JFIF$        dd7 

Viewing File: /usr/lib/python3.9/site-packages/firewall/core/__pycache__/fw_config.cpython-39.opt-1.pyc

a

	�	i���@s�dgZddlZddlZddlZddlZddlmZmZddlm	Z	ddl
mZddlm
Z
ddlmZmZmZddlmZmZmZdd	lmZmZmZdd
lmZmZmZddlmZm Z m!Z!ddl"m#Z#m$Z$m%Z%dd
lm&Z&ddl'm(Z(Gdd�de)�Z*dS)�FirewallConfig�N)�Dict�List)�config)�log)�	IO_Object)�IcmpType�icmptype_reader�icmptype_writer)�Service�service_reader�service_writer)�Zone�zone_reader�zone_writer)�IPSet�ipset_reader�ipset_writer)�Helper�
helper_reader�
helper_writer)�Policy�
policy_reader�
policy_writer)�errors)�
FirewallErrorc@sReZdZdd�Zdd�Zdd�Zdd�Zd	d
�Zifee	e
efd�dd
�Zdd�Z
dd�Zdd�Zdd�Zdd�Zdd�Zdd�Zdd�Zdd�Zd d!�Zd"d#�Zd$d%�Zd&d'�Zd(d)�Zd*d+�Zd,d-�Zd.d/�Zd0d1�Zd2d3�Zd4d5�Z d6d7�Z!d8d9�Z"d:d;�Z#d<d=�Z$d>d?�Z%d@dA�Z&dBdC�Z'dDdE�Z(dFdG�Z)dHdI�Z*dJdK�Z+dLdM�Z,dNdO�Z-dPdQ�Z.dRdS�Z/dTdU�Z0dVdW�Z1dXdY�Z2dZd[�Z3d\d]�Z4d^d_�Z5d`da�Z6dbdc�Z7ddde�Z8dfdg�Z9dhdi�Z:djdk�Z;dldm�Z<dndo�Z=dpdq�Z>drds�Z?dtdu�Z@dvdw�ZAdxdy�ZBdzd{�ZCd|d}�ZDd~d�ZEd�d��ZFd�d��ZGd�d��ZHd�d��ZId�d��ZJd�d��ZKd�d��ZLd�d��ZMd�d��ZNd�d��ZOd�d��ZPd�d��ZQd�d��ZRd�d��ZSd�d��ZTd�d��ZUd�d��ZVd�d��ZWd�d��ZXd�d��ZYd�d��ZZd�d��Z[d�d��Z\d�d��Z]d�d��Z^d�d��Z_d�d��Z`d�d��Zad�d��Zbd�d��Zcd�d��Zdd�d��Zed�d��Zfd�dÄZgd�dńZhd�dDŽZid�dɄZjd�d˄Zkd�d̈́Zld�S)�rcCs||_|��dS�N)�_fw�_FirewallConfig__init_vars)�self�fw�r!�;/usr/lib/python3.9/site-packages/firewall/core/fw_config.py�__init__*szFirewallConfig.__init__cCsHd|j|j|j|j|j|j|j|j|j|j	|j
|j|j|j
|j|jfS)Nz>%s(%r, %r, %r, %r, %r, %r, %r, %r, %r, %r, %r, %r, %r, %r, %r))�	__class__�_ipsets�
_icmptypes�	_services�_zones�_helpersZpolicy_objects�_builtin_ipsets�_builtin_icmptypes�_builtin_services�_builtin_zones�_builtin_helpers�_builtin_policy_objects�_firewalld_conf�	_policies�_direct�rr!r!r"�__repr__.s��zFirewallConfig.__repr__cCs^i|_i|_i|_i|_i|_i|_i|_i|_i|_i|_	i|_
i|_d|_d|_
d|_dSr)r%r&r'r(r)�_policy_objectsr*r+r,r-r.r/r0r1r2r3r!r!r"Z__init_vars8szFirewallConfig.__init_varscCst|j���D]}|j|��|j|=qt|j���D]}|j|��|j|=q8t|j���D]}|j|��|j|=qbt|j���D]}|j|��|j|=q�t|j���D]}|j|��|j|=q�t|j���D]}|j|��|j|=q�t|j	���D]}|j	|��|j	|=�q
t|j
���D]}|j
|��|j
|=�q6t|j���D]}|j|��|j|=�qbt|j���D]}|j|��|j|=�q�|j
�r�|j
��|`
d|_
|j�r�|j��|`d|_|j�r|j��|`d|_|��dSr)�listr*�keys�cleanupr%r+r&r,r'r-r(r.r)r0r1r2r)r�xr!r!r"r8IsV








zFirewallConfig.cleanupcs�i}�fdd����D�|d<�fdd����D�|d<�fdd����D�|d<�fdd����D�|d	<�fd
d����D�|d<�fdd����D�|d
<i|d<�j�d�|dd<|S)zJ
        Returns a dict of dicts of all permanent config objects.
        csi|]}|��|��qSr!)�	get_ipset)�.0Zipsetr3r!r"�
<dictcomp>��z:FirewallConfig.get_all_io_objects_dict.<locals>.<dictcomp>�ipsetscsi|]}|��|��qSr!)�
get_helper)r;�helperr3r!r"r<�r=�helperscsi|]}|��|��qSr!)�get_icmptype)r;Zicmptyper3r!r"r<�r=�	icmptypescsi|]}|��|��qSr!)�get_service)r;Zservicer3r!r"r<�r=�servicescsi|]}|��|��qSr!)�get_zone)r;�zoner3r!r"r<�r=�zonescsi|]}|��|��qSr!)�get_policy_object)r;Zpolicyr3r!r"r<�r=�policies�confZFirewallBackend)�
get_ipsets�get_helpers�
get_icmptypes�get_services�	get_zones�get_policy_objectsr0�get)r�	conf_dictr!r3r"�get_all_io_objects_dict~sz&FirewallConfig.get_all_io_objects_dict)�extra_io_objectsc
Csn|��}|D] }||D]}||||j<qqgd�}|D].}||}|��D]\}}	|	�|	��|�qNq:dS)N)r>rArCrErHrJ)rT�name�itemsZcheck_config_dict�export_config_dict)
rrUZall_io_objectsZtype_key�obj�orderZio_obj_typeZio_objsrVZio_objr!r!r"�full_check_config�sz FirewallConfig.full_check_configcCs|jj��Sr)rrJZquery_lockdownr3r!r!r"�lockdown_enabled�szFirewallConfig.lockdown_enabledcCs|jj�||�Sr)rrJ�access_check)r�key�valuer!r!r"r]�szFirewallConfig.access_checkcCs
||_dSr�r0)rrKr!r!r"�set_firewalld_conf�sz!FirewallConfig.set_firewalld_confcCs|jSrr`r3r!r!r"�get_firewalld_conf�sz!FirewallConfig.get_firewalld_confcCs(tj�tj�s|j��n
|j��dSr)�os�path�existsrZFIREWALLD_CONFr0�clear�readr3r!r!r"�update_firewalld_conf�sz$FirewallConfig.update_firewalld_confcCs�|j|j|j|j|j|jg}|D]�}t�|�}|D]v}||}tj�	|j|j
�}zt�|d|�Wn<t
y�}z$t�d||�t�|�WYd}~n
d}~00||=q2q |j��|j��dS)N�%s.old�Backup of file '%s' failed: %s)r(r5r%r'r)r&�copyrcrd�join�filename�shutil�move�	Exceptionr�error�remover0�set_defaults�write)rrZZio_obj_dictZ	dict_copyZobj_namerYrV�msgr!r!r"�reset_defaults�s �
 

zFirewallConfig.reset_defaultscCs
||_dSr�r1)rrJr!r!r"�set_policies�szFirewallConfig.set_policiescCs|jSrrwr3r!r!r"�get_policies�szFirewallConfig.get_policiescCs,tj�tj�s|jj��n|jj��dSr)	rcrdrerZLOCKDOWN_WHITELISTr1Zlockdown_whitelistr8rgr3r!r!r"�update_lockdown_whitelist�sz(FirewallConfig.update_lockdown_whitelistcCs
||_dSr�r2)rZdirectr!r!r"�
set_direct�szFirewallConfig.set_directcCs|jSrr{r3r!r!r"�
get_direct�szFirewallConfig.get_directcCs(tj�tj�s|j��n
|j��dSr)rcrdrerZFIREWALLD_DIRECTr2r8rgr3r!r!r"�
update_direct�szFirewallConfig.update_directcCs$ttt|j���t|j�����Sr)�sorted�setr6r%r7r*r3r!r!r"rL�s�zFirewallConfig.get_ipsetscCs$|jr||j|j<n||j|j<dSr)�builtinr*rVr%�rrYr!r!r"�	add_ipset�szFirewallConfig.add_ipsetcCs8||jvr|j|S||jvr(|j|Sttj|��dSr)r%r*rr�
INVALID_IPSET�rrVr!r!r"r:�s




zFirewallConfig.get_ipsetcCst|j|jvrttj|j��nB|j|j|kr@ttjd|j��n|j|jvr^ttjd|j��|�|�|j|jS)Nzself._ipsets[%s] != objz'%s' not a built-in ipset)rVr%rr�NO_DEFAULTSr*�
_remove_ipsetr�r!r!r"�load_ipset_defaults�s��
z"FirewallConfig.load_ipset_defaultscCs|��Sr��
export_configr�r!r!r"�get_ipset_configszFirewallConfig.get_ipset_configcCsft�|�}|jr0tj|_d|_|j|jkr0d|_|�||���|�d|gi�|�	|�t
|�|S)NFr>)rkr�r�ETC_FIREWALLD_IPSETSrd�default�
import_configrTr[r�r�rrYrKr9r!r!r"�set_ipset_configs

zFirewallConfig.set_ipset_configcCs�||jvs||jvr$ttjd|��t�}|�|�||_d||_t	j
|_d|_d|_
|�||���|�d|gi�|�|�t|�|S)Nznew_ipset(): '%s'�%s.xmlFTr>)r%r*rr�
NAME_CONFLICTr�
check_namerVrmrr�rdr�r�r�rTr[r�r�rrVrKr9r!r!r"�	new_ipsets �


zFirewallConfig.new_ipsetc
Cs�tj�|�}tj�|�}tj�|�s�|tjkr�|j��D]L}|j|}|j	|kr8|j|=|j
|jvrxd|j|j
fSd|fSq8nJ|j��D]>}|j|}|j	|kr�|j|=|j
|jvr�d|fSdSq�dSt�
d|�zt||�}Wn6t�y&}zt�d||�WYd}~dSd}~00|j
|jv�rV|j
|jv�rV|�|�d|fS|tjk�r�|j
|jv�r�|j|j
j|_||j|j
<d|fS|j
|jv�r�|j|j
=||j|j
<|j
|jv�r�d|fSdSdS)N�updaterr�NNzLoading ipset file '%s'z"Failed to load ipset file '%s': %s�new)rcrd�basename�dirnamererr�r%r7rmrVr*r�debug1rrprqr�r��rrVrmrdr9rYrur!r!r"�update_ipset_from_path'sP






z%FirewallConfig.update_ipset_from_pathc
Cs�|j|jvrttj|j��|jtjkr>ttjd|jtjf��d|j|jf}zt	�
|d|�Wn<ty�}z$t�
d||�t�|�WYd}~n
d}~00|j|j=dS�Nz'%s' != '%s'�	%s/%s.xmlrirj)rVr%rrr�rdrr��INVALID_DIRECTORYrnrorprrqrcrr�rrYrVrur!r!r"r�ls�� zFirewallConfig._remove_ipsetcCs"|js|jsttjd|j��dS)Nz'%s' is built-in ipset)r�r�rrZ
BUILTIN_IPSETrVr�r!r!r"�check_builtin_ipset}s�z"FirewallConfig.check_builtin_ipsetcCs|�|�|�|�dSr)r�r�r�r!r!r"�remove_ipset�s
zFirewallConfig.remove_ipsetcCs$|�|�|�||�}|�|�|Sr)r��_copy_ipsetr�)rrYrVr�r!r!r"�rename_ipset�s

zFirewallConfig.rename_ipsetcCs|�||���Sr)r�r��rrYrVr!r!r"r��szFirewallConfig._copy_ipsetcCs$ttt|j���t|j�����Sr)rr�r6r&r7r+r3r!r!r"rN�s�zFirewallConfig.get_icmptypescCs$|jr||j|j<n||j|j<dSr)r�r+rVr&r�r!r!r"�add_icmptype�szFirewallConfig.add_icmptypecCs8||jvr|j|S||jvr(|j|Sttj|��dSr)r&r+rr�INVALID_ICMPTYPEr�r!r!r"rB�s




zFirewallConfig.get_icmptypecCst|j|jvrttj|j��nB|j|j|kr@ttjd|j��n|j|jvr^ttjd|j��|�|�|j|jS)Nzself._icmptypes[%s] != objz'%s' not a built-in icmptype)rVr&rrr�r+�_remove_icmptyper�r!r!r"�load_icmptype_defaults�s��
z%FirewallConfig.load_icmptype_defaultscCs|��Srr�r�r!r!r"�get_icmptype_config�sz"FirewallConfig.get_icmptype_configcCsft�|�}|jr0tj|_d|_|j|jkr0d|_|�||���|�d|gi�|�	|�t
|�|S)NFrC)rkr�r�ETC_FIREWALLD_ICMPTYPESrdr�r�rTr[r�r
r�r!r!r"�set_icmptype_config�s

z"FirewallConfig.set_icmptype_configcCs�||jvs||jvr$ttjd|��t�}|�|�||_d||_t	j
|_d|_d|_
|�||���|�d|gi�|�|�t|�|S)Nznew_icmptype(): '%s'r�FTrC)r&r+rrr�rr�rVrmrr�rdr�r�r�rTr[r�r
r�r!r!r"�new_icmptype�s �


zFirewallConfig.new_icmptypec
Cs�tj�|�}tj�|�}tj�|�s�|tjkr�|j��D]L}|j|}|j	|kr8|j|=|j
|jvrxd|j|j
fSd|fSq8nJ|j��D]>}|j|}|j	|kr�|j|=|j
|jvr�d|fSdSq�dSt�
d|�zt||�}Wn6t�y&}zt�d||�WYd}~dSd}~00|j
|jv�rV|j
|jv�rV|�|�d|fS|tjk�r�|j
|jv�r�|j|j
j|_||j|j
<d|fS|j
|jv�r�|j|j
=||j|j
<|j
|jv�r�d|fSdSdS)Nr�rrr�zLoading icmptype file '%s'z%Failed to load icmptype file '%s': %sr�)rcrdr�r�rerr�r&r7rmrVr+rr�r	rprqr�r�r�r!r!r"�update_icmptype_from_path�sP






z(FirewallConfig.update_icmptype_from_pathc
Cs�|j|jvrttj|j��|jtjkr>ttjd|jtjf��d|j|jf}zt	�
|d|�Wn<ty�}z$t�
d||�t�|�WYd}~n
d}~00|j|j=dSr�)rVr&rrr�rdrr�r�rnrorprrqrcrrr�r!r!r"r�s
�� zFirewallConfig._remove_icmptypecCs"|js|jsttjd|j��dS)Nz'%s' is built-in icmp type)r�r�rrZBUILTIN_ICMPTYPErVr�r!r!r"�check_builtin_icmptype)s�z%FirewallConfig.check_builtin_icmptypecCs|�|�|�|�dSr)r�r�r�r!r!r"�remove_icmptype.s
zFirewallConfig.remove_icmptypecCs$|�|�|�||�}|�|�|Sr)r��_copy_icmptyper�)rrYrVr�r!r!r"�rename_icmptype2s

zFirewallConfig.rename_icmptypecCs|�||���Sr)r�r�r�r!r!r"r�8szFirewallConfig._copy_icmptypecCs$ttt|j���t|j�����Sr)rr�r6r'r7r,r3r!r!r"rO=s�zFirewallConfig.get_servicescCs$|jr||j|j<n||j|j<dSr)r�r,rVr'r�r!r!r"�add_serviceAszFirewallConfig.add_servicecCs<||jvr|j|S||jvr(|j|Sttjd|��dS)Nzget_service(): '%s')r'r,rr�INVALID_SERVICEr�r!r!r"rDGs




zFirewallConfig.get_servicecCst|j|jvrttj|j��nB|j|j|kr@ttjd|j��n|j|jvr^ttjd|j��|�|�|j|jS)Nzself._services[%s] != objz'%s' not a built-in service)rVr'rrr�r,�_remove_servicer�r!r!r"�load_service_defaultsNs��
z$FirewallConfig.load_service_defaultsc	Csn|��}g}td�D]P}|j|d|vrL|�t�t||j|d���q|�||j|d�qt|�S)N�r�rX�range�IMPORT_EXPORT_STRUCTURE�appendrk�deepcopy�getattr�tuple�rrYrSZ	conf_list�ir!r!r"�get_service_configZs"z!FirewallConfig.get_service_configcCs|��Sr�rXr�r!r!r"�get_service_config_dictfsz&FirewallConfig.get_service_config_dictcCs4i}t|�D]\}}|||j|d<q|�||�S�Nr)�	enumerater��set_service_config_dict�rrYrKrSr�r_r!r!r"�set_service_configisz!FirewallConfig.set_service_configcCsft�|�}|jr0tj|_d|_|j|jkr0d|_|�||���|�d|gi�|�	|�t
|�|S)NFrE)rkr�r�ETC_FIREWALLD_SERVICESrdr��import_config_dictrTr[r�r
r�r!r!r"r�ps

z&FirewallConfig.set_service_config_dictcCsX||jvs||jvr$ttjd|��i}t|�D]\}}||tj|d<q0|�||�S)N�new_service(): '%s'r)	r'r,rrr�r�rr��new_service_dict�rrVrKrSr�r_r!r!r"�new_service~s�zFirewallConfig.new_servicecCs�||jvs||jvr$ttjd|��t�}|�|�||_d||_t	j
|_d|_d|_
|�||���|�d|gi�|�|�t|�|S)Nr�r�FTrE)r'r,rrr�rr�rVrmrr�rdr�r�r�rTr[r�r
r�r!r!r"r��s �


zFirewallConfig.new_service_dictc
Cs�tj�|�}tj�|�}tj�|�s�|tjkr�|j��D]L}|j|}|j	|kr8|j|=|j
|jvrxd|j|j
fSd|fSq8nJ|j��D]>}|j|}|j	|kr�|j|=|j
|jvr�d|fSdSq�dSt�
d|�zt||�}Wn6t�y&}zt�d||�WYd}~dSd}~00|j
|jv�rV|j
|jv�rV|�|�d|fS|tjk�r�|j
|jv�r�|j|j
j|_||j|j
<d|fS|j
|jv�r�|j|j
=||j|j
<|j
|jv�r�d|fSdSdS)Nr�rrr�zLoading service file '%s'z$Failed to load service file '%s': %sr�)rcrdr�r�rerr�r'r7rmrVr,rr�rrprqr�r�r�r!r!r"�update_service_from_path�sP






z'FirewallConfig.update_service_from_pathc
Cs�|j|jvrttj|j��|jtjkr>ttjd|jtjf��d|j|jf}zt	�
|d|�Wn<ty�}z$t�
d||�t�|�WYd}~n
d}~00|j|j=dSr�)rVr'rrr�rdrr�r�rnrorprrqrcrrr�r!r!r"r��s
�� zFirewallConfig._remove_servicecCs"|js|jsttjd|j��dS)Nz'%s' is built-in service)r�r�rrZBUILTIN_SERVICErVr�r!r!r"�check_builtin_service�s�z$FirewallConfig.check_builtin_servicecCs|�|�|�|�dSr)r�r�r�r!r!r"�remove_service�s
zFirewallConfig.remove_servicecCs$|�|�|�||�}|�|�|Sr)r��
_copy_servicer�)rrYrVr�r!r!r"�rename_service�s

zFirewallConfig.rename_servicecCs|�||���Sr)r�rXr�r!r!r"r�szFirewallConfig._copy_servicecCs$ttt|j���t|j�����Sr)rr�r6r(r7r-r3r!r!r"rPs�zFirewallConfig.get_zonescCs$|jr||j|j<n||j|j<dSr)r�r-rVr(r�r!r!r"�add_zoneszFirewallConfig.add_zonecCs(||jvr|j|=||jvr$|j|=dSr)r-r(r�r!r!r"�forget_zones

zFirewallConfig.forget_zonecCs<||jvr|j|S||jvr(|j|Sttjd|��dS)Nzget_zone(): %s)r(r-rr�INVALID_ZONEr�r!r!r"rFs




zFirewallConfig.get_zonecCst|j|jvrttj|j��nB|j|j|kr@ttjd|j��n|j|jvr^ttjd|j��|�|�|j|jS)Nzself._zones[%s] != objz'%s' not a built-in zone)rVr(rrr�r-�_remove_zoner�r!r!r"�load_zone_defaultss��
z!FirewallConfig.load_zone_defaultsc	Csn|��}g}td�D]P}|j|d|vrL|�t�t||j|d���q|�||j|d�qt|�S)N�rr�r�r!r!r"�get_zone_config*s"zFirewallConfig.get_zone_configcCs|��Srr�r�r!r!r"�get_zone_config_dict6sz#FirewallConfig.get_zone_config_dictcCs4i}t|�D]\}}|||j|d<q|�||�Sr�)r�r��set_zone_config_dictr�r!r!r"�set_zone_config9szFirewallConfig.set_zone_configcCsft�|�}|jr0tj|_d|_|j|jkr0d|_|�||���|�d|gi�|�	|�t
|�|S)NFrH)rkr�r�ETC_FIREWALLD_ZONESrdr�r�rTr[r�rr�r!r!r"r�@s

z#FirewallConfig.set_zone_config_dictcCsX||jvs||jvr$ttjd|��i}t|�D]\}}||tj|d<q0|�||�S)N�new_zone(): '%s'r)	r(r-rrr�r�rr��
new_zone_dictr�r!r!r"�new_zoneNszFirewallConfig.new_zonecCs�||jvs||jvr$ttjd|��t�}|�|�||_d||_t	j
|_d|_d|_
|�||���|�d|gi�|�|�t|�|S)Nr�r�FTrH)r(r-rrr�rr�rVrmrr�rdr�r�r�rTr[r�rr�r!r!r"r�Xs


zFirewallConfig.new_zone_dictc
Cs"tj�|�}tj�|�}tj�|�s�|�tj�r�|j�	�D]L}|j|}|j
|kr:|j|=|j|jvrzd|j|jfSd|fSq:nJ|j�	�D]>}|j|}|j
|kr�|j|=|j|jvr�d|fSdSq�dSt
�d|�zt||�}Wn6t�y(}zt
�d||�WYd}~dSd}~00|�tj��rrt|�ttj�k�rrdtj�|�tj�|�dd�f|_|j|jv�r�|j|jv�r�|�|�d	|fS|�tj��r�|j|jv�r�|j|jj|_||j|j<d|fS|j|jv�r|j|j=||j|j<|j|jv�rd|fSdSdS)
Nr�rrr�zLoading zone file '%s'z!Failed to load zone file '%s': %s�%s/%sr���r�)rcrdr�r�re�
startswithrr�r(r7rmrVr-rr�rrprq�lenr�r�r�r!r!r"�update_zone_from_pathks\



��

z$FirewallConfig.update_zone_from_pathc
Cs�|j|jvrttj|j��|j�tj�s@ttj	d|jtjf��d|j|jf}zt
�|d|�Wn<ty�}z$t
�d||�t�|�WYd}~n
d}~00|j|j=dS�Nz'%s' doesn't start with '%s'r�rirj)rVr(rrr�rdr�rr�r�rnrorprrqrcrrr�r!r!r"r��s
�� zFirewallConfig._remove_zonecCs"|js|jsttjd|j��dS)Nz'%s' is built-in zone)r�r�rrZBUILTIN_ZONErVr�r!r!r"�check_builtin_zone�s�z!FirewallConfig.check_builtin_zonecCs|�|�|�|�dSr)r�r�r�r!r!r"�remove_zone�s
zFirewallConfig.remove_zonecCsN|�|�|��}|�|�z|�||�}Wn|�|j|��Yn0|Sr)r�rXr�r�rV)rrYrVZobj_confr�r!r!r"�rename_zone�s

zFirewallConfig.rename_zonecCs$ttt|j���t|j�����Sr)rr�r6r5r7r/r3r!r!r"rQ�s�z!FirewallConfig.get_policy_objectscCs$|jr||j|j<n||j|j<dSr)r�r/rVr5r�r!r!r"�add_policy_object�sz FirewallConfig.add_policy_objectcCs<||jvr|j|S||jvr(|j|Sttjd|��dS)Nzget_policy_object(): %s)r5r/rr�INVALID_POLICYr�r!r!r"rI�s




z FirewallConfig.get_policy_objectcCst|j|jvrttj|j��nB|j|j|kr@ttjd|j��n|j|jvr^ttjd|j��|�|�|j|jS)Nzself._policy_objects[%s] != objz'%s' not a built-in policy)rVr5rrr�r/�_remove_policy_objectr�r!r!r"�load_policy_object_defaults�s��
z*FirewallConfig.load_policy_object_defaultscCs|��Srr�r�r!r!r"�get_policy_object_config_dict�sz,FirewallConfig.get_policy_object_config_dictcCsft�|�}|jr0tj|_d|_|j|jkr0d|_|�||���|�d|gi�|�	|�t
|�|S)NFrJ)rkr�r�ETC_FIREWALLD_POLICIESrdr�r�rTr[r�rr�r!r!r"�set_policy_object_config_dict�s

z,FirewallConfig.set_policy_object_config_dictcCs�||jvs||jvr$ttjd|��t�}|�|�||_d||_t	j
|_d|_d|_
|�||���|�d|gi�|�|�t|�|S)Nznew_policy_object(): '%s'r�FTrJ)r5r/rrr�rr�rVrmrr�rdr�r�r�rTr[r�rr�r!r!r"�new_policy_object_dicts


z%FirewallConfig.new_policy_object_dictc
Cs"tj�|�}tj�|�}tj�|�s�|�tj�r�|j�	�D]L}|j|}|j
|kr:|j|=|j|jvrzd|j|jfSd|fSq:nJ|j�	�D]>}|j|}|j
|kr�|j|=|j|jvr�d|fSdSq�dSt
�d|�zt||�}Wn6t�y(}zt
�d||�WYd}~dSd}~00|�tj��rrt|�ttj�k�rrdtj�|�tj�|�dd�f|_|j|jv�r�|j|jv�r�|�|�d	|fS|�tj��r�|j|jv�r�|j|jj|_||j|j<d|fS|j|jv�r|j|j=||j|j<|j|jv�rd|fSdSdS)
Nr�rrr�zLoading policy file '%s'z#Failed to load policy file '%s': %sr�rr�r�)rcrdr�r�rer�rr�r5r7rmrVr/rr�rrprqr�r�r�r�r!r!r"�update_policy_object_from_paths\



��

z-FirewallConfig.update_policy_object_from_pathc
Cs�|j|jvrttj|j��|j�tj�s@ttj	d|jtjf��d|j|jf}zt
�|d|�Wn<ty�}z$t
�d||�t�|�WYd}~n
d}~00|j|j=dSr�)rVr5rrr�rdr�rr�r�rnrorprrqrcrrr�r!r!r"r�js
�� z$FirewallConfig._remove_policy_objectcCs"|js|jsttjd|j��dS)Nz'%s' is built-in policy)r�r�rrZBUILTIN_POLICYrVr�r!r!r"�check_builtin_policy_object{s�z*FirewallConfig.check_builtin_policy_objectcCs|�|�|�|�dSr)r�r�r�r!r!r"�remove_policy_object�s
z#FirewallConfig.remove_policy_objectcCs$|�|�|�||�}|�|�|Sr)r��_copy_policy_objectr�)rrYrVZnew_policy_objectr!r!r"�rename_policy_object�s

z#FirewallConfig.rename_policy_objectcCs|�||���Sr)r�rXr�r!r!r"r��sz"FirewallConfig._copy_policy_objectcCs$ttt|j���t|j�����Sr)rr�r6r)r7r.r3r!r!r"rM�s�zFirewallConfig.get_helperscCs$|jr||j|j<n||j|j<dSr)r�r.rVr)r�r!r!r"�
add_helper�szFirewallConfig.add_helpercCs8||jvr|j|S||jvr(|j|Sttj|��dSr)r)r.rr�INVALID_HELPERr�r!r!r"r?�s




zFirewallConfig.get_helpercCst|j|jvrttj|j��nB|j|j|kr@ttjd|j��n|j|jvr^ttjd|j��|�|�|j|jS)Nzself._helpers[%s] != objz'%s' not a built-in helper)rVr)rrr�r.�_remove_helperr�r!r!r"�load_helper_defaults�s��
z#FirewallConfig.load_helper_defaultscCs|��Srr�r�r!r!r"�get_helper_config�sz FirewallConfig.get_helper_configcCsft�|�}|jr0tj|_d|_|j|jkr0d|_|�||���|�d|gi�|�	|�t
|�|S)NFrA)rkr�r�ETC_FIREWALLD_HELPERSrdr�r�rTr[r�rr�r!r!r"�set_helper_config�s

z FirewallConfig.set_helper_configcCs�||jvs||jvr$ttjd|��t�}|�|�||_d||_t	j
|_d|_d|_
|�||���|�d|gi�|�|�t|�|S)Nznew_helper(): '%s'r�FTrA)r)r.rrr�rr�rVrmrr�rdr�r�r�rTr[r�rr�r!r!r"�
new_helper�s �


zFirewallConfig.new_helperc
Cs�tj�|�}tj�|�}tj�|�s�|tjkr�|j��D]L}|j|}|j	|kr8|j|=|j
|jvrxd|j|j
fSd|fSq8nJ|j��D]>}|j|}|j	|kr�|j|=|j
|jvr�d|fSdSq�dSt�
d|�zt||�}Wn6t�y&}zt�d||�WYd}~dSd}~00|j
|jv�rV|j
|jv�rV|�|�d|fS|tjk�r�|j
|jv�r�|j|j
j|_||j|j
<d|fS|j
|jv�r�|j|j
=||j|j
<|j
|jv�r�d|fSdSdS)Nr�rrr�zLoading helper file '%s'z#Failed to load helper file '%s': %sr�)rcrdr�r�rerr�r)r7rmrVr.rr�rrprqr�r�r�r!r!r"�update_helper_from_path�sP






z&FirewallConfig.update_helper_from_pathc
Cs�|j|jvrttj|j��|jtjkr>ttjd|jtjf��d|j|jf}zt	�
|d|�Wn<ty�}z$t�
d||�t�|�WYd}~n
d}~00|j|j=dSr�)rVr)rrr�rdrr�r�rnrorprrqrcrrr�r!r!r"r�s�� zFirewallConfig._remove_helpercCs"|js|jsttjd|j��dS)Nz'%s' is built-in helper)r�r�rrZBUILTIN_HELPERrVr�r!r!r"�check_builtin_helper's�z#FirewallConfig.check_builtin_helpercCs|�|�|�|�dSr)rr�r�r!r!r"�
remove_helper,s
zFirewallConfig.remove_helpercCs$|�|�|�||�}|�|�|Sr)r�_copy_helperr�)rrYrVrr!r!r"�
rename_helper0s

zFirewallConfig.rename_helpercCs|�||���Sr)rr�r�r!r!r"r6szFirewallConfig._copy_helperN)m�__name__�
__module__�__qualname__r#r4rr8rTr�strrrr[r\r]rarbrhrvrxryrzr|r}r~rLr�r:r�r�r�r�r�r�r�r�r�r�rNr�rBr�r�r�r�r�r�r�r�r�r�rOr�rDr�r�r�r�r�r�r�r�r�r�r�r�r�rPr�r�rFr�r�r�r�r�r�r�r�r�r�r�r�rQr�rIr�r�r�r�r�r�r�r�r�r�rMr�r?r�r�r�rrr�rrrrr!r!r!r"r)s�
5EEE
KKE)+�__all__rkrcZos.pathrn�typingrrZfirewallrZfirewall.core.loggerrZfirewall.core.io.io_objectrZfirewall.core.io.icmptyperr	r
Zfirewall.core.io.servicerrr
Zfirewall.core.io.zonerrrZfirewall.core.io.ipsetrrrZfirewall.core.io.helperrrrZfirewall.core.io.policyrrrrZfirewall.errorsr�objectrr!r!r!r"�<module>s"
Back to Directory  nL+D550H?Mx ,D"v]qv;6*Zqn)ZP0!1 A "#a$2Qr D8 a Ri[f\mIykIw0cuFcRı?lO7к_f˓[C$殷WF<_W ԣsKcëIzyQy/_LKℂ;C",pFA:/]=H  ~,ls/9ć:[=/#f;)x{ٛEQ )~ =𘙲r*2~ a _V=' kumFD}KYYC)({ *g&f`툪ry`=^cJ.I](*`wq1dđ#̩͑0;H]u搂@:~וKL Nsh}OIR*8:2 !lDJVo(3=M(zȰ+i*NAr6KnSl)!JJӁ* %݉?|D}d5:eP0R;{$X'xF@.ÊB {,WJuQɲRI;9QE琯62fT.DUJ;*cP A\ILNj!J۱+O\͔]ޒS߼Jȧc%ANolՎprULZԛerE2=XDXgVQeӓk yP7U*omQIs,K`)6\G3t?pgjrmۛجwluGtfh9uyP0D;Uڽ"OXlif$)&|ML0Zrm1[HXPlPR0'G=i2N+0e2]]9VTPO׮7h(F*癈'=QVZDF,d߬~TX G[`le69CR(!S2!P <0x<!1AQ "Raq02Br#SCTb ?Ζ"]mH5WR7k.ۛ!}Q~+yԏz|@T20S~Kek *zFf^2X*(@8r?CIuI|֓>^ExLgNUY+{.RѪ τV׸YTD I62'8Y27'\TP.6d&˦@Vqi|8-OΕ]ʔ U=TL8=;6c| !qfF3aů&~$l}'NWUs$Uk^SV:U# 6w++s&r+nڐ{@29 gL u"TÙM=6(^"7r}=6YݾlCuhquympǦ GjhsǜNlɻ}o7#S6aw4!OSrD57%|?x>L |/nD6?/8w#[)L7+6〼T ATg!%5MmZ/c-{1_Je"|^$'O&ޱմTrb$w)R$& N1EtdU3Uȉ1pM"N*(DNyd96.(jQ)X 5cQɎMyW?Q*!R>6=7)Xj5`J]e8%t!+'!1Q5 !1 AQaqё#2"0BRb?Gt^## .llQT $v,,m㵜5ubV =sY+@d{N! dnO<.-B;_wJt6;QJd.Qc%p{ 1,sNDdFHI0ГoXшe黅XۢF:)[FGXƹ/w_cMeD,ʡcc.WDtA$j@:) -# u c1<@ۗ9F)KJ-hpP]_x[qBlbpʖw q"LFGdƶ*s+ډ_Zc"?%t[IP 6J]#=ɺVvvCGsGh1 >)6|ey?Lӣm,4GWUi`]uJVoVDG< SB6ϏQ@ TiUlyOU0kfV~~}SZ@*WUUi##; s/[=!7}"WN]'(L! ~y5g9T̅JkbM' +s:S +B)v@Mj e Cf jE 0Y\QnzG1д~Wo{T9?`Rmyhsy3!HAD]mc1~2LSu7xT;j$`}4->L#vzŏILS ֭T{rjGKC;bpU=-`BsK.SFw4Mq]ZdHS0)tLg