def port_selection(self, port=None, protocol=None): _port = ( self.__simplePortStr(port) if port else "" ) _protocol = ( protocol if protocol else "" ) while 1: (res, values) = EntryWindow(\ self.screen, ("Port and Protocol"), _("Please enter a port or port range and protocol."), ((_("Port / Port Range:"), _port), (_("Protocol:"), _protocol)), buttons=((_("OK"), "ok"), (_("Cancel"), "cancel"))) self.screen.popWindow() if res == 'ok': error = False # port _port = values[0].strip() port = getPortRange(_port) if not (isinstance(port, types.ListType) or \ isinstance(port, types.TupleType)): self.port_error(_port) error = True port = None # protocol _protocol = values[1].strip() if not _protocol in [ "tcp", "udp" ]: self.protocol_error(_protocol) error = True else: protocol = _protocol if error: continue return (port, protocol) elif res == 'cancel': return None
def _check_forward_port(option, opt, value): result = { } error = None splits = value.split(":", 1) while len(splits) > 0: key_val = splits[0].split("=") if len(key_val) != 2: error = _("Invalid argument %s") % splits[0] break (key, val) = key_val if (key == "if" and checkInterface(val)) or \ (key == "proto" and val in [ "tcp", "udp" ]) or \ (key == "toaddr" and checkIP(val)): result[key] = val elif (key == "port" or key == "toport") and getPortRange(val) > 0: result[key] = getPortRange(val) else: error = _("Invalid argument %s") % splits[0] break if len(splits) > 1: if splits[1].count("=") == 1: # last element splits = [ splits[1] ] else: splits = splits[1].split(":", 1) else: # finish splits.pop() if error: dict = { "option": opt, "value": value, "error": error } raise OptionError(_("option %(option)s: invalid forward_port " "'%(value)s': %(error)s.") % dict, opt) error = False for key in [ "if", "port", "proto" ]: if key not in result.keys(): error = True if not "toport" in result.keys() and not "toaddr" in result.keys(): error = True if error: dict = { "option": opt, "value": value } raise OptionError(_("option %(option)s: invalid forward_port " "'%(value)s'.") % dict, opt) return result
def _check_port(option, opt, value): failure = False try: (ports, protocol) = value.split(":") except: failure = True else: range = getPortRange(ports.strip()) if range == -1: failure = True elif range == None: raise OptionError(_("port range %s is not unique.") % value, opt) elif len(range) == 2 and range[0] >= range[1]: raise OptionError(_("%s is not a valid range (start port >= end " "port).") % value, opt) if not failure: protocol = protocol.strip() if protocol not in [ "tcp", "udp" ]: raise OptionError(_("%s is not a valid protocol.") % protocol, opt) if failure: raise OptionError(_("invalid port definition %s.") % value, opt) return (range, protocol)
def main(): module = AnsibleModule( argument_spec=dict( service=dict(required=False, type="list", default=[]), port=dict(required=False, type="list", default=[]), trust=dict(required=False, type="list", default=[]), trust_by_mac=dict(required=False, type="list", default=[]), masq=dict(required=False, type="list", default=[]), masq_by_mac=dict(required=False, type="list", default=[]), forward_port=dict(required=False, type="list", default=[]), forward_port_by_mac=dict(required=False, type="list", default=[]), zone=dict(required=False, type="str", default=None), state=dict(choices=["enabled", "disabled"], required=True), ), required_one_of=([ "service", "port", "trust", "trust_by_mac", "masq", "masq_by_mac", "forward_prot", ], ), supports_check_mode=True, ) if not HAS_FIREWALLD and not HAS_SYSTEM_CONFIG_FIREWALL: module.fail_json(msg="No firewall backend could be imported.") service = module.params["service"] port = [] for port_proto in module.params["port"]: _port, _protocol = port_proto.split("/") if _protocol is None: module.fail_json(msg="improper port format (missing protocol?)") port.append((_port, _protocol)) trust = module.params["trust"] trust_by_mac = [] for item in module.params["trust_by_mac"]: _interface = get_device_for_mac(item) if _interface is None: module.fail_json(msg="MAC address not found %s" % item) trust_by_mac.append(_interface) masq = module.params["masq"] masq_by_mac = [] for item in module.params["masq_by_mac"]: _interface = get_device_for_mac(item) if _interface is None: module.fail_json(msg="MAC address not found %s" % item) masq_by_mac.append(_interface) forward_port = [] for item in module.params["forward_port"]: args = item.split(";") if len(args) == 4: _interface, __port, _to_port, _to_addr = args elif len(args) == 3: _interface = "" __port, _to_port, _to_addr = args else: module.fail_json(msg="improper forward_port format: %s" % item) _port, _protocol = __port.split("/") if _protocol is None: module.fail_json( msg="improper forward port format (missing protocol?)") if _to_port == "": _to_port = None if _to_addr == "": _to_addr = None forward_port.append((_interface, _port, _protocol, _to_port, _to_addr)) forward_port_by_mac = [] for item in module.params["forward_port_by_mac"]: args = item.split(";") if len(args) != 4: module.fail_json(msg="improper forward_port_by_mac format") _mac_addr, __port, _to_port, _to_addr = args _port, _protocol = __port.split("/") if _protocol is None: module.fail_json( msg="improper forward_port_by_mac format (missing protocol?)") if _to_port == "": _to_port = None if _to_addr == "": _to_addr = None _interface = get_device_for_mac(_mac_addr) if _interface is None: module.fail_json(msg="MAC address not found %s" % _mac_addr) forward_port_by_mac.append( (_interface, _port, _protocol, _to_port, _to_addr)) zone = module.params["zone"] if HAS_SYSTEM_CONFIG_FIREWALL and zone is not None: module.fail_json( msg="Zone can not be used with system-config-firewall/lokkit.") desired_state = module.params["state"] if HAS_FIREWALLD: fw = FirewallClient() def exception_handler(exception_message): module.fail_json(msg=exception_message) fw.setExceptionHandler(exception_handler) if not fw.connected: module.fail_json(msg="firewalld service must be running") trusted_zone = "trusted" external_zone = "external" if zone is not None: if zone not in fw.getZones(): module.fail_json(msg="Runtime zone '%s' does not exist." % zone) if zone not in fw.config().getZoneNames(): module.fail_json(msg="Permanent zone '%s' does not exist." % zone) else: zone = fw.getDefaultZone() fw_zone = fw.config().getZoneByName(zone) fw_settings = fw_zone.getSettings() changed = False changed_zones = {} # service for item in service: if desired_state == "enabled": if not fw.queryService(zone, item): fw.addService(zone, item) changed = True if not fw_settings.queryService(item): fw_settings.addService(item) changed = True changed_zones[fw_zone] = fw_settings elif desired_state == "disabled": if fw.queryService(zone, item): fw.removeService(zone, item) if fw_settings.queryService(item): fw_settings.removeService(item) changed = True changed_zones[fw_zone] = fw_settings # port for _port, _protocol in port: if desired_state == "enabled": if not fw.queryPort(zone, _port, _protocol): fw.addPort(zone, _port, _protocol) changed = True if not fw_settings.queryPort(_port, _protocol): fw_settings.addPort(_port, _protocol) changed = True changed_zones[fw_zone] = fw_settings elif desired_state == "disabled": if fw.queryPort(zone, _port, _protocol): fw.removePort(zone, _port, _protocol) changed = True if fw_settings.queryPort(_port, _protocol): fw_settings.removePort(_port, _protocol) changed = True changed_zones[fw_zone] = fw_settings # trust, trust_by_mac if len(trust) > 0 or len(trust_by_mac) > 0: items = trust if len(trust_by_mac) > 0: items.extend(trust_by_mac) if zone != trusted_zone: _fw_zone = fw.config().getZoneByName(trusted_zone) if _fw_zone in changed_zones: _fw_settings = changed_zones[_fw_zone] else: _fw_settings = _fw_zone.getSettings() else: _fw_zone = fw_zone _fw_settings = fw_settings for item in items: if desired_state == "enabled": if try_set_zone_of_interface(trusted_zone, item): changed = True else: if not fw.queryInterface(trusted_zone, item): fw.changeZoneOfInterface(trusted_zone, item) changed = True if not _fw_settings.queryInterface(item): _fw_settings.addInterface(item) changed = True changed_zones[_fw_zone] = _fw_settings elif desired_state == "disabled": if try_set_zone_of_interface("", item): if module.check_mode: module.exit_json(changed=True) else: if fw.queryInterface(trusted_zone, item): fw.removeInterface(trusted_zone, item) changed = True if _fw_settings.queryInterface(item): _fw_settings.removeInterface(item) changed = True changed_zones[_fw_zone] = _fw_settings # masq, masq_by_mac if len(masq) > 0 or len(masq_by_mac) > 0: items = masq if len(masq_by_mac) > 0: items.extend(masq_by_mac) if zone != external_zone: _fw_zone = fw.config().getZoneByName(external_zone) if _fw_zone in changed_zones: _fw_settings = changed_zones[_fw_zone] else: _fw_settings = _fw_zone.getSettings() else: _fw_zone = fw_zone _fw_settings = fw_settings for item in items: if desired_state == "enabled": if try_set_zone_of_interface(external_zone, item): changed = True else: if not fw.queryInterface(external_zone, item): fw.changeZoneOfInterface(external_zone, item) changed = True if not _fw_settings.queryInterface(item): _fw_settings.addInterface(item) changed = True changed_zones[_fw_zone] = _fw_settings elif desired_state == "disabled": if try_set_zone_of_interface("", item): if module.check_mode: module.exit_json(changed=True) else: if fw.queryInterface(external_zone, item): fw.removeInterface(external_zone, item) changed = True if _fw_settings.queryInterface(item): _fw_settings.removeInterface(item) changed = True changed_zones[_fw_zone] = _fw_settings # forward_port, forward_port_by_mac if len(forward_port) > 0 or len(forward_port_by_mac) > 0: items = forward_port if len(forward_port_by_mac) > 0: items.extend(forward_port_by_mac) for _interface, _port, _protocol, _to_port, _to_addr in items: if _interface != "": _zone = fw.getZoneOfInterface(_interface) else: _zone = zone if _zone != "" and _zone != zone: _fw_zone = fw.config().getZoneByName(_zone) if _fw_zone in changed_zones: _fw_settings = changed_zones[_fw_zone] else: _fw_settings = _fw_zone.getSettings() else: _fw_zone = fw_zone _fw_settings = fw_settings if desired_state == "enabled": if not fw.queryForwardPort(_zone, _port, _protocol, _to_port, _to_addr): fw.addForwardPort(_zone, _port, _protocol, _to_port, _to_addr) changed = True if not _fw_settings.queryForwardPort( _port, _protocol, _to_port, _to_addr): _fw_settings.addForwardPort(_port, _protocol, _to_port, _to_addr) changed = True changed_zones[_fw_zone] = _fw_settings elif desired_state == "disabled": if fw.queryForwardPort(_zone, _port, _protocol, _to_port, _to_addr): fw.removeForwardPort(_zone, _port, _protocol, _to_port, _to_addr) changed = True if _fw_settings.queryForwardPort(_port, _protocol, _to_port, _to_addr): _fw_settings.removeForwardPort(_port, _protocol, _to_port, _to_addr) changed = True changed_zones[_fw_zone] = _fw_settings # apply changes if changed: for _zone in changed_zones: _zone.update(changed_zones[_zone]) module.exit_json(changed=True) elif HAS_SYSTEM_CONFIG_FIREWALL: (config, old_config, _) = fw_lokkit.loadConfig(args=[], dbus_parser=True) changed = False # service for item in service: if config.services is None: config.services = [] if desired_state == "enabled": if item not in config.services: config.services.append(item) changed = True elif desired_state == "disabled": if item in config.services: config.services.remove(item) changed = True # port for _port, _protocol in port: if config.ports is None: config.ports = [] _range = getPortRange(_port) if _range < 0: module.fail_json(msg="invalid port definition %s" % _port) elif _range is None: module.fail_json(msg="port _range is not unique.") elif len(_range) == 2 and _range[0] >= _range[1]: module.fail_json(msg="invalid port range %s" % _port) port_proto = (_range, _protocol) if desired_state == "enabled": if port_proto not in config.ports: config.ports.append(port_proto) changed = True elif desired_state == "disabled": if port_proto in config.ports: config.ports.remove(port_proto) changed = True # trust, trust_by_mac if len(trust) > 0 or len(trust_by_mac) > 0: if config.trust is None: config.trust = [] items = trust if len(trust_by_mac) > 0: items.extend(trust_by_mac) for item in items: if desired_state == "enabled": if item not in config.trust: config.trust.append(item) changed = True elif desired_state == "disabled": if item in config.trust: config.trust.remove(item) changed = True # masq, masq_by_mac if len(masq) > 0 or len(masq_by_mac) > 0: if config.masq is None: config.masq = [] items = masq if len(masq_by_mac) > 0: items.extend(masq_by_mac) for item in items: if desired_state == "enabled": if item not in config.masq: config.masq.append(item) changed = True elif desired_state == "disabled": if item in config.masq: config.masq.remove(item) changed = True # forward_port, forward_port_by_mac if len(forward_port) > 0 or len(forward_port_by_mac) > 0: if config.forward_port is None: config.forward_port = [] items = forward_port if len(forward_port_by_mac) > 0: items.extend(forward_port_by_mac) for _interface, _port, _protocol, _to_port, _to_addr in items: _range = getPortRange(_port) if _range < 0: module.fail_json(msg="invalid port definition") elif _range is None: module.fail_json(msg="port _range is not unique.") elif len(_range) == 2 and _range[0] >= _range[1]: module.fail_json(msg="invalid port range") fwd_port = { "if": _interface, "port": _range, "proto": _protocol } if _to_port is not None: _range = getPortRange(_to_port) if _range < 0: module.fail_json(msg="invalid port definition %s" % _to_port) elif _range is None: module.fail_json(msg="port _range is not unique.") elif len(_range) == 2 and _range[0] >= _range[1]: module.fail_json(msg="invalid port range") fwd_port["toport"] = _range if _to_addr is not None: fwd_port["toaddr"] = _to_addr if desired_state == "enabled": if fwd_port not in config.forward_port: config.forward_port.append(fwd_port) changed = True elif desired_state == "disabled": if fwd_port in config.forward_port: config.forward_port.remove(fwd_port) changed = True # apply changes if changed: fw_lokkit.updateFirewall(config, old_config) if module.check_mode: module.exit_json(changed=True) else: module.fail_json(msg="No firewalld and system-config-firewall") module.exit_json(changed=False)
def main(): module = AnsibleModule(argument_spec=dict( service=dict(required=False, type='list', default=[]), port=dict(required=False, type='list', default=[]), trust=dict(required=False, type='list', default=[]), trust_by_mac=dict(required=False, type='list', default=[]), masq=dict(required=False, type='list', default=[]), masq_by_mac=dict(required=False, type='list', default=[]), forward_port=dict(required=False, type='list', default=[]), forward_port_by_mac=dict(required=False, type='list', default=[]), state=dict(choices=['enabled', 'disabled'], required=True), ), required_one_of=([ 'service', 'port', 'trust', 'trust_by_mac', 'masq', 'masq_by_mac', 'forward_prot' ], ), supports_check_mode=True) if not HAS_FIREWALLD and not HAS_SYSTEM_CONFIG_FIREWALL: module.fail_json(msg='No firewall backend could be imported.') service = module.params['service'] port = [] for port_proto in module.params['port']: _port, _protocol = port_proto.split('/') if _protocol is None: module.fail_json(msg='improper port format (missing protocol?)') port.append((_port, _protocol)) trust = module.params['trust'] trust_by_mac = [] for item in module.params['trust_by_mac']: _interface = get_device_for_mac(item) if _interface is None: module.fail_json(msg='MAC address not found %s' % item) trust_by_mac.append(_interface) masq = module.params['masq'] masq_by_mac = [] for item in module.params['masq_by_mac']: _interface = get_device_for_mac(item) if _interface is None: module.fail_json(msg='MAC address not found %s' % item) masq_by_mac.append(_interface) forward_port = [] for item in module.params['forward_port']: args = item.split(";") if len(args) != 4: module.fail_json(msg='improper forward_port format: %s' % item) _interface, __port, _to_port, _to_addr = args _port, _protocol = __port.split('/') if _protocol is None: module.fail_json(msg='improper port format (missing protocol?)') if _to_port == "": _to_port = None if _to_addr == "": _to_addr = None forward_port.append((_interface, _port, _protocol, _to_port, _to_addr)) forward_port_by_mac = [] for item in module.params['forward_port_by_mac']: args = item.split(";") if len(args) != 4: module.fail_json(msg='improper forward_port_by_mac format') _mac_addr, __port, _to_port, _to_addr = args _port, _protocol = __port.split('/') if _protocol is None: module.fail_json(msg='improper port format (missing protocol?)') if _to_port == "": _to_port = None if _to_addr == "": _to_addr = None _interface = get_device_for_mac(_mac_addr) if _interface is None: module.fail_json(msg='MAC address not found %s' % _mac_addr) forward_port_by_mac.append( (_interface, _port, _protocol, _to_port, _to_addr)) desired_state = module.params['state'] if HAS_FIREWALLD: fw = FirewallClient() def exception_handler(exception_message): module.fail_json(msg=exception_message) fw.setExceptionHandler(exception_handler) if not fw.connected: module.fail_json(msg='firewalld service must be running') trusted_zone = "trusted" external_zone = "external" default_zone = fw.getDefaultZone() fw_zone = fw.config().getZoneByName(default_zone) fw_settings = fw_zone.getSettings() changed = False changed_zones = {} # service for item in service: if desired_state == "enabled": if not fw.queryService(default_zone, item): fw.addService(default_zone, item) changed = True if not fw_settings.queryService(item): fw_settings.addService(item) changed = True changed_zones[fw_zone] = fw_settings elif desired_state == "disabled": if fw.queryService(default_zone, item): fw.removeService(default_zone, item) if fw_settings.queryService(item): fw_settings.removeService(item) changed = True changed_zones[fw_zone] = fw_settings # port for _port, _protocol in port: if desired_state == "enabled": if not fw.queryPort(default_zone, _port, _protocol): fw.addPort(default_zone, _port, _protocol) changed = True if not fw_settings.queryPort(_port, _protocol): fw_settings.addPort(_port, _protocol) changed = True changed_zones[fw_zone] = fw_settings elif desired_state == "disabled": if fw.queryPort(default_zone, _port, _protocol): fw.removePort(default_zone, _port, _protocol) changed = True if fw_settings.queryPort(_port, _protocol): fw_settings.removePort(_port, _protocol) changed = True changed_zones[fw_zone] = fw_settings # trust, trust_by_mac if len(trust) > 0 or len(trust_by_mac) > 0: items = trust if len(trust_by_mac) > 0: items.extend(trust_by_mac) if default_zone != trusted_zone: fw_zone = fw.config().getZoneByName(trusted_zone) fw_settings = fw_zone.getSettings() for item in items: if desired_state == "enabled": if try_set_zone_of_interface(trusted_zone, item): changed = True else: if not fw.queryInterface(trusted_zone, item): fw.changeZoneOfInterface(trusted_zone, item) changed = True if not fw_settings.queryInterface(item): fw_settings.addInterface(item) changed = True changed_zones[fw_zone] = fw_settings elif desired_state == "disabled": if try_set_zone_of_interface("", item): if module.check_mode: module.exit_json(changed=True) else: if fw.queryInterface(trusted_zone, item): fw.removeInterface(trusted_zone, item) changed = True if fw_settings.queryInterface(item): fw_settings.removeInterface(item) changed = True changed_zones[fw_zone] = fw_settings # masq, masq_by_mac if len(masq) > 0 or len(masq_by_mac) > 0: items = masq if len(masq_by_mac) > 0: items.extend(masq_by_mac) if default_zone != external_zone: fw_zone = fw.config().getZoneByName(external_zone) fw_settings = fw_zone.getSettings() for item in items: if desired_state == "enabled": if try_set_zone_of_interface(external_zone, item): changed = True else: if not fw.queryInterface(external_zone, item): fw.changeZoneOfInterface(external_zone, item) changed = True if not fw_settings.queryInterface(item): fw_settings.addInterface(item) changed = True changed_zones[fw_zone] = fw_settings elif desired_state == "disabled": if try_set_zone_of_interface("", item): if module.check_mode: module.exit_json(changed=True) else: if fw.queryInterface(external_zone, item): fw.removeInterface(external_zone, item) changed = True if fw_settings.queryInterface(item): fw_settings.removeInterface(item) changed = True changed_zones[fw_zone] = fw_settings # forward_port, forward_port_by_mac if len(forward_port) > 0 or len(forward_port_by_mac) > 0: items = forward_port if len(forward_port_by_mac) > 0: items.extend(forward_port_by_mac) for _interface, _port, _protocol, _to_port, _to_addr in items: if _interface != "": _zone = fw.getZoneOfInterface(_interface) if _zone != "" and _zone != default_zone: fw_zone = fw.config().getZoneByName(_zone) fw_settings = fw_zone.getSettings() if desired_state == "enabled": if not fw.queryForwardPort(_zone, _port, _protocol, _to_port, _to_addr): fw.addForwardPort(_zone, _port, _protocol, _to_port, _to_addr) changed = True if not fw_settings.queryForwardPort( _port, _protocol, _to_port, _to_addr): fw_settings.addForwardPort(_port, _protocol, _to_port, _to_addr) changed = True changed_zones[fw_zone] = fw_settings elif desired_state == "disabled": if fw.queryForwardPort(_zone, _port, _protocol, _to_port, _to_addr): fw.removeForwardPort(_zone, _port, _protocol, _to_port, _to_addr) changed = True if fw_settings.queryForwardPort(_port, _protocol, _to_port, _to_addr): fw_settings.removeForwardPort(_port, _protocol, _to_port, _to_addr) changed = True changed_zones[fw_zone] = fw_settings # apply changes if changed: for _zone in changed_zones: _zone.update(changed_zones[_zone]) if module.check_mode: module.exit_json(changed=True) elif HAS_SYSTEM_CONFIG_FIREWALL: (config, old_config, _) = fw_lokkit.loadConfig(args=[], dbus_parser=True) changed = False # service for item in service: if config.services is None: config.services = [] if desired_state == "enabled": if item not in config.services: config.services.append(item) changed = True elif desired_state == "disabled": if item in config.services: config.services.remove(item) changed = True # port for _port, _protocol in port: if config.ports is None: config.ports = [] _range = getPortRange(_port) if _range < 0: module.fail_json(msg='invalid port definition %s' % _port) elif _range is None: module.fail_json(msg='port _range is not unique.') elif len(_range) == 2 and _range[0] >= _range[1]: module.fail_json(msg='invalid port range %s' % _port) port_proto = (_range, _protocol) if desired_state == "enabled": if port_proto not in config.ports: config.ports.append(port_proto) changed = True elif desired_state == "disabled": if port_proto in config.ports: config.ports.remove(port_proto) changed = True # trust, trust_by_mac if len(trust) > 0 or len(trust_by_mac) > 0: if config.trust is None: config.trust = [] items = trust if len(trust_by_mac) > 0: items.extend(trust_by_mac) for item in items: if desired_state == "enabled": if item not in config.trust: config.trust.append(item) changed = True elif desired_state == "disabled": if item in config.trust: config.trust.remove(item) changed = True # masq, masq_by_mac if len(masq) > 0 or len(masq_by_mac) > 0: if config.masq is None: config.masq = [] items = masq if len(masq_by_mac) > 0: items.extend(masq_by_mac) for item in items: if desired_state == "enabled": if item not in config.masq: config.masq.append(item) changed = True elif desired_state == "disabled": if item in config.masq: config.masq.remove(item) changed = True # forward_port, forward_port_by_mac if len(forward_port) > 0 or len(forward_port_by_mac) > 0: if config.forward_port is None: config.forward_port = [] items = forward_port if len(forward_port_by_mac) > 0: items.extend(forward_port_by_mac) for _interface, _port, _protocol, _to_port, _to_addr in items: _range = getPortRange(_port) if _range < 0: module.fail_json(msg='invalid port definition') elif _range is None: module.fail_json(msg='port _range is not unique.') elif len(_range) == 2 and _range[0] >= _range[1]: module.fail_json(msg='invalid port range') fwd_port = { "if": _interface, "port": _range, "proto": _protocol } if _to_port is not None: _range = getPortRange(_to_port) if _range < 0: module.fail_json(msg='invalid port definition %s' % \ _to_port) elif _range is None: module.fail_json(msg='port _range is not unique.') elif len(_range) == 2 and _range[0] >= _range[1]: module.fail_json(msg='invalid port range') fwd_port["toport"] = _range if _to_addr is not None: fwd_port["toaddr"] = _to_addr if desired_state == "enabled": if fwd_port not in config.forward_port: config.forward_port.append(fwd_port) changed = True elif desired_state == "disabled": if fwd_port in config.forward_port: config.forward_port.remove(fwd_port) changed = True # apply changes if changed: fw_lokkit.updateFirewall(config, old_config) if module.check_mode: module.exit_json(changed=True) else: module.fail_json(msg='No firewalld and system-config-firewall') module.exit_json(changed=False)
def forward_port_selection(self, interface=None, protocol=None, port=None, to_address=None, to_port=None): _interface = ( interface if interface else "" ) _protocol = ( protocol if protocol else "" ) _port = ( self.__simplePortStr(port) if port else "" ) _to_address = ( to_address if to_address else "" ) _to_port = ( self.__simplePortStr(to_port) if to_port else "" ) while 1: dialog = GridForm(self.screen, _("Port Forwarding"), 1, 6) tr = TextboxReflowed(40, _("Please select the source and " "destination options according " "to your needs.")) dialog.add(tr, 0, 0, padding=(0,0,0,1), growx=1) dialog.add(TextboxReflowed(40, _("Source (all needed)")), 0, 1, padding=(0,0,0,0), growx=1, anchorLeft=1) grid = Grid(2, 3) grid.setField(Label(_("Interface:")), 0, 0, padding=(0,0,1,0), anchorLeft=1) dialog.interface = Entry(20, text=_interface) grid.setField(dialog.interface, 1, 0, padding=(0,0,1,0), anchorLeft=1) grid.setField(Label(_("Protocol:")), 0, 1, padding=(0,0,1,0), anchorLeft=1) dialog.protocol = Entry(20, text=_protocol) grid.setField(dialog.protocol, 1, 1, padding=(0,0,1,0), anchorLeft=1) grid.setField(Label(_("Port / Port Range:")), 0, 2, padding=(0,0,1,0), anchorLeft=1) dialog.port = Entry(20, text=_port) grid.setField(dialog.port, 1, 2, padding=(0,0,1,0), anchorLeft=1) dialog.add(grid, 0, 2, padding=(0,0,0,1)) dialog.add(TextboxReflowed(40, _("Destination (at least one " "needed)")), 0, 3, padding=(0,0,0,0), growx=1, anchorLeft=1) grid = None grid = Grid(2, 2) grid.setField(Label(_("IP address:")), 0, 0, padding=(0,0,1,0), anchorLeft=1) dialog.to_address = Entry(20, text=_to_address) grid.setField(dialog.to_address, 1, 0, padding=(0,0,1,0), anchorLeft=1) grid.setField(Label(_("Port / Port Range:")), 0, 1, padding=(0,0,1,0), anchorLeft=1) dialog.to_port = Entry(20, text=_to_port) grid.setField(dialog.to_port, 1, 1, padding=(0,0,1,0), anchorLeft=1) dialog.add(grid, 0, 4, padding=(0,0,0,1)) dialog.bb = ButtonBar(self.screen, ((_("OK"), "ok"), (_("Cancel"), "cancel"))) dialog.add(dialog.bb, 0, 5, growx=1) res = dialog.bb.buttonPressed(dialog.runPopup()) self.screen.popWindow() values = (dialog.interface.value(), dialog.protocol.value(), dialog.port.value(), dialog.to_address.value(), dialog.to_port.value()) if res == 'ok': error = False # interface _interface = values[0].strip() if not len(_interface) > 0 or not checkInterface(_interface): self.error(_("Interface '%s' is not valid.") % _interface) error = True else: interface = _interface # protocol _protocol = values[1].strip() if not _protocol in [ "tcp", "udp" ]: self.protocol_error(_protocol) error = True else: protocol = _protocol # port _port = values[2].strip() port = getPortRange(_port) if not (isinstance(port, types.ListType) or \ isinstance(port, types.TupleType)): self.port_error(_port) error = True port = None # to_address _to_address = values[3].strip() if len(_to_address) > 0 and not checkIP(_to_address): self.error(_("Address '%s' is not valid.") % _to_address) error = True to_address = None else: to_address = _to_address # to_port _to_port = values[4].strip() if len(_to_port) > 0: to_port = getPortRange(_to_port) if not (isinstance(to_port, types.ListType) or \ isinstance(to_port, types.TupleType)): self.port_error(_to_port) error = True to_port = None if error: continue if not interface or not protocol or not port: continue if not to_address and not to_port: continue return (interface, protocol, port, to_address, to_port) elif res == 'cancel': return None