def reload(self, stop=False):
_panic = self._panic
# must stash this. The value may change after _start()
flush_all = self._flush_all_on_reload
if not flush_all:
# save zone interfaces
_zone_interfaces = {}
for zone in self.zone.get_zones():
_zone_interfaces[zone] = self.zone.get_settings(
zone)["interfaces"]
# save direct config
_direct_config = self.direct.get_runtime_config()
_old_dz = self.get_default_zone()
_ipset_objs = []
for _name in self.ipset.get_ipsets():
_ipset_objs.append(self.ipset.get_ipset(_name))
if not _panic:
self.set_policy("DROP")
# stop
self.cleanup()
start_exception = None
try:
self._start(reload=True, complete_reload=stop)
except Exception as e:
# save the exception for later, but continue restoring interfaces,
# etc. We'll re-raise it at the end.
start_exception = e
# destroy ipsets no longer in the permanent configuration
if flush_all:
for obj in _ipset_objs:
if not self.ipset.query_ipset(obj.name):
for backend in self.ipset.backends():
# nftables sets are part of the normal firewall ruleset.
if backend.name == "nftables":
continue
backend.set_destroy(obj.name)
if not flush_all:
# handle interfaces in the default zone and move them to the new
# default zone if it changed
_new_dz = self.get_default_zone()
if _new_dz != _old_dz:
# if_new_dz has been introduced with the reload, we need to add it
# https://github.com/firewalld/firewalld/issues/53
if _new_dz not in _zone_interfaces:
_zone_interfaces[_new_dz] = {}
# default zone changed. Move interfaces from old default zone to
# the new one.
for iface, settings in list(_zone_interfaces[_old_dz].items()):
if settings["__default__"]:
# move only those that were added to default zone
# (not those that were added to specific zone same as
# default)
_zone_interfaces[_new_dz][iface] = \
_zone_interfaces[_old_dz][iface]
del _zone_interfaces[_old_dz][iface]
# add interfaces to zones again
for zone in self.zone.get_zones():
if zone in _zone_interfaces:
for interface_id in _zone_interfaces[zone]:
self.zone.change_zone_of_interface(
zone, interface_id,
_zone_interfaces[zone][interface_id]["sender"])
del _zone_interfaces[zone]
else:
log.info1("New zone '%s'.", zone)
if len(_zone_interfaces) > 0:
for zone in list(_zone_interfaces.keys()):
log.info1("Lost zone '%s', zone interfaces dropped.", zone)
del _zone_interfaces[zone]
del _zone_interfaces
# restore runtime-only ipsets
for obj in _ipset_objs:
if self.ipset.query_ipset(obj.name):
for entry in obj.entries:
try:
self.ipset.add_entry(obj.name, entry)
except FirewallError as msg:
if msg.code != errors.ALREADY_ENABLED:
raise msg
else:
self.ipset.add_ipset(obj)
self.ipset.apply_ipset(obj.name)
# restore direct config
self.direct.set_config(_direct_config)
# Restore permanent interfaces from NetworkManager
nm_bus_name = nm_get_bus_name()
if nm_bus_name:
for zone in self.zone.get_zones() + [""]:
for interface in nm_get_interfaces_in_zone(zone):
self.zone.change_zone_of_interface(zone,
interface,
sender=nm_bus_name)
self._panic = _panic
if not self._panic:
self.set_policy("ACCEPT")
if start_exception:
self._state = "FAILED"
raise start_exception
else:
self._state = "RUNNING"
def reload(self, stop=False):
_panic = self._panic
# must stash this. The value may change after _start()
flush_all = self._flush_all_on_reload
if not flush_all:
# save zone interfaces
_zone_interfaces = {}
for zone in self.zone.get_zones():
_zone_interfaces[zone] = self.zone.get_settings(
zone)["interfaces"]
# save direct config
_direct_config = self.direct.get_runtime_config()
_old_dz = self.get_default_zone()
# stop
self.cleanup()
self.set_policy("DROP")
start_exception = None
try:
self._start(reload=True, complete_reload=stop)
except Exception as e:
# save the exception for later, but continue restoring interfaces,
# etc. We'll re-raise it at the end.
start_exception = e
if not flush_all:
# handle interfaces in the default zone and move them to the new
# default zone if it changed
_new_dz = self.get_default_zone()
if _new_dz != _old_dz:
# if_new_dz has been introduced with the reload, we need to add it
# https://github.com/firewalld/firewalld/issues/53
if _new_dz not in _zone_interfaces:
_zone_interfaces[_new_dz] = {}
# default zone changed. Move interfaces from old default zone to
# the new one.
for iface, settings in list(_zone_interfaces[_old_dz].items()):
if settings["__default__"]:
# move only those that were added to default zone
# (not those that were added to specific zone same as
# default)
_zone_interfaces[_new_dz][iface] = \
_zone_interfaces[_old_dz][iface]
del _zone_interfaces[_old_dz][iface]
# add interfaces to zones again
for zone in self.zone.get_zones():
if zone in _zone_interfaces:
self.zone.set_settings(
zone, {"interfaces": _zone_interfaces[zone]})
del _zone_interfaces[zone]
else:
log.info1("New zone '%s'.", zone)
if len(_zone_interfaces) > 0:
for zone in list(_zone_interfaces.keys()):
log.info1("Lost zone '%s', zone interfaces dropped.", zone)
del _zone_interfaces[zone]
del _zone_interfaces
# restore direct config
self.direct.set_config(_direct_config)
# Restore permanent interfaces from NetworkManager
nm_bus_name = nm_get_bus_name()
if nm_bus_name:
for zone in self.zone.get_zones() + [""]:
for interface in nm_get_interfaces_in_zone(zone):
self.zone.add_interface(zone,
interface,
sender=nm_bus_name)
# enable panic mode again if it has been enabled before or set policy
# to ACCEPT
if _panic:
self.enable_panic_mode()
else:
self.set_policy("ACCEPT")
if start_exception:
self._state = "FAILED"
raise start_exception
else:
self._state = "RUNNING"
def __register_interface(self, _obj, interface_id, zone, sender):
_obj.interfaces.append(interface_id)
if not zone or zone == "":
self._fw._default_zone_interfaces.append(interface_id)
if sender == nm_get_bus_name():
self._fw._nm_assigned_interfaces.append(interface_id)
