class FirewallD:
def __init__ (self):
try:
from firewall.client import FirewallClient
self._fw = FirewallClient ()
if not self._fw.connected:
debugprint ("FirewallD seems to be installed but not running")
self._fw = None
self._zone = None
self.running = False
return
zone_name = self._get_active_zone ()
if zone_name:
self._zone = self._fw.config().getZoneByName (zone_name)
else:
self._zone = None
self.running = True
debugprint ("Using /org/fedoraproject/FirewallD1")
except (ImportError, dbus.exceptions.DBusException):
self._fw = None
self._zone = None
self.running = False
def _get_active_zone (self):
zones = list(self._fw.getActiveZones().keys())
if not zones:
debugprint ("FirewallD: no changeable zone")
return None
elif len (zones) == 1:
# most probable case
return zones[0]
else:
# Do we need to handle the 'more active zones' case ?
# It's quite unlikely case because that would mean that more
# network connections are up and running and they are
# in different network zones at the same time.
debugprint ("FirewallD returned more zones, taking first one")
return zones[0]
def _get_fw_data (self, reply_handler=None, error_handler=None):
try:
debugprint ("%s in _get_fw_data: _fw_data is %s" %
(self, repr(self._fw_data.getServices())))
if self._fw_data:
debugprint ("Using cached firewall data")
if reply_handler:
reply_handler (self._fw_data)
except AttributeError:
try:
self._fw_data = self._zone.getSettings ()
debugprint ("Firewall data obtained")
if reply_handler:
reply_handler (self._fw_data)
except (dbus.exceptions.DBusException, AttributeError, ValueError) as e:
self._fw_data = None
debugprint ("Exception examining firewall")
if error_handler:
error_handler (e)
return self._fw_data
def read (self, reply_handler=None, error_handler=None):
if reply_handler:
self._get_fw_data (reply_handler,
error_handler)
else:
self._get_fw_data ()
def write (self):
try:
if self._zone:
self._zone.update (self._fw_data)
self._fw.reload ()
except dbus.exceptions.DBusException:
nonfatalException ()
def add_service (self, service):
if not self._get_fw_data ():
return
self._fw_data.addService (service)
def check_ipp_client_allowed (self):
if not self._get_fw_data ():
return True
return (IPP_CLIENT_SERVICE in self._fw_data.getServices () or
[IPP_CLIENT_PORT, IPP_CLIENT_PROTOCOL] in self._fw_data.getPorts ())
def check_ipp_server_allowed (self):
if not self._get_fw_data ():
return True
return (IPP_SERVER_SERVICE in self._fw_data.getServices () or
[IPP_SERVER_PORT, IPP_SERVER_PROTOCOL] in self._fw_data.getPorts ())
def check_samba_client_allowed (self):
if not self._get_fw_data ():
return True
return (SAMBA_CLIENT_SERVICE in self._fw_data.getServices ())
def check_mdns_allowed (self):
if not self._get_fw_data ():
return True
return (MDNS_SERVICE in self._fw_data.getServices () or
[MDNS_PORT, MDNS_PROTOCOL] in self._fw_data.getPorts ())
def getActiveZones():
fw = FirewallClient()
zones = fw.getActiveZones()
return zones
class FirewallD:
def __init__(self):
try:
from firewall.client import FirewallClient
self._fw = FirewallClient()
if not self._fw.connected:
debugprint("FirewallD seems to be installed but not running")
self._fw = None
self._zone = None
self.running = False
return
zone_name = self._get_active_zone()
if zone_name:
self._zone = self._fw.config().getZoneByName(zone_name)
else:
self._zone = None
self.running = True
debugprint("Using /org/fedoraproject/FirewallD1")
except (ImportError, dbus.exceptions.DBusException):
self._fw = None
self._zone = None
self.running = False
def _get_active_zone(self):
zones = self._fw.getActiveZones().keys()
if not zones:
debugprint("FirewallD: no changeable zone")
return None
elif len(zones) == 1:
# most probable case
return zones[0]
else:
# Do we need to handle the 'more active zones' case ?
# It's quite unlikely case because that would mean that more
# network connections are up and running and they are
# in different network zones at the same time.
debugprint("FirewallD returned more zones, taking first one")
return zones[0]
def _get_fw_data(self, reply_handler=None, error_handler=None):
try:
debugprint("%s in _get_fw_data: _fw_data is %s" %
(self, repr(self._fw_data.getServices())))
if self._fw_data:
debugprint("Using cached firewall data")
if reply_handler:
reply_handler(self._fw_data)
except AttributeError:
try:
self._fw_data = self._zone.getSettings()
debugprint("Firewall data obtained")
if reply_handler:
reply_handler(self._fw_data)
except (dbus.exceptions.DBusException, AttributeError,
ValueError) as e:
self._fw_data = None
debugprint("Exception examining firewall")
if error_handler:
error_handler(e)
return self._fw_data
def read(self, reply_handler=None, error_handler=None):
if reply_handler:
self._get_fw_data(reply_handler, error_handler)
else:
self._get_fw_data()
def write(self):
try:
if self._zone:
self._zone.update(self._fw_data)
self._fw.reload()
except dbus.exceptions.DBusException:
nonfatalException()
def add_service(self, service):
if not self._get_fw_data():
return
self._fw_data.addService(service)
def check_ipp_client_allowed(self):
if not self._get_fw_data():
return True
return (IPP_CLIENT_SERVICE in self._fw_data.getServices()
or [IPP_CLIENT_PORT, IPP_CLIENT_PROTOCOL
] in self._fw_data.getPorts())
def check_ipp_server_allowed(self):
if not self._get_fw_data():
return True
return (IPP_SERVER_SERVICE in self._fw_data.getServices()
or [IPP_SERVER_PORT, IPP_SERVER_PROTOCOL
] in self._fw_data.getPorts())
def check_samba_client_allowed(self):
if not self._get_fw_data():
return True
return (SAMBA_CLIENT_SERVICE in self._fw_data.getServices())
def check_mdns_allowed(self):
if not self._get_fw_data():
return True
return (MDNS_SERVICE in self._fw_data.getServices()
or [MDNS_PORT, MDNS_PROTOCOL] in self._fw_data.getPorts())
def getActiveZones():
fw = FirewallClient()
zones = fw.getActiveZones()
return zones
