def _disable(self):
"""Close firewall ports."""
internal_enabled_ports = firewall.get_enabled_services(zone='internal')
external_enabled_ports = firewall.get_enabled_services(zone='external')
logger.info('Firewall ports closed - %s, %s', self.name, self.ports)
for port in self.ports:
if port in internal_enabled_ports:
enabled_components_on_port = [
component.is_enabled()
for component in self._all_firewall_components.values()
if port in component.ports
and self.component_id != component.component_id
]
if not any(enabled_components_on_port):
firewall.remove_service(port, zone='internal')
if port in external_enabled_ports:
enabled_components_on_port = [
component.is_enabled()
for component in self._all_firewall_components.values()
if port in component.ports and self.component_id !=
component.component_id and component.is_external
]
if not any(enabled_components_on_port):
firewall.remove_service(port, zone='external')
def _enable(self):
"""Open firewall ports."""
internal_enabled_ports = firewall.get_enabled_services(zone='internal')
external_enabled_ports = firewall.get_enabled_services(zone='external')
logger.info('Firewall ports opened - %s, %s', self.name, self.ports)
for port in self.ports:
if port not in internal_enabled_ports:
firewall.add_service(port, zone='internal')
if (self.is_external and port not in external_enabled_ports):
firewall.add_service(port, zone='external')
def set_domainname(domainname):
"""Sets machine domain name to domainname"""
old_domainname = config.get_domainname()
# Domain name should be ASCII. If it's unicode, convert to ASCII.
domainname = str(domainname)
LOGGER.info('Changing domain name to - %s', domainname)
actions.superuser_run('domainname-change', [domainname])
domainname_change.send_robust(sender='config',
old_domainname=old_domainname,
new_domainname=domainname)
# Update domain registered with Name Services module.
domain_removed.send_robust(sender='config', domain_type='domainname')
if domainname:
try:
domainname_services = firewall.get_enabled_services(
zone='external')
except actions.ActionError:
# This happens when firewalld is not installed.
# TODO: Are these services actually enabled?
domainname_services = [service[0] for service in SERVICES]
domain_added.send_robust(sender='config',
domain_type='domainname',
name=domainname,
description=_('Domain Name'),
services=domainname_services)
def init():
"""Initialize the module"""
menu = main_menu.get('system')
menu.add_urlname(ugettext_lazy('Configure'), 'glyphicon-cog',
'config:index')
# Register domain with Name Services module.
domainname = get_domainname()
if domainname:
try:
domainname_services = firewall.get_enabled_services(
zone='external')
except actions.ActionError:
# This happens when firewalld is not installed.
# TODO: Are these services actually enabled?
domainname_services = [service[0] for service in SERVICES]
else:
domainname_services = None
if domainname:
domain_added.send_robust(sender='config',
domain_type='domainname',
name=domainname,
description=ugettext_lazy('Domain Name'),
services=domainname_services)
def set_domainname(domainname):
"""Sets machine domain name to domainname"""
old_domainname = get_domainname()
# Domain name should be ASCII. If it's unicode, convert to ASCII.
domainname = str(domainname)
LOGGER.info("Changing domain name to - %s", domainname)
actions.superuser_run("domainname-change", [domainname])
domainname_change.send_robust(sender="config", old_domainname=old_domainname, new_domainname=domainname)
# Update domain registered with Name Services module.
domain_removed.send_robust(sender="config", domain_type="domainname")
if domainname:
try:
domainname_services = firewall.get_enabled_services(zone="external")
except actions.ActionError:
# This happens when firewalld is not installed.
# TODO: Are these services actually enabled?
domainname_services = [service[0] for service in SERVICES]
domain_added.send_robust(
sender="config",
domain_type="domainname",
name=domainname,
description=_("Domain Name"),
services=domainname_services,
)
def get_context_data(self, *args, **kwargs):
"""Add additional context data for the template."""
context = super().get_context_data(*args, **kwargs)
status = 'running' if firewall.get_enabled_status() else 'not_running'
context['firewall_status'] = status
if status == 'running':
context['components'] = components.Firewall.list()
internal_enabled_ports = firewall.get_enabled_services(
zone='internal')
external_enabled_ports = firewall.get_enabled_services(
zone='external')
context['internal_enabled_ports'] = internal_enabled_ports
context['external_enabled_ports'] = external_enabled_ports
return context
def index(request):
"""Serve introduction page"""
if not firewall.get_enabled_status():
return TemplateResponse(request, 'firewall.html',
{'title': firewall.name,
'description': firewall.description,
'firewall_status': 'not_running'})
internal_enabled_services = firewall.get_enabled_services(zone='internal')
external_enabled_services = firewall.get_enabled_services(zone='external')
return TemplateResponse(
request, 'firewall.html',
{'title': firewall.name,
'description': firewall.description,
'services': list(service_module.services.values()),
'internal_enabled_services': internal_enabled_services,
'external_enabled_services': external_enabled_services})
def index(request):
"""Serve introduction page"""
if not firewall.get_enabled_status():
return TemplateResponse(request, 'firewall.html',
{'title': firewall.title,
'description': firewall.description,
'firewall_status': 'not_running'})
internal_enabled_services = firewall.get_enabled_services(zone='internal')
external_enabled_services = firewall.get_enabled_services(zone='external')
return TemplateResponse(
request, 'firewall.html',
{'title': firewall.title,
'description': firewall.description,
'services': list(service_module.services.values()),
'internal_enabled_services': internal_enabled_services,
'external_enabled_services': external_enabled_services})
def get_enabled_services(domain_name):
""" Get enabled services for the domain name"""
if domain_name != None and domain_name != '':
try:
domainname_services = firewall.get_enabled_services(
zone='external')
except actions.ActionError:
domainname_services = [service[0] for service in SERVICES]
else:
domainname_services = None
return domainname_services
def get_enabled_services(domain_name):
""" Get enabled services for the domain name"""
if domain_name != None and domain_name != '':
try:
domainname_services = firewall.get_enabled_services(
zone='external')
except actions.ActionError:
domainname_services = [service[0] for service in SERVICES]
else:
domainname_services = None
return domainname_services
def diagnose(self):
"""Check if the firewall ports are open and only as expected.
See :py:meth:`plinth.app.Component.diagnose`.
"""
results = []
internal_ports = firewall.get_enabled_services(zone='internal')
external_ports = firewall.get_enabled_services(zone='external')
for port_detail in self.ports_details:
port = port_detail['name']
details = ', '.join(
(f'{port_number}/{protocol}'
for port_number, protocol in port_detail['details']))
# Internal zone
result = 'passed' if port in internal_ports else 'failed'
template = _(
'Port {name} ({details}) available for internal networks')
testname = format_lazy(template, name=port, details=details)
results.append([testname, result])
# External zone
if self.is_external:
result = 'passed' if port in external_ports else 'failed'
template = _(
'Port {name} ({details}) available for external networks')
testname = format_lazy(template, name=port, details=details)
else:
result = 'passed' if port not in external_ports else 'failed'
template = _(
'Port {name} ({details}) unavailable for external networks'
)
testname = format_lazy(template, name=port, details=details)
results.append([testname, result])
return results
def init():
"""Initialize the module"""
menu = cfg.main_menu.get('system:index')
menu.add_urlname(ugettext_lazy('Configure'), 'glyphicon-cog',
'config:index', 10)
# Register domain with Name Services module.
domainname = get_domainname()
if domainname:
try:
domainname_services = firewall.get_enabled_services(
zone='external')
except actions.ActionError:
# This happens when firewalld is not installed.
# TODO: Are these services actually enabled?
domainname_services = [service[0] for service in SERVICES]
else:
domainname_services = None
domain_added.send_robust(sender='config', domain_type='domainname',
name=domainname,
description=ugettext_lazy('Domain Name'),
services=domainname_services)
