c`c@sdgZddlZddlZddlZddlmZddlmZddlm Z ddl m Z ddl m Z ddlmZdd lmZdd lmZdd lmZdd lmZdd lmZddlmZddlmZddlmZddl m!Z!ddl"m#Z#m$Z$ddl%m&Z&ddl'm(Z(ddl)m*Z*ddlm+Z+ddl,m-Z-de.fdYZ/dS(t Firewall_testiN(tconfig(t functions(tFirewallIcmpType(tFirewallService(t FirewallZone(tFirewallDirect(tFirewallConfig(tFirewallPolicies(t FirewallIPSet(tFirewallHelper(tlog(tfirewalld_conf(tDirect(tservice_reader(ticmptype_reader(t zone_readertZone(t ipset_reader(t IPSET_TYPES(t helper_reader(terrors(t FirewallErrorcBs+eZdZdZdZdZeedZdZedZ dZ dZ d Z d Z d Zd Zd ZdZdZdZdZedZdZdZdZdZdZdZdZdZdZdZdZ dZ!RS(cCsttj|_t|_t|_t|_t|_t |_ t ||_ t ||_t||_t||_t||_t|_t||_t||_|jdS(N(R RtFIREWALLD_CONFt_firewalld_conftFalsetip4tables_enabledtip6tables_enabledtebtables_enabledt ipset_enabledRtipset_supported_typesRticmptypeRtserviceRtzoneRtdirectRRtpoliciesR tipsetR thelpert_Firewall_test__init_vars(tself((s9/usr/lib/python2.7/site-packages/firewall/core/fw_test.pyt__init__8s      cCshd|j|j|j|j|j|j|j|j|j|j |j |j |j |j |j|jfS(Ns>%s(%r, %r, %r, %r, %r, %r, %r, %r, %r, %r, %r, %r, %r, %r, %r)(t __class__RRRt_statet_panict _default_zonet_module_refcountt_markst _min_marktcleanup_on_exittipv6_rpfilter_enabledRt_individual_callst _log_deniedt_automatic_helpers(R'((s9/usr/lib/python2.7/site-packages/firewall/core/fw_test.pyt__repr__LscCsyd|_t|_d|_i|_g|_tj|_tj |_ tj |_ tj |_tj|_tj|_dS(NtINITt(R*RR+R,R-R.RtFALLBACK_MINIMAL_MARKR/tFALLBACK_CLEANUP_ON_EXITR0tFALLBACK_IPV6_RPFILTERR1tFALLBACK_INDIVIDUAL_CALLSR2tFALLBACK_LOG_DENIEDR3tFALLBACK_AUTOMATIC_HELPERSR4(R'((s9/usr/lib/python2.7/site-packages/firewall/core/fw_test.pyt __init_varsUs          cCs|jS(N(R2(R'((s9/usr/lib/python2.7/site-packages/firewall/core/fw_test.pytindividual_callscsc Cstj}tjdtjy|jjWntk rMtjdn X|jj dru|jj d}n|jj drt |jj d|_ n|jj dr|jj d}|dk r|j d-krt|_qn|jj drp|jj d}|dk rp|j d.krptjd y|jjWqmtk riqmXqpn|jj d r|jj d }|dk r|j d/krt|_n|j d0krt|_qqn|jrtjd n tjd|jj drf|jj d}|dk rf|j d1krftjdt|_qfn|jj dr|jj d}|dks|j dkrd|_q|j |_tjd|jn|jj drm|jj d}|dk rm|j d2kr'd|_n-|j d3krEd |_n|j |_tjd|jqmn|jjtj|jtjdy|jjjWn]tk r }|jjrtjd|jjj|q tjd|jjj|nX|jjtj|j|j tj!d|j tj"d|j tj#d|j tj$dt%|j&j'dkrtjdn|j tj(d|j tj)d|j tj*d|j tj+dt%|j,j-dkrtjdn|j tj.d|j tj/dt%|j0j1dkrrtj2d t3j4d!nt}xEd"d#d$gD]4}||j0j1krtj2d%|t}qqW|rt3j4d!n||j0j1krId&|j0j1kr d&}n$d'|j0j1kr'd'}nd"}tjd(|||}ntjd)|t5tj6} t7j8j9tj6rtjd*tj6y| jWqtk r}tjd+tj6|qXn|jj:tj| |j;||_<d,|_=dS(4Ns"Loading firewalld config file '%s's0Using fallback firewalld configuration settings.t DefaultZonet MinimalMarkt CleanupOnExittnotfalsetLockdowntyesttruesLockdown is enabledt IPv6_rpfiltersIPv6 rpfilter is enabledsIPV6 rpfilter is disabledtIndividualCallssIndividualCalls is enabledt LogDeniedtoffsLogDenied is set to '%s'tAutomaticHelperssAutomaticHelpers is set to '%s'sLoading lockdown whitelists*Failed to load lockdown whitelist '%s': %sR$RisNo icmptypes found.R%R sNo services found.R!sNo zones found.itblocktdropttrustedsZone '%s' is not available.tpublictexternals+Default zone '%s' is not valid. Using '%s'.sUsing default zone '%s'sLoading direct rules file '%s's)Failed to load direct rules file '%s': %stRUNNING(RCRD(syesRG(RCRD(syesRG(syesRG(RCRD(syesRG(>Rt FALLBACK_ZONER tdebug1RRtreadt ExceptiontwarningtgettintR/tNonetlowerRR0R#tenable_lockdownRR1tTrueR2R3R4tset_firewalld_conftcopytdeepcopytlockdown_whitelisttquery_lockdownterrortfilenamet set_policiest_loadertFIREWALLD_IPSETStETC_FIREWALLD_IPSETStFIREWALLD_ICMPTYPEStETC_FIREWALLD_ICMPTYPEStlenRt get_icmptypestFIREWALLD_HELPERStETC_FIREWALLD_HELPERStFIREWALLD_SERVICEStETC_FIREWALLD_SERVICESR t get_servicestFIREWALLD_ZONEStETC_FIREWALLD_ZONESR!t get_zonestfataltsystexitR tFIREWALLD_DIRECTtostpathtexistst set_directt check_zoneR,R*( R'treloadtcomplete_reloadt default_zonetvaluetmsgRctzR!tobj((s9/usr/lib/python2.7/site-packages/firewall/core/fw_test.pyt_startfs                            cCs|jdS(N(R(R'((s9/usr/lib/python2.7/site-packages/firewall/core/fw_test.pytstartsc Cstjj|sdS|r|jtjr}|dkr}t}tjj||_|j |j||_t |_ qt }nxt tj |D]}|jds|jtjr|dkrtjjd||fr|jd||f|dtqqnd||f}tjd||y|dkrt||}|j|jjkr|jj|j}tjd||j|j|j|jj|jn!|jjtjrt|_ n|jj||jjtj|n |dkrt||}|j|jjkr|jj|j}tjd||j|j|j|jj |jn!|jjtjrt|_ n|jj!||jj!tj|n>|dkrht"||d |}|r@dtjj|tjj|d d !f|_|j |jntj|} |j|j#j$kr|j#j%|j}|j#j&|j|j'rtjd ||j|||j(|qtjd||j|j|jn*|jjtjrt|_ t| _ n|jj)| |rUtjd ||j|||j(|q|j#j)|n|d kr5t*||}|j|j+j,kr|j+j-|j}tjd||j|j|j|j+j.|jn!|jjtjr t|_ n|j+j/||jj/tj|n|dkrt0||}|j|j1j2kr|j1j3|j}tjd||j|j|j|j1j4|jn!|jjtjrt|_ n|j1j5||jj5tj|ntj6d|Wqt7k r>} tj8d||| qt9k rktj8d||tj:qXqW|r|j'r|j|j#j$kr|j#j%|j}tjd||j|j|jy|j#j&|jWnnX|jj;|jn|j#j)|ndS(NR!s.xmls%s/%stcombinesLoading %s file '%s'Rs Overloads %s '%s' ('%s/%s')R t no_check_nameiis Combining %s '%s' ('%s/%s')R$R%sUnknown reader type %ssFailed to load %s file '%s': %ssFailed to load %s file '%s':s0 Overloading and deactivating %s '%s' ('%s/%s')(<RyRztisdirt startswithRt ETC_FIREWALLDRtbasenametnamet check_nameRtdefaulttsortedtlistdirtendswithRfR]R RTRRRlt get_icmptypeRdtremove_icmptypet add_icmptypeR_R`RR Rqt get_servicetremove_servicet add_serviceRR!Rttget_zonet remove_zonetcombinedRtadd_zoneRR$t get_ipsetst get_ipsett remove_ipsett add_ipsetRR%t get_helperst get_helpert remove_helpert add_helperRuRRcRVt exceptiont forget_zone( R'Rzt reader_typeRt combined_zoneRdRRtorig_objt config_objR((s9/usr/lib/python2.7/site-packages/firewall/core/fw_test.pyRfs                                             cCs|jj|jj|jj|jj|jj|jj|jj|jj|j j|j dS(N( RtcleanupR R!R$R%RR"R#RR&(R'((s9/usr/lib/python2.7/site-packages/firewall/core/fw_test.pyRs         cCs|jdS(N(R(R'((s9/usr/lib/python2.7/site-packages/firewall/core/fw_test.pytstopscCsdS(N((R'((s9/usr/lib/python2.7/site-packages/firewall/core/fw_test.pyt check_panicscCsV|}| s|dkr(|j}n||jjkrRttj|n|S(NR7(tget_default_zoneR!RtRRt INVALID_ZONE(R'R!t_zone((s9/usr/lib/python2.7/site-packages/firewall/core/fw_test.pyR}s cCs(tj|s$ttj|ndS(N(RtcheckInterfaceRRtINVALID_INTERFACE(R't interface((s9/usr/lib/python2.7/site-packages/firewall/core/fw_test.pytcheck_interfacescCs|jj|dS(N(R t check_service(R'R ((s9/usr/lib/python2.7/site-packages/firewall/core/fw_test.pyRscCs tj|}|dksY|dksY|dksYt|dkr|d|dkr|dkrytjd|nz|dkrtjd|nZ|dkrtjd|n:t|dkr|d|dkrtjd |nttj|ndS( Niiiiis'%s': port > 65535s'%s': port is invalids'%s': port is ambiguouss'%s': range start >= end( Rt getPortRangeRZRkR RTRRt INVALID_PORT(R'tporttrange((s9/usr/lib/python2.7/site-packages/firewall/core/fw_test.pyt check_ports$&   &cCsA|sttjn|dkr=ttjd|ndS(Nttcptudptsctptdccps''%s' not in {'tcp'|'udp'|'sctp'|'dccp'}(RRRR(RRtMISSING_PROTOCOLtINVALID_PROTOCOL(R'tprotocol((s9/usr/lib/python2.7/site-packages/firewall/core/fw_test.pyt check_tcpudps   cCs(tj|s$ttj|ndS(N(RtcheckIPRRt INVALID_ADDR(R'tip((s9/usr/lib/python2.7/site-packages/firewall/core/fw_test.pytcheck_ipscCs||dkr3tj|sxttj|qxnE|dkrftj|sxttj|qxnttjddS(Ntipv4tipv6s'%s' not in {'ipv4'|'ipv6'}(Rt checkIPnMaskRRRt checkIP6nMaskt INVALID_IPV(R'tipvtsource((s9/usr/lib/python2.7/site-packages/firewall/core/fw_test.pyt check_addresss   cCs|jj|dS(N(Rtcheck_icmptype(R'ticmp((s9/usr/lib/python2.7/site-packages/firewall/core/fw_test.pyRscCsdS(N((R'R((s9/usr/lib/python2.7/site-packages/firewall/core/fw_test.pyR~scCs|jS(N(R*(R'((s9/usr/lib/python2.7/site-packages/firewall/core/fw_test.pyt get_statescCsdS(N((R'((s9/usr/lib/python2.7/site-packages/firewall/core/fw_test.pytenable_panic_modescCsdS(N((R'((s9/usr/lib/python2.7/site-packages/firewall/core/fw_test.pytdisable_panic_modescCs|jS(N(R+(R'((s9/usr/lib/python2.7/site-packages/firewall/core/fw_test.pytquery_panic_modescCs|jS(N(R3(R'((s9/usr/lib/python2.7/site-packages/firewall/core/fw_test.pytget_log_deniedscCs|tjkr:ttjd|djtjfn||jkr||_|jj d||jj |j nttj |dS(Ns'%s', choose from '%s's','RJ( RtLOG_DENIED_VALUESRRt INVALID_VALUEtjoinRR3RtsettwriteR~t ALREADY_SET(R'R((s9/usr/lib/python2.7/site-packages/firewall/core/fw_test.pytset_log_denieds    cCs|jS(N(R4(R'((s9/usr/lib/python2.7/site-packages/firewall/core/fw_test.pytget_automatic_helpersscCs|tjkr:ttjd|djtjfn||jkr||_|jj d||jj |j nttj |dS(Ns'%s', choose from '%s's','RL( RtAUTOMATIC_HELPERS_VALUESRRRRRR4RRRR~R(R'R((s9/usr/lib/python2.7/site-packages/firewall/core/fw_test.pytset_automatic_helperss    cCs|jS(N(R,(R'((s9/usr/lib/python2.7/site-packages/firewall/core/fw_test.pyRscCs`|j|}||jkrJ||_|jjd||jjnttj|dS(NR@(R}R,RRRRRtZONE_ALREADY_SET(R'R!R((s9/usr/lib/python2.7/site-packages/firewall/core/fw_test.pytset_default_zones  cCs$|jjdd|jjdS(NRERF(RRR(R'((s9/usr/lib/python2.7/site-packages/firewall/core/fw_test.pyR\(scCs$|jjdd|jjdS(NRERC(RRR(R'((s9/usr/lib/python2.7/site-packages/firewall/core/fw_test.pytdisable_lockdown,s("t__name__t __module__R(R5R&R?RRRRfRRRR}RRRRRRRR~RRRRRRRRRRR\R(((s9/usr/lib/python2.7/site-packages/firewall/core/fw_test.pyR7s>                        (0t__all__tos.pathRyRvR_tfirewallRRtfirewall.core.fw_icmptypeRtfirewall.core.fw_serviceRtfirewall.core.fw_zoneRtfirewall.core.fw_directRtfirewall.core.fw_configRtfirewall.core.fw_policiesRtfirewall.core.fw_ipsetR tfirewall.core.fw_helperR tfirewall.core.loggerR tfirewall.core.io.firewalld_confR tfirewall.core.io.directR tfirewall.core.io.serviceRtfirewall.core.io.icmptypeRtfirewall.core.io.zoneRRtfirewall.core.io.ipsetRtfirewall.core.ipsetRtfirewall.core.io.helperRRtfirewall.errorsRtobjectR(((s9/usr/lib/python2.7/site-packages/firewall/core/fw_test.pyts2