def _check_config(self, config, item, all_config):
common_check_config(self, config, item, all_config)
if item == "target":
if config not in ZONE_TARGETS:
raise FirewallError(errors.INVALID_TARGET, config)
elif item == "interfaces":
for interface in config:
if not checkInterface(interface):
raise FirewallError(errors.INVALID_INTERFACE, interface)
if self.fw_config:
for zone in self.fw_config.get_zones():
if zone == self.name:
continue
if interface in self.fw_config.get_zone(
zone).interfaces:
raise FirewallError(
errors.INVALID_INTERFACE,
"interface '{}' already bound to zone '{}'".
format(interface, zone))
elif item == "sources":
for source in config:
if not checkIPnMask(source) and not checkIP6nMask(source) and \
not check_mac(source) and not source.startswith("ipset:"):
raise FirewallError(errors.INVALID_ADDR, source)
if self.fw_config:
for zone in self.fw_config.get_zones():
if zone == self.name:
continue
if source in self.fw_config.get_zone(zone).sources:
raise FirewallError(
errors.INVALID_ADDR,
"source '{}' already bound to zone '{}'".
format(source, zone))
def _check_config(self, config, item, all_config):
common_check_config(self, config, item, all_config)
if item == "target":
if config not in ZONE_TARGETS:
raise FirewallError(errors.INVALID_TARGET, config)
elif item == "interfaces":
for interface in config:
if not checkInterface(interface):
raise FirewallError(errors.INVALID_INTERFACE, interface)
elif item == "sources":
for source in config:
if not checkIPnMask(source) and not checkIP6nMask(source) and \
not check_mac(source) and not source.startswith("ipset:"):
raise FirewallError(errors.INVALID_ADDR, source)
def _check_config(self, config, item, all_config, all_io_objects):
common_check_config(self, config, item, all_config, all_io_objects)
if self.name in all_io_objects["policies"]:
raise FirewallError(
errors.NAME_CONFLICT,
"Zone '{}': Can't have the same name as a policy.".format(
self.name))
if item == "target":
if config not in ZONE_TARGETS:
raise FirewallError(
errors.INVALID_TARGET,
"Zone '{}': invalid target '{}'".format(self.name, config))
elif item == "interfaces":
for interface in config:
if not checkInterface(interface):
raise FirewallError(
errors.INVALID_INTERFACE,
"Zone '{}': invalid interface '{}'".format(
self.name, interface))
for zone in all_io_objects["zones"]:
if zone == self.name:
continue
if interface in all_io_objects["zones"][zone].interfaces:
raise FirewallError(
errors.INVALID_INTERFACE,
"Zone '{}': interface '{}' already bound to zone '{}'"
.format(self.name, interface, zone))
elif item == "sources":
for source in config:
if not checkIPnMask(source) and not checkIP6nMask(source) and \
not check_mac(source) and not source.startswith("ipset:"):
raise FirewallError(
errors.INVALID_ADDR,
"Zone '{}': invalid source '{}'".format(
self.name, source))
for zone in all_io_objects["zones"]:
if zone == self.name:
continue
if source in all_io_objects["zones"][zone].sources:
raise FirewallError(
errors.INVALID_ADDR,
"Zone '{}': source '{}' already bound to zone '{}'"
.format(self.name, source, zone))