class FirewallD: def __init__ (self): try: from firewall.client import FirewallClient self._fw = FirewallClient () if not self._fw.connected: debugprint ("FirewallD seems to be installed but not running") self._fw = None self._zone = None self.running = False return zone_name = self._get_active_zone () if zone_name: self._zone = self._fw.config().getZoneByName (zone_name) else: self._zone = None self.running = True debugprint ("Using /org/fedoraproject/FirewallD1") except (ImportError, dbus.exceptions.DBusException): self._fw = None self._zone = None self.running = False def _get_active_zone (self): zones = list(self._fw.getActiveZones().keys()) if not zones: debugprint ("FirewallD: no changeable zone") return None elif len (zones) == 1: # most probable case return zones[0] else: # Do we need to handle the 'more active zones' case ? # It's quite unlikely case because that would mean that more # network connections are up and running and they are # in different network zones at the same time. debugprint ("FirewallD returned more zones, taking first one") return zones[0] def _get_fw_data (self, reply_handler=None, error_handler=None): try: debugprint ("%s in _get_fw_data: _fw_data is %s" % (self, repr(self._fw_data.getServices()))) if self._fw_data: debugprint ("Using cached firewall data") if reply_handler: reply_handler (self._fw_data) except AttributeError: try: self._fw_data = self._zone.getSettings () debugprint ("Firewall data obtained") if reply_handler: reply_handler (self._fw_data) except (dbus.exceptions.DBusException, AttributeError, ValueError) as e: self._fw_data = None debugprint ("Exception examining firewall") if error_handler: error_handler (e) return self._fw_data def read (self, reply_handler=None, error_handler=None): if reply_handler: self._get_fw_data (reply_handler, error_handler) else: self._get_fw_data () def write (self): try: if self._zone: self._zone.update (self._fw_data) self._fw.reload () except dbus.exceptions.DBusException: nonfatalException () def add_service (self, service): if not self._get_fw_data (): return self._fw_data.addService (service) def check_ipp_client_allowed (self): if not self._get_fw_data (): return True return (IPP_CLIENT_SERVICE in self._fw_data.getServices () or [IPP_CLIENT_PORT, IPP_CLIENT_PROTOCOL] in self._fw_data.getPorts ()) def check_ipp_server_allowed (self): if not self._get_fw_data (): return True return (IPP_SERVER_SERVICE in self._fw_data.getServices () or [IPP_SERVER_PORT, IPP_SERVER_PROTOCOL] in self._fw_data.getPorts ()) def check_samba_client_allowed (self): if not self._get_fw_data (): return True return (SAMBA_CLIENT_SERVICE in self._fw_data.getServices ()) def check_mdns_allowed (self): if not self._get_fw_data (): return True return (MDNS_SERVICE in self._fw_data.getServices () or [MDNS_PORT, MDNS_PROTOCOL] in self._fw_data.getPorts ())
def getActiveZones(): fw = FirewallClient() zones = fw.getActiveZones() return zones
class FirewallD: def __init__(self): try: from firewall.client import FirewallClient self._fw = FirewallClient() if not self._fw.connected: debugprint("FirewallD seems to be installed but not running") self._fw = None self._zone = None self.running = False return zone_name = self._get_active_zone() if zone_name: self._zone = self._fw.config().getZoneByName(zone_name) else: self._zone = None self.running = True debugprint("Using /org/fedoraproject/FirewallD1") except (ImportError, dbus.exceptions.DBusException): self._fw = None self._zone = None self.running = False def _get_active_zone(self): zones = self._fw.getActiveZones().keys() if not zones: debugprint("FirewallD: no changeable zone") return None elif len(zones) == 1: # most probable case return zones[0] else: # Do we need to handle the 'more active zones' case ? # It's quite unlikely case because that would mean that more # network connections are up and running and they are # in different network zones at the same time. debugprint("FirewallD returned more zones, taking first one") return zones[0] def _get_fw_data(self, reply_handler=None, error_handler=None): try: debugprint("%s in _get_fw_data: _fw_data is %s" % (self, repr(self._fw_data.getServices()))) if self._fw_data: debugprint("Using cached firewall data") if reply_handler: reply_handler(self._fw_data) except AttributeError: try: self._fw_data = self._zone.getSettings() debugprint("Firewall data obtained") if reply_handler: reply_handler(self._fw_data) except (dbus.exceptions.DBusException, AttributeError, ValueError) as e: self._fw_data = None debugprint("Exception examining firewall") if error_handler: error_handler(e) return self._fw_data def read(self, reply_handler=None, error_handler=None): if reply_handler: self._get_fw_data(reply_handler, error_handler) else: self._get_fw_data() def write(self): try: if self._zone: self._zone.update(self._fw_data) self._fw.reload() except dbus.exceptions.DBusException: nonfatalException() def add_service(self, service): if not self._get_fw_data(): return self._fw_data.addService(service) def check_ipp_client_allowed(self): if not self._get_fw_data(): return True return (IPP_CLIENT_SERVICE in self._fw_data.getServices() or [IPP_CLIENT_PORT, IPP_CLIENT_PROTOCOL ] in self._fw_data.getPorts()) def check_ipp_server_allowed(self): if not self._get_fw_data(): return True return (IPP_SERVER_SERVICE in self._fw_data.getServices() or [IPP_SERVER_PORT, IPP_SERVER_PROTOCOL ] in self._fw_data.getPorts()) def check_samba_client_allowed(self): if not self._get_fw_data(): return True return (SAMBA_CLIENT_SERVICE in self._fw_data.getServices()) def check_mdns_allowed(self): if not self._get_fw_data(): return True return (MDNS_SERVICE in self._fw_data.getServices() or [MDNS_PORT, MDNS_PROTOCOL] in self._fw_data.getPorts())