rpms / firewalld

Clone
Source Code
GIT

Files

  1.   3d17f4a4f82cd584ab648015b9d9e480a53410a4
  2.   SOURCES
  3.   firewalld-0.3.9-RHBZ#994479.patch
Blob Blame History Raw 
diff -up firewalld-0.3.9/config/Makefile.am.RHBZ#994479 firewalld-0.3.9/config/Makefile.am
--- firewalld-0.3.9/config/Makefile.am.RHBZ#994479	2013-12-03 14:57:26.000000000 +0100
+++ firewalld-0.3.9/config/Makefile.am	2015-07-06 22:52:11.796675172 +0200
@@ -21,6 +21,10 @@ gsettings_in_file = org.fedoraproject.Fi
 	org.fedoraproject.FirewallConfig.gschema.xml.in
 gsettings_SCHEMAS = $(gsettings_in_file:.xml.in=.xml)
 
+xmlschemadir = $(prefixlibdir)/xmlschema
+dist_xmlschema_DATA = xmlschema/icmptype.xsd xmlschema/service.xsd xmlschema/zone.xsd
+dist_xmlschema_SCRIPTS = xmlschema/check.sh
+
 BUILT_SOURCES = \
 	$(desktop_DATA) \
 	$(applet_desktop_DATA) \
diff -up firewalld-0.3.9/config/xmlschema/check.sh.RHBZ#994479 firewalld-0.3.9/config/xmlschema/check.sh
--- firewalld-0.3.9/config/xmlschema/check.sh.RHBZ#994479	2015-07-06 22:53:44.286881231 +0200
+++ firewalld-0.3.9/config/xmlschema/check.sh	2015-07-06 19:17:33.315427513 +0200
@@ -0,0 +1,64 @@
+#!/bin/bash
+
+# requires libxml2 packages for xmllint
+XMLLINT=/usr/bin/xmllint
+PACKAGE=libxml2
+
+prog=$(basename $0)
+BASEDIR=$(realpath $(dirname $0))
+
+checkdir=$(pwd)
+while getopts "d:h" arg; do
+    case $arg in
+	d)
+	    checkdir=$OPTARG
+	    ;;
+	h)
+	    cat <<EOF
+Usage: $prog [options]
+
+Checks zone, service and icmptype firewalld config files to be valid.
+Use this script either in the directory containing the zones, services and
+icmptypes directories containing the files to be checked, or use the -d option
+to specify a directory.
+
+Options:
+  -h              Print this help
+  -d <directory>  Check files in this directory
+
+EOF
+	    exit 0
+	    ;;
+        \?)
+            echo "Invalid option: -$OPTARG" >&2
+            exit 1
+            ;;
+        :)
+            echo "Option -$OPTARG requires an argument." >&2
+            exit 1
+            ;;
+    esac
+done
+
+if [ ! -f "$XMLLINT" ]; then
+    echo "$XMLLINT is not installed, please install the $PACKAGE package."
+    exit -1
+fi
+
+if [ ! -d "$checkdir" ]; then
+    echo "Directory '${checkdir}' does not exist"
+    exit -2
+fi
+
+for keyword in zone service icmptype; do
+    if [ -d "${checkdir}/${keyword}s" ]; then
+	echo "Checking ${keyword}s"
+	cd "${checkdir}/${keyword}s"
+	ls -f *.xml 2>/dev/null | while read -r file; do
+	    echo -n "  "
+	    $XMLLINT --noout --schema "$BASEDIR"/${keyword}.xsd "${file}"
+	done
+    else
+	echo "Directory '${checkdir}/${keyword}s' does not exist"
+    fi
+done
diff -up firewalld-0.3.9/config/xmlschema/icmptype.xsd.RHBZ#994479 firewalld-0.3.9/config/xmlschema/icmptype.xsd
--- firewalld-0.3.9/config/xmlschema/icmptype.xsd.RHBZ#994479	2015-07-06 22:53:52.718900017 +0200
+++ firewalld-0.3.9/config/xmlschema/icmptype.xsd	2015-07-06 19:17:33.319427521 +0200
@@ -0,0 +1,29 @@
+<?xml version="1.0"?>
+<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema"
+elementFormDefault="qualified">
+
+<xs:element name="icmptype">
+  <xs:complexType>
+    <xs:choice maxOccurs="unbounded">
+      <xs:element name="short" type="xs:string" minOccurs="0"/>
+      <xs:element name="description" type="xs:string" minOccurs="0"/>
+      <xs:element name="destination" type="desttype" minOccurs="0" maxOccurs="unbounded"/>
+    </xs:choice>
+    <xs:attribute name="version" type="xs:string"/>
+  </xs:complexType>
+</xs:element>
+
+<xs:complexType name="desttype">
+  <xs:attribute name="ipv4" type="booltype"/>
+  <xs:attribute name="ipv6" type="booltype"/>
+</xs:complexType>
+
+<xs:simpleType name="booltype">
+  <xs:restriction base="xs:string">
+    <xs:pattern value="[Yy]es|[Nn]o|[Tt]rue|[Ff]alse"/>
+  </xs:restriction>
+</xs:simpleType>
+
+</xs:schema>
+
+
diff -up firewalld-0.3.9/config/xmlschema/service.xsd.RHBZ#994479 firewalld-0.3.9/config/xmlschema/service.xsd
--- firewalld-0.3.9/config/xmlschema/service.xsd.RHBZ#994479	2015-07-06 22:53:58.213912258 +0200
+++ firewalld-0.3.9/config/xmlschema/service.xsd	2015-07-06 19:17:33.319427521 +0200
@@ -0,0 +1,53 @@
+<?xml version="1.0"?>
+<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema"
+elementFormDefault="qualified">
+
+<xs:element name="service">
+  <xs:complexType>
+    <xs:choice maxOccurs="unbounded">
+      <xs:element name="short" type="xs:string" minOccurs="0"/>
+      <xs:element name="description" type="xs:string" minOccurs="0"/>
+      <xs:element name="port" type="porttype" minOccurs="0" maxOccurs="unbounded"/>
+      <xs:element name="module" type="nametype" minOccurs="0" maxOccurs="unbounded"/>
+      <xs:element name="destination" type="desttype" minOccurs="0" maxOccurs="unbounded"/>
+    </xs:choice>
+    <xs:attribute name="version" type="xs:string"/>
+  </xs:complexType>
+</xs:element>
+
+<xs:complexType name="nametype">
+  <xs:attribute name="name" type="xs:string" use="required"/>
+</xs:complexType>
+
+<xs:complexType name="porttype">
+  <xs:attribute name="port" type="porttyperestrict" use="required"/>
+  <xs:attribute name="protocol" type="xs:string" use="required"/>
+</xs:complexType>
+
+<xs:simpleType name="porttyperestrict">
+  <xs:restriction base="xs:string">
+    <xs:pattern value="([0-9]+(\-[0-9]+)?)?"/>
+  </xs:restriction>
+</xs:simpleType>
+
+<xs:complexType name="desttype">
+  <xs:attribute name="ipv4" type="ipv4addrtype"/>
+  <xs:attribute name="ipv6" type="ipv6addrtype"/>
+</xs:complexType>
+
+<xs:simpleType name="ipv4addrtype">
+  <xs:restriction base="xs:string">
+    <xs:pattern value="([0-9]{1,3}\.){3}[0-9]{1,3}(/[0-9]{1,2})?"/>
+  </xs:restriction>
+</xs:simpleType>
+
+<xs:simpleType name="ipv6addrtype">
+  <xs:restriction base="xs:string">
+    <!-- very rough RE -->
+    <xs:pattern value="[0-9A-Fa-f:]{3,39}(/[0-9]{1,3})?"/>
+  </xs:restriction>
+</xs:simpleType>
+
+</xs:schema>
+
+
diff -up firewalld-0.3.9/config/xmlschema/zone.xsd.RHBZ#994479 firewalld-0.3.9/config/xmlschema/zone.xsd
--- firewalld-0.3.9/config/xmlschema/zone.xsd.RHBZ#994479	2015-07-06 22:54:05.453928390 +0200
+++ firewalld-0.3.9/config/xmlschema/zone.xsd	2015-07-06 19:17:33.320427524 +0200
@@ -0,0 +1,156 @@
+<?xml version="1.0"?>
+<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema"
+elementFormDefault="qualified">
+
+<xs:element name="zone">
+  <xs:complexType>
+    <xs:choice maxOccurs="unbounded">
+      <xs:element name="short" type="xs:string" minOccurs="0"/>
+      <xs:element name="description" type="xs:string" minOccurs="0"/>
+      <xs:element name="interface" type="nametype" minOccurs="0" maxOccurs="unbounded"/>
+      <xs:element name="source" type="sourceaddresstype" minOccurs="0" maxOccurs="unbounded"/>
+      <xs:element name="service" type="nametype" minOccurs="0" maxOccurs="unbounded"/>
+      <xs:element name="port" type="porttype" minOccurs="0" maxOccurs="unbounded"/>
+      <xs:element name="icmp-block" type="nametype" minOccurs="0" maxOccurs="unbounded"/>
+      <xs:element name="masquerade" type="emptytype" minOccurs="0"/>
+      <xs:element name="forward-port" type="fwporttype" minOccurs="0" maxOccurs="unbounded"/>
+      <xs:element name="rule" type="ruletype" minOccurs="0" maxOccurs="unbounded"/>
+    </xs:choice>
+    <xs:attribute name="version" type="xs:string"/>
+    <xs:attribute name="target" type="zonetargettype"/>
+  </xs:complexType>
+</xs:element>
+
+<xs:complexType name="nametype">
+  <xs:attribute name="name" type="xs:string" use="required"/>
+</xs:complexType>
+
+<xs:complexType name="sourceaddresstype">
+  <xs:attribute name="address" type="ipaddrtype" use="required"/>
+</xs:complexType>
+
+<xs:simpleType name="familyrestrict">
+  <xs:restriction base="xs:string">
+    <xs:pattern value="ipv4|ipv6"/>
+  </xs:restriction>
+</xs:simpleType>
+
+<xs:complexType name="porttype">
+  <xs:attribute name="port" type="porttyperestrict" use="required"/>
+  <xs:attribute name="protocol" type="xs:string" use="required"/>
+</xs:complexType>
+
+<xs:simpleType name="porttyperestrict">
+  <xs:restriction base="xs:string">
+    <xs:pattern value="([0-9]+(\-[0-9]+)?)?"/>
+  </xs:restriction>
+</xs:simpleType>
+
+<xs:complexType name="fwporttype">
+  <xs:attribute name="port" type="porttyperestrict" use="required"/>
+  <xs:attribute name="protocol" type="xs:string" use="required"/>
+  <xs:attribute name="to-port" type="porttyperestrict"/>
+  <xs:attribute name="to-addr" type="ipaddrtype"/>
+</xs:complexType>
+
+<xs:simpleType name="ipaddrtype">
+  <xs:restriction base="xs:string">
+    <!-- IPv4 or IPv6 address (very rough) -->
+    <xs:pattern value="([0-9]{1,3}\.){3}[0-9]{1,3}(/[0-9]{1,2})?|[0-9A-Fa-f:]{3,39}(/[0-9]{1,3})?"/>
+  </xs:restriction>
+</xs:simpleType>
+
+<xs:simpleType name="zonetargettype">
+  <xs:restriction base="xs:string">
+    <xs:pattern value="ACCEPT|DROP|%%REJECT%%"/>
+  </xs:restriction>
+</xs:simpleType>
+
+<xs:complexType name="emptytype">
+</xs:complexType>
+
+<xs:complexType name="ruletype">
+  <xs:choice maxOccurs="unbounded">
+    <xs:element name="source" type="sourcetype" minOccurs="0"/>
+    <xs:element name="destination" type="sourcetype" minOccurs="0"/>
+    <xs:choice>
+      <xs:element name="protocol" type="protocoltype"/>
+      <xs:element name="service" type="nametype"/>
+      <xs:element name="port" type="porttype"/>
+      <xs:element name="icmp-block" type="nametype"/>
+      <xs:element name="masquerade" type="emptytype"/>
+      <xs:element name="forward-port" type="fwporttype"/>
+    </xs:choice>
+    <xs:element name="log" type="logtype" minOccurs="0"/>
+    <xs:element name="audit" type="targettype" minOccurs="0"/>
+    <xs:choice>
+      <xs:element name="accept" type="targettype"/>
+      <xs:element name="drop" type="targettype"/>
+      <xs:element name="reject" type="rejecttype"/>
+      <xs:sequence></xs:sequence>
+    </xs:choice>
+  </xs:choice>
+  <xs:attribute name="family" type="familyrestrict"/>
+</xs:complexType>
+
+<xs:complexType name="sourcetype">
+  <xs:attribute name="address" type="ipaddrtype" use="required"/>
+  <xs:attribute name="invert" type="booltype"/>
+</xs:complexType>
+
+<xs:simpleType name="booltype">
+  <xs:restriction base="xs:string">
+    <xs:pattern value="[Yy]es|[Nn]o|[Tt]rue|[Ff]alse"/>
+  </xs:restriction>
+</xs:simpleType>
+
+<xs:complexType name="protocoltype">
+  <xs:attribute name="value" type="xs:string" use="required"/>
+</xs:complexType>
+
+<xs:complexType name="logtype">
+  <xs:sequence>
+    <xs:element name="limit" type="limittype" minOccurs="0"/>
+  </xs:sequence>
+  <xs:attribute name="prefix" type="xs:string"/>
+  <xs:attribute name="level" type="logtypelevelrestrict"/>
+</xs:complexType>
+
+<xs:simpleType name="logtypelevelrestrict">
+  <xs:restriction base="xs:string">
+    <xs:pattern value="emerg|alert|crit|error|warning|notice|info|debug"/>
+  </xs:restriction>
+</xs:simpleType>
+
+<xs:simpleType name="audittyperestrict">
+  <xs:restriction base="xs:string">
+    <xs:pattern value="ACCEPT|DROP|REJECT"/>
+  </xs:restriction>
+</xs:simpleType>
+
+<xs:complexType name="targettype">
+  <xs:sequence>
+    <xs:element name="limit" type="limittype" minOccurs="0"/>
+  </xs:sequence>
+</xs:complexType>
+
+<xs:complexType name="limittype">
+  <xs:attribute name="value" type="limitvaluerestrict" use="required"/>
+</xs:complexType>
+
+<xs:simpleType name="limitvaluerestrict">
+  <xs:restriction base="xs:string">
+    <xs:pattern value="[0-9]+/[a-z]+"/>
+  </xs:restriction>
+</xs:simpleType>
+
+<xs:complexType name="rejecttype">
+  <xs:sequence>
+    <xs:element name="limit" type="limittype" minOccurs="0"/>
+  </xs:sequence>
+  <xs:attribute name="type" type="xs:string"/>
+</xs:complexType>
+
+</xs:schema>
+
+

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation