def setRichRules(self, rules, sender=None):
rules = dbus_to_python(rules, list)
log.debug1("%s.setRichRules('[%s]')", self._log_prefix,
",".join(rules))
self.parent.accessCheck(sender)
settings = list(self.getSettings())
rules = [str(Rich_Rule(rule_str=r)) for r in rules]
settings[12] = rules
self.update(settings)
def addRichRule(self, rule, sender=None):
rule = dbus_to_python(rule, str)
log.debug1("%s.addRichRule('%s')", self._log_prefix, rule)
self.parent.accessCheck(sender)
settings = list(self.getSettings())
rule_str = str(Rich_Rule(rule_str=rule))
if rule_str in settings[12]:
raise FirewallError(errors.ALREADY_ENABLED, rule)
settings[12].append(rule_str)
self.update(settings)
def removeRichRule(self, rule, sender=None):
rule = dbus_to_python(rule, str)
log.debug1("config.zone.%d.removeRichRule('%s')", self.id, rule)
self.parent.accessCheck(sender)
settings = list(self.getSettings())
rule_str = str(Rich_Rule(rule_str=rule))
if rule_str not in settings[12]:
raise FirewallError(NOT_ENABLED, rule)
settings[12].remove(rule_str)
self.update(settings)
def policy_obj_from_zone_obj(self, z_obj, fromZone, toZone):
p_obj = Policy()
p_obj.derived_from_zone = z_obj.name
p_obj.name = self.policy_name_from_zones(fromZone, toZone)
p_obj.priority = self.ZONE_POLICY_PRIORITY
p_obj.target = z_obj.target
p_obj.ingress_zones = [fromZone]
p_obj.egress_zones = [toZone]
# copy zone permanent config to policy permanent config
# WARN: This assumes the same attribute names.
#
for setting in ["services", "ports",
"masquerade", "forward_ports",
"source_ports",
"icmp_blocks", "icmp_block_inversion",
"rules_str", "protocols"]:
if fromZone == z_obj.name and toZone == "HOST" and \
setting in ["services", "ports", "source_ports", "icmp_blocks",
"icmp_block_inversion", "protocols"]:
# zone --> HOST
setattr(p_obj, setting, copy.deepcopy(getattr(z_obj, setting)))
elif fromZone == "ANY" and toZone == z_obj.name and setting in ["masquerade"]:
# any zone --> zone
setattr(p_obj, setting, copy.deepcopy(getattr(z_obj, setting)))
elif fromZone == z_obj.name and toZone == "ANY" and \
setting in ["forward_ports"]:
# zone --> any zone
setattr(p_obj, setting, copy.deepcopy(getattr(z_obj, setting)))
elif setting in ["rules_str"]:
p_obj.rules_str = []
p_obj.rules = []
for rule_str in z_obj.rules_str:
current_policy = self.policy_name_from_zones(fromZone, toZone)
rule = Rich_Rule(rule_str=rule_str)
if current_policy in self._rich_rule_to_policies(z_obj.name, rule):
p_obj.rules_str.append(rule_str)
p_obj.rules.append(rule)
return p_obj
def queryRichRule(self, rule, sender=None): # pylint: disable=W0613
rule = dbus_to_python(rule, str)
log.debug1("%s.queryRichRule('%s')", self._log_prefix, rule)
rule_str = str(Rich_Rule(rule_str=rule))
return rule_str in self.getSettings()[12]
def remove_rule_wrapper(zone, rule_str):
self.remove_rule(zone, Rich_Rule(rule_str=rule_str))
def add_rule_wrapper(zone, rule_str, timeout=0, sender=None):
self.add_rule(zone,
Rich_Rule(rule_str=rule_str),
timeout=0,
sender=sender)
def queryRichRule(self, rule, sender=None):
rule = dbus_to_python(rule, str)
log.debug1("config.zone.%d.queryRichRule('%s')", self.id, rule)
rule_str = str(Rich_Rule(rule_str=rule))
return rule_str in self.getSettings()[12]
