JFIF$        dd7 

Viewing File: /usr/lib/python3.9/site-packages/firewall/core/__pycache__/fw_zone.cpython-39.opt-1.pyc

a

	�	iߩ�@s�ddlZddlmZmZmZddlmZddlmZddl	m
Z
ddlmZm
Z
mZmZmZmZmZmZmZmZmZddlmZddlmZmZmZdd	lmZdd
lm Z Gdd�de!�Z"dS)
�N)�	SHORTCUTS�DEFAULT_ZONE_TARGET�SOURCE_IPSET_TYPES)�FirewallTransaction)�Policy)�log)�Rich_ForwardPort�Rich_IcmpBlock�
Rich_IcmpType�	Rich_Mark�Rich_Masquerade�	Rich_Port�
Rich_Protocol�	Rich_Rule�Rich_Service�Rich_SourcePort�Rich_Tcp_Mss_Clamp)�nm_get_bus_name)�checkIPnMask�
checkIP6nMask�	check_mac)�errors)�
FirewallErrorc@s&eZdZdZdd�Zdd�Zdd�Zdd	�Zd
d�Zdd
�Z	dd�Z
dd�Zdd�Zdd�Z
dd�Zdd�Zdd�Zd�dd�Zdd �Zd!d"�Zd#d$�Zd�d%d&�Zd'd(�Zd�d)d*�Zd�d+d,�Zd-d.�Zd/d0�Zd1d2�Zd3d4�Zd5d6�Zd�d8d9�Zd:d;�Zd�d<d=�Z d�d>d?�Z!d�d@dA�Z"dBdC�Z#dDdE�Z$dFdG�Z%d�dIdJ�Z&d�dKdL�Z'd�dMdN�Z(dOdP�Z)d�dQdR�Z*d�dSdT�Z+dUdV�Z,dWdX�Z-dYdZ�Z.d�d[d\�Z/d]d^�Z0d_d`�Z1dadb�Z2dcdd�Z3dedf�Z4dgdh�Z5d�didj�Z6dkdl�Z7dmdn�Z8dodp�Z9d�dqdr�Z:dsdt�Z;dudv�Z<dwdx�Z=d�dydz�Z>d{d|�Z?d}d~�Z@dd��ZAd�d��ZBd�d�d��ZCd�d��ZDd�d��ZEd�d��ZFd�d�d��ZGd�d��ZHd�d��ZId�d��ZJd�d�d��ZKd�d��ZLd�d��ZMd�d�d��ZNd�d�d��ZOd�d�d��ZPd�d��ZQd�d�d��ZRd�d��ZSd�d��ZTd�d��ZUd�d�d��ZVd�d��ZWd�d��ZXd�d��ZYd�d��ZZd�d�d��Z[d�d��Z\d�d�d��Z]d�d��Z^d�d��Z_dS)��FirewallZonercCs||_i|_i|_dS�N)�_fw�_zones�_zone_policies)�self�fw�r �9/usr/lib/python3.9/site-packages/firewall/core/fw_zone.py�__init__0szFirewallZone.__init__cCsd|j|jfS)Nz%s(%r))�	__class__r�rr r r!�__repr__5szFirewallZone.__repr__cCs|j��|j��dSr)r�clearrr$r r r!�cleanup8s
zFirewallZone.cleanupcCst|j�}|�|jj�|Sr)rrZadd_pre�full_check_config)r�tr r r!�new_transaction<s
zFirewallZone.new_transactioncCsdj||d�S)Nzzone_{fromZone}_{toZone})�fromZone�toZone)�format)rr+r,r r r!�policy_name_from_zonesAsz#FirewallZone.policy_name_from_zonescCst|j���Sr)�sortedr�keysr$r r r!�	get_zonesFszFirewallZone.get_zonescCs4g}|��D]"}|�|�s$|�|�r|�|�q|Sr)r1�list_interfaces�list_sources�append)rZactive_zones�zoner r r!�get_active_zonesIs
zFirewallZone.get_active_zonescCs2|�|�}|jD]}||j|jvr|SqdSr)�_FirewallZone__interface_idr�
interfaces)r�	interface�interface_idr5r r r!�get_zone_of_interfacePs



z"FirewallZone.get_zone_of_interfacecCs2|�|�}|jD]}||j|jvr|SqdSr)�_FirewallZone__source_idr�sources)r�source�	source_idr5r r r!�get_zone_of_sourceXs



zFirewallZone.get_zone_of_sourcecCs|j�|�}|j|Sr)r�
check_zoner)rr5�zr r r!�get_zone`szFirewallZone.get_zonec		CsHt�}|j|_|�||�|_|j|_|j|_|g|_|g|_dD�]}||jkrz|dkrz|dvrzt	||t
�t||���q@|dkr�||jkr�|dvr�t	||t
�t||���q@||jkr�|dkr�|dvr�t	||t
�t||���q@|dvr@g|_
g|_|j
D]D}|�||�}t|d�}||�|j|�vr�|j
�|�|j�|�q�q@|S)	N)	�services�ports�
masquerade�
forward_ports�source_ports�icmp_blocks�icmp_block_inversion�	rules_str�	protocols�HOST)rDrErHrIrJrL�ANY)rF)rG)rK��rule_str)r�nameZderived_from_zoner.�ZONE_POLICY_PRIORITY�priority�targetZ
ingress_zonesZegress_zones�setattr�copy�deepcopy�getattrrK�rulesr�_rich_rule_to_policiesr4)	r�z_objr+r,�p_objZsettingrPZcurrent_policy�ruler r r!�policy_obj_from_zone_objds8
��

z%FirewallZone.policy_obj_from_zone_objcCsr||j|j<g|j|j<|jdfd|jf|jdffD]8\}}|�|||�}|jj�|�|j|j�|j�q4dS)NrMrN)rrQrr^r�policyZ
add_policyr4)r�objr+r,r\r r r!�add_zone�s�zFirewallZone.add_zonecCs.|j|}|jr|�|�|j|=|j|=dSr)r�applied�unapply_zone_settingsr)rr5r`r r r!�remove_zone�s


zFirewallZone.remove_zoneNcCsR|��D]D}|j|}t|j�dks2t|j�dkrt�d|�|j||d�qdS)NrzApplying zone '%s'��use_transaction)r1r�lenr8r=r�debug1�apply_zone_settings)rrfr5r[r r r!�apply_zones�s

zFirewallZone.apply_zonescCs|j|}||_dSr)rrb)rr5rbr`r r r!�set_zone_applied�s
zFirewallZone.set_zone_appliedcCs�d|vrdS|�d�}t|�dkr&dSd}tD]}|dt|kr.|}q.|dur�|d|��vrddSt|�dks�t|�dkr�|ddvr�|d|fSdS)N�_�r��)ZprerZdenyZallowZpost)�splitrgrr1)r�chainZsplits�_chain�xr r r!�zone_from_chain�s&

�
�zFirewallZone.zone_from_chaincCst|�|�}|durdS|\}}|dvr0|}d}n4|dvrB|}d}n"|dvrTd}|}nttjd|��|�||�|fS)N)Z
PREROUTINGZFORWARDrN)ZINPUTrM)ZPOSTROUTINGz&chain '%s' can't be mapped to a policy)rtrrZ
INVALID_CHAINr.)rrqrsr5rrr+r,r r r!�policy_from_chain�s
zFirewallZone.policy_from_chainc	Csj|dvrf|�|�}|durf|�|�\}}|dur:|��}n|}|jj�|d|||�|durf|�d�dS)N)�ipv4�ipv6T)rur*rr_Zgen_chain_rules�execute)	r�ipv�tablerqrfrsr_rr�transactionr r r!�create_zone_base_by_chain�s

�z&FirewallZone.create_zone_base_by_chainc	Cs�dD]�}t|�|�|�}t|t�r(|g}|D]j}|dkrJ|�||||�q,|dkrp|�|�}|�|||||�q,|dkr|q,q,|dkr�q,t�d|||�q,q|r�|�	|||�dS)N)r8r=�forwardrJr8r=rJr}z3Zone '%s': Unknown setting '%s:%s', unable to apply)
rXrC�
isinstance�bool�
_interface�check_source�_sourcerZwarning�_icmp_block_inversion)r�enabler5r{�keyZ	args_list�argsryr r r!�_zone_settings�s&

�zFirewallZone._zone_settingscCs�|j�|�}|j|}|jr dSd|_|dur8|��}n|}|j|D]$}t�d||�|jjj	||d�qF|�
d||�|dur�|�d�dS)NTz+Applying policy (%s) derived from zone '%s're)rrArrbr*rrrhr_�apply_policy_settingsr�rx�rr5rf�_zoner`r{r_r r r!ri	s

z FirewallZone.apply_zone_settingscCs||j�|�}|j|}|js dS|dur2|��}n|}|j|D]}|jjj||d�q@|�d||�|durx|�	d�dS)NreFT)
rrArrbr*rr_�unapply_policy_settingsr�rxr�r r r!rcs

z"FirewallZone.unapply_zone_settingsc	Csz|�|�}|�|�}g}td�D]P}|j|d|vrX|�t�t||j|d���q |�||j|d�q t|�S)�H
        :return: exported config updated with runtime settings
        �r)	rC�get_config_with_settings_dict�rangeZIMPORT_EXPORT_STRUCTUREr4rVrWrX�tuple)rr5r`Z	conf_dictZ	conf_list�ir r r!�get_config_with_settings1s

"z%FirewallZone.get_config_with_settingscCs�|�|���}|dtkr"d|d<|�|�|�|�|�|�|�|�|�|�|�|�|�	|�|�
|�|�|�|�|�|�
|�|�|�d�}|j�||�S)r�rT�default�rDrErIrFrGr8r=rKrLrHrJr})rCZexport_config_dictr�
list_services�
list_ports�list_icmp_blocks�query_masquerade�list_forward_portsr2r3�
list_rules�list_protocols�list_source_ports�query_icmp_block_inversion�
query_forwardrZ'combine_runtime_with_permanent_settings)rr5Z	permanentZruntimer r r!r�As"�
z*FirewallZone.get_config_with_settings_dictc
s,d
�fdd�	}�fdd�}�j�jf�j�jf�j�jf�j�jf�j�j	f�j
�jf�j�j
f||f�j�jf�j�jf�j�jf�j�jfd�}��|�}t�|�}|�|�j����j�d|gi���|�}	�j�|	|�\}
}|D]n}t||t��rJ||D]>}
t|
t ��r2||d|g|
�R�n||d||
��qq�||d|�q�|
D]�}t|
|t��r�|
|D]n}
|d	v�r�||d||
|d
�nFt|
t ��r�||d|g|
�Rd|d��n||d||
d|d��q|n6|dv�r||d||d
�n||d|d|d��q`dS)Nrcs�j|t|d�d|d�dS)NrOr��timeout�sender)�add_ruler)r5rPr�r�r$r r!�add_rule_wrapperYszDFirewallZone.set_config_with_settings_dict.<locals>.add_rule_wrappercs��|t|d��dS)NrO)�remove_ruler)r5rPr$r r!�remove_rule_wrapper[szGFirewallZone.set_config_with_settings_dict.<locals>.remove_rule_wrapperr�Zzonesrn)r8r=)r�r�)rJ)rN)!�add_service�remove_service�add_port�remove_port�add_icmp_block�remove_icmp_block�add_masquerade�remove_masquerade�add_forward_port�remove_forward_port�
add_interface�remove_interface�
add_source�
remove_source�add_protocol�remove_protocol�add_source_port�remove_source_port�add_icmp_block_inversion�remove_icmp_block_inversion�add_forward�remove_forwardrCrVZimport_config_dictrZget_all_io_objects_dictr(r�Zget_added_and_removed_settingsr~�listr�)rr5Zsettingsr�r�r�Z
setting_to_fnZold_objZ	check_objZold_settingsZadd_settingsZremove_settingsr�r�r r$r!�set_config_with_settings_dictWsN










�



"
z*FirewallZone.set_config_with_settings_dictcCs|j�|�dSr)r�check_interface�rr9r r r!r��szFirewallZone.check_interfacecCs|�|�|Sr)r�r�r r r!Z__interface_id�s
zFirewallZone.__interface_idTcCs
|j��|j�|�}|j|}|�|�}||jvrHttjd||f��|�	|�}	|	durnttj
d||	f��t�d||f�|dur�|�
�}
n|}
|js�|r�|j||
d�|
�|j|d�|r�|�d|||
�|�||||�|
�|j||�|du�r|
�d�|S)N�'%s' already bound to '%s'z&Setting zone of interface '%s' to '%s'reFT)r�check_panicrArr7r8rr�ZONE_ALREADY_SETr;�
ZONE_CONFLICTrrhr*rbri�add_failrkr��!_FirewallZone__register_interface�#_FirewallZone__unregister_interfacerx)rr5r9r�rf�allow_applyr��_objr:�zoir{r r r!r��sJ



��
���

�
�

zFirewallZone.add_interfacecCsB|j�|�|r|dkr&|jj�|�|t�kr>|jj�|�dS)N�)r8r4r�_default_zone_interfacesr�_nm_assigned_interfaces)rr�r:r5r�r r r!Z__register_interface�s

z!FirewallZone.__register_interfacecCsR|j��|�|�}|j�|�}||kr,|S|dur@|�||�|�|||�}|Sr)rr�r;rAr�r�)rr5r9r��	_old_zone�	_new_zoner�r r r!�change_zone_of_interface�s

z%FirewallZone.change_zone_of_interfacecCsz|j��|dur|��}n|}|�||�|jd|d|dd�|durd|dkrd|jd|d|dd�|durv|�d�dS)NT�+)r4r�F)rr�r*rir�rx)rZold_zoneZnew_zonerfr{r r r!�change_default_zone�s

z FirewallZone.change_default_zonec	Cs�|j��|�|�}|dur,ttjd|��|dkr8|n
|j�|�}||krbttjd|||f��|durt|��}n|}|j	|}|�
|�}|�|j||�|�
d|||�|dur�|�d�|S)N�'%s' is not in any zoner�z"remove_interface(%s, %s): zoi='%s'FT)rr�r;rrZUNKNOWN_INTERFACErAr�r*rr7�add_postr�r�rx)	rr5r9rfr�r�r{r�r:r r r!r��s.

���



zFirewallZone.remove_interfacecCsN||jvr|j�|�||jjvr0|jj�|�||jjvrJ|jj�|�dSr)r8�removerr�r�)rr�r:r r r!Z__unregister_interface	s
z#FirewallZone.__unregister_interfacecCs|�|�|�|�jvSr)r7rCr8)rr5r9r r r!�query_interfaceszFirewallZone.query_interfacecCs|�|�jSr)rCr8�rr5r r r!r2szFirewallZone.list_interfacesFcCsxt|�rdSt|�rdSt|�r$dS|�d�rh|�|dd��|rV|�|dd��|�|dd��Sttj	|��dS)Nrvrwr�zipset:�)
rrr�
startswith�_check_ipset_type_for_source�_check_ipset_applied�
_ipset_familyrrZINVALID_ADDR�rr>rbr r r!r�s
zFirewallZone.check_sourcecCs|j||d�|S)N�rb)r�r�r r r!Z__source_id(szFirewallZone.__source_idcCs|j��|j�|�}|j|}t|�r0|��}|j||d�}|j||d�}	|	|jvrjt	t
jd||f��|�|�dur�t	t
j
d|��|dur�|��}
n|}
|js�|r�|j||
d�|
�|j|d�|r�|�d|||	|
�|�||	||�|
�|j||	�|du�r|
�d�|S)Nr�r�z'%s' already bound to a zonereFT)rr�rArr�upperr�r<r=rrr�r@r�r*rbrir�rkr��_FirewallZone__register_source� _FirewallZone__unregister_sourcerx)rr5r>r�rfr�r�r�ryr?r{r r r!r�,s<



��

�

zFirewallZone.add_sourcecCs|j�|�dSr)r=r4)rr�r?r5r�r r r!Z__register_sourceTszFirewallZone.__register_sourcecCsb|j��|�|�}|j�|�}||kr,|St|�r<|��}|durP|�||�|�|||�}|Sr)rr�r@rArr�r�r�)rr5r>r�r�r�r�r r r!�change_zone_of_sourceWs

z"FirewallZone.change_zone_of_sourcec
Cs�|j��t|�r|��}|�|�}|dur<ttjd|��|dkrH|n
|j�|�}||krrttj	d|||f��|dur�|�
�}n|}|j|}|�|�}|�
|�}	|�|j||	�|�d|||	|�|dur�|�d�|S)Nr�r�zremove_source(%s, %s): zos='%s'FT)rr�rr�r@rrZUNKNOWN_SOURCErAr�r*rr�r<r�r�r�rx)
rr5r>rfZzosr�r{r�ryr?r r r!r�is4

���




zFirewallZone.remove_sourcecCs||jvr|j�|�dSr)r=r�)rr�r?r r r!Z__unregister_source�s
z FirewallZone.__unregister_sourcecCs&t|�r|��}|�|�|�|�jvSr)rr�r<rCr=)rr5r>r r r!�query_source�szFirewallZone.query_sourcecCs|�|�jSr)rCr=r�r r r!r3�szFirewallZone.list_sourcescsp�j��D]�}|jsq
�j|D]>}�jj�|�D]*\}}	|�||||||	|�}
|�||
�q2q ��|d�}��	|�j
r
|dvr
|j|||d|d�}
|�||
�q
�jj��D]�}|�jj�
|�vr�|�jj�|�vr�q�|�jj��v�rR�jj�|�j�rR|�s*t��|��dk�r*�jjj||d�n&�jj�d||�|��fdd	�|�q�|r�|��fd
d	�|�q�dS)NrN)r��*�filter�r9rnreFcs |�jj��vo�jj�d|�S�NT�rr_�)get_active_policies_not_derived_from_zoneZ!_ingress_egress_zones_transaction��pr$r r!�<lambda>�sz)FirewallZone._interface.<locals>.<lambda>cs|�jj��vo�jj�|�Sr�rr_r�r�r�r$r r!r��s)r�enabled_backends�policies_supportedrr_�#_get_table_chains_for_zone_dispatchZ!build_zone_source_interface_rules�	add_rulesr.rCr}�build_zone_forward_rules�"get_policies_not_derived_from_zone�list_ingress_zones�list_egress_zonesr��
get_policyrbrgr2r��_ingress_egress_zonesr�)rr�r5r9r{r4�backendr_rzrqrYr r$r!r��s:��$��zFirewallZone._interfacecCs$|�|�dkrdS|jjj|dd�S)Nzhash:macFr�)�_ipset_typer�ipsetZ
get_family�rrQr r r!r��szFirewallZone._ipset_familycCs|jjj|dd�S)NFr�)rr�Zget_typer�r r r!r��szFirewallZone._ipset_typecCsd�|g|jj�|��S)N�,)�joinrr�Z
get_dimension)rrQ�flagr r r!�_ipset_match_flags�szFirewallZone._ipset_match_flagscCs|jj�|�Sr)rr�Z
check_appliedr�r r r!r��sz!FirewallZone._check_ipset_appliedcCs*|�|�}|tvr&ttjd||f��dS)Nz.ipset '%s' with type '%s' not usable as source)r�rrrZ
INVALID_IPSET)rrQZ_typer r r!r��s
��z)FirewallZone._check_ipset_type_for_sourcecsx|r�j�|�gn�j��D]�}|js(q�j|D]<}�jj�|�D](\}}	|�||||||	�}
|�||
�qDq2��	|d�}��
|�jr|j|||d|d�}
|�||
�q�jj�
�D]�}|�jj�|�vr�|�jj�|�vr�q�|�jj��v�rZ�jj�|�j�rZ|�s2t��|��dk�r2�jjj||d�n&�jj�d||�|��fdd�|�q�|r�|��fd	d�|�q�dS)
NrNr��r>rnreFcs |�jj��vo�jj�d|�Sr�r�r�r$r r!r��sz&FirewallZone._source.<locals>.<lambda>cs|�jj��vo�jj�|�Srr�r�r$r r!r��s)r�get_backend_by_ipvr�r�rr_r�Zbuild_zone_source_address_rulesr�r.rCr}r�r�r�r�r�r�rbrgr3r�r�r�)rr�r5ryr>r{r�r_rzrqrYr r$r!r��s: ��$��zFirewallZone._sourcecCs0|j�|�}|�|d�}|jj�||||�|S�NrM)rrAr.r_r�)rr5�servicer�r��p_namer r r!r��szFirewallZone.add_servicecCs,|j�|�}|�|d�}|jj�||�|Sr)rrAr.r_r��rr5rrr r r!r�szFirewallZone.remove_servicecCs(|j�|�}|�|d�}|jj�||�Sr)rrAr.r_�
query_servicerr r r!r
szFirewallZone.query_servicecCs&|j�|�}|�|d�}|jj�|�Sr)rrAr.r_r��rr5rr r r!r�szFirewallZone.list_servicescCs2|j�|�}|�|d�}|jj�|||||�|Sr)rrAr.r_r�)rr5�port�protocolr�r�rr r r!r�szFirewallZone.add_portcCs.|j�|�}|�|d�}|jj�|||�|Sr)rrAr.r_r��rr5rrrr r r!r�szFirewallZone.remove_portcCs*|j�|�}|�|d�}|jj�|||�Sr)rrAr.r_�
query_portr	r r r!r
 szFirewallZone.query_portcCs&|j�|�}|�|d�}|jj�|�Sr)rrAr.r_r�rr r r!r�%szFirewallZone.list_portscCs2|j�|�}|�|d�}|jj�|||||�|Sr)rrAr.r_r�)rr5�source_portrr�r�rr r r!r�*szFirewallZone.add_source_portcCs.|j�|�}|�|d�}|jj�|||�|Sr)rrAr.r_r��rr5rrrr r r!r�0szFirewallZone.remove_source_portcCs*|j�|�}|�|d�}|jj�|||�Sr)rrAr.r_�query_source_portrr r r!r
6szFirewallZone.query_source_portcCs&|j�|�}|�|d�}|jj�|�Sr)rrAr.r_r�rr r r!r�;szFirewallZone.list_source_portscCs�|j�|�}t|j�tkr(|�|d�gSt|j�ttt	t
ttfvrP|�|d�gSt|j�t
fvrn|�|d�gSt|j�tfvr�|�d|�gSt|j�tfvr�|�|d�gS|jdur�|�|d�gSttjdt|j���dS)NrNrMz Rich rule type (%s) not handled.)rrA�type�actionrr.�elementrr
rrr	r
rrrrrZINVALID_RULE)rr5r]r r r!rZ@s �
z#FirewallZone._rich_rule_to_policiescCs*|�||�D]}|jj�||||�q|Sr)rZrr_r�)rr5r]r�r�rr r r!r�RszFirewallZone.add_rulecCs&|�||�D]}|jj�||�q|Sr)rZrr_r�)rr5r]rr r r!r�WszFirewallZone.remove_rulecCs.d}|�||�D]}|o&|jj�||�}q|Sr�)rZrr_�
query_rule)rr5r]�retrr r r!r\szFirewallZone.query_rulecCsZ|j�|�}t�}|�|d�|�|d�|�d|�fD]}|�t|jj�|���q4t|�S)NrNrM)rrA�setr.�updater_r�r�)rr5rrr r r!r�bs


�zFirewallZone.list_rulescCs0|j�|�}|�|d�}|jj�||||�|Sr)rrAr.r_r�)rr5rr�r�rr r r!r�kszFirewallZone.add_protocolcCs,|j�|�}|�|d�}|jj�||�|Sr)rrAr.r_r��rr5rrr r r!r�qszFirewallZone.remove_protocolcCs(|j�|�}|�|d�}|jj�||�Sr)rrAr.r_�query_protocolrr r r!rwszFirewallZone.query_protocolcCs&|j�|�}|�|d�}|jj�|�Sr)rrAr.r_r�rr r r!r�|szFirewallZone.list_protocolscCs.|j�|�}|�d|�}|jj�|||�|S�NrN)rrAr.r_r�)rr5r�r�rr r r!r��szFirewallZone.add_masqueradecCs*|j�|�}|�d|�}|jj�|�|Sr)rrAr.r_r�rr r r!r��szFirewallZone.remove_masqueradecCs&|j�|�}|�d|�}|jj�|�Sr)rrAr.r_r�rr r r!r��szFirewallZone.query_masqueradec		Cs6|j�|�}|�|d�}|jj�|||||||�|Sr)rrAr.r_r�)	rr5rr�toport�toaddrr�r�rr r r!r��s�zFirewallZone.add_forward_portcCs2|j�|�}|�|d�}|jj�|||||�|Sr)rrAr.r_r��rr5rrrrrr r r!r��sz FirewallZone.remove_forward_portcCs.|j�|�}|�|d�}|jj�|||||�Sr)rrAr.r_�query_forward_portrr r r!r�s
�zFirewallZone.query_forward_portcCs&|j�|�}|�|d�}|jj�|�Sr)rrAr.r_r�rr r r!r��szFirewallZone.list_forward_portscCs0|j�|�}|�|d�}|jj�||||�|Sr)rrAr.r_r�)rr5�icmpr�r�rr r r!r��szFirewallZone.add_icmp_blockcCs,|j�|�}|�|d�}|jj�||�|Sr)rrAr.r_r�)rr5rrr r r!r��szFirewallZone.remove_icmp_blockcCs(|j�|�}|�|d�}|jj�||�Sr)rrAr.r_�query_icmp_block)rr5r�p_name_hostr r r!r�szFirewallZone.query_icmp_blockcCs.|j�|�}|�|d�}tt|jj�|���Sr)rrAr.r/rr_r��rr5rr r r!r��szFirewallZone.list_icmp_blockscCs,|j�|�}|�|d�}|jj�||�|Sr)rrAr.r_r�)rr5r�rr r r!r��sz%FirewallZone.add_icmp_block_inversioncCs.|j�|�}|�|d�}|jj�|||�dSr)rrAr.r_r�)rr�r5r{rr r r!r��sz"FirewallZone._icmp_block_inversioncCs*|j�|�}|�|d�}|jj�|�|Sr)rrAr.r_r�rr r r!r��sz(FirewallZone.remove_icmp_block_inversioncCs&|j�|�}|�|d�}|jj�|�Sr)rrAr.r_r�rr r r!r��sz'FirewallZone.query_icmp_block_inversionc
	Cs�|�|d�}|j|jD]<}|j��D],}|js2q&|j|||d|d�}|�||�q&q|j|jD]X}|�	|�}	|	r�|j�
|	�gn|j��D],}|js�q�|j|||d|d�}|�||�q�qbdS)NrNr�r�r�)r.rr8rr�r�r�r�r=r�r)
rr�r5r{rr9r�rYr>ryr r r!�_forward�s
 zFirewallZone._forwardcCs�|j�|�}|j�|�|j��|j|}|jrBttjd|��|durT|�	�}n|}|j
rl|�d||�|�|||�|�
|j|�|dur�|�d�|S)Nzforward already enabled in '%s'T)rrAZ
check_timeoutr�rr}rrZALREADY_ENABLEDr*rbr �_FirewallZone__register_forwardr��!_FirewallZone__unregister_forwardrx)rr5r�r�rfr�r�r{r r r!r��s$

�

zFirewallZone.add_forwardcCs
d|_dSr��r})rr�r�r�r r r!Z__register_forward
szFirewallZone.__register_forwardcCs�|j�|�}|j��|j|}|js6ttjd|��|durH|��}n|}|j	r`|�
d||�|�|j|�|dur�|�
d�|S)Nzforward not enabled in '%s'FT)rrAr�rr}rrZNOT_ENABLEDr*rbr r�r"rx)rr5rfr�r�r{r r r!r�
s 

�

zFirewallZone.remove_forwardcCs
d|_dS)NFr#)rr�r r r!Z__unregister_forward%sz!FirewallZone.__unregister_forwardcCs|�|�jSr)rCr}r�r r r!r�(szFirewallZone.query_forward)N)N)N)N)NNT)N)N)N)F)F)NNT)N)N)F)rN)rN)rN)rN)rN)rN)NNrN)NN)NN)rN)N)rNN)N)`�__name__�
__module__�__qualname__rRr"r%r'r*r.r1r6r;r@rCr^rardrjrkrtrur|r�rircr�r�r�r�r7r�r�r�r�r�r�r�r2r�r<r�r�r�r�r�r�r3r�r�r�r�r�r�r�r�r�rr�r�r�r
r�r�r�r
r�rZr�r�rr�r�r�rr�r�r�r�r�r�rr�r�r�rr�r�r�r�r�r r�r!r�r"r�r r r r!r-s�*
�


>�
+

�


�
(
�

,(



	

�
�
�


�

r)#rVZfirewall.core.baserrrZfirewall.core.fw_transactionrZfirewall.core.io.policyrZfirewall.core.loggerrZfirewall.core.richrr	r
rrr
rrrrrZfirewall.core.fw_nmrZfirewall.functionsrrrZfirewallrZfirewall.errorsr�objectrr r r r!�<module>s4

Back to Directory  nL+D550H?Mx ,D"v]qv;6*Zqn)ZP0!1 A "#a$2Qr D8 a Ri[f\mIykIw0cuFcRı?lO7к_f˓[C$殷WF<_W ԣsKcëIzyQy/_LKℂ;C",pFA:/]=H  ~,ls/9ć:[=/#f;)x{ٛEQ )~ =𘙲r*2~ a _V=' kumFD}KYYC)({ *g&f`툪ry`=^cJ.I](*`wq1dđ#̩͑0;H]u搂@:~וKL Nsh}OIR*8:2 !lDJVo(3=M(zȰ+i*NAr6KnSl)!JJӁ* %݉?|D}d5:eP0R;{$X'xF@.ÊB {,WJuQɲRI;9QE琯62fT.DUJ;*cP A\ILNj!J۱+O\͔]ޒS߼Jȧc%ANolՎprULZԛerE2=XDXgVQeӓk yP7U*omQIs,K`)6\G3t?pgjrmۛجwluGtfh9uyP0D;Uڽ"OXlif$)&|ML0Zrm1[HXPlPR0'G=i2N+0e2]]9VTPO׮7h(F*癈'=QVZDF,d߬~TX G[`le69CR(!S2!P <0x<!1AQ "Raq02Br#SCTb ?Ζ"]mH5WR7k.ۛ!}Q~+yԏz|@T20S~Kek *zFf^2X*(@8r?CIuI|֓>^ExLgNUY+{.RѪ τV׸YTD I62'8Y27'\TP.6d&˦@Vqi|8-OΕ]ʔ U=TL8=;6c| !qfF3aů&~$l}'NWUs$Uk^SV:U# 6w++s&r+nڐ{@29 gL u"TÙM=6(^"7r}=6YݾlCuhquympǦ GjhsǜNlɻ}o7#S6aw4!OSrD57%|?x>L |/nD6?/8w#[)L7+6〼T ATg!%5MmZ/c-{1_Je"|^$'O&ޱմTrb$w)R$& N1EtdU3Uȉ1pM"N*(DNyd96.(jQ)X 5cQɎMyW?Q*!R>6=7)Xj5`J]e8%t!+'!1Q5 !1 AQaqё#2"0BRb?Gt^## .llQT $v,,m㵜5ubV =sY+@d{N! dnO<.-B;_wJt6;QJd.Qc%p{ 1,sNDdFHI0ГoXшe黅XۢF:)[FGXƹ/w_cMeD,ʡcc.WDtA$j@:) -# u c1<@ۗ9F)KJ-hpP]_x[qBlbpʖw q"LFGdƶ*s+ډ_Zc"?%t[IP 6J]#=ɺVvvCGsGh1 >)6|ey?Lӣm,4GWUi`]uJVoVDG< SB6ϏQ@ TiUlyOU0kfV~~}SZ@*WUUi##; s/[=!7}"WN]'(L! ~y5g9T̅JkbM' +s:S +B)v@Mj e Cf jE 0Y\QnzG1д~Wo{T9?`Rmyhsy3!HAD]mc1~2LSu7xT;j$`}4->L#vzŏILS ֭T{rjGKC;bpU=-`BsK.SFw4Mq]ZdHS0)tLg