a «°i¸Àã@sþdgZddlZddlZddlZddlZddlmZmZddlm Z ddl mZddlm Z ddlmZmZmZddlmZmZmZdd lmZmZmZdd lmZmZmZddlmZm Z m!Z!ddl"m#Z#m$Z$m%Z%dd lm&Z&ddl'm(Z(Gdd„de)ƒZ*dS)ÚFirewallConfigéN)ÚDictÚList)Úconfig)Úlog)Ú IO_Object)ÚIcmpTypeÚicmptype_readerÚicmptype_writer)ÚServiceÚservice_readerÚservice_writer)ÚZoneÚzone_readerÚzone_writer)ÚIPSetÚipset_readerÚipset_writer)ÚHelperÚ helper_readerÚ helper_writer)ÚPolicyÚ policy_readerÚ policy_writer)Úerrors)Ú FirewallErrorc@sReZdZdd„Zdd„Zdd„Zdd„Zd d „Zifee e efdœdd „Zdd„Z dd„Zdd„Zdd„Zdd„Zdd„Zdd„Zdd„Zdd„Zd d!„Zd"d#„Zd$d%„Zd&d'„Zd(d)„Zd*d+„Zd,d-„Zd.d/„Zd0d1„Zd2d3„Zd4d5„Z d6d7„Z!d8d9„Z"d:d;„Z#dd?„Z%d@dA„Z&dBdC„Z'dDdE„Z(dFdG„Z)dHdI„Z*dJdK„Z+dLdM„Z,dNdO„Z-dPdQ„Z.dRdS„Z/dTdU„Z0dVdW„Z1dXdY„Z2dZd[„Z3d\d]„Z4d^d_„Z5d`da„Z6dbdc„Z7ddde„Z8dfdg„Z9dhdi„Z:djdk„Z;dldm„Zdrds„Z?dtdu„Z@dvdw„ZAdxdy„ZBdzd{„ZCd|d}„ZDd~d„ZEd€d„ZFd‚dƒ„ZGd„d…„ZHd†d‡„ZIdˆd‰„ZJdŠd‹„ZKdŒd„ZLdŽd„ZMdd‘„ZNd’d“„ZOd”d•„ZPd–d—„ZQd˜d™„ZRdšd›„ZSdœd„ZTdždŸ„ZUd d¡„ZVd¢d£„ZWd¤d¥„ZXd¦d§„ZYd¨d©„ZZdªd«„Z[d¬d„Z\d®d¯„Z]d°d±„Z^d²d³„Z_d´dµ„Z`d¶d·„Zad¸d¹„Zbdºd»„Zcd¼d½„Zdd¾d¿„ZedÀdÁ„ZfdÂdÃ„ZgdÄdÅ„ZhdÆdÇ„ZidÈdÉ„ZjdÊdË„ZkdÌdÍ„ZldÎS)ÏrcCs||_| ¡dS©N)Ú_fwÚ_FirewallConfig__init_vars)ÚselfÚfw©r!ú;/usr/lib/python3.9/site-packages/firewall/core/fw_config.pyÚ__init__*szFirewallConfig.__init__cCsHd|j|j|j|j|j|j|j|j|j|j |j |j|j|j |j|jfS)Nz>%s(%r, %r, %r, %r, %r, %r, %r, %r, %r, %r, %r, %r, %r, %r, %r))Ú __class__Ú_ipsetsÚ _icmptypesÚ _servicesÚ_zonesÚ_helpersZpolicy_objectsÚ_builtin_ipsetsÚ_builtin_icmptypesÚ_builtin_servicesÚ_builtin_zonesÚ_builtin_helpersÚ_builtin_policy_objectsÚ_firewalld_confÚ _policiesÚ_direct©rr!r!r"Ú__repr__.súÿzFirewallConfig.__repr__cCs^i|_i|_i|_i|_i|_i|_i|_i|_i|_i|_ i|_ i|_d|_d|_ d|_dSr)r%r&r'r(r)Ú_policy_objectsr*r+r,r-r.r/r0r1r2r3r!r!r"Z__init_vars8szFirewallConfig.__init_varscCst|j ¡ƒD]}|j| ¡|j|=qt|j ¡ƒD]}|j| ¡|j|=q8t|j ¡ƒD]}|j| ¡|j|=qbt|j ¡ƒD]}|j| ¡|j|=qŒt|j ¡ƒD]}|j| ¡|j|=q¶t|j ¡ƒD]}|j| ¡|j|=qàt|j ¡ƒD]}|j | ¡|j |=q t|j ¡ƒD]}|j | ¡|j |=q6t|j ¡ƒD]}|j| ¡|j|=qbt|j ¡ƒD]}|j| ¡|j|=qŽ|j rÈ|j ¡|` d|_ |jrä|j ¡|`d|_|jr|j ¡|`d|_| ¡dSr)Úlistr*ÚkeysÚcleanupr%r+r&r,r'r-r(r.r)r0r1r2r)rÚxr!r!r"r8IsV zFirewallConfig.cleanupcsÀi}‡fdd„ˆ ¡Dƒ|d<‡fdd„ˆ ¡Dƒ|d<‡fdd„ˆ ¡Dƒ|d<‡fdd„ˆ ¡Dƒ|d <‡fd d„ˆ ¡Dƒ|d<‡fdd„ˆ ¡Dƒ|d <i|d<ˆj d¡|dd<|S)zJ Returns a dict of dicts of all permanent config objects. csi|]}|ˆ |¡“qSr!)Ú get_ipset)Ú.0Zipsetr3r!r"Ú ƒóz:FirewallConfig.get_all_io_objects_dict..Úipsetscsi|]}|ˆ |¡“qSr!)Ú get_helper)r;Úhelperr3r!r"r<„r=Úhelperscsi|]}|ˆ |¡“qSr!)Úget_icmptype)r;Zicmptyper3r!r"r<…r=Ú icmptypescsi|]}|ˆ |¡“qSr!)Úget_service)r;Zservicer3r!r"r<†r=Úservicescsi|]}|ˆ |¡“qSr!)Úget_zone)r;Úzoner3r!r"r<‡r=Úzonescsi|]}|ˆ |¡“qSr!)Úget_policy_object)r;Zpolicyr3r!r"r<ˆr=ÚpoliciesÚconfZFirewallBackend)Ú get_ipsetsÚget_helpersÚ get_icmptypesÚget_servicesÚ get_zonesÚget_policy_objectsr0Úget)rÚ conf_dictr!r3r"Úget_all_io_objects_dict~sz&FirewallConfig.get_all_io_objects_dict)Úextra_io_objectsc Csn| ¡}|D] }||D]}||||j<qqgd¢}|D].}||}| ¡D]\}} | | ¡|¡qNq:dS)N)r>rArCrErHrJ)rTÚnameÚitemsZcheck_config_dictÚexport_config_dict) rrUZall_io_objectsZtype_keyÚobjÚorderZio_obj_typeZio_objsrVZio_objr!r!r"Úfull_check_configsz FirewallConfig.full_check_configcCs|jj ¡Sr)rrJZquery_lockdownr3r!r!r"Úlockdown_enabled szFirewallConfig.lockdown_enabledcCs|jj ||¡Sr)rrJÚaccess_check)rÚkeyÚvaluer!r!r"r]£szFirewallConfig.access_checkcCs ||_dSr©r0)rrKr!r!r"Úset_firewalld_conf¨sz!FirewallConfig.set_firewalld_confcCs|jSrr`r3r!r!r"Úget_firewalld_conf«sz!FirewallConfig.get_firewalld_confcCs(tj tj¡s|j ¡n |j ¡dSr)ÚosÚpathÚexistsrZFIREWALLD_CONFr0ÚclearÚreadr3r!r!r"Úupdate_firewalld_conf®sz$FirewallConfig.update_firewalld_confcCsÄ|j|j|j|j|j|jg}|D]Š}t |¡}|D]v}||}tj |j|j ¡}zt |d|¡Wn<t y }z$t d||¡t |¡WYd}~n d}~00||=q2q |j ¡|j ¡dS)Nú%s.oldúBackup of file '%s' failed: %s)r(r5r%r'r)r&ÚcopyrcrdÚjoinÚfilenameÚshutilÚmoveÚ ExceptionrÚerrorÚremover0Úset_defaultsÚwrite)rrZZio_obj_dictZ dict_copyZobj_namerYrVÚmsgr!r!r"Úreset_defaults´s þ zFirewallConfig.reset_defaultscCs ||_dSr©r1)rrJr!r!r"Úset_policiesÉszFirewallConfig.set_policiescCs|jSrrwr3r!r!r"Úget_policiesÌszFirewallConfig.get_policiescCs,tj tj¡s|jj ¡n|jj ¡dSr) rcrdrerZLOCKDOWN_WHITELISTr1Zlockdown_whitelistr8rgr3r!r!r"Úupdate_lockdown_whitelistÏsz(FirewallConfig.update_lockdown_whitelistcCs ||_dSr©r2)rZdirectr!r!r"Ú set_direct×szFirewallConfig.set_directcCs|jSrr{r3r!r!r"Ú get_directÚszFirewallConfig.get_directcCs(tj tj¡s|j ¡n |j ¡dSr)rcrdrerZFIREWALLD_DIRECTr2r8rgr3r!r!r"Ú update_directÝszFirewallConfig.update_directcCs$ttt|j ¡ƒt|j ¡ƒƒƒSr)ÚsortedÚsetr6r%r7r*r3r!r!r"rLåsÿzFirewallConfig.get_ipsetscCs$|jr||j|j<n||j|j<dSr)Úbuiltinr*rVr%©rrYr!r!r"Ú add_ipsetészFirewallConfig.add_ipsetcCs8||jvr|j|S||jvr(|j|Sttj|ƒ‚dSr)r%r*rrÚ INVALID_IPSET©rrVr!r!r"r:ïs zFirewallConfig.get_ipsetcCst|j|jvrttj|jƒ‚nB|j|j|kr@ttjd|jƒ‚n|j|jvr^ttjd|jƒ‚| |¡|j|jS)Nzself._ipsets[%s] != objz'%s' not a built-in ipset)rVr%rrÚNO_DEFAULTSr*Ú _remove_ipsetr‚r!r!r"Úload_ipset_defaultsösÿÿ z"FirewallConfig.load_ipset_defaultscCs| ¡Sr©Ú export_configr‚r!r!r"Úget_ipset_configszFirewallConfig.get_ipset_configcCsft |¡}|jr0tj|_d|_|j|jkr0d|_| || ¡¡| d|gi¡| |¡t |ƒ|S)NFr>)rkrrÚETC_FIREWALLD_IPSETSrdÚdefaultÚ import_configrTr[rƒr©rrYrKr9r!r!r"Úset_ipset_configs zFirewallConfig.set_ipset_configcCsŽ||jvs||jvr$ttjd|ƒ‚tƒ}| |¡||_d||_t j |_d|_d|_ | || ¡¡| d|gi¡| |¡t|ƒ|S)Nznew_ipset(): '%s'ú%s.xmlFTr>)r%r*rrÚ NAME_CONFLICTrÚ check_namerVrmrrŒrdrrrŽrTr[rƒr©rrVrKr9r!r!r"Ú new_ipsets ÿ zFirewallConfig.new_ipsetc CsÖtj |¡}tj |¡}tj |¡sÖ|tjkrˆ|j ¡D]L}|j|}|j |kr8|j|=|j |jvrxd|j|j fSd|fSq8nJ|j ¡D]>}|j|}|j |kr’|j|=|j |jvrÊd|fSdSq’dSt d|¡zt||ƒ}Wn6ty&}zt d||¡WYd}~dSd}~00|j |jvrV|j |jvrV| |¡d|fS|tjkr”|j |jvrŒ|j|j j|_||j|j <d|fS|j |jvrÒ|j|j =||j|j <|j |jvrÎd|fSdSdS)NÚupdaterr©NNzLoading ipset file '%s'z"Failed to load ipset file '%s': %sÚnew)rcrdÚbasenameÚdirnamererrŒr%r7rmrVr*rÚdebug1rrprqrƒr©rrVrmrdr9rYrur!r!r"Úupdate_ipset_from_path'sP z%FirewallConfig.update_ipset_from_pathc Cs®|j|jvrttj|jƒ‚|jtjkr>ttjd|jtjfƒ‚d|j|jf}zt |d|¡Wn<tyž}z$t d||¡t |¡WYd}~n d}~00|j|j=dS©Nz'%s' != '%s'ú %s/%s.xmlrirj)rVr%rrr„rdrrŒÚINVALID_DIRECTORYrnrorprrqrcrr©rrYrVrur!r!r"r‡lsÿÿ zFirewallConfig._remove_ipsetcCs"|js|jsttjd|jƒ‚dS)Nz'%s' is built-in ipset)rrrrZ BUILTIN_IPSETrVr‚r!r!r"Úcheck_builtin_ipset}sÿz"FirewallConfig.check_builtin_ipsetcCs| |¡| |¡dSr)r¢r‡r‚r!r!r"Úremove_ipset‚s zFirewallConfig.remove_ipsetcCs$| |¡| ||¡}| |¡|Sr)r¢Ú_copy_ipsetr‡)rrYrVr•r!r!r"Úrename_ipset†s zFirewallConfig.rename_ipsetcCs| || ¡¡Sr)r•rŠ©rrYrVr!r!r"r¤ŒszFirewallConfig._copy_ipsetcCs$ttt|j ¡ƒt|j ¡ƒƒƒSr)rr€r6r&r7r+r3r!r!r"rN‘sÿzFirewallConfig.get_icmptypescCs$|jr||j|j<n||j|j<dSr)rr+rVr&r‚r!r!r"Úadd_icmptype•szFirewallConfig.add_icmptypecCs8||jvr|j|S||jvr(|j|Sttj|ƒ‚dSr)r&r+rrÚINVALID_ICMPTYPEr…r!r!r"rB›s zFirewallConfig.get_icmptypecCst|j|jvrttj|jƒ‚nB|j|j|kr@ttjd|jƒ‚n|j|jvr^ttjd|jƒ‚| |¡|j|jS)Nzself._icmptypes[%s] != objz'%s' not a built-in icmptype)rVr&rrr†r+Ú_remove_icmptyper‚r!r!r"Úload_icmptype_defaults¢sÿÿ z%FirewallConfig.load_icmptype_defaultscCs| ¡Srr‰r‚r!r!r"Úget_icmptype_config®sz"FirewallConfig.get_icmptype_configcCsft |¡}|jr0tj|_d|_|j|jkr0d|_| || ¡¡| d|gi¡| |¡t |ƒ|S)NFrC)rkrrÚETC_FIREWALLD_ICMPTYPESrdrrŽrTr[r§r rr!r!r"Úset_icmptype_config±s z"FirewallConfig.set_icmptype_configcCsŽ||jvs||jvr$ttjd|ƒ‚tƒ}| |¡||_d||_t j |_d|_d|_ | || ¡¡| d|gi¡| |¡t|ƒ|S)Nznew_icmptype(): '%s'r‘FTrC)r&r+rrr’rr“rVrmrr¬rdrrrŽrTr[r§r r”r!r!r"Únew_icmptype¿s ÿ zFirewallConfig.new_icmptypec CsÖtj |¡}tj |¡}tj |¡sÖ|tjkrˆ|j ¡D]L}|j|}|j |kr8|j|=|j |jvrxd|j|j fSd|fSq8nJ|j ¡D]>}|j|}|j |kr’|j|=|j |jvrÊd|fSdSq’dSt d|¡zt||ƒ}Wn6ty&}zt d||¡WYd}~dSd}~00|j |jvrV|j |jvrV| |¡d|fS|tjkr”|j |jvrŒ|j|j j|_||j|j <d|fS|j |jvrÒ|j|j =||j|j <|j |jvrÎd|fSdSdS)Nr–rrr—zLoading icmptype file '%s'z%Failed to load icmptype file '%s': %sr˜)rcrdr™ršrerr¬r&r7rmrVr+rr›r rprqr§rrœr!r!r"Úupdate_icmptype_from_pathÓsP z(FirewallConfig.update_icmptype_from_pathc Cs®|j|jvrttj|jƒ‚|jtjkr>ttjd|jtjfƒ‚d|j|jf}zt |d|¡Wn<tyž}z$t d||¡t |¡WYd}~n d}~00|j|j=dSrž)rVr&rrr¨rdrr¬r rnrorprrqrcrrr¡r!r!r"r©s ÿÿ zFirewallConfig._remove_icmptypecCs"|js|jsttjd|jƒ‚dS)Nz'%s' is built-in icmp type)rrrrZBUILTIN_ICMPTYPErVr‚r!r!r"Úcheck_builtin_icmptype)sÿz%FirewallConfig.check_builtin_icmptypecCs| |¡| |¡dSr)r°r©r‚r!r!r"Úremove_icmptype.s zFirewallConfig.remove_icmptypecCs$| |¡| ||¡}| |¡|Sr)r°Ú_copy_icmptyper©)rrYrVr®r!r!r"Úrename_icmptype2s zFirewallConfig.rename_icmptypecCs| || ¡¡Sr)r®rŠr¦r!r!r"r²8szFirewallConfig._copy_icmptypecCs$ttt|j ¡ƒt|j ¡ƒƒƒSr)rr€r6r'r7r,r3r!r!r"rO=sÿzFirewallConfig.get_servicescCs$|jr||j|j<n||j|j<dSr)rr,rVr'r‚r!r!r"Úadd_serviceAszFirewallConfig.add_servicecCs<||jvr|j|S||jvr(|j|Sttjd|ƒ‚dS)Nzget_service(): '%s')r'r,rrÚINVALID_SERVICEr…r!r!r"rDGs zFirewallConfig.get_servicecCst|j|jvrttj|jƒ‚nB|j|j|kr@ttjd|jƒ‚n|j|jvr^ttjd|jƒ‚| |¡|j|jS)Nzself._services[%s] != objz'%s' not a built-in service)rVr'rrr†r,Ú_remove_servicer‚r!r!r"Úload_service_defaultsNsÿÿ z$FirewallConfig.load_service_defaultsc Csn| ¡}g}tdƒD]P}|j|d|vrL| t t||j|dƒ¡¡q| ||j|d¡qt|ƒS)Nér©rXÚrangeÚIMPORT_EXPORT_STRUCTUREÚappendrkÚdeepcopyÚgetattrÚtuple©rrYrSZ conf_listÚir!r!r"Úget_service_configZs"z!FirewallConfig.get_service_configcCs| ¡Sr©rXr‚r!r!r"Úget_service_config_dictfsz&FirewallConfig.get_service_config_dictcCs4i}t|ƒD]\}}|||j|d<q| ||¡S©Nr)Ú enumerater»Úset_service_config_dict©rrYrKrSrÁr_r!r!r"Úset_service_configisz!FirewallConfig.set_service_configcCsft |¡}|jr0tj|_d|_|j|jkr0d|_| || ¡¡| d|gi¡| |¡t |ƒ|S)NFrE)rkrrÚETC_FIREWALLD_SERVICESrdrÚimport_config_dictrTr[r´r rr!r!r"rÇps z&FirewallConfig.set_service_config_dictcCsX||jvs||jvr$ttjd|ƒ‚i}t|ƒD]\}}||tj|d<q0| ||¡S)Núnew_service(): '%s'r) r'r,rrr’rÆrr»Únew_service_dict©rrVrKrSrÁr_r!r!r"Únew_service~sÿzFirewallConfig.new_servicecCsŽ||jvs||jvr$ttjd|ƒ‚tƒ}| |¡||_d||_t j |_d|_d|_ | || ¡¡| d|gi¡| |¡t|ƒ|S)NrÌr‘FTrE)r'r,rrr’rr“rVrmrrÊrdrrrËrTr[r´r r”r!r!r"rÍ‰s ÿ zFirewallConfig.new_service_dictc CsÖtj |¡}tj |¡}tj |¡sÖ|tjkrˆ|j ¡D]L}|j|}|j |kr8|j|=|j |jvrxd|j|j fSd|fSq8nJ|j ¡D]>}|j|}|j |kr’|j|=|j |jvrÊd|fSdSq’dSt d|¡zt||ƒ}Wn6ty&}zt d||¡WYd}~dSd}~00|j |jvrV|j |jvrV| |¡d|fS|tjkr”|j |jvrŒ|j|j j|_||j|j <d|fS|j |jvrÒ|j|j =||j|j <|j |jvrÎd|fSdSdS)Nr–rrr—zLoading service file '%s'z$Failed to load service file '%s': %sr˜)rcrdr™ršrerrÊr'r7rmrVr,rr›rrprqr´rrœr!r!r"Úupdate_service_from_pathsP z'FirewallConfig.update_service_from_pathc Cs®|j|jvrttj|jƒ‚|jtjkr>ttjd|jtjfƒ‚d|j|jf}zt |d|¡Wn<tyž}z$t d||¡t |¡WYd}~n d}~00|j|j=dSrž)rVr'rrrµrdrrÊr rnrorprrqrcrrr¡r!r!r"r¶âs ÿÿ zFirewallConfig._remove_servicecCs"|js|jsttjd|jƒ‚dS)Nz'%s' is built-in service)rrrrZBUILTIN_SERVICErVr‚r!r!r"Úcheck_builtin_serviceósÿz$FirewallConfig.check_builtin_servicecCs| |¡| |¡dSr)rÑr¶r‚r!r!r"Úremove_serviceøs zFirewallConfig.remove_servicecCs$| |¡| ||¡}| |¡|Sr)rÑÚ _copy_servicer¶)rrYrVrÏr!r!r"Úrename_serviceüs zFirewallConfig.rename_servicecCs| || ¡¡Sr)rÍrXr¦r!r!r"rÓszFirewallConfig._copy_servicecCs$ttt|j ¡ƒt|j ¡ƒƒƒSr)rr€r6r(r7r-r3r!r!r"rPsÿzFirewallConfig.get_zonescCs$|jr||j|j<n||j|j<dSr)rr-rVr(r‚r!r!r"Úadd_zoneszFirewallConfig.add_zonecCs(||jvr|j|=||jvr$|j|=dSr)r-r(r…r!r!r"Úforget_zones zFirewallConfig.forget_zonecCs<||jvr|j|S||jvr(|j|Sttjd|ƒ‚dS)Nzget_zone(): %s)r(r-rrÚINVALID_ZONEr…r!r!r"rFs zFirewallConfig.get_zonecCst|j|jvrttj|jƒ‚nB|j|j|kr@ttjd|jƒ‚n|j|jvr^ttjd|jƒ‚| |¡|j|jS)Nzself._zones[%s] != objz'%s' not a built-in zone)rVr(rrr†r-Ú_remove_zoner‚r!r!r"Úload_zone_defaultssÿÿ z!FirewallConfig.load_zone_defaultsc Csn| ¡}g}tdƒD]P}|j|d|vrL| t t||j|dƒ¡¡q| ||j|d¡qt|ƒS)Nérr¹rÀr!r!r"Úget_zone_config*s"zFirewallConfig.get_zone_configcCs| ¡SrrÃr‚r!r!r"Úget_zone_config_dict6sz#FirewallConfig.get_zone_config_dictcCs4i}t|ƒD]\}}|||j|d<q| ||¡SrÅ)rÆr»Úset_zone_config_dictrÈr!r!r"Úset_zone_config9szFirewallConfig.set_zone_configcCsft |¡}|jr0tj|_d|_|j|jkr0d|_| || ¡¡| d|gi¡| |¡t |ƒ|S)NFrH)rkrrÚETC_FIREWALLD_ZONESrdrrËrTr[rÕrrr!r!r"rÝ@s z#FirewallConfig.set_zone_config_dictcCsX||jvs||jvr$ttjd|ƒ‚i}t|ƒD]\}}||tj|d<q0| ||¡S)Núnew_zone(): '%s'r) r(r-rrr’rÆrr»Ú new_zone_dictrÎr!r!r"Únew_zoneNszFirewallConfig.new_zonecCsŽ||jvs||jvr$ttjd|ƒ‚tƒ}| |¡||_d||_t j |_d|_d|_ | || ¡¡| d|gi¡| |¡t|ƒ|S)Nràr‘FTrH)r(r-rrr’rr“rVrmrrßrdrrrËrTr[rÕrr”r!r!r"ráXs zFirewallConfig.new_zone_dictc Cs"tj |¡}tj |¡}tj |¡sØ| tj¡rŠ|j ¡D]L}|j|}|j |kr:|j|=|j|jvrzd|j|jfSd|fSq:nJ|j ¡D]>}|j|}|j |kr”|j|=|j|jvrÌd|fSdSq”dSt d|¡zt||ƒ}Wn6ty(}zt d||¡WYd}~dSd}~00| tj¡rrt|ƒttjƒkrrdtj |¡tj |¡dd…f|_|j|jvr |j|jvr | |¡d |fS| tj¡rà|j|jvrØ|j|jj|_||j|j<d|fS|j|jvr|j|j=||j|j<|j|jvrd|fSdSdS) Nr–rrr—zLoading zone file '%s'z!Failed to load zone file '%s': %sú%s/%sréüÿÿÿr˜)rcrdr™ršreÚ startswithrrßr(r7rmrVr-rr›rrprqÚlenrÕrrœr!r!r"Úupdate_zone_from_pathks\ ÿÿ z$FirewallConfig.update_zone_from_pathc Cs°|j|jvrttj|jƒ‚|j tj¡s@ttj d|jtjfƒ‚d|j|jf}zt |d|¡Wn<ty }z$t d||¡t |¡WYd}~n d}~00|j|j=dS©Nz'%s' doesn't start with '%s'rŸrirj)rVr(rrr×rdrårrßr rnrorprrqrcrrr¡r!r!r"rØ¶s ÿÿ zFirewallConfig._remove_zonecCs"|js|jsttjd|jƒ‚dS)Nz'%s' is built-in zone)rrrrZBUILTIN_ZONErVr‚r!r!r"Úcheck_builtin_zoneÇsÿz!FirewallConfig.check_builtin_zonecCs| |¡| |¡dSr)rérØr‚r!r!r"Úremove_zoneÌs zFirewallConfig.remove_zonecCsN| |¡| ¡}| |¡z| ||¡}Wn| |j|¡‚Yn0|Sr)rérXrØrárV)rrYrVZobj_confrâr!r!r"Úrename_zoneÐs zFirewallConfig.rename_zonecCs$ttt|j ¡ƒt|j ¡ƒƒƒSr)rr€r6r5r7r/r3r!r!r"rQÞsÿz!FirewallConfig.get_policy_objectscCs$|jr||j|j<n||j|j<dSr)rr/rVr5r‚r!r!r"Úadd_policy_objectâsz FirewallConfig.add_policy_objectcCs<||jvr|j|S||jvr(|j|Sttjd|ƒ‚dS)Nzget_policy_object(): %s)r5r/rrÚINVALID_POLICYr…r!r!r"rIès z FirewallConfig.get_policy_objectcCst|j|jvrttj|jƒ‚nB|j|j|kr@ttjd|jƒ‚n|j|jvr^ttjd|jƒ‚| |¡|j|jS)Nzself._policy_objects[%s] != objz'%s' not a built-in policy)rVr5rrr†r/Ú_remove_policy_objectr‚r!r!r"Úload_policy_object_defaultsïsÿÿ z*FirewallConfig.load_policy_object_defaultscCs| ¡SrrÃr‚r!r!r"Úget_policy_object_config_dictûsz,FirewallConfig.get_policy_object_config_dictcCsft |¡}|jr0tj|_d|_|j|jkr0d|_| || ¡¡| d|gi¡| |¡t |ƒ|S)NFrJ)rkrrÚETC_FIREWALLD_POLICIESrdrrËrTr[rìrrr!r!r"Úset_policy_object_config_dictþs z,FirewallConfig.set_policy_object_config_dictcCsŽ||jvs||jvr$ttjd|ƒ‚tƒ}| |¡||_d||_t j |_d|_d|_ | || ¡¡| d|gi¡| |¡t|ƒ|S)Nznew_policy_object(): '%s'r‘FTrJ)r5r/rrr’rr“rVrmrrñrdrrrËrTr[rìrr”r!r!r"Únew_policy_object_dicts z%FirewallConfig.new_policy_object_dictc Cs"tj |¡}tj |¡}tj |¡sØ| tj¡rŠ|j ¡D]L}|j|}|j |kr:|j|=|j|jvrzd|j|jfSd|fSq:nJ|j ¡D]>}|j|}|j |kr”|j|=|j|jvrÌd|fSdSq”dSt d|¡zt||ƒ}Wn6ty(}zt d||¡WYd}~dSd}~00| tj¡rrt|ƒttjƒkrrdtj |¡tj |¡dd…f|_|j|jvr |j|jvr | |¡d |fS| tj¡rà|j|jvrØ|j|jj|_||j|j<d|fS|j|jvr|j|j=||j|j<|j|jvrd|fSdSdS) Nr–rrr—zLoading policy file '%s'z#Failed to load policy file '%s': %srãrrär˜)rcrdr™ršrerårrñr5r7rmrVr/rr›rrprqrærìrrœr!r!r"Úupdate_policy_object_from_paths\ ÿÿ z-FirewallConfig.update_policy_object_from_pathc Cs°|j|jvrttj|jƒ‚|j tj¡s@ttj d|jtjfƒ‚d|j|jf}zt |d|¡Wn<ty }z$t d||¡t |¡WYd}~n d}~00|j|j=dSrè)rVr5rrrírdrårrñr rnrorprrqrcrrr¡r!r!r"rîjs ÿÿ z$FirewallConfig._remove_policy_objectcCs"|js|jsttjd|jƒ‚dS)Nz'%s' is built-in policy)rrrrZBUILTIN_POLICYrVr‚r!r!r"Úcheck_builtin_policy_object{sÿz*FirewallConfig.check_builtin_policy_objectcCs| |¡| |¡dSr)rõrîr‚r!r!r"Úremove_policy_object€s z#FirewallConfig.remove_policy_objectcCs$| |¡| ||¡}| |¡|Sr)rõÚ_copy_policy_objectrî)rrYrVZnew_policy_objectr!r!r"Úrename_policy_object„s z#FirewallConfig.rename_policy_objectcCs| || ¡¡Sr)rórXr¦r!r!r"r÷Šsz"FirewallConfig._copy_policy_objectcCs$ttt|j ¡ƒt|j ¡ƒƒƒSr)rr€r6r)r7r.r3r!r!r"rMsÿzFirewallConfig.get_helperscCs$|jr||j|j<n||j|j<dSr)rr.rVr)r‚r!r!r"Ú add_helper“szFirewallConfig.add_helpercCs8||jvr|j|S||jvr(|j|Sttj|ƒ‚dSr)r)r.rrÚINVALID_HELPERr…r!r!r"r?™s zFirewallConfig.get_helpercCst|j|jvrttj|jƒ‚nB|j|j|kr@ttjd|jƒ‚n|j|jvr^ttjd|jƒ‚| |¡|j|jS)Nzself._helpers[%s] != objz'%s' not a built-in helper)rVr)rrr†r.Ú_remove_helperr‚r!r!r"Úload_helper_defaults sÿÿ z#FirewallConfig.load_helper_defaultscCs| ¡Srr‰r‚r!r!r"Úget_helper_config¬sz FirewallConfig.get_helper_configcCsft |¡}|jr0tj|_d|_|j|jkr0d|_| || ¡¡| d|gi¡| |¡t |ƒ|S)NFrA)rkrrÚETC_FIREWALLD_HELPERSrdrrŽrTr[rùrrr!r!r"Úset_helper_config¯s z FirewallConfig.set_helper_configcCsŽ||jvs||jvr$ttjd|ƒ‚tƒ}| |¡||_d||_t j |_d|_d|_ | || ¡¡| d|gi¡| |¡t|ƒ|S)Nznew_helper(): '%s'r‘FTrA)r)r.rrr’rr“rVrmrrþrdrrrŽrTr[rùrr”r!r!r"Ú new_helper½s ÿ zFirewallConfig.new_helperc CsÖtj |¡}tj |¡}tj |¡sÖ|tjkrˆ|j ¡D]L}|j|}|j |kr8|j|=|j |jvrxd|j|j fSd|fSq8nJ|j ¡D]>}|j|}|j |kr’|j|=|j |jvrÊd|fSdSq’dSt d|¡zt||ƒ}Wn6ty&}zt d||¡WYd}~dSd}~00|j |jvrV|j |jvrV| |¡d|fS|tjkr”|j |jvrŒ|j|j j|_||j|j <d|fS|j |jvrÒ|j|j =||j|j <|j |jvrÎd|fSdSdS)Nr–rrr—zLoading helper file '%s'z#Failed to load helper file '%s': %sr˜)rcrdr™ršrerrþr)r7rmrVr.rr›rrprqrùrrœr!r!r"Úupdate_helper_from_pathÑsP z&FirewallConfig.update_helper_from_pathc Cs®|j|jvrttj|jƒ‚|jtjkr>ttjd|jtjfƒ‚d|j|jf}zt |d|¡Wn<tyž}z$t d||¡t |¡WYd}~n d}~00|j|j=dSrž)rVr)rrrúrdrrþr rnrorprrqrcrrr¡r!r!r"rûsÿÿ zFirewallConfig._remove_helpercCs"|js|jsttjd|jƒ‚dS)Nz'%s' is built-in helper)rrrrZBUILTIN_HELPERrVr‚r!r!r"Úcheck_builtin_helper'sÿz#FirewallConfig.check_builtin_helpercCs| |¡| |¡dSr)rrûr‚r!r!r"Ú remove_helper,s zFirewallConfig.remove_helpercCs$| |¡| ||¡}| |¡|Sr)rÚ_copy_helperrû)rrYrVrr!r!r"Ú rename_helper0s zFirewallConfig.rename_helpercCs| || ¡¡Sr)rrŠr¦r!r!r"r6szFirewallConfig._copy_helperN)mÚ__name__Ú __module__Ú__qualname__r#r4rr8rTrÚstrrrr[r\r]rarbrhrvrxryrzr|r}r~rLrƒr:rˆr‹rr•rr‡r¢r£r¥r¤rNr§rBrªr«rr®r¯r©r°r±r³r²rOr´rDr·rÂrÄrÉrÇrÏrÍrÐr¶rÑrÒrÔrÓrPrÕrÖrFrÙrÛrÜrÞrÝrârárçrØrérêrërQrìrIrïrðròrórôrîrõrörør÷rMrùr?rürýrÿrrrûrrrrr!r!r!r"r)sÌ 5EEE KKE)+Ú__all__rkrcZos.pathrnÚtypingrrZfirewallrZfirewall.core.loggerrZfirewall.core.io.io_objectrZfirewall.core.io.icmptyperr r Zfirewall.core.io.servicerrr Zfirewall.core.io.zonerrrZfirewall.core.io.ipsetrrrZfirewall.core.io.helperrrrZfirewall.core.io.policyrrrrZfirewall.errorsrÚobjectrr!r!r!r"Ús"