ó  c‰`c@sdgZddlZddlZddlZddlmZddlmZddlm Z ddl m Z ddl m Z ddlmZdd lmZdd lmZdd lmZdd lmZdd lmZddlmZddlmZddlmZddl m!Z!ddl"m#Z#m$Z$ddl%m&Z&ddl'm(Z(ddl)m*Z*ddlm+Z+ddl,m-Z-de.fd„ƒYZ/dS(t Firewall_testi’’’’N(tconfig(t functions(tFirewallIcmpType(tFirewallService(t FirewallZone(tFirewallDirect(tFirewallConfig(tFirewallPolicies(t FirewallIPSet(tFirewallHelper(tlog(tfirewalld_conf(tDirect(tservice_reader(ticmptype_reader(t zone_readertZone(t ipset_reader(t IPSET_TYPES(t helper_reader(terrors(t FirewallErrorcBs+eZd„Zd„Zd„Zd„Zeed„Zd„Zed„Z d„Z d„Z d „Z d „Z d „Zd „Zd „Zd„Zd„Zd„Zd„Zed„Zd„Zd„Zd„Zd„Zd„Zd„Zd„Zd„Zd„Zd„Zd„Z d„Z!RS(cCsĀttjƒ|_t|_t|_t|_t|_t |_ t |ƒ|_ t |ƒ|_t|ƒ|_t|ƒ|_t|ƒ|_tƒ|_t|ƒ|_t|ƒ|_|jƒdS(N(R RtFIREWALLD_CONFt_firewalld_conftFalsetip4tables_enabledtip6tables_enabledtebtables_enabledt ipset_enabledRtipset_supported_typesRticmptypeRtserviceRtzoneRtdirectRRtpoliciesR tipsetR thelpert_Firewall_test__init_vars(tself((s9/usr/lib/python2.7/site-packages/firewall/core/fw_test.pyt__init__8s      cCshd|j|j|j|j|j|j|j|j|j|j |j |j |j |j |j|jfS(Ns>%s(%r, %r, %r, %r, %r, %r, %r, %r, %r, %r, %r, %r, %r, %r, %r)(t __class__RRRt_statet_panict _default_zonet_module_refcountt_markst _min_marktcleanup_on_exittipv6_rpfilter_enabledRt_individual_callst _log_deniedt_automatic_helpers(R'((s9/usr/lib/python2.7/site-packages/firewall/core/fw_test.pyt__repr__LscCsyd|_t|_d|_i|_g|_tj|_tj |_ tj |_ tj |_tj|_tj|_dS(NtINITt(R*RR+R,R-R.RtFALLBACK_MINIMAL_MARKR/tFALLBACK_CLEANUP_ON_EXITR0tFALLBACK_IPV6_RPFILTERR1tFALLBACK_INDIVIDUAL_CALLSR2tFALLBACK_LOG_DENIEDR3tFALLBACK_AUTOMATIC_HELPERSR4(R'((s9/usr/lib/python2.7/site-packages/firewall/core/fw_test.pyt __init_varsUs          cCs|jS(N(R2(R'((s9/usr/lib/python2.7/site-packages/firewall/core/fw_test.pytindividual_callscsc Cstj}tjdtjƒy|jjƒWntk rMtjdƒn X|jj dƒru|jj dƒ}n|jj dƒr„t |jj dƒƒ|_ n|jj dƒrö|jj dƒ}|dk rö|j ƒd-kröt|_qön|jj dƒrp|jj dƒ}|dk rp|j ƒd.krptjd ƒy|jjƒWqmtk riqmXqpn|jj d ƒrā|jj d ƒ}|dk rā|j ƒd/kr¾t|_n|j ƒd0krßt|_qßqān|jrūtjd ƒn tjdƒ|jj dƒrf|jj dƒ}|dk rf|j ƒd1krftjdƒt|_qfn|jj dƒrŁ|jj dƒ}|dksØ|j ƒdkr“d|_qŁ|j ƒ|_tjd|jƒn|jj dƒrm|jj dƒ}|dk rm|j ƒd2kr'd|_n-|j ƒd3krEd |_n|j ƒ|_tjd|jƒqmn|jjtj|jƒƒtjdƒy|jjjƒWn]tk r }|jjƒrźtjd|jjj|ƒq tjd|jjj|ƒnX|jjtj|jƒƒ|j tj!dƒ|j tj"dƒ|j tj#dƒ|j tj$dƒt%|j&j'ƒƒdkrtjdƒn|j tj(dƒ|j tj)dƒ|j tj*dƒ|j tj+dƒt%|j,j-ƒƒdkrtjdƒn|j tj.dƒ|j tj/dƒt%|j0j1ƒƒdkrrtj2d ƒt3j4d!ƒnt}xEd"d#d$gD]4}||j0j1ƒkrˆtj2d%|ƒt}qˆqˆW|rÖt3j4d!ƒn||j0j1ƒkrId&|j0j1ƒkr d&}n$d'|j0j1ƒkr'd'}nd"}tjd(||ƒ|}ntjd)|ƒt5tj6ƒ} t7j8j9tj6ƒrĪtjd*tj6ƒy| jƒWqĪtk rŹ}tjd+tj6|ƒqĪXn|jj:tj| ƒƒ|j;|ƒ|_<d,|_=dS(4Ns"Loading firewalld config file '%s's0Using fallback firewalld configuration settings.t DefaultZonet MinimalMarkt CleanupOnExittnotfalsetLockdowntyesttruesLockdown is enabledt IPv6_rpfiltersIPv6 rpfilter is enabledsIPV6 rpfilter is disabledtIndividualCallssIndividualCalls is enabledt LogDeniedtoffsLogDenied is set to '%s'tAutomaticHelperssAutomaticHelpers is set to '%s'sLoading lockdown whitelists*Failed to load lockdown whitelist '%s': %sR$RisNo icmptypes found.R%R sNo services found.R!sNo zones found.itblocktdropttrustedsZone '%s' is not available.tpublictexternals+Default zone '%s' is not valid. Using '%s'.sUsing default zone '%s'sLoading direct rules file '%s's)Failed to load direct rules file '%s': %stRUNNING(RCRD(syesRG(RCRD(syesRG(syesRG(RCRD(syesRG(>Rt FALLBACK_ZONER tdebug1RRtreadt ExceptiontwarningtgettintR/tNonetlowerRR0R#tenable_lockdownRR1tTrueR2R3R4tset_firewalld_conftcopytdeepcopytlockdown_whitelisttquery_lockdownterrortfilenamet set_policiest_loadertFIREWALLD_IPSETStETC_FIREWALLD_IPSETStFIREWALLD_ICMPTYPEStETC_FIREWALLD_ICMPTYPEStlenRt get_icmptypestFIREWALLD_HELPERStETC_FIREWALLD_HELPERStFIREWALLD_SERVICEStETC_FIREWALLD_SERVICESR t get_servicestFIREWALLD_ZONEStETC_FIREWALLD_ZONESR!t get_zonestfataltsystexitR tFIREWALLD_DIRECTtostpathtexistst set_directt check_zoneR,R*( R'treloadtcomplete_reloadt default_zonetvaluetmsgRctzR!tobj((s9/usr/lib/python2.7/site-packages/firewall/core/fw_test.pyt_startfsÜ                            cCs|jƒdS(N(R…(R'((s9/usr/lib/python2.7/site-packages/firewall/core/fw_test.pytstartsc Cstjj|ƒsdS|r†|jtjƒr}|dkr}tƒ}tjj|ƒ|_|j |jƒ||_t |_ q†t }nxēt tj |ƒƒD]Š}|jdƒs|jtjƒrœ|dkrœtjjd||fƒrœ|jd||f|dtƒqœqœnd||f}tjd||ƒyÜ|dkrt||ƒ}|j|jjƒkrŗ|jj|jƒ}tjd||j|j|jƒ|jj|jƒn!|jjtjƒrŪt|_ n|jj|ƒ|jjtj|ƒƒn |dkrŌt||ƒ}|j|jjƒkr‡|jj|jƒ}tjd||j|j|jƒ|jj |jƒn!|jjtjƒrØt|_ n|jj!|ƒ|jj!tj|ƒƒn>|dkrht"||d |ƒ}|r@dtjj|ƒtjj|ƒd d !f|_|j |jƒntj|ƒ} |j|j#j$ƒkré|j#j%|jƒ}|j#j&|jƒ|j'rÄtjd ||j||ƒ|j(|ƒqtjd||j|j|jƒn*|jjtjƒrt|_ t| _ n|jj)| ƒ|rUtjd ||j||ƒ|j(|ƒq|j#j)|ƒnŖ|d kr5t*||ƒ}|j|j+j,ƒkrč|j+j-|jƒ}tjd||j|j|jƒ|j+j.|jƒn!|jjtjƒr t|_ n|j+j/|ƒ|jj/tj|ƒƒnŻ|dkrt0||ƒ}|j|j1j2ƒkrµ|j1j3|jƒ}tjd||j|j|jƒ|j1j4|jƒn!|jjtjƒrÖt|_ n|j1j5|ƒ|jj5tj|ƒƒntj6d|ƒWqœt7k r>} tj8d||| ƒqœt9k rktj8d||ƒtj:ƒqœXqœW|r|j'r|j|j#j$ƒkr|j#j%|jƒ}tjd||j|j|jƒy|j#j&|jƒWnnX|jj;|jƒn|j#j)|ƒndS(NR!s.xmls%s/%stcombinesLoading %s file '%s'Rs Overloads %s '%s' ('%s/%s')R t no_check_nameiiü’’’s Combining %s '%s' ('%s/%s')R$R%sUnknown reader type %ssFailed to load %s file '%s': %ssFailed to load %s file '%s':s0 Overloading and deactivating %s '%s' ('%s/%s')(<RyRztisdirt startswithRt ETC_FIREWALLDRtbasenametnamet check_nameRtdefaulttsortedtlistdirtendswithRfR]R RTRRRlt get_icmptypeRdtremove_icmptypet add_icmptypeR_R`RR Rqt get_servicetremove_servicet add_serviceRR!Rttget_zonet remove_zonetcombinedR‡tadd_zoneRR$t get_ipsetst get_ipsett remove_ipsett add_ipsetRR%t get_helperst get_helpert remove_helpert add_helperRuRRcRVt exceptiont forget_zone( R'Rzt reader_typeR‡t combined_zoneRdRR„torig_objt config_objR‚((s9/usr/lib/python2.7/site-packages/firewall/core/fw_test.pyRfsģ                                             cCsƒ|jjƒ|jjƒ|jjƒ|jjƒ|jjƒ|jjƒ|jjƒ|jjƒ|j jƒ|j ƒdS(N( RtcleanupR R!R$R%RR"R#RR&(R'((s9/usr/lib/python2.7/site-packages/firewall/core/fw_test.pyR«s         cCs|jƒdS(N(R«(R'((s9/usr/lib/python2.7/site-packages/firewall/core/fw_test.pytstop™scCsdS(N((R'((s9/usr/lib/python2.7/site-packages/firewall/core/fw_test.pyt check_panicžscCsV|}| s|dkr(|jƒ}n||jjƒkrRttj|ƒ‚n|S(NR7(tget_default_zoneR!RtRRt INVALID_ZONE(R'R!t_zone((s9/usr/lib/python2.7/site-packages/firewall/core/fw_test.pyR}”s cCs(tj|ƒs$ttj|ƒ‚ndS(N(RtcheckInterfaceRRtINVALID_INTERFACE(R't interface((s9/usr/lib/python2.7/site-packages/firewall/core/fw_test.pytcheck_interface©scCs|jj|ƒdS(N(R t check_service(R'R ((s9/usr/lib/python2.7/site-packages/firewall/core/fw_test.pyRµ­scCs tj|ƒ}|dksY|dksY|dksYt|ƒdkr|d|dkr|dkrytjd|ƒnz|dkr™tjd|ƒnZ|dkr¹tjd|ƒn:t|ƒdkró|d|dkrótjd |ƒnttj|ƒ‚ndS( Niž’’’i’’’’iiis'%s': port > 65535s'%s': port is invalids'%s': port is ambiguouss'%s': range start >= end( Rt getPortRangeRZRkR RTRRt INVALID_PORT(R'tporttrange((s9/usr/lib/python2.7/site-packages/firewall/core/fw_test.pyt check_port°s$&   &cCsA|sttjƒ‚n|dkr=ttjd|ƒ‚ndS(Nttcptudptsctptdccps''%s' not in {'tcp'|'udp'|'sctp'|'dccp'}(R»R¼R½R¾(RRtMISSING_PROTOCOLtINVALID_PROTOCOL(R'tprotocol((s9/usr/lib/python2.7/site-packages/firewall/core/fw_test.pyt check_tcpudpæs   cCs(tj|ƒs$ttj|ƒ‚ndS(N(RtcheckIPRRt INVALID_ADDR(R'tip((s9/usr/lib/python2.7/site-packages/firewall/core/fw_test.pytcheck_ipĒscCs||dkr3tj|ƒsxttj|ƒ‚qxnE|dkrftj|ƒsxttj|ƒ‚qxnttjdƒ‚dS(Ntipv4tipv6s'%s' not in {'ipv4'|'ipv6'}(Rt checkIPnMaskRRRÄt checkIP6nMaskt INVALID_IPV(R'tipvtsource((s9/usr/lib/python2.7/site-packages/firewall/core/fw_test.pyt check_addressĖs   cCs|jj|ƒdS(N(Rtcheck_icmptype(R'ticmp((s9/usr/lib/python2.7/site-packages/firewall/core/fw_test.pyRĻÖscCsdS(N((R'R¬((s9/usr/lib/python2.7/site-packages/firewall/core/fw_test.pyR~ŪscCs|jS(N(R*(R'((s9/usr/lib/python2.7/site-packages/firewall/core/fw_test.pyt get_stateąscCsdS(N((R'((s9/usr/lib/python2.7/site-packages/firewall/core/fw_test.pytenable_panic_modeåscCsdS(N((R'((s9/usr/lib/python2.7/site-packages/firewall/core/fw_test.pytdisable_panic_modečscCs|jS(N(R+(R'((s9/usr/lib/python2.7/site-packages/firewall/core/fw_test.pytquery_panic_modeėscCs|jS(N(R3(R'((s9/usr/lib/python2.7/site-packages/firewall/core/fw_test.pytget_log_deniedšscCs˜|tjkr:ttjd|djtjƒfƒ‚n||jƒkr‚||_|jj d|ƒ|jj ƒ|j ƒnttj |ƒ‚dS(Ns'%s', choose from '%s's','RJ( RtLOG_DENIED_VALUESRRt INVALID_VALUEtjoinRÕR3RtsettwriteR~t ALREADY_SET(R'R((s9/usr/lib/python2.7/site-packages/firewall/core/fw_test.pytset_log_deniedós    cCs|jS(N(R4(R'((s9/usr/lib/python2.7/site-packages/firewall/core/fw_test.pytget_automatic_helpersscCs˜|tjkr:ttjd|djtjƒfƒ‚n||jƒkr‚||_|jj d|ƒ|jj ƒ|j ƒnttj |ƒ‚dS(Ns'%s', choose from '%s's','RL( RtAUTOMATIC_HELPERS_VALUESRRR×RŲRŻR4RRŁRŚR~RŪ(R'R((s9/usr/lib/python2.7/site-packages/firewall/core/fw_test.pytset_automatic_helperss    cCs|jS(N(R,(R'((s9/usr/lib/python2.7/site-packages/firewall/core/fw_test.pyR®scCs`|j|ƒ}||jkrJ||_|jjd|ƒ|jjƒnttj|ƒ‚dS(NR@(R}R,RRŁRŚRRtZONE_ALREADY_SET(R'R!R°((s9/usr/lib/python2.7/site-packages/firewall/core/fw_test.pytset_default_zones  cCs$|jjddƒ|jjƒdS(NRERF(RRŁRŚ(R'((s9/usr/lib/python2.7/site-packages/firewall/core/fw_test.pyR\(scCs$|jjddƒ|jjƒdS(NRERC(RRŁRŚ(R'((s9/usr/lib/python2.7/site-packages/firewall/core/fw_test.pytdisable_lockdown,s("t__name__t __module__R(R5R&R?RR…R†RfR«R¬R­R}R“RµRŗRĀRĘRĪRĻR~RŃRŅRÓRŌRÕRÜRŻRßR®RįR\Rā(((s9/usr/lib/python2.7/site-packages/firewall/core/fw_test.pyR7s>     ‡                    (0t__all__tos.pathRyRvR_tfirewallRRtfirewall.core.fw_icmptypeRtfirewall.core.fw_serviceRtfirewall.core.fw_zoneRtfirewall.core.fw_directRtfirewall.core.fw_configRtfirewall.core.fw_policiesRtfirewall.core.fw_ipsetR tfirewall.core.fw_helperR tfirewall.core.loggerR tfirewall.core.io.firewalld_confR tfirewall.core.io.directR tfirewall.core.io.serviceRtfirewall.core.io.icmptypeRtfirewall.core.io.zoneRRtfirewall.core.io.ipsetRtfirewall.core.ipsetRtfirewall.core.io.helperRRtfirewall.errorsRtobjectR(((s9/usr/lib/python2.7/site-packages/firewall/core/fw_test.pyts2