}Zc@sdgZddlZddlZddlZddlmZddlmZddlm Z ddl m Z ddl m Z ddlmZdd lmZdd lmZdd lmZdd lmZdd lmZddlmZddlmZddlmZddl m!Z!ddl"m#Z#m$Z$ddl%m&Z&ddl'm(Z(ddl)m*Z*ddlm+Z+ddl,m-Z-de.fdYZ/dS(t Firewall_testiN(tconfig(t functions(tFirewallIcmpType(tFirewallService(t FirewallZone(tFirewallDirect(tFirewallConfig(tFirewallPolicies(t FirewallIPSet(tFirewallHelper(tlog(tfirewalld_conf(tDirect(tservice_reader(ticmptype_reader(t zone_readertZone(t ipset_reader(t IPSET_TYPES(t helper_reader(terrors(t FirewallErrorcBs4eZdZdZdZdZeedZdZedZ dZ dZ d Z d Z d Zd Zd ZdZdZdZdZdZedZdZdZdZdZdZdZdZdZdZdZ dZ!dZ"RS( cCsttj|_t|_t|_t|_t|_t |_ i|_ g|j dRt FALLBACK_ZONER tdebug1RRtreadt ExceptiontwarningtgettintR3tNonetlowerRR4R'tenable_lockdownRR5tTrueR6R7R8tset_firewalld_conftcopytdeepcopytlockdown_whitelisttquery_lockdownterrortfilenamet set_policiest_loadertFIREWALLD_IPSETStETC_FIREWALLD_IPSETStFIREWALLD_ICMPTYPEStETC_FIREWALLD_ICMPTYPEStlenR#t get_icmptypestFIREWALLD_HELPERStETC_FIREWALLD_HELPERStFIREWALLD_SERVICEStETC_FIREWALLD_SERVICESR$t get_servicestFIREWALLD_ZONEStETC_FIREWALLD_ZONESR%t get_zonestfataltsystexitR tFIREWALLD_DIRECTtostpathtexistst set_directt check_zoneR0R.( R+treloadtcomplete_reloadt default_zonetmsgtvalueRgtzR%tobj((s9/usr/lib/python2.7/site-packages/firewall/core/fw_test.pyt_startjs                           cCs|jdS(N(R(R+((s9/usr/lib/python2.7/site-packages/firewall/core/fw_test.pytstartsc Cstjj|sdS|r|jtjr}|dkr}t}tjj||_|j |j||_t |_ qt }nxt tj |D]}|jds|jtjr|dkrtjjd||fr|jd||f|dtqqnd||f}tjd||y|dkrt||}|j|jjkr|jj|j}tjd||j|j|j|jj|jn!|jjtjrt|_ n|jj||jjtj|n|dkrt||}|j|jjkr|jj|j}tjd||j|j|j|jj |jn!|jjtjrt|_ n|jj!||jj!tj|n8|dkrbt"||}|r:dtjj|tjj|d d !f|_|j |jntj|} |j|j#j$kr|j#j%|j}|j#j&|j|j'rtjd ||j|||j(|q tjd||j|j|jn*|jjtjr t|_ t| _ n|jj)| |rOtjd ||j|||j(|q |j#j)|n|d kr/t*||}|j|j+j,kr|j+j-|j}tjd||j|j|j|j+j.|jn!|jjtjrt|_ n|j+j/||jj/tj|n|d krt0||}|j|j1j2kr|j1j3|j}tjd||j|j|j|j1j4|jn!|jjtjrt|_ n|j1j5||jj5tj|ntj6d|Wqt7k r8} tj8d||| qt9k rg} tj8d||tj:qXqW|r|j'r|j|j#j$kr|j#j%|j}tjd||j|j|jy|j#j&|jWnnX|jj;|jn|j#j)|ndS(NR%s.xmls%s/%stcombinesLoading %s file '%s'R#s Overloads %s '%s' ('%s/%s')R$iis Combining %s '%s' ('%s/%s')R(R)sUnknown reader type %ssFailed to load %s file '%s': %ssFailed to load %s file '%s':s0 Overloading and deactivating %s '%s' ('%s/%s')(<R}R~tisdirt startswithRt ETC_FIREWALLDRtbasenametnamet check_nameRtdefaulttsortedtlistdirtendswithRjRaR RXRR#Rpt get_icmptypeRhtremove_icmptypet add_icmptypeRcRdRR$Rut get_servicetremove_servicet add_serviceRR%Rxtget_zonet remove_zonetcombinedRtadd_zoneRR(t get_ipsetst get_ipsett remove_ipsett add_ipsetRR)t get_helperst get_helpert remove_helpert add_helperRyRRgRZt exceptiont forget_zone( R+R~t reader_typeRt combined_zoneRhRRtorig_objt config_objR((s9/usr/lib/python2.7/site-packages/firewall/core/fw_test.pyRj s                                            cCs|dkr|j|SgS(NRRR(sipv4sipv6seb(R"(R+tipv((s9/usr/lib/python2.7/site-packages/firewall/core/fw_test.pytget_available_tabless  cCs|jj|jj|jj|jj|jj|jj|jj|jj|j j|j dS(N( R#tcleanupR$R%R(R)RR&R'RR*(R+((s9/usr/lib/python2.7/site-packages/firewall/core/fw_test.pyRs         cCs|jdS(N(R(R+((s9/usr/lib/python2.7/site-packages/firewall/core/fw_test.pytstopscCsdS(N((R+((s9/usr/lib/python2.7/site-packages/firewall/core/fw_test.pyt check_panicscCsV|}| s|dkr(|j}n||jjkrRttj|n|S(NR;(tget_default_zoneR%RxRRt INVALID_ZONE(R+R%t_zone((s9/usr/lib/python2.7/site-packages/firewall/core/fw_test.pyRs cCs(tj|s$ttj|ndS(N(RtcheckInterfaceRRtINVALID_INTERFACE(R+t interface((s9/usr/lib/python2.7/site-packages/firewall/core/fw_test.pytcheck_interfacescCs|jj|dS(N(R$t check_service(R+R$((s9/usr/lib/python2.7/site-packages/firewall/core/fw_test.pyRscCs tj|}|dksY|dksY|dksYt|dkr|d|dkr|dkrytjd|nz|dkrtjd|nZ|dkrtjd|n:t|dkr|d|dkrtjd |nttj|ndS( Niiiiis'%s': port > 65535s'%s': port is invalids'%s': port is ambiguouss'%s': range start >= end( Rt getPortRangeR^RoR RXRRt INVALID_PORT(R+tporttrange((s9/usr/lib/python2.7/site-packages/firewall/core/fw_test.pyt check_ports$&   &cCsA|sttjn|dkr=ttjd|ndS(Nttcptudptsctptdccps''%s' not in {'tcp'|'udp'|'sctp'|'dccp'}(RRRR(RRtMISSING_PROTOCOLtINVALID_PROTOCOL(R+tprotocol((s9/usr/lib/python2.7/site-packages/firewall/core/fw_test.pyt check_tcpudps   cCs(tj|s$ttj|ndS(N(RtcheckIPRRt INVALID_ADDR(R+tip((s9/usr/lib/python2.7/site-packages/firewall/core/fw_test.pytcheck_ipscCs||dkr3tj|sxttj|qxnE|dkrftj|sxttj|qxnttjddS(NRRs'%s' not in {'ipv4'|'ipv6'}(Rt checkIPnMaskRRRt checkIP6nMaskt INVALID_IPV(R+Rtsource((s9/usr/lib/python2.7/site-packages/firewall/core/fw_test.pyt check_addresss   cCs|jj|dS(N(R#tcheck_icmptype(R+ticmp((s9/usr/lib/python2.7/site-packages/firewall/core/fw_test.pyRscCsdS(N((R+R((s9/usr/lib/python2.7/site-packages/firewall/core/fw_test.pyRscCs|jS(N(R.(R+((s9/usr/lib/python2.7/site-packages/firewall/core/fw_test.pyt get_statescCsdS(N((R+((s9/usr/lib/python2.7/site-packages/firewall/core/fw_test.pytenable_panic_modescCsdS(N((R+((s9/usr/lib/python2.7/site-packages/firewall/core/fw_test.pytdisable_panic_modescCs|jS(N(R/(R+((s9/usr/lib/python2.7/site-packages/firewall/core/fw_test.pytquery_panic_modescCs|jS(N(R7(R+((s9/usr/lib/python2.7/site-packages/firewall/core/fw_test.pytget_log_deniedscCs|tjkr:ttjd|djtjfn||jkr||_|jj d||jj |j nttj |dS(Ns'%s', choose from '%s's','RN( RtLOG_DENIED_VALUESRRt INVALID_VALUEtjoinRR7RtsettwriteRt ALREADY_SET(R+R((s9/usr/lib/python2.7/site-packages/firewall/core/fw_test.pytset_log_denieds    cCs|jS(N(R8(R+((s9/usr/lib/python2.7/site-packages/firewall/core/fw_test.pytget_automatic_helpersscCs|tjkr:ttjd|djtjfn||jkr||_|jj d||jj |j nttj |dS(Ns'%s', choose from '%s's','RP( RtAUTOMATIC_HELPERS_VALUESRRRRRR8RRRRR(R+R((s9/usr/lib/python2.7/site-packages/firewall/core/fw_test.pytset_automatic_helperss    cCs|jS(N(R0(R+((s9/usr/lib/python2.7/site-packages/firewall/core/fw_test.pyR#scCsi|j|}||jkrS|j}||_|jjd||jjnttj|dS(NRD(RR0RRRRRtZONE_ALREADY_SET(R+R%Rt_old_dz((s9/usr/lib/python2.7/site-packages/firewall/core/fw_test.pytset_default_zone&s  cCs$|jjdd|jjdS(NRIRJ(RRR(R+((s9/usr/lib/python2.7/site-packages/firewall/core/fw_test.pyR`2scCs$|jjdd|jjdS(NRIRG(RRR(R+((s9/usr/lib/python2.7/site-packages/firewall/core/fw_test.pytdisable_lockdown6s(#t__name__t __module__R,R9R*RCRRRRjRRRRRRRRRRRRRRRRRRRRRRRR`R(((s9/usr/lib/python2.7/site-packages/firewall/core/fw_test.pyR6s@                         (0t__all__tos.pathR}RzRctfirewallRRtfirewall.core.fw_icmptypeRtfirewall.core.fw_serviceRtfirewall.core.fw_zoneRtfirewall.core.fw_directRtfirewall.core.fw_configRtfirewall.core.fw_policiesRtfirewall.core.fw_ipsetR tfirewall.core.fw_helperR tfirewall.core.loggerR tfirewall.core.io.firewalld_confR tfirewall.core.io.directR tfirewall.core.io.serviceRtfirewall.core.io.icmptypeRtfirewall.core.io.zoneRRtfirewall.core.io.ipsetRtfirewall.core.ipsetRtfirewall.core.io.helperRRtfirewall.errorsRtobjectR(((s9/usr/lib/python2.7/site-packages/firewall/core/fw_test.pyts0