HEX
Server: LiteSpeed
System: Linux php-prod-1.spaceapp.ru 5.15.0-157-generic #167-Ubuntu SMP Wed Sep 17 21:35:53 UTC 2025 x86_64
User: xnsbb3110 (1041)
PHP: 8.1.33
Disabled: NONE
$ pwd: /usr/lib/python3/dist-packages/firewall/server/__pycache__/
Upload Files
File: //usr/lib/python3/dist-packages/firewall/server/__pycache__/firewalld.cpython-310.pyc
o

bhAb���@sBdgZddlmZddlZddlZddlZddlmZddlm	Z	ddl
mZddlm
Z
ddlmZdd	lmZmZdd
lmZmZmZmZmZmZddlmZddlmZmZmZm Z m!Z!m"Z"m#Z#m$Z$dd
l%m&Z&ddl'm(Z(ddl)m*Z*ddl+m,Z,ddl-m.Z.m/Z/ddl0m1Z1ddlm2Z2ddl3m4Z4Gdd�de�Z5dS)�	FirewallD�)�GLibN)�config)�Firewall)�	Rich_Rule)�log)�FirewallClientZoneSettings)�FirewallDBusException�DbusServiceObject)�dbus_handle_exceptions�dbus_service_method�handle_exceptions�dbus_service_method_deprecated�dbus_service_signal_deprecated�dbus_polkit_require_auth)�FirewallDConfig)�dbus_to_python�command_of_sender�context_of_sender�
uid_of_sender�user_of_uid�%dbus_introspection_prepare_properties�!dbus_introspection_add_properties�!dbus_introspection_add_deprecated)�check_on_disk_config)�IPSet)�IcmpType)�Helper)�nm_get_connection_of_interface�nm_set_zone_of_connection)�ifcfg_set_zone_of_interface)�errors)�
FirewallErrorcs� eZdZdZdZ	ejjZ	e	�fdd��Z
dd�Ze	dd��Ze	d	d
��Z
edd��Zed
d��Zedd��Zedd��Zedd��Zeejddd�e�d�dd���Zeejddd�e�d�dd���Zeejj�eejdd �e�d�d!d"����Zejjejd#d$�d%d&��Zeejj�eejdd'�e�d��fd(d)�	���Zeejj�eejj d*d*d�e�d�d+d,����Z!eejj�eejj d*d*d�e�d�d-d.����Z"ej�ejj �ed/d0���Z#eejj�eejj d*d*d�e�d�d1d2����Z$eejj�eejj d*d*d�e�d�d3d4����Z%eejj&�eejj'd*d*d�e�d�d5d6����Z(eejj&�eejj'd*d*d�e�d�d7d8����Z)eejj*�eejj'd*d9d�e�d�d:d;����Z+ejjejj'd*d$�ed<d=���Z,ejjejj'd*d$�ed>d?���Z-eejj&�eejj'dd*d�e�d�d@dA����Z.eejj&�eejj'dd*d�e�d�dBdC����Z/eejj*�eejj'dd9d�e�d�dDdE����Z0eejj*�eejj'd*dFd�e�d�dGdH����Z1ejjejj'dd$�edIdJ���Z2ejjejj'dd$�edKdL���Z3eejj&�eejj'dMd*d�e�d�dNdO����Z4eejj&�eejj'dMd*d�e�d�dPdQ����Z5eejj*�eejj'dMd9d�e�d�dRdS����Z6eejj*�eejj'd*dTd�e�d�dUdV����Z7ejjejj'dMd$�edWdX���Z8ejjejj'dMd$�edYdZ���Z9eejj&�eejj'dd*d�e�d�d[d\����Z:eejj&�eejj'dd*d�e�d�d]d^����Z;eejj*�eejj'dd9d�e�d�d_d`����Z<eejj*�eejj'd*dFd�e�d�dadb����Z=ejjejj'dd$�edcdd���Z>ejjejj'dd$�ededf���Z?eejj&�eejj'dd*d�e�d�dgdh����Z@eejj&�eejj'dd*d�e�d�didj����ZAeejj*�eejj'dd9d�e�d�dkdl����ZBeejj*�eejj'd*dFd�e�d�dmdn����ZCejjejj'dd$�edodp���ZDejjejj'dd$�edqdr���ZEeejj�eejj d*d*d�e�d�dsdt����ZFeejj�eejj d*d*d�e�d�dudv����ZGeejj�eejj d*d9d�e�d�dwdx����ZHejjejj d*d$�edydz���ZIejjejj d*d$�ed{d|���ZJeejjK�eejj dd}d�e�d�d~d����ZLeejjK�eejjMddd�e�d�d�d�����ZNeejjK�eejjMd�d �e�d�d�d�����ZOejjejjMd�d$�ed�d����ZPeejjK�eejjQddd�e�d�d�d�����ZReejjK�eejjQd�d �e�d�d�d�����ZSejjejjQd�d$�ed�d����ZTeejj�eejj d*dFd�e�d�d�d�����ZUeejjK�eejj dd�d�e�d�d�d�����ZVeejjK�eejj ddd�e�d�d�d�����ZWeejj�eejj d*dFd�e�d�d�d�����ZXeejjK�eejj deYjZd�e�d�d�d�����Z[eejjK�eejj d*dd�e�d�d�d�����Z\eejj�eejj dd*d�e�d�d�d�����Z]ejjejj dd$�ed�d����Z^eejjK�eejj d*dd�e�d�d�d�����Z_eejj�eejj dd*d�e�d�d�d�����Z`ejjejj dd$�ed�d����Zaeejj�eejj d*dd�e�d�d�d�����Zbeejj�eejj dd*d�e�d�d�d�����Zcejjejj dd$�ed�d����Zdeejj�eejjQd*dFd�e�d�d�d�����Zeeejj�eejjQd*d�d�e�d�d�d�����Zfeejj�eejjMd*dFd�e�d�d�d�����Zgeejj�eejjMd*d�d�e�d�d�d�����Zheejj�eejjMddd�e�d�d�d�����Zieejj�eejjMddd�e�d�d�d�����ZjeejjK�eejjMdd9d�e�d�d�d�����Zkeejj�eejjMddd�e�d�d�d�����Zleejj�eejjMddd�e�d�d�d�����Zmeejj�eejjMddd�e�d�d�d�����Zneejj�eejjMddd�e�d�d�d�����ZoeejjK�eejjMdd9d�e�d�d�d„���ZpeejjK�eejjMddFd�e�d�d�dĄ���ZqejjejjMdd$�ed�dƄ��ZrejjejjMdd$�ed�dȄ��ZsejjejjMdd$�ed�dʄ��ZtejjejjMdd$�ed�d̄��Zueejj�eejjMddd�e�d�d�d΄���Zveejj�eejjMddd�e�d�d�dЄ���Zweejj�eejjMddd�e�d�d�d҄���ZxeejjK�eejjMdd9d�e�d�d�dԄ���ZyeejjK�eejjMddFd�e�d�d�dք���ZzejjejjMdd$�ed�d؄��Z{ejjejjMdd$�ed�dڄ��Z|ejjejjMdd$�ed�d܄��Z}ed�dބ�Z~eejj�eejjMd�dd�e�d�d�d����Zeejj�eejjMddd�e�d�d�d����Z�eejjK�eejjMdd9d�e�d�d�d����Z�eejjK�eejjMddFd�e�d�d�d����Z�ejjejjMd�d$�ed�d���Z�ejjejjMdd$�ed�d���Z�ed�d��Z�eejj�eejjMd�dd�e�d�d�d����Z�eejj�eejjMddd�e�d�d�d����Z�eejjK�eejjMdd9d�e�d�d�d����Z�eejjK�eejjMddFd�e�d�d�d�����Z�ejjejjMd�d$�ed�d����Z�ejjejjMdd$�ed�d����Z�ed�d���Z�eejj�eejjMd�dd�e�d�d�d�����Z�eejj�eejjMd�dd�e�d��d�d����Z�eejjK�eejjMd�d9d�e�d��d�d����Z�eejjK�eejjMd�dd�e�d��d�d����Z�ejjejjMd�d$�e�d��d�d	���Z�ejjejjMd�d$�e�d
�d���Z�e�d�d
��Z�eejj�eejjMd�dd�e�d��d�d����Z�eejj�eejjMddd�e�d��d�d����Z�eejjK�eejjMdd9d�e�d��d�d����Z�eejjK�eejjMddFd�e�d��d�d����Z�ejjejjMd�d$�e�d��d�d���Z�ejjejjMdd$�e�d�d���Z�e�d�d��Z�eejj�eejjMd�dd�e�d��d�d����Z�eejj�eejjMd�dd�e�d��d�d����Z�eejjK�eejjMd�d9d�e�d��d �d!����Z�eejjK�eejjMd�dd�e�d��d"�d#����Z�ejjejjMd�d$�e�d��d$�d%���Z�ejjejjMd�d$�e�d&�d'���Z�e�d(�d)��Z�eejj�eejjM�d*dd�e�d��d+�d,����Z�eejj�eejjMddd�e�d��d-�d.����Z�eejjK�eejjMdd9d�e�d��d/�d0����Z�ejjejjM�d*d$�e�d��d1�d2���Z�ejjejjMdd$�e�d3�d4���Z�e�d5�d6��Z�eejj�eejjM�d7dd�e	�d��d8�d9����Z�eejj�eejjM�d:dd�e	�d��d;�d<����Z�eejjK�eejjM�d:d9d�e	�d��d=�d>����Z�eejjK�eejjMd�dd�e�d��d?�d@����Z�ejjejjM�d7d$�e�	�d��dA�dB���Z�ejjejjM�d:d$�e�dC�dD���Z�e�dE�dF��Z�eejj�eejjMd�dd�e�d��dG�dH����Z�eejj�eejjMddd�e�d��dI�dJ����Z�eejjK�eejjMdd9d�e�d��dK�dL����Z�eejjK�eejjMddFd�e�d��dM�dN����Z�ejjejjMd�d$�e�d��dO�dP���Z�ejjejjMdd$�e�dQ�dR���Z�eejj�eejjMddd�e�d��dS�dT����Z�eejj�eejjMddd�e�d��dU�dV����Z�eejjK�eejjMdd9d�e�d��dW�dX����Z�ejjejjMdd$�e�dY�dZ���Z�ejjejjMdd$�e�d[�d\���Z�eejj��e�ejj��eejj�d�d*d�e�d��d]�d^�����Z�eejj��e�ejj��eejj�d�d*d�e�d��d_�d`�����Z�eejj��e�ejj��eejj�d�d9d�e�d��da�db�����Z�eejj��e�ejj��eejj�ddFd�e�d��dc�dd�����Z�eejj��e�ejj��eejj�d*�ded�e�d��df�dg�����Z�e�ejj��ejjejj�d�d$�e�dh�di����Z�e�ejj��ejjejj�d�d$�e�dj�dk����Z�eejj��e�ejj��eejj��dld*d�e�d��dm�dn�����Z�eejj��e�ejj��eejj��dld*d�e�d��do�dp�����Z�eejj��e�ejj��eejj�d�d*d�e�d��dq�dr�����Z�eejj��e�ejj��eejj��dld9d�e�d��ds�dt�����Z�eejj��e�ejj��eejj�d��dud�e�d��dv�dw�����Z�eejj��e�ejj��eejj�d*�dxd�e�d��dy�dz�����Z�e�ejj��ejjejj��dld$�e�d{�d|����Z�e�ejj��ejjejj��dld$�e�d}�d~����Z�eejj��e�ejj��eejj��ddd�e�d��d��d������Z�eejj��e�ejj��eejj��dd*d�e�d��d��d������Z�eejj��e�ejj��eejj��dd*d�e�d��d��d������Z�eejj��e�ejj��eejj��dd9d�e�d��d��d������Z�eejj��e�ejj��eejj�d*�d�d�e�d��d��d������Z�eejj��e�ejj��eejj�d*d*d�e�d��d��d������Z�eejj��e�ejj��eejj�d�dd�e�d��d��d������Z�e�ejj��ejjejj��dd$�e�d��d�����Z�e�ejj��ejjejj��dd$�e�d��d�����Z�eejj׃eejj d*d*d�e�d��d��d�����Z�eejj�eejj�dd9d�e�d��d��d�����Z�eejj�eejj�d*dFd�e�d��d��d�����Z�eejjK�eejj�de�jZd�e�d��d��d�����Z�eejj�eejj�dd*d�e�d��d��d�����Z�eejj�eejj�dd*d�e�d��d��d�����Z�eejj�eejj�dd9d�e�d��d��d�����Z�eejj�eejj�ddFd�e�d��d��d�����Z�eejj�eejjِdd �e�d��d��d�����Z�ejjejj�dd$�e�d��d����Z�ejjejj�dd$�e�d��d����Z�eejj�eejj d*dFd�e�d��d��d�����Z�eejjK�eejj de�jZd�e�d��d��d�����Z�Z�S(�rzFirewallD main classTcsdtt|�j|i|��t�|_|d|_|d|_|��t|t	j
j�t|jj	|jt	j
j
�|_	dS)Nr�)�superr�__init__r�fw�busname�path�startrr�dbus�DBUS_INTERFACEr�DBUS_PATH_CONFIG)�self�args�kwargs��	__class__��;/usr/lib/python3/dist-packages/firewall/server/firewalld.pyr%Gs


�zFirewallD.__init__cCs|��dS�N)�stop�r-r2r2r3�__del__RszFirewallD.__del__cCst�d�i|_|j��S)Nzstart())r�debug1�	_timeoutsr&r)r6r2r2r3r)Us

zFirewallD.startcC�t�d�|j��S)Nzstop())rr8r&r5r6r2r2r3r5]s

zFirewallD.stopcCs�|jj��rV|durt�d�dSt��}t||�}|jj�d|�r$dSt	||�}|jj�d|�r3dSt
|�}|jj�d|�rAdSt||�}|jj�d|�rPdStt
jd��dS)Nz&Lockdown not possible, sender not set.�context�uid�user�commandzlockdown is enabled)r&�policies�query_lockdownr�errorr*�	SystemBusr�access_checkrrrr"r!�
ACCESS_DENIED)r-�sender�busr;r<r=r>r2r2r3�accessCheckfs&



�zFirewallD.accessCheckcCs&||jvr
i|j|<||j||<dSr4)r9)r-�zone�x�tagr2r2r3�
addTimeout}s

zFirewallD.addTimeoutcCsD||jvr||j|vr t�|j||�|j||=dSdSdSr4)r9r�
source_remove�r-rHrIr2r2r3�
removeTimeout�s�zFirewallD.removeTimeoutcCsL|jD]}|j|D]}t�|j||�q
|j|��q|j��dSr4)r9rrL�clearrMr2r2r3�cleanup_timeouts�s

zFirewallD.cleanup_timeoutscCsV|dkr
t�tj�S|dkrt�dtjjtjjf�S|dkr't�|j���S|dkr4t�|j�	d��S|dkr@t�
|jjd�S|d	krMt�|j�	d
��S|dkrXt�|jj�S|dkrdt�
|jj
d�S|d
krot�|jj�S|dkrzt�|jj�S|dkr�t�
|jjd�S|dkr�t�d�S|dkr�t�id�S|dkr�t�id�Stj�d|��)N�version�interface_versionz%d.%d�state�IPv4�ipv4�
IPv4ICMPTypes�s�IPv6�ipv6�
IPv6_rpfilter�
IPv6ICMPTypes�BRIDGEr�
IPSetTypes�nf_conntrack_helper_settingF�nf_conntrack_helpers�sas�nf_nat_helpers�Dorg.freedesktop.DBus.Error.InvalidArgs: Property '%s' does not exist)r*�Stringr�VERSION�DBUS_INTERFACE_VERSION�DBUS_INTERFACE_REVISIONr&�	get_state�Boolean�is_ipv_enabled�Array�ipv4_supported_icmp_types�ipv6_rpfilter_enabled�ipv6_supported_icmp_types�ebtables_enabled�
ipset_enabled�ipset_supported_types�
Dictionary�
exceptions�
DBusException)r-�propr2r2r3�
_get_property�sF�
��zFirewallD._get_property�ss�v)�in_signature�
out_signatureNcCsxt|t�}t|t�}t�d||�|tjjkr|�|�S|tjjtjj	tjj
tjjfvr4tj�
d|��tj�
d|��)NzGet('%s', '%s')rb�Jorg.freedesktop.DBus.Error.UnknownInterface: Interface '%s' does not exist)r�strrr8rr*r+ru�DBUS_INTERFACE_ZONE�DBUS_INTERFACE_DIRECT�DBUS_INTERFACE_POLICIES�DBUS_INTERFACE_IPSETrrrs)r-�interface_name�
property_namerEr2r2r3�Get�s(


�����z
FirewallD.GetrWza{sv}cCs�t|t�}t�d|�i}|tjjkr dD]	}|�|�||<qn|tjjtjj	tjj
tjjfvr1ntj�
d|��tj|dd�S)NzGetAll('%s')�rQrRrSrTrXrZr\rr]r^r_rarVr[rz�sv��	signature)rr{rr8rr*r+rur|r}r~rrrrsrq)r-r�rE�retrIr2r2r3�GetAll�s&
����zFirewallD.GetAll�ssv)rxcCs�t|t�}t|t�}t|�}t�d|||�|�|�|tjjkr5|dvr-tj�	d|��tj�	d|��|tjj
tjjtjjtjj
fvrMtj�	d|��tj�	d|��)NzSet('%s', '%s', '%s')r�zGorg.freedesktop.DBus.Error.PropertyReadOnly: Property '%s' is read-onlyrbrz)rr{rr8rGrr*r+rrrsr|r}r~r)r-r�r��	new_valuerEr2r2r3�Set�sD


�
���������z
FirewallD.Setzsa{sv}asr�cCs.t|t�}t|�}t|�}t�d|||�dS)Nz#PropertiesChanged('%s', '%s', '%s'))rr{rr8)r-r��changed_properties�invalidated_propertiesr2r2r3�PropertiesChangeds
�zFirewallD.PropertiesChanged)rycs`t�d�tt|��|j|j���}t||t	j
j�}t	j
jfD]}t
|||t�jt�j�}q|S)NzIntrospect())r�debug2r$r�
Introspectr(r'�get_busrrr*r+r}rr�
deprecatedr)r-rE�data�	interfacer0r2r3r�$s
���zFirewallD.Introspect�cCs*t�d�|j��|j��|��dS)z#Reload the firewall rules.
        zreload()N�rr8r&�reloadr�Reloaded�r-rEr2r2r3r�:s


zFirewallD.reloadcCs,t�d�|j�d�|j��|��dS)z�Completely reload the firewall.

        Completely reload the firewall: Stops firewall, unloads modules and 
        starts the firewall again.
        zcompleteReload()TNr�r�r2r2r3�completeReloadIs


zFirewallD.completeReloadcC�t�d�dS)Nz
Reloaded()�rr8r6r2r2r3r�Y�zFirewallD.ReloadedcCst�d�t|j�dS)z&Check permanent configuration
        zcheckPermanentConfig()N)rr8rr&r�r2r2r3�checkPermanentConfig^s
zFirewallD.checkPermanentConfigcCs~t�d�d}|j��}|jj��D]Y}|�|�}z5||vr?|j�|�}|�	�|kr7t�d|�|�
|�nt�d|�nt�d|�|j�||�Wqtyk}zt�
d||f�d}WYd}~qd}~ww|j��}|jj��D]Y}|�|�}z5||vr�|j�|�}|�	�|kr�t�d	|�|�
|�nt�d
|�nt�d|�|j�||�Wqwty�}zt�
d||f�d}WYd}~qwd}~ww|j��}|jj��D]\}z<|�|�}||v�r|j�|�}|�	�|k�rt�d
|�|�
|�nt�d|�nt�d|�|j�||�Wq�t�y8}zt�
d||f�d}WYd}~q�d}~ww|j��}|jj��D]�}|�|�}t|�}d}	|jjD]}
t�d||
f�|� |
�d}	�qU|�!�D]$}
zt"|
�}|�r�t#||��r�|� |
�d}	W�qmt�y�Y�qmw|	�r�|�$�}|�!�D]}
t%||
��q�z)||v�r�|j�&|�}t�d|�|�'|�nt�d|�|j�(||�W�qDt�y�}zt�
d||f�d}WYd}~�qDd}~ww|j�)�}|jj*�+�D]H}|�,|�}z"||v�r|j�-|�}|�
|�nt�d|�|j�.||�W�q�t�yB}zt�
d||f�d}WYd}~�q�d}~ww|j�/�}|jj0�1�D]^}|�2|�}z8||v�r}|j�3|�}|�	�|k�rut�d|�|�
|�nt�d|�nt�d|�|j�4||�W�qNt�y�}zt�
d||f�d}WYd}~�qNd}~ww|jj5�6�|jj5�7�|jj5�8�f}z|j�	�|k�r�t�d�|j�
|�nt�d�Wnt�y�}zt�
d|�d}WYd}~nd}~ww|jj9j:�;�}z|j�	�|k�rt�d�|j�<|�nt�d�Wnt�y4}zt�
d |�d}WYd}~nd}~ww|�r=t=t>j?��dS)!z-Make runtime configuration permanent
        zcopyRuntimeToPermanent()FzCopying service '%s' settingsz$Service '%s' is identical, ignoring.zCreating service '%s'z/Runtime To Permanent failed on service '%s': %sTNzCopying icmptype '%s' settingsz%IcmpType '%s' is identical, ignoring.zCreating icmptype '%s'z0Runtime To Permanent failed on icmptype '%s': %szCopying ipset '%s' settingsz"IPSet '%s' is identical, ignoring.zCreating ipset '%s'z-Runtime To Permanent failed on ipset '%s': %szEZone '%s': interface binding for '%s' has been added by NM, ignoring.zCopying zone '%s' settingszCreating zone '%s'z,Runtime To Permanent failed on zone '%s': %szCreating policy '%s'z.Runtime To Permanent failed on policy '%s': %szCopying helper '%s' settingsz#Helper '%s' is identical, ignoring.zCreating helper '%s'z.Runtime To Permanent failed on helper '%s': %szCopying direct configurationz,Direct configuration is identical, ignoring.z7Runtime To Permanent failed on direct configuration: %szCopying policies configurationz.Policies configuration is identical, ignoring.z9Runtime To Permanent failed on policies configuration: %s)@rr8r�getServiceNamesr&�service�get_services�getServiceSettings�getServiceByName�getSettings�update�
addService�	Exception�warning�getIcmpTypeNames�icmptype�
get_icmptypes�getIcmpTypeSettings�getIcmpTypeByName�addIcmpType�
getIPSetNames�ipset�
get_ipsets�getIPSetSettings�getIPSetByName�addIPSet�getZoneNamesrH�	get_zones�getZoneSettings2r�_nm_assigned_interfaces�removeInterface�
getInterfacesrr�getSettingsDictr �
getZoneByName�update2�addZone2�getPolicyNames�policy�"get_policies_not_derived_from_zone�getPolicySettings�getPolicyByName�	addPolicy�getHelperNames�helper�get_helpers�getHelperSettings�getHelperByName�	addHelper�direct�get_all_chains�
get_all_rules�get_all_passthroughsr?�lockdown_whitelist�
export_config�setLockdownWhitelistr"r!�RT_TO_PERM_FAILED)r-rErA�config_names�name�conf�conf_obj�e�settings�changedr��
connectionr2r2r3�runtimeToPermanentjsr


�����

�����


�����



��
�����


�����


�����
	

�

����

�����
�zFirewallD.runtimeToPermanentcC�,t�d�|�|�|jj��|��dS)z!Enable lockdown policies
        zpolicies.enableLockdown()N)rr8rGr&r?�enable_lockdown�LockdownEnabledr�r2r2r3�enableLockdown4�

zFirewallD.enableLockdowncCr�)z"Disable lockdown policies
        zpolicies.disableLockdown()N)rr8rGr&r?�disable_lockdown�LockdownDisabledr�r2r2r3�disableLockdown@r�zFirewallD.disableLockdown�bcC�t�d�|jj��S)z+Retuns True if lockdown is enabled
        zpolicies.queryLockdown())rr8r&r?r@r�r2r2r3�
queryLockdownLs
zFirewallD.queryLockdowncCr�)NzLockdownEnabled()r�r6r2r2r3r�Wr�zFirewallD.LockdownEnabledcCr�)NzLockdownDisabled()r�r6r2r2r3r�\r�zFirewallD.LockdownDisabledcC�@t|t�}t�d|�|�|�|jjj�|�|�	|�dS)�Add lockdown command
        z*policies.addLockdownWhitelistCommand('%s')N)
rr{rr8rGr&r?r��add_command�LockdownWhitelistCommandAdded�r-r>rEr2r2r3�addLockdownWhitelistCommande�


z%FirewallD.addLockdownWhitelistCommandcCr�)z Remove lockdown command
        z-policies.removeLockdownWhitelistCommand('%s')N)
rr{rr8rGr&r?r��remove_command�LockdownWhitelistCommandRemovedr�r2r2r3�removeLockdownWhitelistCommandrr�z(FirewallD.removeLockdownWhitelistCommandcC�(t|t�}t�d|�|jjj�|�S)zQuery lockdown command
        z,policies.queryLockdownWhitelistCommand('%s'))rr{rr8r&r?r��has_commandr�r2r2r3�queryLockdownWhitelistCommand�
z'FirewallD.queryLockdownWhitelistCommand�ascC�t�d�|jjj��S)r�z'policies.getLockdownWhitelistCommands())rr8r&r?r��get_commandsr�r2r2r3�getLockdownWhitelistCommands��
z&FirewallD.getLockdownWhitelistCommandscC�t�d|�dS)Nz#LockdownWhitelistCommandAdded('%s')r��r-r>r2r2r3r���z'FirewallD.LockdownWhitelistCommandAddedcCr�)Nz%LockdownWhitelistCommandRemoved('%s')r�r�r2r2r3r��r�z)FirewallD.LockdownWhitelistCommandRemoved�icCr�)�Add lockdown uid
        z&policies.addLockdownWhitelistUid('%s')N)
r�intrr8rGr&r?r��add_uid�LockdownWhitelistUidAdded�r-r<rEr2r2r3�addLockdownWhitelistUid�r�z!FirewallD.addLockdownWhitelistUidcCr�)zRemove lockdown uid
        z)policies.removeLockdownWhitelistUid('%s')N)
rr�rr8rGr&r?r��
remove_uid�LockdownWhitelistUidRemovedrr2r2r3�removeLockdownWhitelistUid�r�z$FirewallD.removeLockdownWhitelistUidcCr�)zQuery lockdown uid
        z(policies.queryLockdownWhitelistUid('%s'))rr�rr8r&r?r��has_uidrr2r2r3�queryLockdownWhitelistUid�r�z#FirewallD.queryLockdownWhitelistUid�aicCr�)r�z#policies.getLockdownWhitelistUids())rr8r&r?r��get_uidsr�r2r2r3�getLockdownWhitelistUids�r�z"FirewallD.getLockdownWhitelistUidscCr�)NzLockdownWhitelistUidAdded(%d)r��r-r<r2r2r3r�r�z#FirewallD.LockdownWhitelistUidAddedcCr�)NzLockdownWhitelistUidRemoved(%d)r�rr2r2r3r�r�z%FirewallD.LockdownWhitelistUidRemovedcCr�)�Add lockdown user
        z'policies.addLockdownWhitelistUser('%s')N)
rr{rr8rGr&r?r��add_user�LockdownWhitelistUserAdded�r-r=rEr2r2r3�addLockdownWhitelistUser�r�z"FirewallD.addLockdownWhitelistUsercCr�)zRemove lockdown user
        z*policies.removeLockdownWhitelistUser('%s')N)
rr{rr8rGr&r?r��remove_user�LockdownWhitelistUserRemovedrr2r2r3�removeLockdownWhitelistUser�r�z%FirewallD.removeLockdownWhitelistUsercCr�)zQuery lockdown user
        z)policies.queryLockdownWhitelistUser('%s'))rr{rr8r&r?r��has_userrr2r2r3�queryLockdownWhitelistUser�r�z$FirewallD.queryLockdownWhitelistUsercCr�)r
z$policies.getLockdownWhitelistUsers())rr8r&r?r��	get_usersr�r2r2r3�getLockdownWhitelistUsersr�z#FirewallD.getLockdownWhitelistUserscCr�)Nz LockdownWhitelistUserAdded('%s')r��r-r=r2r2r3rr�z$FirewallD.LockdownWhitelistUserAddedcCr�)Nz"LockdownWhitelistUserRemoved('%s')r�rr2r2r3rr�z&FirewallD.LockdownWhitelistUserRemovedcCr�)�Add lockdown context
        z*policies.addLockdownWhitelistContext('%s')N)
rr{rr8rGr&r?r��add_context�LockdownWhitelistContextAdded�r-r;rEr2r2r3�addLockdownWhitelistContextr�z%FirewallD.addLockdownWhitelistContextcCr�)z Remove lockdown context
        z-policies.removeLockdownWhitelistContext('%s')N)
rr{rr8rGr&r?r��remove_context�LockdownWhitelistContextRemovedrr2r2r3�removeLockdownWhitelistContext)r�z(FirewallD.removeLockdownWhitelistContextcCr�)zQuery lockdown context
        z,policies.queryLockdownWhitelistContext('%s'))rr{rr8r&r?r��has_contextrr2r2r3�queryLockdownWhitelistContext6r�z'FirewallD.queryLockdownWhitelistContextcCr�)rz'policies.getLockdownWhitelistContexts())rr8r&r?r��get_contextsr�r2r2r3�getLockdownWhitelistContextsBr�z&FirewallD.getLockdownWhitelistContextscCr�)Nz#LockdownWhitelistContextAdded('%s')r��r-r;r2r2r3rMr�z'FirewallD.LockdownWhitelistContextAddedcCr�)Nz%LockdownWhitelistContextRemoved('%s')r�r&r2r2r3r Rr�z)FirewallD.LockdownWhitelistContextRemovedcC�*t�d�|�|�|j��|��dS)znEnable panic mode.
        
        All ingoing and outgoing connections and packets will be blocked.
        zenablePanicMode()N)rr8rGr&�enable_panic_mode�PanicModeEnabledr�r2r2r3�enablePanicMode[s
	

zFirewallD.enablePanicModecCr')z�Disable panic mode.

        Enables normal mode: Allowed ingoing and outgoing connections 
        will not be blocked anymore
        zdisablePanicMode()N)rr8rGr&�disable_panic_mode�PanicModeDisabledr�r2r2r3�disablePanicModeis



zFirewallD.disablePanicModecCr:)NzqueryPanicMode())rr8r&�query_panic_moder�r2r2r3�queryPanicModex�

zFirewallD.queryPanicModecCr�)NzPanicModeEnabled()r�r6r2r2r3r)�r�zFirewallD.PanicModeEnabledcCr�)NzPanicModeDisabled()r�r6r2r2r3r,�r�zFirewallD.PanicModeDisabledz&(sssbsasa(ss)asba(ssss)asasasasa(ss)b)cC�$t|t�}t�d|�|jj�|�S)NzgetZoneSettings(%s))rr{rr8r&rH�get_config_with_settings�r-rHrEr2r2r3�getZoneSettings�s
zFirewallD.getZoneSettingscCr1)NzgetZoneSettings2(%s))rr{rr8r&rH�get_config_with_settings_dictr3r2r2r3r���
zFirewallD.getZoneSettings2zsa{sv}cC�Ft|t�}t�d|�|�|�|jj�|t|�|�|�||�dS)NzsetZoneSettings2(%s))	rr{rr8rGr&rH�set_config_with_settings_dict�ZoneUpdated)r-rHr�rEr2r2r3�setZoneSettings2��


zFirewallD.setZoneSettings2cC�t�d||f�dS)Nzzone.ZoneUpdated('%s', '%s')r�)r-rHr�r2r2r3r9��zFirewallD.ZoneUpdatedcCr1)Nzpolicy.getPolicySettings(%s))rr{rr8r&r�r5)r-r�rEr2r2r3r��r6zFirewallD.getPolicySettingscCr7)Nzpolicy.setPolicySettings(%s))	rr{rr8rGr&r�r8�
PolicyUpdated)r-r�r�rEr2r2r3�setPolicySettings�r;zFirewallD.setPolicySettingscCr<)Nz policy.PolicyUpdated('%s', '%s')r�)r-r�r�r2r2r3r>�r=zFirewallD.PolicyUpdatedcCr�)NzlistServices())rr8r&r�r�r�r2r2r3�listServices��
zFirewallD.listServicesz(sssa(ss)asa{ss}asa(ss))c	Cs�t|t�}t�d|�|jj�|�}|��}g}td�D](}|j	|d|vr8|�
t�t
||j	|d���q|�
||j	|d�qt|�S)NzgetServiceSettings(%s)�r)rr{rr8r&r��get_service�export_config_dict�range�IMPORT_EXPORT_STRUCTURE�append�copy�deepcopy�getattr�tuple)r-r�rE�obj�	conf_dict�	conf_listr�r2r2r3r��s
"zFirewallD.getServiceSettingscCs,t|t�}t�d|�|jj�|�}|��S)NzgetServiceSettings2(%s))rr{rr8r&r�rCrD)r-r�rErLr2r2r3�getServiceSettings2�s
zFirewallD.getServiceSettings2cCr�)NzlistIcmpTypes())rr8r&r�r�r�r2r2r3�
listIcmpTypes�rAzFirewallD.listIcmpTypescC�(t|t�}t�d|�|jj�|���S)NzgetIcmpTypeSettings(%s))rr{rr8r&r��get_icmptyper�)r-r�rEr2r2r3r���
zFirewallD.getIcmpTypeSettingscCr:)NzgetLogDenied())rr8r&�get_log_deniedr�r2r2r3�getLogDeniedr0zFirewallD.getLogDeniedcCsXt|t�}t�d|�|�|�|j�|�|�|�|j��|j	��|�
�dS)NzsetLogDenied('%s'))rr{rr8rGr&�set_log_denied�LogDeniedChangedr�rr��r-�valuerEr2r2r3�setLogDenieds




zFirewallD.setLogDeniedcCr�)NzLogDeniedChanged('%s')r��r-rYr2r2r3rW$r�zFirewallD.LogDeniedChangedcCst�d�dS)NzgetAutomaticHelpers()�nor�r�r2r2r3�getAutomaticHelpers-s
zFirewallD.getAutomaticHelperscCs&t|t�}t�d|�|�|�dS)NzsetAutomaticHelpers('%s'))rr{rr8rGrXr2r2r3�setAutomaticHelpers8�
zFirewallD.setAutomaticHelperscCr�)NzAutomaticHelpersChanged('%s')r�r[r2r2r3�AutomaticHelpersChangedDr�z!FirewallD.AutomaticHelpersChangedcCr:)NzgetDefaultZone())rr8r&�get_default_zoner�r2r2r3�getDefaultZoneMr0zFirewallD.getDefaultZonecCs<t|t�}t�d|�|�|�|j�|�|�|�dS)NzsetDefaultZone('%s'))rr{rr8rGr&�set_default_zone�DefaultZoneChangedr3r2r2r3�setDefaultZoneVs


zFirewallD.setDefaultZonecCr�)NzDefaultZoneChanged('%s')r��r-rHr2r2r3rdbr�zFirewallD.DefaultZoneChangedcCr�)Nzpolicy.getPolicies())rr8r&r�r�r�r2r2r3�getPoliciesms
zFirewallD.getPoliciesz
a{sa{sas}}cCsXt�d�i}|jj��D]}i||<|jj�|�||d<|jj�|�||d<q
|S)Nzpolicy.getActivePolicies()�
ingress_zones�egress_zones)rr8r&r��)get_active_policies_not_derived_from_zone�list_ingress_zones�list_egress_zones)r-rEr?r�r2r2r3�getActivePoliciesus
zFirewallD.getActivePoliciescCr�)Nzzone.getZones())rr8r&rHr�r�r2r2r3�getZones��
zFirewallD.getZonescCs�t�d�i}|jj��D]6}|jj�|�}|jj�|�}t|�t|�dkrCi||<t|�dkr7|||d<t|�dkrC|||d<q
|S)Nzzone.getActiveZones()r�
interfaces�sources)rr8r&rHr��list_interfaces�list_sources�len)r-rE�zonesrHrprqr2r2r3�getActiveZones�s
�zFirewallD.getActiveZonescC�2t|t�}t�d|�|jj�|�}|r|SdS)z�Return the zone an interface belongs to.

        :Parameters:
            `interface` : str
                Name of the interface
        :Returns: str. The name of the zone.
        zzone.getZoneOfInterface('%s')r�)rr{rr8r&rH�get_zone_of_interface)r-r�rErHr2r2r3�getZoneOfInterface�s
zFirewallD.getZoneOfInterfacecCrw)Nzzone.getZoneOfSource('%s')r�)rr{rr8r&rH�get_zone_of_source)r-�sourcerErHr2r2r3�getZoneOfSource�s
zFirewallD.getZoneOfSourcecC�dS)NFr2r3r2r2r3�isImmutable�szFirewallD.isImmutablecC�Rt|t�}t|t�}t�d||f�|�|�|jj�|||�}|�||�|S)zPAdd an interface to a zone.
        If zone is empty, use default zone.
        zzone.addInterface('%s', '%s'))	rr{rr8rGr&rH�
add_interface�InterfaceAdded�r-rHr�rE�_zoner2r2r3�addInterface��


zFirewallD.addInterfacecCs"t|t�}t|t�}|�|||�S)z�Change a zone an interface is part of.
        If zone is empty, use default zone.

        This function is deprecated, use changeZoneOfInterface instead
        )rr{�changeZoneOfInterface�r-rHr�rEr2r2r3�
changeZone�s


zFirewallD.changeZonecCr)z[Change a zone an interface is part of.
        If zone is empty, use default zone.
        z&zone.changeZoneOfInterface('%s', '%s'))	rr{rr8rGr&rH�change_zone_of_interface�ZoneOfInterfaceChangedr�r2r2r3r��r�zFirewallD.changeZoneOfInterfacecC�Pt|t�}t|t�}t�d||f�|�|�|jj�||�}|�||�|S)zkRemove interface from a zone.
        If zone is empty, remove from zone the interface belongs to.
        z zone.removeInterface('%s', '%s'))	rr{rr8rGr&rH�remove_interface�InterfaceRemovedr�r2r2r3r��


zFirewallD.removeInterfacecC�6t|t�}t|t�}t�d||f�|jj�||�S)z^Return true if an interface is in a zone.
        If zone is empty, use default zone.
        zzone.queryInterface('%s', '%s'))rr{rr8r&rH�query_interfacer�r2r2r3�queryInterface�

zFirewallD.queryInterfacecC�&t|t�}t�d|�|jj�|�S)z]Return the list of interfaces of a zone.
        If zone is empty, use default zone.
        zzone.getInterfaces('%s'))rr{rr8r&rHrrr3r2r2r3r��

zFirewallD.getInterfacescCr<)Nzzone.InterfaceAdded('%s', '%s')r��r-rHr�r2r2r3r�-r=zFirewallD.InterfaceAddedcCst�d||f�dS)z,
        This signal is deprecated.
        zzone.ZoneChanged('%s', '%s')Nr�r�r2r2r3�ZoneChanged2szFirewallD.ZoneChangedcCs"t�d||f�|�||�dS)Nz'zone.ZoneOfInterfaceChanged('%s', '%s'))rr8r�r�r2r2r3r�:s�z FirewallD.ZoneOfInterfaceChangedcCr<)Nz!zone.InterfaceRemoved('%s', '%s')r�r�r2r2r3r�Ar=zFirewallD.InterfaceRemovedcCr)zLAdd a source to a zone.
        If zone is empty, use default zone.
        zzone.addSource('%s', '%s'))	rr{rr8rGr&rH�
add_source�SourceAdded�r-rHr{rEr�r2r2r3�	addSourceJr�zFirewallD.addSourcecCr)zXChange a zone an source is part of.
        If zone is empty, use default zone.
        z#zone.changeZoneOfSource('%s', '%s'))	rr{rr8rGr&rH�change_zone_of_source�ZoneOfSourceChangedr�r2r2r3�changeZoneOfSource[r�zFirewallD.changeZoneOfSourcecCr�)zeRemove source from a zone.
        If zone is empty, remove from zone the source belongs to.
        zzone.removeSource('%s', '%s'))	rr{rr8rGr&rH�
remove_source�
SourceRemovedr�r2r2r3�removeSourcelr�zFirewallD.removeSourcecCr�)z[Return true if an source is in a zone.
        If zone is empty, use default zone.
        zzone.querySource('%s', '%s'))rr{rr8r&rH�query_source)r-rHr{rEr2r2r3�querySource}r�zFirewallD.querySourcecCr�)zZReturn the list of sources of a zone.
        If zone is empty, use default zone.
        zzone.getSources('%s'))rr{rr8r&rHrsr3r2r2r3�
getSources�r�zFirewallD.getSourcescCr<)Nzzone.SourceAdded('%s', '%s')r��r-rHr{r2r2r3r��r=zFirewallD.SourceAddedcCr<)Nz$zone.ZoneOfSourceChanged('%s', '%s')r�r�r2r2r3r��r=zFirewallD.ZoneOfSourceChangedcCr<)Nzzone.SourceRemoved('%s', '%s')r�r�r2r2r3r��r=zFirewallD.SourceRemovedcCsHt�d||f�|j||=t|d�}|jj�||�|�||�dS)Nz%zone.disableTimedRichRule('%s', '%s')��rule_str)rr8r9rr&rH�remove_rule�RichRuleRemoved)r-rH�rulerLr2r2r3�disableTimedRichRule�s

zFirewallD.disableTimedRichRule�ssicCs�t|t�}t|t�}t|t�}t�d||f�t|d�}|jj�|||�}|dkr:t	�
||j||�}|�|||�|�
|||�|S)Nzzone.addRichRule('%s', '%s')r�r)rr{r�rr8rr&rH�add_ruler�timeout_add_secondsr�rK�
RichRuleAdded)r-rHr��timeoutrErLr�rJr2r2r3�addRichRule�s




�zFirewallD.addRichRulecCs\t|t�}t|t�}t�d||f�t|d�}|jj�||�}|�||�|�	||�|S)Nzzone.removeRichRule('%s', '%s')r�)
rr{rr8rr&rHr�rNr�)r-rHr�rErLr�r2r2r3�removeRichRule�s


zFirewallD.removeRichRulecCs@t|t�}t|t�}t�d||f�t|d�}|jj�||�S)Nzzone.queryRichRule('%s', '%s')r�)rr{rr8rr&rH�
query_rule)r-rHr�rErLr2r2r3�
queryRichRule�s



zFirewallD.queryRichRulecCr�)Nzzone.getRichRules('%s'))rr{rr8r&rH�
list_rulesr3r2r2r3�getRichRules��
zFirewallD.getRichRulescC�t�d|||f�dS)Nz"zone.RichRuleAdded('%s', '%s', %d)r�)r-rHr�r�r2r2r3r��szFirewallD.RichRuleAddedcCr<)Nz zone.RichRuleRemoved('%s', '%s')r�)r-rHr�r2r2r3r��r=zFirewallD.RichRuleRemovedcC�>t�d||f�|j||=|jj�||�|�||�dS)Nz$zone.disableTimedService('%s', '%s'))rr8r9r&rH�remove_service�ServiceRemoved�r-rHr�r2r2r3�disableTimedService��zFirewallD.disableTimedServicecCs�t|t�}t|t�}t|t�}t�d|||f�|�|�|jj�||||�}|dkr<t	�
||j||�}|�|||�|�
|||�|S)Nzzone.addService('%s', '%s', %d)r)rr{r�rr8rGr&rH�add_servicerr�r�rK�ServiceAdded)r-rHr�r�rEr�rJr2r2r3r�s




�zFirewallD.addServicecC�\t|t�}t|t�}t�d||f�|�|�|jj�||�}|�||�|�	||�|S)Nzzone.removeService('%s', '%s'))
rr{rr8rGr&rHr�rNr�)r-rHr�rEr�r2r2r3�
removeServices


zFirewallD.removeServicecCr�)Nzzone.queryService('%s', '%s'))rr{rr8r&rH�
query_service)r-rHr�rEr2r2r3�queryService(�

zFirewallD.queryServicecCr�)Nzzone.getServices('%s'))rr{rr8r&rH�
list_servicesr3r2r2r3�getServices3r�zFirewallD.getServicescCr�)Nz!zone.ServiceAdded('%s', '%s', %d)r�)r-rHr�r�r2r2r3r�?�
�zFirewallD.ServiceAddedcCr<)Nzzone.ServiceRemoved('%s', '%s')r�r�r2r2r3r�Er=zFirewallD.ServiceRemovedcCsHt�d|||f�|j|||f=|jj�|||�|�|||�dS)Nz'zone.disableTimedPort('%s', '%s', '%s'))rr8r9r&rH�remove_port�PortRemoved�r-rH�port�protocolr2r2r3�disableTimedPortNs�zFirewallD.disableTimedPort�sssicCs�t|t�}t|t�}t|t�}t|t�}t�d|||f�|�|�|jj�|||||�}|dkrEt	�
||j|||�}|�|||f|�|�
||||�|S)Nzzone.addPort('%s', '%s', '%s')r)rr{r�rr8rGr&rH�add_portrr�r�rK�	PortAdded�r-rHr�r�r�rEr�rJr2r2r3�addPortVs 



�

�zFirewallD.addPort�ssscCspt|t�}t|t�}t|t�}t�d|||f�|�|�|jj�|||�}|�|||f�|�	|||�|S)Nz!zone.removePort('%s', '%s', '%s'))
rr{rr8rGr&rHr�rNr��r-rHr�r�rEr�r2r2r3�
removePortms


�
zFirewallD.removePortcC�Dt|t�}t|t�}t|t�}t�d|||f�|jj�|||�S)Nz zone.queryPort('%s', '%s', '%s'))rr{rr8r&rH�
query_port�r-rHr�r�rEr2r2r3�	queryPorts



zFirewallD.queryPort�aascCr�)Nzzone.getPorts('%s'))rr{rr8r&rH�
list_portsr3r2r2r3�getPorts�r�zFirewallD.getPortsrcC�t�d||||f�dS)Nz$zone.PortAdded('%s', '%s', '%s', %d)r��r-rHr�r�r�r2r2r3r���

�zFirewallD.PortAddedcCr�)Nz"zone.PortRemoved('%s', '%s', '%s')r�r�r2r2r3r��r�zFirewallD.PortRemovedcCr�)Nz%zone.disableTimedProtocol('%s', '%s'))rr8r9r&rH�remove_protocol�ProtocolRemoved�r-rHr�r2r2r3�disableTimedProtocol�r�zFirewallD.disableTimedProtocolcCs�t|t�}t|t�}t|t�}t�d||f�|�|�|jj�||||�}|dkr;t	�
||j||�}|�|||�|�
|||�|S)Nzzone.enableProtocol('%s', '%s')r)rr{r�rr8rGr&rH�add_protocolrr�r�rK�
ProtocolAdded)r-rHr�r�rEr�rJr2r2r3�addProtocol�s




�zFirewallD.addProtocolcCr�)Nzzone.removeProtocol('%s', '%s'))
rr{rr8rGr&rHr�rNr�)r-rHr�rEr�r2r2r3�removeProtocol��


zFirewallD.removeProtocolcCr�)Nzzone.queryProtocol('%s', '%s'))rr{rr8r&rH�query_protocol)r-rHr�rEr2r2r3�
queryProtocol�r�zFirewallD.queryProtocolcCr�)Nzzone.getProtocols('%s'))rr{rr8r&rH�list_protocolsr3r2r2r3�getProtocols�r�zFirewallD.getProtocolscCr�)Nz"zone.ProtocolAdded('%s', '%s', %d)r�)r-rHr�r�r2r2r3r��r�zFirewallD.ProtocolAddedcCr<)Nz zone.ProtocolRemoved('%s', '%s')r�r�r2r2r3r��r=zFirewallD.ProtocolRemovedcCsJt�d|||f�|j|d||f=|jj�|||�|�|||�dS)Nz-zone.disableTimedSourcePort('%s', '%s', '%s')�sport)rr8r9r&rH�remove_source_port�SourcePortRemovedr�r2r2r3�disableTimedSourcePort�s�z FirewallD.disableTimedSourcePortcCs�t|t�}t|t�}t|t�}t|t�}t�d|||f�|�|�|jj�|||||�}|dkrFt	�
||j|||�}|�|d||f|�|�
||||�|S)Nz$zone.addSourcePort('%s', '%s', '%s')rr�)rr{r�rr8rGr&rH�add_source_portrr�r�rK�SourcePortAddedr�r2r2r3�
addSourcePorts$




�
�
�zFirewallD.addSourcePortcCsrt|t�}t|t�}t|t�}t�d|||f�|�|�|jj�|||�}|�|d||f�|�	|||�|S)Nz'zone.removeSourcePort('%s', '%s', '%s')r�)
rr{rr8rGr&rHr�rNr�r�r2r2r3�removeSourcePorts



�
zFirewallD.removeSourcePortcCr�)Nz&zone.querySourcePort('%s', '%s', '%s'))rr{rr8r&rH�query_source_portr�r2r2r3�querySourcePort+s



�zFirewallD.querySourcePortcCr�)Nzzone.getSourcePorts('%s'))rr{rr8r&rH�list_source_portsr3r2r2r3�getSourcePorts8r�zFirewallD.getSourcePortscCr�)Nz*zone.SourcePortAdded('%s', '%s', '%s', %d)r�r�r2r2r3r�Dr�zFirewallD.SourcePortAddedcCr�)Nz(zone.SourcePortRemoved('%s', '%s', '%s')r�r�r2r2r3r�Js
�zFirewallD.SourcePortRemovedcCs(|j|d=|jj�|�|�|�dS)N�
masquerade)r9r&rH�remove_masquerade�MasqueradeRemovedrfr2r2r3�disableTimedMasqueradeTsz FirewallD.disableTimedMasquerade�sicCstt|t�}t|t�}t�d|�|�|�|jj�|||�}|dkr2t	�
||j|�}|�|d|�|�
||�|S)Nzzone.addMasquerade('%s')rr�)rr{r�rr8rGr&rH�add_masqueraderr�r�rK�MasqueradeAdded)r-rHr�rEr�rJr2r2r3�
addMasqueradeZs



�zFirewallD.addMasqueradecCsJt|t�}t�d|�|�|�|jj�|�}|�|d�|�	|�|S)Nzzone.removeMasquerade('%s')r�)
rr{rr8rGr&rHr�rNr��r-rHrEr�r2r2r3�removeMasqueradens


zFirewallD.removeMasqueradecCr�)Nzzone.queryMasquerade('%s'))rr{rr8r&rH�query_masquerader3r2r2r3�queryMasquerade}r_zFirewallD.queryMasqueradecCr<)Nzzone.MasqueradeAdded('%s', %d)r�)r-rHr�r2r2r3r��r=zFirewallD.MasqueradeAddedcCr�)Nzzone.MasqueradeRemoved('%s')r�rfr2r2r3r��r�zFirewallD.MasqueradeRemovedcCs@|j|||||f=|jj�|||||�|�|||||�dSr4)r9r&rH�remove_forward_port�ForwardPortRemoved�r-rHr�r��toport�toaddrr2r2r3�disable_forward_port�szFirewallD.disable_forward_port�sssssic
	Cs�t|t�}t|t�}t|t�}t|t�}t|t�}t|t�}t�d|||||f�|�|�|jj�|||||||�}|dkrWt	�
||j|||||�}	|�|||||f|	�|�
||||||�|S)Nz1zone.addForwardPort('%s', '%s', '%s', '%s', '%s')r)rr{r�rr8rGr&rH�add_forward_portrr�r
rK�ForwardPortAdded)
r-rHr�r�rr	r�rEr�rJr2r2r3�addForwardPort�s,





�
��zFirewallD.addForwardPort�ssssscCs�t|t�}t|t�}t|t�}t|t�}t|t�}t�d|||||f�|�|�|jj�|||||�}|�|||||f�|�	|||||�|S)Nz4zone.removeForwardPort('%s', '%s', '%s', '%s', '%s'))
rr{rr8rGr&rHrrNr)r-rHr�r�rr	rEr�r2r2r3�removeForwardPort�s




�
�zFirewallD.removeForwardPortcCs`t|t�}t|t�}t|t�}t|t�}t|t�}t�d|||||f�|jj�|||||�S)Nz3zone.queryForwardPort('%s', '%s', '%s', '%s', '%s'))rr{rr8r&rH�query_forward_port)r-rHr�r�rr	rEr2r2r3�queryForwardPort�s




��zFirewallD.queryForwardPortcCr�)Nzzone.getForwardPorts('%s'))rr{rr8r&rH�list_forward_portsr3r2r2r3�getForwardPorts�r�zFirewallD.getForwardPortsc	Cst�d||||||f�dS)Nz7zone.ForwardPortAdded('%s', '%s', '%s', '%s', '%s', %d)r�)r-rHr�r�rr	r�r2r2r3r
�s
�zFirewallD.ForwardPortAddedcCst�d|||||f�dS)Nz5zone.ForwardPortRemoved('%s', '%s', '%s', '%s', '%s')r�rr2r2r3r�s
�zFirewallD.ForwardPortRemovedcCr�)Nz&zone.disableTimedIcmpBlock('%s', '%s'))rr8r9r&rH�remove_icmp_block�IcmpBlockRemoved�r-rH�icmprEr2r2r3�disableTimedIcmpBlock�r�zFirewallD.disableTimedIcmpBlockcCs�t|t�}t|t�}t|t�}t�d||f�|�|�|jj�||||�}|dkr<t	�
||j|||�}|�|||�|�
|||�|S)Nz zone.enableIcmpBlock('%s', '%s')r)rr{r�rr8rGr&rH�add_icmp_blockrr�rrK�IcmpBlockAdded)r-rHrr�rEr�rJr2r2r3�addIcmpBlocks




�zFirewallD.addIcmpBlockcCr�)Nz zone.removeIcmpBlock('%s', '%s'))
rr{rr8rGr&rHrrNr)r-rHrrEr�r2r2r3�removeIcmpBlockr�zFirewallD.removeIcmpBlockcCr�)Nzzone.queryIcmpBlock('%s', '%s'))rr{rr8r&rH�query_icmp_blockrr2r2r3�queryIcmpBlock(r�zFirewallD.queryIcmpBlockcCr�)Nzzone.getIcmpBlocks('%s'))rr{rr8r&rH�list_icmp_blocksr3r2r2r3�
getIcmpBlocks3r�zFirewallD.getIcmpBlockscCr�)Nz#zone.IcmpBlockAdded('%s', '%s', %d)r�)r-rHrr�r2r2r3r?r�zFirewallD.IcmpBlockAddedcCr<)Nz!zone.IcmpBlockRemoved('%s', '%s')r�)r-rHrr2r2r3rEr=zFirewallD.IcmpBlockRemovedcCs@t|t�}t�d|�|�|�|jj�||�}|�|�|S)Nz zone.addIcmpBlockInversion('%s'))	rr{rr8rGr&rH�add_icmp_block_inversion�IcmpBlockInversionAddedrr2r2r3�addIcmpBlockInversionNs


zFirewallD.addIcmpBlockInversioncCs>t|t�}t�d|�|�|�|jj�|�}|�|�|S)Nz#zone.removeIcmpBlockInversion('%s'))	rr{rr8rGr&rH�remove_icmp_block_inversion�IcmpBlockInversionRemovedrr2r2r3�removeIcmpBlockInversion\s


z"FirewallD.removeIcmpBlockInversioncCr�)Nz"zone.queryIcmpBlockInversion('%s'))rr{rr8r&rH�query_icmp_block_inversionr3r2r2r3�queryIcmpBlockInversionjr_z!FirewallD.queryIcmpBlockInversioncCr�)Nz"zone.IcmpBlockInversionAdded('%s')r�rfr2r2r3r#tr�z!FirewallD.IcmpBlockInversionAddedcCr�)Nz$zone.IcmpBlockInversionRemoved('%s')r�rfr2r2r3r&yr�z#FirewallD.IcmpBlockInversionRemovedcC�`t|t�}t|t�}t|t�}t�d|||f�|�|�|jj�|||�|�|||�dS)Nz!direct.addChain('%s', '%s', '%s'))	rr{rr8rGr&r��	add_chain�
ChainAdded�r-�ipv�table�chainrEr2r2r3�addChain��



zFirewallD.addChaincCr*)Nz$direct.removeChain('%s', '%s', '%s'))	rr{rr8rGr&r��remove_chain�ChainRemovedr-r2r2r3�removeChain�r2zFirewallD.removeChaincCr�)Nz#direct.queryChain('%s', '%s', '%s'))rr{rr8r&r��query_chainr-r2r2r3�
queryChain��



zFirewallD.queryChaincCr�)Nzdirect.getChains('%s', '%s'))rr{rr8r&r��
get_chains)r-r.r/rEr2r2r3�	getChains�s

zFirewallD.getChainsza(sss)cCr�)Nzdirect.getAllChains())rr8r&r�r�r�r2r2r3�getAllChains�rozFirewallD.getAllChainscCr�)Nz#direct.ChainAdded('%s', '%s', '%s')r��r-r.r/r0r2r2r3r,�szFirewallD.ChainAddedcCr�)Nz%direct.ChainRemoved('%s', '%s', '%s')r�r<r2r2r3r4�s
�zFirewallD.ChainRemoved�sssiasc
C�t|t�}t|t�}t|t�}t|t�}tdd�|D��}t�d||||d�|�f�|�|�|jj	�
|||||�|�|||||�dS)Ncs��|]}t|t�VqdSr4�rr{��.0r�r2r2r3�	<genexpr>���z$FirewallD.addRule.<locals>.<genexpr>z*direct.addRule('%s', '%s', '%s', %d, '%s')�',')rr{r�rKrr8�joinrGr&r�r��	RuleAdded�r-r.r/r0�priorityr.rEr2r2r3�addRule��



�
zFirewallD.addRulec
Cr>)Ncsr?r4r@rAr2r2r3rC�rDz'FirewallD.removeRule.<locals>.<genexpr>z-direct.removeRule('%s', '%s', '%s', %d, '%s')rE)rr{r�rKrr8rFrGr&r�r��RuleRemovedrHr2r2r3�
removeRule�rKzFirewallD.removeRulecCs�t|t�}t|t�}t|t�}t�d|||f�|�|�|jj�|||�D]\}}|jj�|||||�|�	|||||�q'dS)Nz$direct.removeRules('%s', '%s', '%s'))
rr{rr8rGr&r��	get_rulesr�rL)r-r.r/r0rErIr.r2r2r3�removeRules�s



�zFirewallD.removeRulesc
Csnt|t�}t|t�}t|t�}t|t�}tdd�|D��}t�d||||d�|�f�|jj�	|||||�S)Ncsr?r4r@rAr2r2r3rC	rDz&FirewallD.queryRule.<locals>.<genexpr>z,direct.queryRule('%s', '%s', '%s', %d, '%s')rE)
rr{r�rKrr8rFr&r�r�rHr2r2r3�	queryRule
	s



�zFirewallD.queryRuleza(ias)cCr�)Nz!direct.getRules('%s', '%s', '%s'))rr{rr8r&r�rNr-r2r2r3�getRules	r8zFirewallD.getRulesz	a(sssias)cCr�)Nzdirect.getAllRules())rr8r&r�r�r�r2r2r3�getAllRules'	rozFirewallD.getAllRulesc
C�"t�d||||d�|�f�dS)Nz,direct.RuleAdded('%s', '%s', '%s', %d, '%s')rE�rr8rF�r-r.r/r0rIr.r2r2r3rG1	�
�zFirewallD.RuleAddedc
CrS)Nz.direct.RuleRemoved('%s', '%s', '%s', %d, '%s')rErTrUr2r2r3rL8	rVzFirewallD.RuleRemovedr`c
Cs�t|t�}tdd�|D��}t�d|d�|�f�|�|�z	|jj�	||�WSt
yc}z/|dvr;tgd��}ntddg�}t|�}|jt
jkr^tt|�|@�d	krZt�|�t|���d}~ww)
Ncsr?r4r@rAr2r2r3rCK	rDz(FirewallD.passthrough.<locals>.<genexpr>zdirect.passthrough('%s', '%s')rE)rUrY)z-Cz--check�-L�--listrWrXr)rr{rKrr8rFrGr&r��passthroughr"�set�coder!�COMMAND_FAILEDrtr�r	)r-r.r.rErA�
query_args�msgr2r2r3rYC	s$


��zFirewallD.passthroughcC�\t|�}tdd�|D��}t�d|d�|�f�|�|�|jj�||�|�	||�dS)Ncs��|]}t|�VqdSr4�rrAr2r2r3rCg	��z+FirewallD.addPassthrough.<locals>.<genexpr>z!direct.addPassthrough('%s', '%s')rE)
rrKrr8rFrGr&r��add_passthrough�PassthroughAdded�r-r.r.rEr2r2r3�addPassthrough_	��
zFirewallD.addPassthroughcCr_)Ncsr`r4rarAr2r2r3rCv	rbz.FirewallD.removePassthrough.<locals>.<genexpr>z$direct.removePassthrough('%s', '%s')rE)
rrKrr8rFrGr&r��remove_passthrough�PassthroughRemovedrer2r2r3�removePassthroughn	rgzFirewallD.removePassthroughcCsBt|�}tdd�|D��}t�d|d�|�f�|jj�||�S)Ncsr`r4rarAr2r2r3rC�	rbz-FirewallD.queryPassthrough.<locals>.<genexpr>z#direct.queryPassthrough('%s', '%s')rE)rrKrr8rFr&r��query_passthroughrer2r2r3�queryPassthrough}	s�zFirewallD.queryPassthroughza(sas)cCr�)Nzdirect.getAllPassthroughs())rr8r&r�r�r�r2r2r3�getAllPassthroughs�	rozFirewallD.getAllPassthroughscCs*t�d�t|���D]}|j|�qdS)Nzdirect.removeAllPassthroughs())rr8�reversedrmrj)r-rErYr2r2r3�removeAllPassthroughs�	s
�zFirewallD.removeAllPassthroughscCs"t|�}t�d|�|jj�|�S)Nzdirect.getPassthroughs('%s'))rrr8r&r��get_passthroughs)r-r.rEr2r2r3�getPassthroughs�	szFirewallD.getPassthroughscC�t�d|d�|�f�dS)Nz#direct.PassthroughAdded('%s', '%s')rErT�r-r.r.r2r2r3rd�	�
�zFirewallD.PassthroughAddedcCrr)Nz%direct.PassthroughRemoved('%s', '%s')rErTrsr2r2r3ri�	rtzFirewallD.PassthroughRemovedcCr})z� PK_ACTION_ALL implies all other actions, i.e. once a subject is
            authorized for PK_ACTION_ALL it's also authorized for any other action.
            Use-case is GUI (RHBZ#994729).
        Nr2r�r2r2r3�authorizeAll�	s	zFirewallD.authorizeAllcC�$t|�}t�d|�|jj�|�S)Nzipset.queryIPSet('%s'))rrr8r&r��query_ipset�r-r�rEr2r2r3�
queryIPSet�	�zFirewallD.queryIPSetcCr�)Nzipsets.getIPSets())rr8r&r�r�r�r2r2r3�	getIPSets�	�
zFirewallD.getIPSetscCrQ)NzgetIPSetSettings(%s))rr{rr8r&r��	get_ipsetr�rxr2r2r3r��	rSzFirewallD.getIPSetSettingscC�Lt|�}t|�}t�d||f�|�|�|jj�||�|�||�dS)Nzipset.addEntry('%s', '%s'))rrr8rGr&r��	add_entry�
EntryAdded�r-r��entryrEr2r2r3�addEntry�	�
zFirewallD.addEntrycCr~)Nzipset.removeEntry('%s', '%s'))rrr8rGr&r��remove_entry�EntryRemovedr�r2r2r3�removeEntry�	r�zFirewallD.removeEntrycCs2t|�}t|�}t�d||f�|jj�||�S)Nzipset.queryEntry('%s', '%s'))rrr8r&r��query_entryr�r2r2r3�
queryEntry
szFirewallD.queryEntrycCrv)Nzipset.getEntries('%s'))rrr8r&r��get_entriesrxr2r2r3�
getEntries
rzzFirewallD.getEntriescCs�t|�}t|t�}t�d|d�|��|jj�|�}|jj�||�t	|�}t	|�}||D]}|�
||�q.||D]}|�||�q;dS)Nzipset.setEntries('%s', '[%s]')�,)r�listrr8rFr&r�r��set_entriesrZr�r�)r-r��entriesrE�old_entries�old_entries_set�entries_setr�r2r2r3�
setEntries
s
�zFirewallD.setEntriescC�&t|�}t|�}t�d||f�dS)Nzipset.EntryAdded('%s', '%s')�rrr8�r-r�r�r2r2r3r�)
�zFirewallD.EntryAddedcCr�)Nzipset.EntryRemoved('%s', '%s')r�r�r2r2r3r�0
r�zFirewallD.EntryRemovedcCr�)Nzhelpers.getHelpers())rr8r&r�r�r�r2r2r3�
getHelpers;
r|zFirewallD.getHelperscCrQ)NzgetHelperSettings(%s))rr{rr8r&r��
get_helperr�)r-r�rEr2r2r3r�D
rSzFirewallD.getHelperSettingsr4)r)��__name__�
__module__�__qualname__�__doc__�
persistentrr*�PK_ACTION_CONFIG�default_polkit_auth_requiredr
r%r7r)r5rrGrKrNrPrur�PROPERTIES_IFACEr�r�rr�r��signalr��PK_ACTION_INFO�INTROSPECTABLE_IFACEr�r+r�r�r�r�r��PK_ACTION_POLICIESr~r�r��PK_ACTION_POLICIES_INFOr�r�r�r�r�r�r�r�r�rrrrrrrrrrrrrr!r#r%rr r*r-r/r)r,�PK_ACTION_CONFIG_INFOr4r|r�r:r9�DBUS_INTERFACE_POLICYr�r?r>r@r�rOrPr�DBUS_SIGNATUREr�rUrZrWr]r^r`rbrerdrgrmrnrvryr|r~r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�rrrr�r�r
rrrrr
rrrrrr!rrr$r'r)r#r&�PK_ACTION_DIRECTrr}r1r5�PK_ACTION_DIRECT_INFOr7r:r;rr,r4rJrMrOrPrQrRrGrLrYrfrjrlrmrorqrdri�
PK_ACTION_ALLrurryr{rr�r�r�r�r�r�r�r�r�rr��
__classcell__r2r2r0r3r?s�








/��
"



�

�

�

�
G
�

�

�

�
	
�
	
�

�

�
	
�
	
�

�

�
	
�
	
�

�

�
	
�
	
�

�

�


�

�

�

�


�


�

�

�

�

�


�

�

�

�

�

�
	
�

�

�

�

�

�
	
�

�

�


�

�

�
	
�


�

�

�

�
	
�



�

�


�

�


�

�

�

�


�

�

�

�

�

�

�

�

�

�

�
	
�
�

�

�
��
��
��

��

�

�

�

�

�


�


�
	

�



�



�


�


�



�

�


�

�


�


�



�

�


�


�


�


�


�



�

�

�

�

�
	
�
	
�

�

	
�

�)6�__all__�
gi.repositoryrrHr*�dbus.service�firewallr�firewall.core.fwr�firewall.core.richr�firewall.core.loggerr�firewall.clientr�firewall.server.dbusr	r
�firewall.server.decoratorsrrr
rrr�firewall.server.configr�firewall.dbus_utilsrrrrrrrr�firewall.core.io.functionsr�firewall.core.io.ipsetr�firewall.core.io.icmptyper�firewall.core.io.helperr�firewall.core.fw_nmrr�firewall.core.fw_ifcfgr r!�firewall.errorsr"rr2r2r2r3�<module>s. (
@ Telegram