def queryEntry(self, entry, sender=None): # pylint: disable=W0613
entry = dbus_to_python(entry, str)
entry = normalize_ipset_entry(entry)
log.debug1("%s.queryEntry('%s')", self._log_prefix, entry)
settings = list(self.getSettings())
if "timeout" in settings[4] and settings[4]["timeout"] != "0":
raise FirewallError(errors.IPSET_WITH_TIMEOUT)
return entry in settings[5]
def query_entry(self, name, entry):
obj = self.get_ipset(name, applied=True)
entry = normalize_ipset_entry(entry)
if "timeout" in obj.options and obj.options["timeout"] != "0":
# no entries visible for ipsets with timeout
raise FirewallError(errors.IPSET_WITH_TIMEOUT, name)
return entry in obj.entries
def removeEntry(self, entry, sender=None):
entry = dbus_to_python(entry, str)
entry = normalize_ipset_entry(entry)
log.debug1("%s.removeEntry('%s')", self._log_prefix, entry)
self.parent.accessCheck(sender)
settings = list(self.getSettings())
if "timeout" in settings[4] and settings[4]["timeout"] != "0":
raise FirewallError(errors.IPSET_WITH_TIMEOUT)
if entry not in settings[5]:
raise FirewallError(errors.NOT_ENABLED, entry)
settings[5].remove(entry)
self.update(settings)
def addEntry(self, entry, sender=None):
entry = dbus_to_python(entry, str)
entry = normalize_ipset_entry(entry)
log.debug1("%s.addEntry('%s')", self._log_prefix, entry)
self.parent.accessCheck(sender)
settings = list(self.getSettings())
if "timeout" in settings[4] and settings[4]["timeout"] != "0":
raise FirewallError(errors.IPSET_WITH_TIMEOUT)
if entry in settings[5]:
raise FirewallError(errors.ALREADY_ENABLED, entry)
check_entry_overlaps_existing(entry, settings[5])
settings[5].append(entry)
self.update(settings)
def setEntries(self, entries, sender=None):
_entries = set()
for _entry in dbus_to_python(entries, list):
check_entry_overlaps_existing(_entry, _entries)
_entries.add(normalize_ipset_entry(_entry))
entries = list(_entries)
log.debug1("%s.setEntries('[%s]')", self._log_prefix,
",".join(entries))
self.parent.accessCheck(sender)
settings = list(self.getSettings())
if "timeout" in settings[4] and settings[4]["timeout"] != "0":
raise FirewallError(errors.IPSET_WITH_TIMEOUT)
settings[5] = entries
self.update(settings)
def remove_entry(self, name, entry):
obj = self.get_ipset(name, applied=True)
entry = normalize_ipset_entry(entry)
# no entry check for removal
if entry not in obj.entries:
raise FirewallError(errors.NOT_ENABLED,
"'%s' not in '%s'" % (entry, name))
try:
for backend in self.backends():
backend.set_delete(obj.name, entry)
except Exception as msg:
raise FirewallError(errors.COMMAND_FAILED, msg)
else:
if "timeout" not in obj.options or obj.options["timeout"] == "0":
# no entries visible for ipsets with timeout
obj.entries.remove(entry)
def add_entry(self, name, entry):
obj = self.get_ipset(name, applied=True)
entry = normalize_ipset_entry(entry)
IPSet.check_entry(entry, obj.options, obj.type)
if entry in obj.entries:
raise FirewallError(errors.ALREADY_ENABLED,
"'%s' already is in '%s'" % (entry, name))
check_entry_overlaps_existing(entry, obj.entries)
try:
for backend in self.backends():
backend.set_add(obj.name, entry)
except Exception as msg:
raise FirewallError(errors.COMMAND_FAILED, msg)
else:
if "timeout" not in obj.options or obj.options["timeout"] == "0":
# no entries visible for ipsets with timeout
obj.entries.append(entry)
def set_entries(self, name, entries):
obj = self.get_ipset(name, applied=True)
_entries = set()
for _entry in entries:
check_entry_overlaps_existing(_entry, _entries)
_entries.add(normalize_ipset_entry(_entry))
entries = list(_entries)
for entry in entries:
IPSet.check_entry(entry, obj.options, obj.type)
if "timeout" not in obj.options or obj.options["timeout"] == "0":
# no entries visible for ipsets with timeout
obj.entries = entries
try:
for backend in self.backends():
backend.set_flush(obj.name)
except Exception as msg:
raise FirewallError(errors.COMMAND_FAILED, msg)
else:
obj.applied = True
try:
for backend in self.backends():
if self._fw._individual_calls:
for entry in obj.entries:
backend.set_add(obj.name, entry)
else:
backend.set_restore(obj.name, obj.type, obj.entries,
obj.options, None)
except Exception as msg:
raise FirewallError(errors.COMMAND_FAILED, msg)
else:
obj.applied = True
return
