user):
+ return dbus_to_python(self.fw_policies.queryLockdownWhitelistUser(user))
+
+ @slip.dbus.polkit.enable_proxy
+ @handle_exceptions
+ def getLockdownWhitelistUsers(self):
+ return dbus_to_python(self.fw_policies.getLockdownWhitelistUsers())
+
+ # uid
+
+ @slip.dbus.polkit.enable_proxy
+ @handle_exceptions
+ def getLockdownWhitelistUids(self):
+ return dbus_to_python(self.fw_policies.getLockdownWhitelistUids())
+
+ @slip.dbus.polkit.enable_proxy
+ @handle_exceptions
+ def setLockdownWhitelistUids(self, uids):
+ self.fw_policies.setLockdownWhitelistUids(uids)
+
+ @slip.dbus.polkit.enable_proxy
+ @handle_exceptions
+ def addLockdownWhitelistUid(self, uid):
+ self.fw_policies.addLockdownWhitelistUid(uid)
+
+ @slip.dbus.polkit.enable_proxy
+ @handle_exceptions
+ def removeLockdownWhitelistUid(self, uid):
+ self.fw_policies.removeLockdownWhitelistUid(uid)
+
+ @slip.dbus.polkit.enable_proxy
+ @handle_exceptions
+ def queryLockdownWhitelistUid(self, uid):
+ return dbus_to_python(self.fw_policies.queryLockdownWhitelistUid(uid))
+
# config.direct
class FirewallClientDirect(object):
@@ -810,6 +1356,92 @@ class FirewallClientConfigDirect(object)
def update(self, settings):
self.fw_direct.update(tuple(settings.settings))
+ # direct chain
+
+ @slip.dbus.polkit.enable_proxy
+ @handle_exceptions
+ def addChain(self, ipv, table, chain):
+ self.fw_direct.addChain(ipv, table, chain)
+
+ @slip.dbus.polkit.enable_proxy
+ @handle_exceptions
+ def removeChain(self, ipv, table, chain):
+ self.fw_direct.removeChain(ipv, table, chain)
+
+ @slip.dbus.polkit.enable_proxy
+ @handle_exceptions
+ def queryChain(self, ipv, table, chain):
+ return dbus_to_python(self.fw_direct.queryChain(ipv, table, chain))
+
+ @slip.dbus.polkit.enable_proxy
+ @handle_exceptions
+ def getChains(self, ipv, table):
+ return dbus_to_python(self.fw_direct.getChains(ipv, table))
+
+ @slip.dbus.polkit.enable_proxy
+ @handle_exceptions
+ def getAllChains(self):
+ return dbus_to_python(self.fw_direct.getAllChains())
+
+ # direct rule
+
+ @slip.dbus.polkit.enable_proxy
+ @handle_exceptions
+ def addRule(self, ipv, table, chain, priority, args):
+ self.fw_direct.addRule(ipv, table, chain, priority, args)
+
+ @slip.dbus.polkit.enable_proxy
+ @handle_exceptions
+ def removeRule(self, ipv, table, chain, priority, args):
+ self.fw_direct.removeRule(ipv, table, chain, priority, args)
+
+ @slip.dbus.polkit.enable_proxy
+ @handle_exceptions
+ def removeRules(self, ipv, table, chain):
+ self.fw_direct.removeRules(ipv, table, chain)
+
+ @slip.dbus.polkit.enable_proxy
+ @handle_exceptions
+ def queryRule(self, ipv, table, chain, priority, args):
+ return dbus_to_python(self.fw_direct.queryRule(ipv, table, chain, priority, args))
+
+ @slip.dbus.polkit.enable_proxy
+ @handle_exceptions
+ def getRules(self, ipv, table, chain):
+ return dbus_to_python(self.fw_direct.getRules(ipv, table, chain))
+
+ @slip.dbus.polkit.enable_proxy
+ @handle_exceptions
+ def getAllRules(self):
+ return dbus_to_python(self.fw_direct.getAllRules())
+
+ # tracked passthrough
+
+ @slip.dbus.polkit.enable_proxy
+ @handle_exceptions
+ def addPassthrough(self, ipv, args):
+ self.fw_direct.addPassthrough(ipv, args)
+
+ @slip.dbus.polkit.enable_proxy
+ @handle_exceptions
+ def removePassthrough(self, ipv, args):
+ self.fw_direct.removePassthrough(ipv, args)
+
+ @slip.dbus.polkit.enable_proxy
+ @handle_exceptions
+ def queryPassthrough(self, ipv, args):
+ return dbus_to_python(self.fw_direct.queryPassthrough(ipv, args))
+
+ @slip.dbus.polkit.enable_proxy
+ @handle_exceptions
+ def getPassthroughs(self, ipv):
+ return dbus_to_python(self.fw_direct.getPassthroughs(ipv))
+
+ @slip.dbus.polkit.enable_proxy
+ @handle_exceptions
+ def getAllPassthroughs(self):
+ return dbus_to_python(self.fw_direct.getAllPassthroughs())
+
# config
class FirewallClientConfig(object):
diff -up firewalld-0.3.9/src/firewall/core/io/direct.py.RHBZ#1127706 firewalld-0.3.9/src/firewall/core/io/direct.py
--- firewalld-0.3.9/src/firewall/core/io/direct.py.RHBZ#1127706 2014-09-30 01:05:32.434984627 +0200
+++ firewalld-0.3.9/src/firewall/core/io/direct.py 2014-09-30 01:09:08.587824840 +0200
@@ -140,17 +140,17 @@ class Direct(IO_Object):
x = [ ]
for key in self.chains:
for chain in self.chains[key]:
- x.append(list(key) + list([chain]))
+ x.append(tuple(list(key) + list([chain])))
ret.append(x)
x = [ ]
for key in self.rules:
for rule in self.rules[key]:
- x.append(list(key) + list(rule))
+ x.append(tuple((key[0], key[1], key[2], rule[0], list(rule[1]))))
ret.append(x)
x = [ ]
for key in self.passthroughs:
for rule in self.passthroughs[key]:
- x.append((key, rule))
+ x.append(tuple((key, list(rule))))
ret.append(x)
return tuple(ret)
diff -up firewalld-0.3.9/src/firewall/core/io/service.py.RHBZ#1127706 firewalld-0.3.9/src/firewall/core/io/service.py
--- firewalld-0.3.9/src/firewall/core/io/service.py.RHBZ#1127706 2014-09-30 01:05:32.325984256 +0200
+++ firewalld-0.3.9/src/firewall/core/io/service.py 2014-09-30 01:09:57.697013002 +0200
@@ -100,6 +100,13 @@ class Service(IO_Object):
if not check_address(destination, config[destination]):
raise FirewallError(INVALID_ADDR, config[destination])
+ elif item == "modules":
+ for module in config:
+ if not module.startswith("nf_conntrack_"):
+ raise FirewallError(INVALID_MODULE, module)
+ elif len(module.replace("nf_conntrack_", "")) < 1:
+ raise FirewallError(INVALID_MODULE, module)
+
# PARSER
class service_ContentHandler(IO_Object_ContentHandler):
diff -up firewalld-0.3.9/src/firewall/core/io/zone.py.RHBZ#1127706 firewalld-0.3.9/src/firewall/core/io/zone.py
--- firewalld-0.3.9/src/firewall/core/io/zone.py.RHBZ#1127706 2014-09-30 01:05:32.335984290 +0200
+++ firewalld-0.3.9/src/firewall/core/io/zone.py 2014-09-30 01:09:08.589824849 +0200
@@ -25,7 +25,7 @@ import shutil
from firewall.config import ETC_FIREWALLD
from firewall.errors import *
-from firewall.functions import checkIP, uniqify, max_zone_name_len, u2b_if_py2
+from firewall.functions import checkIP, checkIPnMask, checkIP6nMask, checkInterface, uniqify, max_zone_name_len, u2b_if_py2
from firewall.core.base import DEFAULT_ZONE_TARGET, ZONE_TARGETS
from firewall.core.io.io_object import *
from firewall.core.rich import *
@@ -184,6 +184,17 @@ class Zone(IO_Object):
elif item == "target":
if config not in ZONE_TARGETS:
raise FirewallError(INVALID_TARGET, config)
+ elif item == "interfaces":
+ for interface in config:
+ if not checkInterface(interface):
+ raise FirewallError(INVALID_INTERFACE, interface)
+ elif item == "sources":
+ for source in config:
+ if not checkIPnMask(source) and not checkIP6nMask(source):
+ raise FirewallError(INVALID_ADDR, source)
+ elif item == "rules_str":
+ for rule in config:
+ r = Rich_Rule(rule_str=rule)
def check_name(self, name):
super(Zone, self).check_name(name)
diff -up firewalld-0.3.9/src/firewall/errors.py.RHBZ#1127706 firewalld-0.3.9/src/firewall/errors.py
--- firewalld-0.3.9/src/firewall/errors.py.RHBZ#1127706 2014-09-30 01:05:32.434984627 +0200
+++ firewalld-0.3.9/src/firewall/errors.py 2014-09-30 01:09:08.589824849 +0200
@@ -73,6 +73,7 @@ INVALID_CONTEXT = 128
INVALID_COMMAND = 129
INVALID_USER = 130
INVALID_UID = 131
+INVALID_MODULE = 132
MISSING_TABLE = 200
MISSING_CHAIN = 201
diff -up firewalld-0.3.9/src/firewall/server/config_icmptype.py.RHBZ#1127706 firewalld-0.3.9/src/firewall/server/config_icmptype.py
--- firewalld-0.3.9/src/firewall/server/config_icmptype.py.RHBZ#1127706 2014-01-13 16:12:35.000000000 +0100
+++ firewalld-0.3.9/src/firewall/server/config_icmptype.py 2014-09-30 01:09:08.591824854 +0200
@@ -219,3 +219,113 @@ class FirewallDConfigIcmpType(slip.dbus.
@dbus_handle_exceptions
def Renamed(self, name):
log.debug1("config.icmptype.%d.Renamed('%s')" % (self.id, name))
+
+ # version
+
+ @dbus_service_method(DBUS_INTERFACE_CONFIG_ICMPTYPE, out_signature='s')
+ @dbus_handle_exceptions
+ def getVersion(self, sender=None):
+ log.debug1("config.icmptype.%d.getVersion()", self.id)
+ return self.getSettings()[0]
+
+ @dbus_service_method(DBUS_INTERFACE_CONFIG_ICMPTYPE, in_signature='s')
+ @dbus_handle_exceptions
+ def setVersion(self, version, sender=None):
+ version = dbus_to_python(version, str)
+ log.debug1("config.icmptype.%d.setVersion('%s')", self.id, version)
+ self.parent.accessCheck(sender)
+ settings = list(self.getSettings())
+ settings[0] = version
+ self.update(settings)
+
+ # short
+
+ @dbus_service_method(DBUS_INTERFACE_CONFIG_ICMPTYPE, out_signature='s')
+ @dbus_handle_exceptions
+ def getShort(self, sender=None):
+ log.debug1("config.icmptype.%d.getShort()", self.id)
+ return self.getSettings()[1]
+
+ @dbus_service_method(DBUS_INTERFACE_CONFIG_ICMPTYPE, in_signature='s')
+ @dbus_handle_exceptions
+ def setShort(self, short, sender=None):
+ short = dbus_to_python(short, str)
+ log.debug1("config.icmptype.%d.setShort('%s')", self.id, short)
+ self.parent.accessCheck(sender)
+ settings = list(self.getSettings())
+ settings[1] = short
+ self.update(settings)
+
+ # description
+
+ @dbus_service_method(DBUS_INTERFACE_CONFIG_ICMPTYPE, out_signature='s')
+ @dbus_handle_exceptions
+ def getDescription(self, sender=None):
+ log.debug1("config.icmptype.%d.getDescription()", self.id)
+ return self.getSettings()[2]
+
+ @dbus_service_method(DBUS_INTERFACE_CONFIG_ICMPTYPE, in_signature='s')
+ @dbus_handle_exceptions
+ def setDescription(self, description, sender=None):
+ description = dbus_to_python(description, str)
+ log.debug1("config.icmptype.%d.setDescription('%s')", self.id,
+ description)
+ self.parent.accessCheck(sender)
+ settings = list(self.getSettings())
+ settings[2] = description
+ self.update(settings)
+
+ # destination
+
+ @dbus_service_method(DBUS_INTERFACE_CONFIG_ICMPTYPE, out_signature='as')
+ @dbus_handle_exceptions
+ def getDestinations(self, sender=None):
+ log.debug1("config.icmptype.%d.getDestinations()", self.id)
+ return sorted(self.getSettings()[3])
+
+ @dbus_service_method(DBUS_INTERFACE_CONFIG_ICMPTYPE, in_signature='as')
+ @dbus_handle_exceptions
+ def setDestinations(self, destinations, sender=None):
+ destinations = dbus_to_python(destinations, list)
+ log.debug1("config.icmptype.%d.setDestinations('[%s]')", self.id,
+ ",".join(destinations))
+ self.parent.accessCheck(sender)
+ settings = list(self.getSettings())
+ settings[3] = destinations
+ self.update(settings)
+
+ @dbus_service_method(DBUS_INTERFACE_CONFIG_ICMPTYPE, in_signature='s')
+ @dbus_handle_exceptions
+ def addDestination(self, destination, sender=None):
+ destination = dbus_to_python(destination, str)
+ log.debug1("config.icmptype.%d.addDestination('%s')", self.id,
+ destination)
+ self.parent.accessCheck(sender)
+ settings = list(self.getSettings())
+ if destination in settings[3]:
+ raise FirewallError(ALREADY_ENABLED, destination)
+ settings[3].append(destination)
+ self.update(settings)
+
+ @dbus_service_method(DBUS_INTERFACE_CONFIG_ICMPTYPE, in_signature='s')
+ @dbus_handle_exceptions
+ def removeDestination(self, destination, sender=None):
+ destination = dbus_to_python(destination, str)
+ log.debug1("config.icmptype.%d.removeDestination('%s')", self.id,
+ destination)
+ self.parent.accessCheck(sender)
+ settings = list(self.getSettings())
+ if destination not in settings[3]:
+ raise FirewallError(NOT_ENABLED, destination)
+ settings[3].remove(destination)
+ self.update(settings)
+
+ @dbus_service_method(DBUS_INTERFACE_CONFIG_ICMPTYPE, in_signature='s',
+ out_signature='b')
+ @dbus_handle_exceptions
+ def queryDestination(self, destination, sender=None):
+ destination = dbus_to_python(destination, str)
+ log.debug1("config.icmptype.%d.queryDestination('%s')", self.id,
+ destination)
+ settings = self.getSettings()
+ return (destination in self.settings[3])
diff -up firewalld-0.3.9/src/firewall/server/config.py.RHBZ#1127706 firewalld-0.3.9/src/firewall/server/config.py
--- firewalld-0.3.9/src/firewall/server/config.py.RHBZ#1127706 2014-09-30 01:05:32.503984862 +0200
+++ firewalld-0.3.9/src/firewall/server/config.py 2014-09-30 01:09:08.590824851 +0200
@@ -419,6 +419,166 @@ class FirewallDConfig(slip.dbus.service.
def LockdownWhitelistUpdated(self):
log.debug1("config.policies.LockdownWhitelistUpdated()")
+ # command
+
+ @dbus_service_method(DBUS_INTERFACE_CONFIG_POLICIES, in_signature='s')
+ @dbus_handle_exceptions
+ def addLockdownWhitelistCommand(self, command, sender=None):
+ command = dbus_to_python(command)
+ log.debug1("config.policies.addLockdownWhitelistCommand('%s')", command)
+ self.accessCheck(sender)
+ settings = list(self.getLockdownWhitelist())
+ if command in settings[0]:
+ raise FirewallError(ALREADY_ENABLED, command)
+ settings[0].append(command)
+ self.setLockdownWhitelist(settings)
+
+ @dbus_service_method(DBUS_INTERFACE_CONFIG_POLICIES, in_signature='s')
+ @dbus_handle_exceptions
+ def removeLockdownWhitelistCommand(self, command, sender=None):
+ command = dbus_to_python(command)
+ log.debug1("config.policies.removeLockdownWhitelistCommand('%s')", command)
+ self.accessCheck(sender)
+ settings = list(self.getLockdownWhitelist())
+ if command not in settings[0]:
+ raise FirewallError(NOT_ENABLED, command)
+ settings[0].remove(command)
+ self.setLockdownWhitelist(settings)
+
+ @dbus_service_method(DBUS_INTERFACE_CONFIG_POLICIES, in_signature='s',
+ out_signature='b')
+ @dbus_handle_exceptions
+ def queryLockdownWhitelistCommand(self, command, sender=None):
+ command = dbus_to_python(command)
+ log.debug1("config.policies.queryLockdownWhitelistCommand('%s')", command)
+ return command in self.getLockdownWhitelist()[0]
+
+ @dbus_service_method(DBUS_INTERFACE_CONFIG_POLICIES, out_signature='as')
+ @dbus_handle_exceptions
+ def getLockdownWhitelistCommands(self, sender=None):
+ log.debug1("config.policies.getLockdownWhitelistCommands()")
+ return self.getLockdownWhitelist()[0]
+
+ # context
+
+ @dbus_service_method(DBUS_INTERFACE_CONFIG_POLICIES, in_signature='s')
+ @dbus_handle_exceptions
+ def addLockdownWhitelistContext(self, context, sender=None):
+ context = dbus_to_python(context)
+ log.debug1("config.policies.addLockdownWhitelistContext('%s')", context)
+ self.accessCheck(sender)
+ settings = list(self.getLockdownWhitelist())
+ if context in settings[1]:
+ raise FirewallError(ALREADY_ENABLED, context)
+ settings[1].append(context)
+ self.setLockdownWhitelist(settings)
+
+ @dbus_service_method(DBUS_INTERFACE_CONFIG_POLICIES, in_signature='s')
+ @dbus_handle_exceptions
+ def removeLockdownWhitelistContext(self, context, sender=None):
+ context = dbus_to_python(context)
+ log.debug1("config.policies.removeLockdownWhitelistContext('%s')", context)
+ self.accessCheck(sender)
+ settings = list(self.getLockdownWhitelist())
+ if context not in settings[1]:
+ raise FirewallError(NOT_ENABLED, context)
+ settings[1].remove(context)
+ self.setLockdownWhitelist(settings)
+
+ @dbus_service_method(DBUS_INTERFACE_CONFIG_POLICIES, in_signature='s',
+ out_signature='b')
+ @dbus_handle_exceptions
+ def queryLockdownWhitelistContext(self, context, sender=None):
+ context = dbus_to_python(context)
+ log.debug1("config.policies.queryLockdownWhitelistContext('%s')", context)
+ return context in self.getLockdownWhitelist()[1]
+
+ @dbus_service_method(DBUS_INTERFACE_CONFIG_POLICIES, out_signature='as')
+ @dbus_handle_exceptions
+ def getLockdownWhitelistContexts(self, sender=None):
+ log.debug1("config.policies.getLockdownWhitelistContexts()")
+ return self.getLockdownWhitelist()[1]
+
+ # user
+
+ @dbus_service_method(DBUS_INTERFACE_CONFIG_POLICIES, in_signature='s')
+ @dbus_handle_exceptions
+ def addLockdownWhitelistUser(self, user, sender=None):
+ user = dbus_to_python(user)
+ log.debug1("config.policies.addLockdownWhitelistUser('%s')", user)
+ self.accessCheck(sender)
+ settings = list(self.getLockdownWhitelist())
+ if user in settings[2]:
+ raise FirewallError(ALREADY_ENABLED, user)
+ settings[2].append(user)
+ self.setLockdownWhitelist(settings)
+
+ @dbus_service_method(DBUS_INTERFACE_CONFIG_POLICIES, in_signature='s')
+ @dbus_handle_exceptions
+ def removeLockdownWhitelistUser(self, user, sender=None):
+ user = dbus_to_python(user)
+ log.debug1("config.policies.removeLockdownWhitelistUser('%s')", user)
+ self.accessCheck(sender)
+ settings = list(self.getLockdownWhitelist())
+ if user not in settings[2]:
+ raise FirewallError(NOT_ENABLED, user)
+ settings[2].remove(user)
+ self.setLockdownWhitelist(settings)
+
+ @dbus_service_method(DBUS_INTERFACE_CONFIG_POLICIES, in_signature='s',
+ out_signature='b')
+ @dbus_handle_exceptions
+ def queryLockdownWhitelistUser(self, user, sender=None):
+ user = dbus_to_python(user)
+ log.debug1("config.policies.queryLockdownWhitelistUser('%s')", user)
+ return user in self.getLockdownWhitelist()[2]
+
+ @dbus_service_method(DBUS_INTERFACE_CONFIG_POLICIES, out_signature='as')
+ @dbus_handle_exceptions
+ def getLockdownWhitelistUsers(self, sender=None):
+ log.debug1("config.policies.getLockdownWhitelistUsers()")
+ return self.getLockdownWhitelist()[2]
+
+ # uid
+
+ @dbus_service_method(DBUS_INTERFACE_CONFIG_POLICIES, in_signature='i')
+ @dbus_handle_exceptions
+ def addLockdownWhitelistUid(self, uid, sender=None):
+ uid = dbus_to_python(uid)
+ log.debug1("config.policies.addLockdownWhitelistUid(%d)", uid)
+ self.accessCheck(sender)
+ settings = list(self.getLockdownWhitelist())
+ if uid in settings[3]:
+ raise FirewallError(ALREADY_ENABLED, uid)
+ settings[3].append(uid)
+ self.setLockdownWhitelist(settings)
+
+ @dbus_service_method(DBUS_INTERFACE_CONFIG_POLICIES, in_signature='i')
+ @dbus_handle_exceptions
+ def removeLockdownWhitelistUid(self, uid, sender=None):
+ uid = dbus_to_python(uid)
+ log.debug1("config.policies.removeLockdownWhitelistUid(%d)", uid)
+ self.accessCheck(sender)
+ settings = list(self.getLockdownWhitelist())
+ if uid not in settings[3]:
+ raise FirewallError(NOT_ENABLED, uid)
+ settings[3].remove(uid)
+ self.setLockdownWhitelist(settings)
+
+ @dbus_service_method(DBUS_INTERFACE_CONFIG_POLICIES, in_signature='i',
+ out_signature='b')
+ @dbus_handle_exceptions
+ def queryLockdownWhitelistUid(self, uid, sender=None):
+ uid = dbus_to_python(uid)
+ log.debug1("config.policies.queryLockdownWhitelistUid(%d)", uid)
+ return uid in self.getLockdownWhitelist()[3]
+
+ @dbus_service_method(DBUS_INTERFACE_CONFIG_POLICIES, out_signature='ai')
+ @dbus_handle_exceptions
+ def getLockdownWhitelistUids(self, sender=None):
+ log.debug1("config.policies.getLockdownWhitelistUids()")
+ return self.getLockdownWhitelist()[3]
+
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
# I C M P T Y P E S
@@ -612,3 +772,213 @@ class FirewallDConfig(slip.dbus.service.
@dbus_handle_exceptions
def Updated(self):
log.debug1("config.direct.Updated()")
+
+ # chain
+
+ @dbus_service_method(DBUS_INTERFACE_CONFIG_DIRECT, in_signature='sss')
+ @dbus_handle_exceptions
+ def addChain(self, ipv, table, chain, sender=None):
+ ipv = dbus_to_python(ipv)
+ table = dbus_to_python(table)
+ chain = dbus_to_python(chain)
+ log.debug1("config.direct.addChain('%s', '%s', '%s')" % \
+ (ipv, table, chain))
+ self.accessCheck(sender)
+ idx = tuple((ipv, table, chain))
+ settings = list(self.getSettings())
+ if idx in settings[0]:
+ raise FirewallError(ALREADY_ENABLED,
+ "chain '%s' already is in '%s:%s'" % (chain, ipv, table))
+ settings[0].append(idx)
+ self.update(settings)
+
+ @dbus_service_method(DBUS_INTERFACE_CONFIG_DIRECT, in_signature='sss')
+ @dbus_handle_exceptions
+ def removeChain(self, ipv, table, chain, sender=None):
+ ipv = dbus_to_python(ipv)
+ table = dbus_to_python(table)
+ chain = dbus_to_python(chain)
+ log.debug1("config.direct.removeChain('%s', '%s', '%s')" % \
+ (ipv, table, chain))
+ self.accessCheck(sender)
+ idx = tuple((ipv, table, chain))
+ settings = list(self.getSettings())
+ if idx not in settings[0]:
+ raise FirewallError(NOT_ENABLED,
+ "chain '%s' is not in '%s:%s'" % (chain, ipv, table))
+ settings[0].remove(idx)
+ self.update(settings)
+
+ @dbus_service_method(DBUS_INTERFACE_CONFIG_DIRECT, in_signature='sss',
+ out_signature='b')
+ @dbus_handle_exceptions
+ def queryChain(self, ipv, table, chain, sender=None):
+ ipv = dbus_to_python(ipv)
+ table = dbus_to_python(table)
+ chain = dbus_to_python(chain)
+ log.debug1("config.direct.queryChain('%s', '%s', '%s')" % \
+ (ipv, table, chain))
+ idx = tuple((ipv, table, chain))
+ return idx in self.getSettings()[0]
+
+ @dbus_service_method(DBUS_INTERFACE_CONFIG_DIRECT, in_signature='ss',
+ out_signature='as')
+ @dbus_handle_exceptions
+ def getChains(self, ipv, table, sender=None):
+ ipv = dbus_to_python(ipv)
+ table = dbus_to_python(table)
+ log.debug1("config.direct.getChains('%s', '%s')" % (ipv, table))
+ ret = [ ]
+ for idx in self.getSettings()[0]:
+ if idx[0] == ipv and idx[1] == table:
+ ret.append(idx[2])
+ return ret
+
+ @dbus_service_method(DBUS_INTERFACE_CONFIG_DIRECT, in_signature='',
+ out_signature='a(sss)')
+ @dbus_handle_exceptions
+ def getAllChains(self, sender=None):
+ log.debug1("config.direct.getAllChains()")
+ return self.getSettings()[0]
+
+ # rule
+
+ @dbus_service_method(DBUS_INTERFACE_CONFIG_DIRECT, in_signature='sssias')
+ @dbus_handle_exceptions
+ def addRule(self, ipv, table, chain, priority, args, sender=None):
+ ipv = dbus_to_python(ipv)
+ table = dbus_to_python(table)
+ chain = dbus_to_python(chain)
+ priority = dbus_to_python(priority)
+ args = dbus_to_python(args)
+ log.debug1("config.direct.addRule('%s', '%s', '%s', %d, '%s')" % \
+ (ipv, table, chain, priority, "','".join(args)))
+ self.accessCheck(sender)
+ idx = (ipv, table, chain, priority, args)
+ settings = list(self.getSettings())
+ if idx in settings[1]:
+ raise FirewallError(ALREADY_ENABLED,
+ "rule '%s' already is in '%s:%s:%s'" % \
+ (args, ipv, table, chain))
+ settings[1].append(idx)
+ self.update(tuple(settings))
+
+ @dbus_service_method(DBUS_INTERFACE_CONFIG_DIRECT, in_signature='sssias')
+ @dbus_handle_exceptions
+ def removeRule(self, ipv, table, chain, priority, args, sender=None):
+ ipv = dbus_to_python(ipv)
+ table = dbus_to_python(table)
+ chain = dbus_to_python(chain)
+ priority = dbus_to_python(priority)
+ args = dbus_to_python(args)
+ log.debug1("config.direct.removeRule('%s', '%s', '%s', %d, '%s')" % \
+ (ipv, table, chain, priority, "','".join(args)))
+ self.accessCheck(sender)
+ idx = (ipv, table, chain, priority, args)
+ settings = list(self.getSettings())
+ if idx not in settings[1]:
+ raise FirewallError(NOT_ENABLED,
+ "rule '%s' is not in '%s:%s:%s'" % \
+ (args, ipv, table, chain))
+ settings[1].remove(idx)
+ self.update(tuple(settings))
+
+ @dbus_service_method(DBUS_INTERFACE_CONFIG_DIRECT, in_signature='sssias',
+ out_signature='b')
+ @dbus_handle_exceptions
+ def queryRule(self, ipv, table, chain, priority, args, sender=None):
+ ipv = dbus_to_python(ipv)
+ table = dbus_to_python(table)
+ chain = dbus_to_python(chain)
+ priority = dbus_to_python(priority)
+ args = dbus_to_python(args)
+ log.debug1("config.direct.queryRule('%s', '%s', '%s', %d, '%s')" % \
+ (ipv, table, chain, priority, "','".join(args)))
+ idx = (ipv, table, chain, priority, args)
+ return idx in self.getSettings()[1]
+
+ @dbus_service_method(DBUS_INTERFACE_CONFIG_DIRECT, in_signature='sss',
+ out_signature='a(ias)')
+ @dbus_handle_exceptions
+ def getRules(self, ipv, table, chain, sender=None):
+ ipv = dbus_to_python(ipv)
+ table = dbus_to_python(table)
+ chain = dbus_to_python(chain)
+ log.debug1("config.direct.getRules('%s', '%s', '%s')" % \
+ (ipv, table, chain))
+ ret = [ ]
+ for idx in self.getSettings()[1]:
+ if idx[0] == ipv and idx[1] == table and idx[2] == chain:
+ ret.append((idx[3], idx[4]))
+ return ret
+
+ @dbus_service_method(DBUS_INTERFACE_CONFIG_DIRECT, in_signature='',
+ out_signature='a(sssias)')
+ @dbus_handle_exceptions
+ def getAllRules(self, sender=None):
+ log.debug1("config.direct.getAllRules()")
+ return self.getSettings()[1]
+
+ # passthrough
+
+ @dbus_service_method(DBUS_INTERFACE_CONFIG_DIRECT, in_signature='sas')
+ @dbus_handle_exceptions
+ def addPassthrough(self, ipv, args, sender=None):
+ ipv = dbus_to_python(ipv)
+ args = dbus_to_python(args)
+ log.debug1("config.direct.addPassthrough('%s', '%s')" % \
+ (ipv, "','".join(args)))
+ self.accessCheck(sender)
+ idx = (ipv, args)
+ settings = list(self.getSettings())
+ if idx in settings[2]:
+ raise FirewallError(ALREADY_ENABLED,
+ "passthrough '%s', '%s'" % (ipv, args))
+ settings[2].append(idx)
+ self.update(settings)
+
+
+ @dbus_service_method(DBUS_INTERFACE_CONFIG_DIRECT, in_signature='sas')
+ @dbus_handle_exceptions
+ def removePassthrough(self, ipv, args, sender=None):
+ ipv = dbus_to_python(ipv)
+ args = dbus_to_python(args)
+ log.debug1("config.direct.removePassthrough('%s', '%s')" % \
+ (ipv, "','".join(args)))
+ self.accessCheck(sender)
+ idx = (ipv, args)
+ settings = list(self.getSettings())
+ if idx not in settings[2]:
+ raise FirewallError(NOT_ENABLED,
+ "passthrough '%s', '%s'" % (ipv, args))
+ settings[2].remove(idx)
+ self.update(settings)
+
+ @dbus_service_method(DBUS_INTERFACE_CONFIG_DIRECT, in_signature='sas',
+ out_signature='b')
+ @dbus_handle_exceptions
+ def queryPassthrough(self, ipv, args, sender=None):
+ ipv = dbus_to_python(ipv)
+ args = dbus_to_python(args)
+ log.debug1("config.direct.queryPassthrough('%s', '%s')" % \
+ (ipv, "','".join(args)))
+ idx = (ipv, args)
+ return idx in self.getSettings()[2]
+
+ @dbus_service_method(DBUS_INTERFACE_CONFIG_DIRECT, in_signature='s',
+ out_signature='aas')
+ @dbus_handle_exceptions
+ def getPassthroughs(self, ipv, sender=None):
+ ipv = dbus_to_python(ipv)
+ log.debug1("config.direct.getPassthroughs('%s')" % (ipv))
+ ret = [ ]
+ for idx in self.getSettings()[2]:
+ if idx[0] == ipv:
+ ret.append(idx[1])
+ return ret
+
+ @dbus_service_method(DBUS_INTERFACE_CONFIG_DIRECT, out_signature='a(sas)')
+ @dbus_handle_exceptions
+ def getAllPassthroughs(self, sender=None):
+ log.debug1("config.direct.getAllPassthroughs()")
+ return self.getSettings()[2]
diff -up firewalld-0.3.9/src/firewall/server/config_service.py.RHBZ#1127706 firewalld-0.3.9/src/firewall/server/config_service.py
--- firewalld-0.3.9/src/firewall/server/config_service.py.RHBZ#1127706 2014-01-13 16:12:35.000000000 +0100
+++ firewalld-0.3.9/src/firewall/server/config_service.py 2014-09-30 01:09:08.591824854 +0200
@@ -219,3 +219,244 @@ class FirewallDConfigService(slip.dbus.s
@dbus_handle_exceptions
def Renamed(self, name):
log.debug1("config.service.%d.Renamed('%s')" % (self.id, name))
+
+ # version
+
+ @dbus_service_method(DBUS_INTERFACE_CONFIG_SERVICE, out_signature='s')
+ @dbus_handle_exceptions
+ def getVersion(self, sender=None):
+ log.debug1("config.service.%d.getVersion()", self.id)
+ return self.getSettings()[0]
+
+ @dbus_service_method(DBUS_INTERFACE_CONFIG_SERVICE, in_signature='s')
+ @dbus_handle_exceptions
+ def setVersion(self, version, sender=None):
+ version = dbus_to_python(version, str)
+ log.debug1("config.service.%d.setVersion('%s')", self.id, version)
+ self.parent.accessCheck(sender)
+ settings = list(self.getSettings())
+ settings[0] = version
+ self.update(settings)
+
+ # short
+
+ @dbus_service_method(DBUS_INTERFACE_CONFIG_SERVICE, out_signature='s')
+ @dbus_handle_exceptions
+ def getShort(self, sender=None):
+ log.debug1("config.service.%d.getShort()", self.id)
+ return self.getSettings()[1]
+
+ @dbus_service_method(DBUS_INTERFACE_CONFIG_SERVICE, in_signature='s')
+ @dbus_handle_exceptions
+ def setShort(self, short, sender=None):
+ short = dbus_to_python(short, str)
+ log.debug1("config.service.%d.setShort('%s')", self.id, short)
+ self.parent.accessCheck(sender)
+ settings = list(self.getSettings())
+ settings[1] = short
+ self.update(settings)
+
+ # description
+
+ @dbus_service_method(DBUS_INTERFACE_CONFIG_SERVICE, out_signature='s')
+ @dbus_handle_exceptions
+ def getDescription(self, sender=None):
+ log.debug1("config.service.%d.getDescription()", self.id)
+ return self.getSettings()[2]
+
+ @dbus_service_method(DBUS_INTERFACE_CONFIG_SERVICE, in_signature='s')
+ @dbus_handle_exceptions
+ def setDescription(self, description, sender=None):
+ description = dbus_to_python(description, str)
+ log.debug1("config.service.%d.setDescription('%s')", self.id,
+ description)
+ self.parent.accessCheck(sender)
+ settings = list(self.getSettings())
+ settings[2] = description
+ self.update(settings)
+
+ # port
+
+ @dbus_service_method(DBUS_INTERFACE_CONFIG_SERVICE, out_signature='a(ss)')
+ @dbus_handle_exceptions
+ def getPorts(self, sender=None):
+ log.debug1("config.service.%d.getPorts()", self.id)
+ return self.getSettings()[3]
+
+ @dbus_service_method(DBUS_INTERFACE_CONFIG_SERVICE, in_signature='a(ss)')
+ @dbus_handle_exceptions
+ def setPorts(self, ports, sender=None):
+ _ports = [ ]
+ # convert embedded lists to tuples
+ for port in dbus_to_python(ports, list):
+ if type(port) == list:
+ _ports.append(tuple(port))
+ else:
+ _ports.append(port)
+ ports = _ports
+ log.debug1("config.service.%d.setPorts('[%s]')", self.id,
+ ",".join("('%s, '%s')" % (port[0], port[1]) for port in ports))
+ self.parent.accessCheck(sender)
+ settings = list(self.getSettings())
+ settings[3] = ports
+ self.update(settings)
+
+ @dbus_service_method(DBUS_INTERFACE_CONFIG_SERVICE, in_signature='ss')
+ @dbus_handle_exceptions
+ def addPort(self, port, protocol, sender=None):
+ port = dbus_to_python(port, str)
+ protocol = dbus_to_python(protocol, str)
+ log.debug1("config.service.%d.addPort('%s', '%s')", self.id, port,
+ protocol)
+ self.parent.accessCheck(sender)
+ settings = list(self.getSettings())
+ if (port,protocol) in settings[3]:
+ raise FirewallError(ALREADY_ENABLED, "%s:%s" % (port, protocol))
+ settings[3].append((port,protocol))
+ self.update(settings)
+
+ @dbus_service_method(DBUS_INTERFACE_CONFIG_SERVICE, in_signature='ss')
+ @dbus_handle_exceptions
+ def removePort(self, port, protocol, sender=None):
+ port = dbus_to_python(port, str)
+ protocol = dbus_to_python(protocol, str)
+ log.debug1("config.service.%d.removePort('%s', '%s')", self.id, port,
+ protocol)
+ self.parent.accessCheck(sender)
+ settings = list(self.getSettings())
+ if (port,protocol) not in settings[3]:
+ raise FirewallError(NOT_ENABLED, "%s:%s" % (port, protocol))
+ settings[3].remove((port,protocol))
+ self.update(settings)
+
+ @dbus_service_method(DBUS_INTERFACE_CONFIG_SERVICE, in_signature='ss',
+ out_signature='b')
+ @dbus_handle_exceptions
+ def queryPort(self, port, protocol, sender=None):
+ port = dbus_to_python(port, str)
+ protocol = dbus_to_python(protocol, str)
+ log.debug1("config.service.%d.queryPort('%s', '%s')", self.id, port,
+ protocol)
+ return (port,protocol) in self.getSettings()[3]
+
+ # module
+
+ @dbus_service_method(DBUS_INTERFACE_CONFIG_SERVICE, out_signature='as')
+ @dbus_handle_exceptions
+ def getModules(self, sender=None):
+ log.debug1("config.service.%d.getModules()", self.id)
+ return sorted(self.getSettings()[4])
+
+ @dbus_service_method(DBUS_INTERFACE_CONFIG_SERVICE, in_signature='as')
+ @dbus_handle_exceptions
+ def setModules(self, modules, sender=None):
+ modules = dbus_to_python(modules, list)
+ log.debug1("config.service.%d.setModules('[%s]')", self.id,
+ ",".join(modules))
+ self.parent.accessCheck(sender)
+ settings = list(self.getSettings())
+ settings[4] = modules
+ self.update(settings)
+
+ @dbus_service_method(DBUS_INTERFACE_CONFIG_SERVICE, in_signature='s')
+ @dbus_handle_exceptions
+ def addModule(self, module, sender=None):
+ module = dbus_to_python(module, str)
+ log.debug1("config.service.%d.addModule('%s')", self.id, module)
+ self.parent.accessCheck(sender)
+ settings = list(self.getSettings())
+ if module in settings[4]:
+ raise FirewallError(ALREADY_ENABLED, module)
+ settings[4].append(module)
+ self.update(settings)
+
+ @dbus_service_method(DBUS_INTERFACE_CONFIG_SERVICE, in_signature='s')
+ @dbus_handle_exceptions
+ def removeModule(self, module, sender=None):
+ module = dbus_to_python(module, str)
+ log.debug1("config.service.%d.removeModule('%s')", self.id, module)
+ self.parent.accessCheck(sender)
+ settings = list(self.getSettings())
+ if module not in settings[4]:
+ raise FirewallError(NOT_ENABLED, module)
+ settings[4].remove(module)
+ self.update(settings)
+
+ @dbus_service_method(DBUS_INTERFACE_CONFIG_SERVICE, in_signature='s',
+ out_signature='b')
+ @dbus_handle_exceptions
+ def queryModule(self, module, sender=None):
+ module = dbus_to_python(module, str)
+ log.debug1("config.service.%d.queryModule('%s')", self.id, module)
+ return module in self.getSettings()[4]
+
+ # destination
+
+ @dbus_service_method(DBUS_INTERFACE_CONFIG_SERVICE, out_signature='a{ss}')
+ @dbus_handle_exceptions
+ def getDestinations(self, sender=None):
+ log.debug1("config.service.%d.getDestinations()", self.id)
+ return self.getSettings()[5]
+
+ @dbus_service_method(DBUS_INTERFACE_CONFIG_SERVICE, in_signature='as')
+ @dbus_handle_exceptions
+ def setDestinations(self, destinations, sender=None):
+ destinations = dbus_to_python(destinations, list)
+ log.debug1("config.service.%d.setDestinations('[%s]')", self.id,
+ ",".join(destinations))
+ self.parent.accessCheck(sender)
+ settings = list(self.getSettings())
+ settings[5] = destinations
+ self.update(settings)
+
+ @dbus_service_method(DBUS_INTERFACE_CONFIG_SERVICE, in_signature='s',
+ out_signature='s')
+ @dbus_handle_exceptions
+ def getDestination(self, destination, sender=None):
+ destination = dbus_to_python(destination, str)
+ log.debug1("config.service.%d.getDestination('%s')", self.id,
+ destination)
+ self.parent.accessCheck(sender)
+ settings = list(self.getSettings())
+ if destination not in settings[5]:
+ raise FirewallError(NOT_ENABLED, destination)
+ return settings[5][destination]
+
+ @dbus_service_method(DBUS_INTERFACE_CONFIG_SERVICE, in_signature='ss')
+ @dbus_handle_exceptions
+ def setDestination(self, destination, address, sender=None):
+ destination = dbus_to_python(destination, str)
+ address = dbus_to_python(address, str)
+ log.debug1("config.service.%d.setDestination('%s', '%s')", self.id,
+ destination, address)
+ self.parent.accessCheck(sender)
+ settings = list(self.getSettings())
+ if destination in settings[5]:
+ raise FirewallError(ALREADY_ENABLED, destination)
+ settings[5][destination] = address
+ self.update(settings)
+
+ @dbus_service_method(DBUS_INTERFACE_CONFIG_SERVICE, in_signature='s')
+ @dbus_handle_exceptions
+ def removeDestination(self, destination, sender=None):
+ destination = dbus_to_python(destination, str)
+ log.debug1("config.service.%d.removeDestination('%s')", self.id,
+ destination)
+ self.parent.accessCheck(sender)
+ settings = list(self.getSettings())
+ if destination not in settings[5]:
+ raise FirewallError(NOT_ENABLED, destination)
+ settings[5].remove(destination)
+ self.update(settings)
+
+ @dbus_service_method(DBUS_INTERFACE_CONFIG_SERVICE, in_signature='ss',
+ out_signature='b')
+ @dbus_handle_exceptions
+ def queryDestination(self, destination, address, sender=None):
+ destination = dbus_to_python(destination, str)
+ address = dbus_to_python(address, str)
+ log.debug1("config.service.%d.queryDestination('%s', '%s')", self.id,
+ destination, address)
+ settings = self.getSettings()
+ return (destination in self.settings[5] and \
+ address == self.settings[5][destination])
diff -up firewalld-0.3.9/src/firewall/server/config_zone.py.RHBZ#1127706 firewalld-0.3.9/src/firewall/server/config_zone.py
--- firewalld-0.3.9/src/firewall/server/config_zone.py.RHBZ#1127706 2014-01-13 16:12:35.000000000 +0100
+++ firewalld-0.3.9/src/firewall/server/config_zone.py 2014-09-30 01:09:08.591824854 +0200
@@ -36,6 +36,9 @@ from firewall.core.io.zone import Zone
from firewall.core.logger import log
from firewall.server.decorators import *
from firewall.errors import *
+from firewall.core.base import DEFAULT_ZONE_TARGET
+from firewall.core.rich import Rich_Rule
+from firewall.functions import portStr
############################################################################
#
@@ -238,3 +241,527 @@ class FirewallDConfigZone(slip.dbus.serv
@dbus_handle_exceptions
def Renamed(self, name):
log.debug1("config.zone.%d.Renamed('%s')" % (self.id, name))
+
+ # version
+
+ @dbus_service_method(DBUS_INTERFACE_CONFIG_ZONE, out_signature='s')
+ @dbus_handle_exceptions
+ def getVersion(self, sender=None):
+ log.debug1("config.zone.%d.getVersion()", self.id)
+ return self.getSettings()[0]
+
+ @dbus_service_method(DBUS_INTERFACE_CONFIG_ZONE, in_signature='s')
+ @dbus_handle_exceptions
+ def setVersion(self, version, sender=None):
+ version = dbus_to_python(version, str)
+ log.debug1("config.zone.%d.setVersion('%s')", self.id, version)
+ self.parent.accessCheck(sender)
+ settings = list(self.getSettings())
+ settings[0] = version
+ self.update(settings)
+
+ # short
+
+ @dbus_service_method(DBUS_INTERFACE_CONFIG_ZONE, out_signature='s')
+ @dbus_handle_exceptions
+ def getShort(self, sender=None):
+ log.debug1("config.zone.%d.getShort()", self.id)
+ return self.getSettings()[1]
+
+ @dbus_service_method(DBUS_INTERFACE_CONFIG_ZONE, in_signature='s')
+ @dbus_handle_exceptions
+ def setShort(self, short, sender=None):
+ short = dbus_to_python(short, str)
+ log.debug1("config.zone.%d.setShort('%s')", self.id, short)
+ self.parent.accessCheck(sender)
+ settings = list(self.getSettings())
+ settings[1] = short
+ self.update(settings)
+
+ # description
+
+ @dbus_service_method(DBUS_INTERFACE_CONFIG_ZONE, out_signature='s')
+ @dbus_handle_exceptions
+ def getDescription(self, sender=None):
+ log.debug1("config.zone.%d.getDescription()", self.id)
+ return self.getSettings()[2]
+
+ @dbus_service_method(DBUS_INTERFACE_CONFIG_ZONE, in_signature='s')
+ @dbus_handle_exceptions
+ def setDescription(self, description, sender=None):
+ description = dbus_to_python(description, str)
+ log.debug1("config.zone.%d.setDescription('%s')", self.id, description)
+ self.parent.accessCheck(sender)
+ settings = list(self.getSettings())
+ settings[2] = description
+ self.update(settings)
+
+ # immutable (deprecated)
+ # settings[3] was used for 'immutable'
+
+ # target
+
+ @dbus_service_method(DBUS_INTERFACE_CONFIG_ZONE, out_signature='s')
+ @dbus_handle_exceptions
+ def getTarget(self, sender=None):
+ log.debug1("config.zone.%d.getTarget()", self.id)
+ settings = self.getSettings()
+ return settings[4] if settings[4] != DEFAULT_ZONE_TARGET else "default"
+
+ @dbus_service_method(DBUS_INTERFACE_CONFIG_ZONE, in_signature='s')
+ @dbus_handle_exceptions
+ def setTarget(self, target, sender=None):
+ target = dbus_to_python(target, str)
+ log.debug1("config.zone.%d.setTarget('%s')", self.id, target)
+ self.parent.accessCheck(sender)
+ settings = list(self.getSettings())
+ settings[4] = target if target != "default" else DEFAULT_ZONE_TARGET
+ self.update(settings)
+
+ # service
+
+ @dbus_service_method(DBUS_INTERFACE_CONFIG_ZONE, out_signature='as')
+ @dbus_handle_exceptions
+ def getServices(self, sender=None):
+ log.debug1("config.zone.%d.getServices()", self.id)
+ return sorted(self.getSettings()[5])
+
+ @dbus_service_method(DBUS_INTERFACE_CONFIG_ZONE, in_signature='as')
+ @dbus_handle_exceptions
+ def setServices(self, services, sender=None):
+ services = dbus_to_python(services, list)
+ log.debug1("config.zone.%d.setServices('[%s]')", self.id,
+ ",".join(services))
+ self.parent.accessCheck(sender)
+ settings = list(self.getSettings())
+ settings[5] = services
+ self.update(settings)
+
+ @dbus_service_method(DBUS_INTERFACE_CONFIG_ZONE, in_signature='s')
+ @dbus_handle_exceptions
+ def addService(self, service, sender=None):
+ service = dbus_to_python(service, str)
+ log.debug1("config.zone.%d.addService('%s')", self.id, service)
+ self.parent.accessCheck(sender)
+ settings = list(self.getSettings())
+ if service in settings[5]:
+ raise FirewallError(ALREADY_ENABLED, service)
+ settings[5].append(service)
+ self.update(settings)
+
+ @dbus_service_method(DBUS_INTERFACE_CONFIG_ZONE, in_signature='s')
+ @dbus_handle_exceptions
+ def removeService(self, service, sender=None):
+ service = dbus_to_python(service, str)
+ log.debug1("config.zone.%d.removeService('%s')", self.id, service)
+ self.parent.accessCheck(sender)
+ settings = list(self.getSettings())
+ if service not in settings[5]:
+ raise FirewallError(NOT_ENABLED, service)
+ settings[5].remove(service)
+ self.update(settings)
+
+ @dbus_service_method(DBUS_INTERFACE_CONFIG_ZONE, in_signature='s',
+ out_signature='b')
+ @dbus_handle_exceptions
+ def queryService(self, service, sender=None):
+ service = dbus_to_python(service, str)
+ log.debug1("config.zone.%d.queryService('%s')", self.id, service)
+ return service in self.getSettings()[5]
+
+ # port
+
+ @dbus_service_method(DBUS_INTERFACE_CONFIG_ZONE, out_signature='a(ss)')
+ @dbus_handle_exceptions
+ def getPorts(self, sender=None):
+ log.debug1("config.zone.%d.getPorts()", self.id)
+ return self.getSettings()[6]
+
+ @dbus_service_method(DBUS_INTERFACE_CONFIG_ZONE, in_signature='a(ss)')
+ @dbus_handle_exceptions
+ def setPorts(self, ports, sender=None):
+ _ports = [ ]
+ # convert embedded lists to tuples
+ for port in dbus_to_python(ports, list):
+ if type(port) == list:
+ _ports.append(tuple(port))
+ else:
+ _ports.append(port)
+ ports = _ports
+ log.debug1("config.zone.%d.setPorts('[%s]')", self.id,
+ ",".join("('%s, '%s')" % (port[0], port[1]) for port in ports))
+ self.parent.accessCheck(sender)
+ settings = list(self.getSettings())
+ settings[6] = ports
+ self.update(settings)
+
+ @dbus_service_method(DBUS_INTERFACE_CONFIG_ZONE, in_signature='ss')
+ @dbus_handle_exceptions
+ def addPort(self, port, protocol, sender=None):
+ port = dbus_to_python(port, str)
+ protocol = dbus_to_python(protocol, str)
+ log.debug1("config.zone.%d.addPort('%s', '%s')", self.id, port,
+ protocol)
+ self.parent.accessCheck(sender)
+ settings = list(self.getSettings())
+ if (port,protocol) in settings[6]:
+ raise FirewallError(ALREADY_ENABLED, "%s:%s" % (port, protocol))
+ settings[6].append((port,protocol))
+ self.update(settings)
+
+ @dbus_service_method(DBUS_INTERFACE_CONFIG_ZONE, in_signature='ss')
+ @dbus_handle_exceptions
+ def removePort(self, port, protocol, sender=None):
+ port = dbus_to_python(port, str)
+ protocol = dbus_to_python(protocol, str)
+ log.debug1("config.zone.%d.removePort('%s', '%s')", self.id, port,
+ protocol)
+ self.parent.accessCheck(sender)
+ settings = list(self.getSettings())
+ if (port,protocol) not in settings[6]:
+ raise FirewallError(NOT_ENABLED, "%s:%s" % (port, protocol))
+ settings[6].remove((port,protocol))
+ self.update(settings)
+
+ @dbus_service_method(DBUS_INTERFACE_CONFIG_ZONE, in_signature='ss',
+ out_signature='b')
+ @dbus_handle_exceptions
+ def queryPort(self, port, protocol, sender=None):
+ port = dbus_to_python(port, str)
+ protocol = dbus_to_python(protocol, str)
+ log.debug1("config.zone.%d.queryPort('%s', '%s')", self.id, port,
+ protocol)
+ return (port,protocol) in self.getSettings()[6]
+
+ # icmp block
+
+ @dbus_service_method(DBUS_INTERFACE_CONFIG_ZONE, out_signature='as')
+ @dbus_handle_exceptions
+ def getIcmpBlocks(self, sender=None):
+ log.debug1("config.zone.%d.getIcmpBlocks()", self.id)
+ return sorted(self.getSettings()[7])
+
+ @dbus_service_method(DBUS_INTERFACE_CONFIG_ZONE, in_signature='as')
+ @dbus_handle_exceptions
+ def setIcmpBlocks(self, icmptypes, sender=None):
+ icmptypes = dbus_to_python(icmptypes, list)
+ log.debug1("config.zone.%d.setIcmpBlocks('[%s]')", self.id,
+ ",".join(icmptypes))
+ self.parent.accessCheck(sender)
+ settings = list(self.getSettings())
+ settings[7] = icmptypes
+ self.update(settings)
+
+ @dbus_service_method(DBUS_INTERFACE_CONFIG_ZONE, in_signature='s')
+ @dbus_handle_exceptions
+ def addIcmpBlock(self, icmptype, sender=None):
+ icmptype = dbus_to_python(icmptype, str)
+ log.debug1("config.zone.%d.addIcmpBlock('%s')", self.id, icmptype)
+ self.parent.accessCheck(sender)
+ settings = list(self.getSettings())
+ if icmptype in settings[7]:
+ raise FirewallError(ALREADY_ENABLED, icmptype)
+ settings[7].append(icmptype)
+ self.update(settings)
+
+ @dbus_service_method(DBUS_INTERFACE_CONFIG_ZONE, in_signature='s')
+ @dbus_handle_exceptions
+ def removeIcmpBlock(self, icmptype, sender=None):
+ icmptype = dbus_to_python(icmptype, str)
+ log.debug1("config.zone.%d.removeIcmpBlock('%s')", self.id, icmptype)
+ self.parent.accessCheck(sender)
+ settings = list(self.getSettings())
+ if icmptype not in settings[7]:
+ raise FirewallError(NOT_ENABLED, icmptype)
+ settings[7].remove(icmptype)
+ self.update(settings)
+
+ @dbus_service_method(DBUS_INTERFACE_CONFIG_ZONE, in_signature='s',
+ out_signature='b')
+ @dbus_handle_exceptions
+ def queryIcmpBlock(self, icmptype, sender=None):
+ icmptype = dbus_to_python(icmptype, str)
+ log.debug1("config.zone.%d.removeIcmpBlock('%s')", self.id, icmptype)
+ return icmptype in self.getSettings()[7]
+
+ # masquerade
+
+ @dbus_service_method(DBUS_INTERFACE_CONFIG_ZONE, out_signature='b')
+ @dbus_handle_exceptions
+ def getMasquerade(self, sender=None):
+ log.debug1("config.zone.%d.getMasquerade()", self.id)
+ return self.getSettings()[8]
+
+ @dbus_service_method(DBUS_INTERFACE_CONFIG_ZONE, in_signature='b')
+ @dbus_handle_exceptions
+ def setMasquerade(self, masquerade, sender=None):
+ masquerade = dbus_to_python(masquerade, bool)
+ log.debug1("config.zone.%d.setMasquerade('%s')", self.id, masquerade)
+ self.parent.accessCheck(sender)
+ settings = list(self.getSettings())
+ settings[8] = masquerade
+ self.update(settings)
+
+ @dbus_service_method(DBUS_INTERFACE_CONFIG_ZONE)
+ @dbus_handle_exceptions
+ def addMasquerade(self, sender=None):
+ log.debug1("config.zone.%d.addMasquerade()", self.id)
+ self.parent.accessCheck(sender)
+ settings = list(self.getSettings())
+ if settings[8]:
+ raise FirewallError(ALREADY_ENABLED, "masquerade")
+ settings[8] = True
+ self.update(settings)
+
+ @dbus_service_method(DBUS_INTERFACE_CONFIG_ZONE)
+ @dbus_handle_exceptions
+ def removeMasquerade(self, sender=None):
+ log.debug1("config.zone.%d.removeMasquerade()", self.id)
+ self.parent.accessCheck(sender)
+ settings = list(self.getSettings())
+ if not settings[8]:
+ raise FirewallError(NOT_ENABLED, "masquerade")
+ settings[8] = False
+ self.update(settings)
+
+ @dbus_service_method(DBUS_INTERFACE_CONFIG_ZONE, out_signature='b')
+ @dbus_handle_exceptions
+ def queryMasquerade(self, sender=None):
+ log.debug1("config.zone.%d.queryMasquerade()", self.id)
+ return self.getSettings()[8]
+
+ # forward port
+
+ @dbus_service_method(DBUS_INTERFACE_CONFIG_ZONE, out_signature='a(ssss)')
+ @dbus_handle_exceptions
+ def getForwardPorts(self, sender=None):
+ log.debug1("config.zone.%d.getForwardPorts()", self.id)
+ return self.getSettings()[9]
+
+ @dbus_service_method(DBUS_INTERFACE_CONFIG_ZONE, in_signature='a(ssss)')
+ @dbus_handle_exceptions
+ def setForwardPorts(self, ports, sender=None):
+ _ports = [ ]
+ # convert embedded lists to tuples
+ for port in dbus_to_python(ports, list):
+ if type(port) == list:
+ _ports.append(tuple(port))
+ else:
+ _ports.append(port)
+ ports = _ports
+ log.debug1("config.zone.%d.setForwardPorts('[%s]')", self.id,
+ ",".join("('%s, '%s', '%s', '%s')" % (port[0], port[1], \
+ port[2], port[3]) for port in ports))
+ self.parent.accessCheck(sender)
+ settings = list(self.getSettings())
+ settings[9] = ports
+ self.update(settings)
+
+ @dbus_service_method(DBUS_INTERFACE_CONFIG_ZONE, in_signature='ssss')
+ @dbus_handle_exceptions
+ def addForwardPort(self, port, protocol, toport, toaddr, sender=None):
+ port = dbus_to_python(port, str)
+ protocol = dbus_to_python(protocol, str)
+ toport = dbus_to_python(toport, str)
+ toaddr = dbus_to_python(toaddr, str)
+ log.debug1("config.zone.%d.addForwardPort('%s', '%s', '%s', '%s')",
+ self.id, port, protocol, toport, toaddr)
+ self.parent.accessCheck(sender)
+ fwp_id = (portStr(port, "-"), protocol, portStr(toport, "-"),
+ str(toaddr))
+ settings = list(self.getSettings())
+ if fwp_id in settings[9]:
+ raise FirewallError(ALREADY_ENABLED,
+ "%s:%s:%s:%s" % (port, protocol, toport, toaddr))
+ settings[9].append(fwp_id)
+ self.update(settings)
+
+ @dbus_service_method(DBUS_INTERFACE_CONFIG_ZONE, in_signature='ssss')
+ @dbus_handle_exceptions
+ def removeForwardPort(self, port, protocol, toport, toaddr, sender=None):
+ port = dbus_to_python(port, str)
+ protocol = dbus_to_python(protocol, str)
+ toport = dbus_to_python(toport, str)
+ toaddr = dbus_to_python(toaddr, str)
+ log.debug1("config.zone.%d.removeForwardPort('%s', '%s', '%s', '%s')",
+ self.id, port, protocol, toport, toaddr)
+ self.parent.accessCheck(sender)
+ fwp_id = (portStr(port, "-"), protocol, portStr(toport, "-"),
+ str(toaddr))
+ settings = list(self.getSettings())
+ if fwp_id not in settings[9]:
+ raise FirewallError(NOT_ENABLED,
+ "%s:%s:%s:%s" % (port, protocol, toport, toaddr))
+ settings[9].remove(fwp_id)
+ self.update(settings)
+
+ @dbus_service_method(DBUS_INTERFACE_CONFIG_ZONE, in_signature='ssss',
+ out_signature='b')
+ @dbus_handle_exceptions
+ def queryForwardPort(self, port, protocol, toport, toaddr, sender=None):
+ port = dbus_to_python(port, str)
+ protocol = dbus_to_python(protocol, str)
+ toport = dbus_to_python(toport, str)
+ toaddr = dbus_to_python(toaddr, str)
+ log.debug1("config.zone.%d.queryForwardPort('%s', '%s', '%s', '%s')",
+ self.id, port, protocol, toport, toaddr)
+ fwp_id = (portStr(port, "-"), protocol, portStr(toport, "-"),
+ str(toaddr))
+ return fwp_id in self.getSettings()[9]
+
+ # interface
+
+ @dbus_service_method(DBUS_INTERFACE_CONFIG_ZONE, out_signature='as')
+ @dbus_handle_exceptions
+ def getInterfaces(self, sender=None):
+ log.debug1("config.zone.%d.getInterfaces()", self.id)
+ return sorted(self.getSettings()[10])
+
+ @dbus_service_method(DBUS_INTERFACE_CONFIG_ZONE, in_signature='as')
+ @dbus_handle_exceptions
+ def setInterfaces(self, interfaces, sender=None):
+ interfaces = dbus_to_python(interfaces, list)
+ log.debug1("config.zone.%d.setInterfaces('[%s]')", self.id,
+ ",".join(interfaces))
+ self.parent.accessCheck(sender)
+ settings = list(self.getSettings())
+ settings[10] = interfaces
+ self.update(settings)
+
+ @dbus_service_method(DBUS_INTERFACE_CONFIG_ZONE, in_signature='s')
+ @dbus_handle_exceptions
+ def addInterface(self, interface, sender=None):
+ interface = dbus_to_python(interface, str)
+ log.debug1("config.zone.%d.addInterface('%s')", self.id, interface)
+ self.parent.accessCheck(sender)
+ settings = list(self.getSettings())
+ if interface in settings[10]:
+ raise FirewallError(ALREADY_ENABLED, interface)
+ settings[10].append(interface)
+ self.update(settings)
+
+ @dbus_service_method(DBUS_INTERFACE_CONFIG_ZONE, in_signature='s')
+ @dbus_handle_exceptions
+ def removeInterface(self, interface, sender=None):
+ interface = dbus_to_python(interface, str)
+ log.debug1("config.zone.%d.removeInterface('%s')", self.id, interface)
+ self.parent.accessCheck(sender)
+ settings = list(self.getSettings())
+ if interface not in settings[10]:
+ raise FirewallError(NOT_ENABLED, interface)
+ settings[10].remove(interface)
+ self.update(settings)
+
+ @dbus_service_method(DBUS_INTERFACE_CONFIG_ZONE, in_signature='s',
+ out_signature='b')
+ @dbus_handle_exceptions
+ def queryInterface(self, interface, sender=None):
+ interface = dbus_to_python(interface, str)
+ log.debug1("config.zone.%d.queryInterface('%s')", self.id, interface)
+ return interface in self.getSettings()[10]
+
+ # source
+
+ @dbus_service_method(DBUS_INTERFACE_CONFIG_ZONE, out_signature='as')
+ @dbus_handle_exceptions
+ def getSources(self, sender=None):
+ log.debug1("config.zone.%d.getSources()", self.id)
+ return sorted(self.getSettings()[11])
+
+ @dbus_service_method(DBUS_INTERFACE_CONFIG_ZONE, in_signature='as')
+ @dbus_handle_exceptions
+ def setSources(self, sources, sender=None):
+ sources = dbus_to_python(sources, list)
+ log.debug1("config.zone.%d.setSources('[%s]')", self.id,
+ ",".join(sources))
+ self.parent.accessCheck(sender)
+ settings = list(self.getSettings())
+ settings[11] = sources
+ self.update(settings)
+
+ @dbus_service_method(DBUS_INTERFACE_CONFIG_ZONE, in_signature='s')
+ @dbus_handle_exceptions
+ def addSource(self, source, sender=None):
+ source = dbus_to_python(source, str)
+ log.debug1("config.zone.%d.addSource('%s')", self.id, source)
+ self.parent.accessCheck(sender)
+ settings = list(self.getSettings())
+ if source in settings[11]:
+ raise FirewallError(ALREADY_ENABLED, source)
+ settings[11].append(source)
+ self.update(settings)
+
+ @dbus_service_method(DBUS_INTERFACE_CONFIG_ZONE, in_signature='s')
+ @dbus_handle_exceptions
+ def removeSource(self, source, sender=None):
+ source = dbus_to_python(source, str)
+ log.debug1("config.zone.%d.removeSource('%s')", self.id, source)
+ self.parent.accessCheck(sender)
+ settings = list(self.getSettings())
+ if source not in settings[11]:
+ raise FirewallError(NOT_ENABLED, source)
+ settings[11].remove(source)
+ self.update(settings)
+
+ @dbus_service_method(DBUS_INTERFACE_CONFIG_ZONE, in_signature='s',
+ out_signature='b')
+ @dbus_handle_exceptions
+ def querySource(self, source, sender=None):
+ source = dbus_to_python(source, str)
+ log.debug1("config.zone.%d.querySource('%s')", self.id, source)
+ return source in self.getSettings()[11]
+
+ # rich rule
+
+ @dbus_service_method(DBUS_INTERFACE_CONFIG_ZONE, out_signature='as')
+ @dbus_handle_exceptions
+ def getRichRules(self, sender=None):
+ log.debug1("config.zone.%d.getRichRules()", self.id)
+ return self.getSettings()[12]
+
+ @dbus_service_method(DBUS_INTERFACE_CONFIG_ZONE, in_signature='as')
+ @dbus_handle_exceptions
+ def setRichRules(self, rules, sender=None):
+ rules = dbus_to_python(rules, list)
+ log.debug1("config.zone.%d.setRichRules('[%s]')", self.id,
+ ",".join(rules))
+ self.parent.accessCheck(sender)
+ settings = list(self.getSettings())
+ rules = [ str(Rich_Rule(rule_str=r)) for r in rules ]
+ settings[12] = rules
+ self.update(settings)
+
+ @dbus_service_method(DBUS_INTERFACE_CONFIG_ZONE, in_signature='s')
+ @dbus_handle_exceptions
+ def addRichRule(self, rule, sender=None):
+ rule = dbus_to_python(rule, str)
+ log.debug1("config.zone.%d.addRichRule('%s')", self.id, rule)
+ self.parent.accessCheck(sender)
+ settings = list(self.getSettings())
+ rule_str = str(Rich_Rule(rule_str=rule))
+ if rule_str in settings[12]:
+ raise FirewallError(ALREADY_ENABLED, rule)
+ settings[12].append(rule_str)
+ self.update(settings)
+
+ @dbus_service_method(DBUS_INTERFACE_CONFIG_ZONE, in_signature='s')
+ @dbus_handle_exceptions
+ def removeRichRule(self, rule, sender=None):
+ rule = dbus_to_python(rule, str)
+ log.debug1("config.zone.%d.removeRichRule('%s')", self.id, rule)
+ self.parent.accessCheck(sender)
+ settings = list(self.getSettings())
+ rule_str = str(Rich_Rule(rule_str=rule))
+ if rule_str not in settings[12]:
+ raise FirewallError(NOT_ENABLED, rule)
+ settings[12].remove(rule_str)
+ self.update(settings)
+
+ @dbus_service_method(DBUS_INTERFACE_CONFIG_ZONE, in_signature='s',
+ out_signature='b')
+ @dbus_handle_exceptions
+ def queryRichRule(self, rule, sender=None):
+ rule = dbus_to_python(rule, str)
+ log.debug1("config.zone.%d.queryRichRule('%s')", self.id, rule)
+ rule_str = str(Rich_Rule(rule_str=rule))
+ return rule_str in self.getSettings()[12]