diff -up firewalld-0.3.9/src/firewall/client.py.RHBZ#1127706 firewalld-0.3.9/src/firewall/client.py --- firewalld-0.3.9/src/firewall/client.py.RHBZ#1127706 2014-09-30 01:05:32.495984835 +0200 +++ firewalld-0.3.9/src/firewall/client.py 2014-09-30 01:09:08.587824840 +0200 @@ -323,6 +323,271 @@ class FirewallClientConfigZone(object): def rename(self, name): self.fw_zone.rename(name) + # version + + @slip.dbus.polkit.enable_proxy + @handle_exceptions + def getVersion(self): + return self.fw_zone.getVersion() + + @slip.dbus.polkit.enable_proxy + @handle_exceptions + def setVersion(self, version): + self.fw_zone.setVersion(version) + + # short + + @slip.dbus.polkit.enable_proxy + @handle_exceptions + def getShort(self): + return self.fw_zone.getShort() + + @slip.dbus.polkit.enable_proxy + @handle_exceptions + def setShort(self, short): + self.fw_zone.setShort(short) + + # description + + @slip.dbus.polkit.enable_proxy + @handle_exceptions + def getDescription(self): + return self.fw_zone.getDescription() + + @slip.dbus.polkit.enable_proxy + @handle_exceptions + def setDescription(self, description): + self.fw_zone.setDescription(description) + + # target + + @slip.dbus.polkit.enable_proxy + @handle_exceptions + def getTarget(self): + return self.fw_zone.getTarget() + + @slip.dbus.polkit.enable_proxy + @handle_exceptions + def setTarget(self, target): + self.fw_zone.setTarget(target) + + # service + + @slip.dbus.polkit.enable_proxy + @handle_exceptions + def getServices(self): + return self.fw_zone.getServices() + + @slip.dbus.polkit.enable_proxy + @handle_exceptions + def setServices(self, services): + self.fw_zone.setServices(services) + + @slip.dbus.polkit.enable_proxy + @handle_exceptions + def addService(self, service): + self.fw_zone.addService(service) + + @slip.dbus.polkit.enable_proxy + @handle_exceptions + def removeService(self, service): + self.fw_zone.removeService(service) + + @slip.dbus.polkit.enable_proxy + @handle_exceptions + def queryService(self, service): + return self.fw_zone.queryService(service) + + # port + + @slip.dbus.polkit.enable_proxy + @handle_exceptions + def getPorts(self): + return self.fw_zone.getPorts() + + @slip.dbus.polkit.enable_proxy + @handle_exceptions + def setPorts(self, ports): + self.fw_zone.setPorts(ports) + + @slip.dbus.polkit.enable_proxy + @handle_exceptions + def addPort(self, port, protocol): + self.fw_zone.addPort(port, protocol) + + @slip.dbus.polkit.enable_proxy + @handle_exceptions + def removePort(self, port, protocol): + self.fw_zone.removePort(port, protocol) + + @slip.dbus.polkit.enable_proxy + @handle_exceptions + def queryPort(self, port, protocol): + return self.fw_zone.queryPort(port, protocol) + + # icmp block + + @slip.dbus.polkit.enable_proxy + @handle_exceptions + def getIcmpBlocks(self): + return self.fw_zone.getIcmpBlocks() + + @slip.dbus.polkit.enable_proxy + @handle_exceptions + def setIcmpBlocks(self, icmptypes): + self.fw_zone.setIcmpBlocks(icmptypes) + + @slip.dbus.polkit.enable_proxy + @handle_exceptions + def addIcmpBlock(self, icmptype): + self.fw_zone.addIcmpBlock(icmptype) + + @slip.dbus.polkit.enable_proxy + @handle_exceptions + def removeIcmpBlock(self, icmptype): + self.fw_zone.removeIcmpBlock(icmptype) + + @slip.dbus.polkit.enable_proxy + @handle_exceptions + def queryIcmpBlock(self, icmptype): + return self.fw_zone.queryIcmpBlock(icmptype) + + # masquerade + + @slip.dbus.polkit.enable_proxy + @handle_exceptions + def getMasquerade(self): + return self.fw_zone.getMasquerade() + + @slip.dbus.polkit.enable_proxy + @handle_exceptions + def setMasquerade(self, masquerade): + self.fw_zone.setMasquerades(masquerade) + + @slip.dbus.polkit.enable_proxy + @handle_exceptions + def addMasquerade(self): + self.fw_zone.addMasquerade() + + @slip.dbus.polkit.enable_proxy + @handle_exceptions + def removeMasquerade(self): + self.fw_zone.removeMasquerade() + + @slip.dbus.polkit.enable_proxy + @handle_exceptions + def queryMasquerade(self): + return self.fw_zone.queryMasquerade() + + # forward port + + @slip.dbus.polkit.enable_proxy + @handle_exceptions + def getForwardPorts(self): + return self.fw_zone.getForwardPorts() + + @slip.dbus.polkit.enable_proxy + @handle_exceptions + def setForwardPorts(self, ports): + self.fw_zone.setForwardPorts(ports) + + @slip.dbus.polkit.enable_proxy + @handle_exceptions + def addForwardPort(self, port, protocol, toport, toaddr): + self.fw_zone.addForwardPort(port, protocol, toport, toaddr) + + @slip.dbus.polkit.enable_proxy + @handle_exceptions + def removeForwardPort(self, port, protocol, toport, toaddr): + self.fw_zone.removeForwardPort(port, protocol, toport, toaddr) + + @slip.dbus.polkit.enable_proxy + @handle_exceptions + def queryForwardPort(self, port, protocol, toport, toaddr): + return self.fw_zone.queryForwardPort(port, protocol, toport, toaddr) + + # interface + + @slip.dbus.polkit.enable_proxy + @handle_exceptions + def getInterfaces(self): + return self.fw_zone.getInterfaces() + + @slip.dbus.polkit.enable_proxy + @handle_exceptions + def setInterfaces(self, interfaces): + self.fw_zone.setInterfaces(interfaces) + + @slip.dbus.polkit.enable_proxy + @handle_exceptions + def addInterface(self, interface): + self.fw_zone.addInterface(interface) + + @slip.dbus.polkit.enable_proxy + @handle_exceptions + def removeInterface(self, interface): + self.fw_zone.removeInterface(interface) + + @slip.dbus.polkit.enable_proxy + @handle_exceptions + def queryInterface(self, interface): + return self.fw_zone.queryInterface(interface) + + # source + + @slip.dbus.polkit.enable_proxy + @handle_exceptions + def getSources(self): + return self.fw_zone.getSources() + + @slip.dbus.polkit.enable_proxy + @handle_exceptions + def setSources(self, sources): + self.fw_zone.setSources(sources) + + @slip.dbus.polkit.enable_proxy + @handle_exceptions + def addSource(self, source): + self.fw_zone.addSource(source) + + @slip.dbus.polkit.enable_proxy + @handle_exceptions + def removeSource(self, source): + self.fw_zone.removeSource(source) + + @slip.dbus.polkit.enable_proxy + @handle_exceptions + def querySource(self, source): + return self.fw_zone.querySource(source) + + # rich rule + + @slip.dbus.polkit.enable_proxy + @handle_exceptions + def getRichRules(self): + return self.fw_zone.getRichRules() + + @slip.dbus.polkit.enable_proxy + @handle_exceptions + def setRichRules(self, rules): + self.fw_zone.setRichRules(rules) + + @slip.dbus.polkit.enable_proxy + @handle_exceptions + def addRichRule(self, rule): + self.fw_zone.addRichRule(rule) + + @slip.dbus.polkit.enable_proxy + @handle_exceptions + def removeRichRule(self, rule): + self.fw_zone.removeRichRule(rule) + + @slip.dbus.polkit.enable_proxy + @handle_exceptions + def queryRichRule(self, rule): + return self.fw_zone.queryRichRule(rule) + + # service config settings class FirewallClientServiceSettings(object): @@ -467,6 +732,130 @@ class FirewallClientConfigService(object def rename(self, name): self.fw_service.rename(name) + # version + + @slip.dbus.polkit.enable_proxy + @handle_exceptions + def getVersion(self): + return self.fw_service.getVersion() + + @slip.dbus.polkit.enable_proxy + @handle_exceptions + def setVersion(self, version): + self.fw_service.setVersion(version) + + # short + + @slip.dbus.polkit.enable_proxy + @handle_exceptions + def getShort(self): + return self.fw_service.getShort() + + @slip.dbus.polkit.enable_proxy + @handle_exceptions + def setShort(self, short): + self.fw_service.setShort(short) + + # description + + @slip.dbus.polkit.enable_proxy + @handle_exceptions + def getDescription(self): + return self.fw_service.getDescription() + + @slip.dbus.polkit.enable_proxy + @handle_exceptions + def setDescription(self, description): + self.fw_service.setDescription(description) + + # port + + @slip.dbus.polkit.enable_proxy + @handle_exceptions + def getPorts(self): + return self.fw_service.getPorts() + + @slip.dbus.polkit.enable_proxy + @handle_exceptions + def setPorts(self, ports): + self.fw_service.setPorts(ports) + + @slip.dbus.polkit.enable_proxy + @handle_exceptions + def addPort(self, port, protocol): + self.fw_service.addPort(port, protocol) + + @slip.dbus.polkit.enable_proxy + @handle_exceptions + def removePort(self, port, protocol): + self.fw_service.removePort(port, protocol) + + @slip.dbus.polkit.enable_proxy + @handle_exceptions + def queryPort(self, port, protocol): + return self.fw_service.queryPort(port, protocol) + + # module + + @slip.dbus.polkit.enable_proxy + @handle_exceptions + def getModules(self): + return self.fw_service.getModules() + + @slip.dbus.polkit.enable_proxy + @handle_exceptions + def setModules(self, modules): + self.fw_service.setModules(modules) + + @slip.dbus.polkit.enable_proxy + @handle_exceptions + def addModule(self, module, protocol): + self.fw_service.addModule(module, protocol) + + @slip.dbus.polkit.enable_proxy + @handle_exceptions + def removeModule(self, module, protocol): + self.fw_service.removeModule(module, protocol) + + @slip.dbus.polkit.enable_proxy + @handle_exceptions + def queryModule(self, module, protocol): + return self.fw_service.queryModule(module, protocol) + + # destination + + @slip.dbus.polkit.enable_proxy + @handle_exceptions + def getDestinations(self): + return self.fw_service.getDestinations() + + @slip.dbus.polkit.enable_proxy + @handle_exceptions + def setDestinations(self, destinations): + self.fw_service.setDestinations(destinations) + + @slip.dbus.polkit.enable_proxy + @handle_exceptions + def getDestination(self, destination): + return self.fw_service.getDestination(destination) + + @slip.dbus.polkit.enable_proxy + @handle_exceptions + def setDestination(self, destination, address): + self.fw_service.setDestination(destination, address) + + @slip.dbus.polkit.enable_proxy + @handle_exceptions + def removeDestination(self, destination): + self.fw_service.removeDestination(destination, address) + + @slip.dbus.polkit.enable_proxy + @handle_exceptions + def queryDestination(self, destination, address): + return self.fw_service.queryDestination(destination, address) + + + # icmptype config settings class FirewallClientIcmpTypeSettings(object): @@ -582,6 +971,70 @@ class FirewallClientConfigIcmpType(objec def rename(self, name): self.fw_icmptype.rename(name) + # version + + @slip.dbus.polkit.enable_proxy + @handle_exceptions + def getVersion(self): + return self.fw_icmptype.getVersion() + + @slip.dbus.polkit.enable_proxy + @handle_exceptions + def setVersion(self, version): + self.fw_icmptype.setVersion(version) + + # short + + @slip.dbus.polkit.enable_proxy + @handle_exceptions + def getShort(self): + return self.fw_icmptype.getShort() + + @slip.dbus.polkit.enable_proxy + @handle_exceptions + def setShort(self, short): + self.fw_icmptype.setShort(short) + + # description + + @slip.dbus.polkit.enable_proxy + @handle_exceptions + def getDescription(self): + return self.fw_icmptype.getDescription() + + @slip.dbus.polkit.enable_proxy + @handle_exceptions + def setDescription(self, description): + self.fw_icmptype.setDescription(description) + + # destination + + @slip.dbus.polkit.enable_proxy + @handle_exceptions + def getDestinations(self): + return self.fw_icmptype.getDestinations() + + @slip.dbus.polkit.enable_proxy + @handle_exceptions + def setDestinations(self, destinations): + self.fw_icmptype.setDestinations(destinations) + + @slip.dbus.polkit.enable_proxy + @handle_exceptions + def addDestination(self, destination, address): + self.fw_icmptype.addDestination(destination, address) + + @slip.dbus.polkit.enable_proxy + @handle_exceptions + def removeDestination(self, destination): + self.fw_icmptype.removeDestination(destination, address) + + @slip.dbus.polkit.enable_proxy + @handle_exceptions + def queryDestination(self, destination, address): + return self.fw_icmptype.queryDestination(destination, address) + + # config.policies lockdown whitelist class FirewallClientPoliciesLockdownWhitelist(object): @@ -690,6 +1143,99 @@ class FirewallClientConfigPolicies(objec def setLockdownWhitelist(self, settings): self.fw_policies.setLockdownWhitelist(tuple(settings.settings)) + # command + + @slip.dbus.polkit.enable_proxy + @handle_exceptions + def addLockdownWhitelistCommand(self, command): + self.fw_policies.addLockdownWhitelistCommand(command) + + @slip.dbus.polkit.enable_proxy + @handle_exceptions + def removeLockdownWhitelistCommand(self, command): + self.fw_policies.removeLockdownWhitelistCommand(command) + + @slip.dbus.polkit.enable_proxy + @handle_exceptions + def queryLockdownWhitelistCommand(self, command): + return dbus_to_python(self.fw_policies.queryLockdownWhitelistCommand(command)) + + @slip.dbus.polkit.enable_proxy + @handle_exceptions + def getLockdownWhitelistCommands(self): + return dbus_to_python(self.fw_policies.getLockdownWhitelistCommands()) + + # context + + @slip.dbus.polkit.enable_proxy + @handle_exceptions + def addLockdownWhitelistContext(self, context): + self.fw_policies.addLockdownWhitelistContext(context) + + @slip.dbus.polkit.enable_proxy + @handle_exceptions + def removeLockdownWhitelistContext(self, context): + self.fw_policies.removeLockdownWhitelistContext(context) + + @slip.dbus.polkit.enable_proxy + @handle_exceptions + def queryLockdownWhitelistContext(self, context): + return dbus_to_python(self.fw_policies.queryLockdownWhitelistContext(context)) + + @slip.dbus.polkit.enable_proxy + @handle_exceptions + def getLockdownWhitelistContexts(self): + return dbus_to_python(self.fw_policies.getLockdownWhitelistContexts()) + + # user + + @slip.dbus.polkit.enable_proxy + @handle_exceptions + def addLockdownWhitelistUser(self, user): + self.fw_policies.addLockdownWhitelistUser(user) + + @slip.dbus.polkit.enable_proxy + @handle_exceptions + def removeLockdownWhitelistUser(self, user): + self.fw_policies.removeLockdownWhitelistUser(user) + + @slip.dbus.polkit.enable_proxy + @handle_exceptions + def queryLockdownWhitelistUser(self, user): + return dbus_to_python(self.fw_policies.queryLockdownWhitelistUser(user)) + + @slip.dbus.polkit.enable_proxy + @handle_exceptions + def getLockdownWhitelistUsers(self): + return dbus_to_python(self.fw_policies.getLockdownWhitelistUsers()) + + # uid + + @slip.dbus.polkit.enable_proxy + @handle_exceptions + def getLockdownWhitelistUids(self): + return dbus_to_python(self.fw_policies.getLockdownWhitelistUids()) + + @slip.dbus.polkit.enable_proxy + @handle_exceptions + def setLockdownWhitelistUids(self, uids): + self.fw_policies.setLockdownWhitelistUids(uids) + + @slip.dbus.polkit.enable_proxy + @handle_exceptions + def addLockdownWhitelistUid(self, uid): + self.fw_policies.addLockdownWhitelistUid(uid) + + @slip.dbus.polkit.enable_proxy + @handle_exceptions + def removeLockdownWhitelistUid(self, uid): + self.fw_policies.removeLockdownWhitelistUid(uid) + + @slip.dbus.polkit.enable_proxy + @handle_exceptions + def queryLockdownWhitelistUid(self, uid): + return dbus_to_python(self.fw_policies.queryLockdownWhitelistUid(uid)) + # config.direct class FirewallClientDirect(object): @@ -810,6 +1356,92 @@ class FirewallClientConfigDirect(object) def update(self, settings): self.fw_direct.update(tuple(settings.settings)) + # direct chain + + @slip.dbus.polkit.enable_proxy + @handle_exceptions + def addChain(self, ipv, table, chain): + self.fw_direct.addChain(ipv, table, chain) + + @slip.dbus.polkit.enable_proxy + @handle_exceptions + def removeChain(self, ipv, table, chain): + self.fw_direct.removeChain(ipv, table, chain) + + @slip.dbus.polkit.enable_proxy + @handle_exceptions + def queryChain(self, ipv, table, chain): + return dbus_to_python(self.fw_direct.queryChain(ipv, table, chain)) + + @slip.dbus.polkit.enable_proxy + @handle_exceptions + def getChains(self, ipv, table): + return dbus_to_python(self.fw_direct.getChains(ipv, table)) + + @slip.dbus.polkit.enable_proxy + @handle_exceptions + def getAllChains(self): + return dbus_to_python(self.fw_direct.getAllChains()) + + # direct rule + + @slip.dbus.polkit.enable_proxy + @handle_exceptions + def addRule(self, ipv, table, chain, priority, args): + self.fw_direct.addRule(ipv, table, chain, priority, args) + + @slip.dbus.polkit.enable_proxy + @handle_exceptions + def removeRule(self, ipv, table, chain, priority, args): + self.fw_direct.removeRule(ipv, table, chain, priority, args) + + @slip.dbus.polkit.enable_proxy + @handle_exceptions + def removeRules(self, ipv, table, chain): + self.fw_direct.removeRules(ipv, table, chain) + + @slip.dbus.polkit.enable_proxy + @handle_exceptions + def queryRule(self, ipv, table, chain, priority, args): + return dbus_to_python(self.fw_direct.queryRule(ipv, table, chain, priority, args)) + + @slip.dbus.polkit.enable_proxy + @handle_exceptions + def getRules(self, ipv, table, chain): + return dbus_to_python(self.fw_direct.getRules(ipv, table, chain)) + + @slip.dbus.polkit.enable_proxy + @handle_exceptions + def getAllRules(self): + return dbus_to_python(self.fw_direct.getAllRules()) + + # tracked passthrough + + @slip.dbus.polkit.enable_proxy + @handle_exceptions + def addPassthrough(self, ipv, args): + self.fw_direct.addPassthrough(ipv, args) + + @slip.dbus.polkit.enable_proxy + @handle_exceptions + def removePassthrough(self, ipv, args): + self.fw_direct.removePassthrough(ipv, args) + + @slip.dbus.polkit.enable_proxy + @handle_exceptions + def queryPassthrough(self, ipv, args): + return dbus_to_python(self.fw_direct.queryPassthrough(ipv, args)) + + @slip.dbus.polkit.enable_proxy + @handle_exceptions + def getPassthroughs(self, ipv): + return dbus_to_python(self.fw_direct.getPassthroughs(ipv)) + + @slip.dbus.polkit.enable_proxy + @handle_exceptions + def getAllPassthroughs(self): + return dbus_to_python(self.fw_direct.getAllPassthroughs()) + # config class FirewallClientConfig(object): diff -up firewalld-0.3.9/src/firewall/core/io/direct.py.RHBZ#1127706 firewalld-0.3.9/src/firewall/core/io/direct.py --- firewalld-0.3.9/src/firewall/core/io/direct.py.RHBZ#1127706 2014-09-30 01:05:32.434984627 +0200 +++ firewalld-0.3.9/src/firewall/core/io/direct.py 2014-09-30 01:09:08.587824840 +0200 @@ -140,17 +140,17 @@ class Direct(IO_Object): x = [ ] for key in self.chains: for chain in self.chains[key]: - x.append(list(key) + list([chain])) + x.append(tuple(list(key) + list([chain]))) ret.append(x) x = [ ] for key in self.rules: for rule in self.rules[key]: - x.append(list(key) + list(rule)) + x.append(tuple((key[0], key[1], key[2], rule[0], list(rule[1])))) ret.append(x) x = [ ] for key in self.passthroughs: for rule in self.passthroughs[key]: - x.append((key, rule)) + x.append(tuple((key, list(rule)))) ret.append(x) return tuple(ret) diff -up firewalld-0.3.9/src/firewall/core/io/service.py.RHBZ#1127706 firewalld-0.3.9/src/firewall/core/io/service.py --- firewalld-0.3.9/src/firewall/core/io/service.py.RHBZ#1127706 2014-09-30 01:05:32.325984256 +0200 +++ firewalld-0.3.9/src/firewall/core/io/service.py 2014-09-30 01:09:57.697013002 +0200 @@ -100,6 +100,13 @@ class Service(IO_Object): if not check_address(destination, config[destination]): raise FirewallError(INVALID_ADDR, config[destination]) + elif item == "modules": + for module in config: + if not module.startswith("nf_conntrack_"): + raise FirewallError(INVALID_MODULE, module) + elif len(module.replace("nf_conntrack_", "")) < 1: + raise FirewallError(INVALID_MODULE, module) + # PARSER class service_ContentHandler(IO_Object_ContentHandler): diff -up firewalld-0.3.9/src/firewall/core/io/zone.py.RHBZ#1127706 firewalld-0.3.9/src/firewall/core/io/zone.py --- firewalld-0.3.9/src/firewall/core/io/zone.py.RHBZ#1127706 2014-09-30 01:05:32.335984290 +0200 +++ firewalld-0.3.9/src/firewall/core/io/zone.py 2014-09-30 01:09:08.589824849 +0200 @@ -25,7 +25,7 @@ import shutil from firewall.config import ETC_FIREWALLD from firewall.errors import * -from firewall.functions import checkIP, uniqify, max_zone_name_len, u2b_if_py2 +from firewall.functions import checkIP, checkIPnMask, checkIP6nMask, checkInterface, uniqify, max_zone_name_len, u2b_if_py2 from firewall.core.base import DEFAULT_ZONE_TARGET, ZONE_TARGETS from firewall.core.io.io_object import * from firewall.core.rich import * @@ -184,6 +184,17 @@ class Zone(IO_Object): elif item == "target": if config not in ZONE_TARGETS: raise FirewallError(INVALID_TARGET, config) + elif item == "interfaces": + for interface in config: + if not checkInterface(interface): + raise FirewallError(INVALID_INTERFACE, interface) + elif item == "sources": + for source in config: + if not checkIPnMask(source) and not checkIP6nMask(source): + raise FirewallError(INVALID_ADDR, source) + elif item == "rules_str": + for rule in config: + r = Rich_Rule(rule_str=rule) def check_name(self, name): super(Zone, self).check_name(name) diff -up firewalld-0.3.9/src/firewall/errors.py.RHBZ#1127706 firewalld-0.3.9/src/firewall/errors.py --- firewalld-0.3.9/src/firewall/errors.py.RHBZ#1127706 2014-09-30 01:05:32.434984627 +0200 +++ firewalld-0.3.9/src/firewall/errors.py 2014-09-30 01:09:08.589824849 +0200 @@ -73,6 +73,7 @@ INVALID_CONTEXT = 128 INVALID_COMMAND = 129 INVALID_USER = 130 INVALID_UID = 131 +INVALID_MODULE = 132 MISSING_TABLE = 200 MISSING_CHAIN = 201 diff -up firewalld-0.3.9/src/firewall/server/config_icmptype.py.RHBZ#1127706 firewalld-0.3.9/src/firewall/server/config_icmptype.py --- firewalld-0.3.9/src/firewall/server/config_icmptype.py.RHBZ#1127706 2014-01-13 16:12:35.000000000 +0100 +++ firewalld-0.3.9/src/firewall/server/config_icmptype.py 2014-09-30 01:09:08.591824854 +0200 @@ -219,3 +219,113 @@ class FirewallDConfigIcmpType(slip.dbus. @dbus_handle_exceptions def Renamed(self, name): log.debug1("config.icmptype.%d.Renamed('%s')" % (self.id, name)) + + # version + + @dbus_service_method(DBUS_INTERFACE_CONFIG_ICMPTYPE, out_signature='s') + @dbus_handle_exceptions + def getVersion(self, sender=None): + log.debug1("config.icmptype.%d.getVersion()", self.id) + return self.getSettings()[0] + + @dbus_service_method(DBUS_INTERFACE_CONFIG_ICMPTYPE, in_signature='s') + @dbus_handle_exceptions + def setVersion(self, version, sender=None): + version = dbus_to_python(version, str) + log.debug1("config.icmptype.%d.setVersion('%s')", self.id, version) + self.parent.accessCheck(sender) + settings = list(self.getSettings()) + settings[0] = version + self.update(settings) + + # short + + @dbus_service_method(DBUS_INTERFACE_CONFIG_ICMPTYPE, out_signature='s') + @dbus_handle_exceptions + def getShort(self, sender=None): + log.debug1("config.icmptype.%d.getShort()", self.id) + return self.getSettings()[1] + + @dbus_service_method(DBUS_INTERFACE_CONFIG_ICMPTYPE, in_signature='s') + @dbus_handle_exceptions + def setShort(self, short, sender=None): + short = dbus_to_python(short, str) + log.debug1("config.icmptype.%d.setShort('%s')", self.id, short) + self.parent.accessCheck(sender) + settings = list(self.getSettings()) + settings[1] = short + self.update(settings) + + # description + + @dbus_service_method(DBUS_INTERFACE_CONFIG_ICMPTYPE, out_signature='s') + @dbus_handle_exceptions + def getDescription(self, sender=None): + log.debug1("config.icmptype.%d.getDescription()", self.id) + return self.getSettings()[2] + + @dbus_service_method(DBUS_INTERFACE_CONFIG_ICMPTYPE, in_signature='s') + @dbus_handle_exceptions + def setDescription(self, description, sender=None): + description = dbus_to_python(description, str) + log.debug1("config.icmptype.%d.setDescription('%s')", self.id, + description) + self.parent.accessCheck(sender) + settings = list(self.getSettings()) + settings[2] = description + self.update(settings) + + # destination + + @dbus_service_method(DBUS_INTERFACE_CONFIG_ICMPTYPE, out_signature='as') + @dbus_handle_exceptions + def getDestinations(self, sender=None): + log.debug1("config.icmptype.%d.getDestinations()", self.id) + return sorted(self.getSettings()[3]) + + @dbus_service_method(DBUS_INTERFACE_CONFIG_ICMPTYPE, in_signature='as') + @dbus_handle_exceptions + def setDestinations(self, destinations, sender=None): + destinations = dbus_to_python(destinations, list) + log.debug1("config.icmptype.%d.setDestinations('[%s]')", self.id, + ",".join(destinations)) + self.parent.accessCheck(sender) + settings = list(self.getSettings()) + settings[3] = destinations + self.update(settings) + + @dbus_service_method(DBUS_INTERFACE_CONFIG_ICMPTYPE, in_signature='s') + @dbus_handle_exceptions + def addDestination(self, destination, sender=None): + destination = dbus_to_python(destination, str) + log.debug1("config.icmptype.%d.addDestination('%s')", self.id, + destination) + self.parent.accessCheck(sender) + settings = list(self.getSettings()) + if destination in settings[3]: + raise FirewallError(ALREADY_ENABLED, destination) + settings[3].append(destination) + self.update(settings) + + @dbus_service_method(DBUS_INTERFACE_CONFIG_ICMPTYPE, in_signature='s') + @dbus_handle_exceptions + def removeDestination(self, destination, sender=None): + destination = dbus_to_python(destination, str) + log.debug1("config.icmptype.%d.removeDestination('%s')", self.id, + destination) + self.parent.accessCheck(sender) + settings = list(self.getSettings()) + if destination not in settings[3]: + raise FirewallError(NOT_ENABLED, destination) + settings[3].remove(destination) + self.update(settings) + + @dbus_service_method(DBUS_INTERFACE_CONFIG_ICMPTYPE, in_signature='s', + out_signature='b') + @dbus_handle_exceptions + def queryDestination(self, destination, sender=None): + destination = dbus_to_python(destination, str) + log.debug1("config.icmptype.%d.queryDestination('%s')", self.id, + destination) + settings = self.getSettings() + return (destination in self.settings[3]) diff -up firewalld-0.3.9/src/firewall/server/config.py.RHBZ#1127706 firewalld-0.3.9/src/firewall/server/config.py --- firewalld-0.3.9/src/firewall/server/config.py.RHBZ#1127706 2014-09-30 01:05:32.503984862 +0200 +++ firewalld-0.3.9/src/firewall/server/config.py 2014-09-30 01:09:08.590824851 +0200 @@ -419,6 +419,166 @@ class FirewallDConfig(slip.dbus.service. def LockdownWhitelistUpdated(self): log.debug1("config.policies.LockdownWhitelistUpdated()") + # command + + @dbus_service_method(DBUS_INTERFACE_CONFIG_POLICIES, in_signature='s') + @dbus_handle_exceptions + def addLockdownWhitelistCommand(self, command, sender=None): + command = dbus_to_python(command) + log.debug1("config.policies.addLockdownWhitelistCommand('%s')", command) + self.accessCheck(sender) + settings = list(self.getLockdownWhitelist()) + if command in settings[0]: + raise FirewallError(ALREADY_ENABLED, command) + settings[0].append(command) + self.setLockdownWhitelist(settings) + + @dbus_service_method(DBUS_INTERFACE_CONFIG_POLICIES, in_signature='s') + @dbus_handle_exceptions + def removeLockdownWhitelistCommand(self, command, sender=None): + command = dbus_to_python(command) + log.debug1("config.policies.removeLockdownWhitelistCommand('%s')", command) + self.accessCheck(sender) + settings = list(self.getLockdownWhitelist()) + if command not in settings[0]: + raise FirewallError(NOT_ENABLED, command) + settings[0].remove(command) + self.setLockdownWhitelist(settings) + + @dbus_service_method(DBUS_INTERFACE_CONFIG_POLICIES, in_signature='s', + out_signature='b') + @dbus_handle_exceptions + def queryLockdownWhitelistCommand(self, command, sender=None): + command = dbus_to_python(command) + log.debug1("config.policies.queryLockdownWhitelistCommand('%s')", command) + return command in self.getLockdownWhitelist()[0] + + @dbus_service_method(DBUS_INTERFACE_CONFIG_POLICIES, out_signature='as') + @dbus_handle_exceptions + def getLockdownWhitelistCommands(self, sender=None): + log.debug1("config.policies.getLockdownWhitelistCommands()") + return self.getLockdownWhitelist()[0] + + # context + + @dbus_service_method(DBUS_INTERFACE_CONFIG_POLICIES, in_signature='s') + @dbus_handle_exceptions + def addLockdownWhitelistContext(self, context, sender=None): + context = dbus_to_python(context) + log.debug1("config.policies.addLockdownWhitelistContext('%s')", context) + self.accessCheck(sender) + settings = list(self.getLockdownWhitelist()) + if context in settings[1]: + raise FirewallError(ALREADY_ENABLED, context) + settings[1].append(context) + self.setLockdownWhitelist(settings) + + @dbus_service_method(DBUS_INTERFACE_CONFIG_POLICIES, in_signature='s') + @dbus_handle_exceptions + def removeLockdownWhitelistContext(self, context, sender=None): + context = dbus_to_python(context) + log.debug1("config.policies.removeLockdownWhitelistContext('%s')", context) + self.accessCheck(sender) + settings = list(self.getLockdownWhitelist()) + if context not in settings[1]: + raise FirewallError(NOT_ENABLED, context) + settings[1].remove(context) + self.setLockdownWhitelist(settings) + + @dbus_service_method(DBUS_INTERFACE_CONFIG_POLICIES, in_signature='s', + out_signature='b') + @dbus_handle_exceptions + def queryLockdownWhitelistContext(self, context, sender=None): + context = dbus_to_python(context) + log.debug1("config.policies.queryLockdownWhitelistContext('%s')", context) + return context in self.getLockdownWhitelist()[1] + + @dbus_service_method(DBUS_INTERFACE_CONFIG_POLICIES, out_signature='as') + @dbus_handle_exceptions + def getLockdownWhitelistContexts(self, sender=None): + log.debug1("config.policies.getLockdownWhitelistContexts()") + return self.getLockdownWhitelist()[1] + + # user + + @dbus_service_method(DBUS_INTERFACE_CONFIG_POLICIES, in_signature='s') + @dbus_handle_exceptions + def addLockdownWhitelistUser(self, user, sender=None): + user = dbus_to_python(user) + log.debug1("config.policies.addLockdownWhitelistUser('%s')", user) + self.accessCheck(sender) + settings = list(self.getLockdownWhitelist()) + if user in settings[2]: + raise FirewallError(ALREADY_ENABLED, user) + settings[2].append(user) + self.setLockdownWhitelist(settings) + + @dbus_service_method(DBUS_INTERFACE_CONFIG_POLICIES, in_signature='s') + @dbus_handle_exceptions + def removeLockdownWhitelistUser(self, user, sender=None): + user = dbus_to_python(user) + log.debug1("config.policies.removeLockdownWhitelistUser('%s')", user) + self.accessCheck(sender) + settings = list(self.getLockdownWhitelist()) + if user not in settings[2]: + raise FirewallError(NOT_ENABLED, user) + settings[2].remove(user) + self.setLockdownWhitelist(settings) + + @dbus_service_method(DBUS_INTERFACE_CONFIG_POLICIES, in_signature='s', + out_signature='b') + @dbus_handle_exceptions + def queryLockdownWhitelistUser(self, user, sender=None): + user = dbus_to_python(user) + log.debug1("config.policies.queryLockdownWhitelistUser('%s')", user) + return user in self.getLockdownWhitelist()[2] + + @dbus_service_method(DBUS_INTERFACE_CONFIG_POLICIES, out_signature='as') + @dbus_handle_exceptions + def getLockdownWhitelistUsers(self, sender=None): + log.debug1("config.policies.getLockdownWhitelistUsers()") + return self.getLockdownWhitelist()[2] + + # uid + + @dbus_service_method(DBUS_INTERFACE_CONFIG_POLICIES, in_signature='i') + @dbus_handle_exceptions + def addLockdownWhitelistUid(self, uid, sender=None): + uid = dbus_to_python(uid) + log.debug1("config.policies.addLockdownWhitelistUid(%d)", uid) + self.accessCheck(sender) + settings = list(self.getLockdownWhitelist()) + if uid in settings[3]: + raise FirewallError(ALREADY_ENABLED, uid) + settings[3].append(uid) + self.setLockdownWhitelist(settings) + + @dbus_service_method(DBUS_INTERFACE_CONFIG_POLICIES, in_signature='i') + @dbus_handle_exceptions + def removeLockdownWhitelistUid(self, uid, sender=None): + uid = dbus_to_python(uid) + log.debug1("config.policies.removeLockdownWhitelistUid(%d)", uid) + self.accessCheck(sender) + settings = list(self.getLockdownWhitelist()) + if uid not in settings[3]: + raise FirewallError(NOT_ENABLED, uid) + settings[3].remove(uid) + self.setLockdownWhitelist(settings) + + @dbus_service_method(DBUS_INTERFACE_CONFIG_POLICIES, in_signature='i', + out_signature='b') + @dbus_handle_exceptions + def queryLockdownWhitelistUid(self, uid, sender=None): + uid = dbus_to_python(uid) + log.debug1("config.policies.queryLockdownWhitelistUid(%d)", uid) + return uid in self.getLockdownWhitelist()[3] + + @dbus_service_method(DBUS_INTERFACE_CONFIG_POLICIES, out_signature='ai') + @dbus_handle_exceptions + def getLockdownWhitelistUids(self, sender=None): + log.debug1("config.policies.getLockdownWhitelistUids()") + return self.getLockdownWhitelist()[3] + # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # I C M P T Y P E S @@ -612,3 +772,213 @@ class FirewallDConfig(slip.dbus.service. @dbus_handle_exceptions def Updated(self): log.debug1("config.direct.Updated()") + + # chain + + @dbus_service_method(DBUS_INTERFACE_CONFIG_DIRECT, in_signature='sss') + @dbus_handle_exceptions + def addChain(self, ipv, table, chain, sender=None): + ipv = dbus_to_python(ipv) + table = dbus_to_python(table) + chain = dbus_to_python(chain) + log.debug1("config.direct.addChain('%s', '%s', '%s')" % \ + (ipv, table, chain)) + self.accessCheck(sender) + idx = tuple((ipv, table, chain)) + settings = list(self.getSettings()) + if idx in settings[0]: + raise FirewallError(ALREADY_ENABLED, + "chain '%s' already is in '%s:%s'" % (chain, ipv, table)) + settings[0].append(idx) + self.update(settings) + + @dbus_service_method(DBUS_INTERFACE_CONFIG_DIRECT, in_signature='sss') + @dbus_handle_exceptions + def removeChain(self, ipv, table, chain, sender=None): + ipv = dbus_to_python(ipv) + table = dbus_to_python(table) + chain = dbus_to_python(chain) + log.debug1("config.direct.removeChain('%s', '%s', '%s')" % \ + (ipv, table, chain)) + self.accessCheck(sender) + idx = tuple((ipv, table, chain)) + settings = list(self.getSettings()) + if idx not in settings[0]: + raise FirewallError(NOT_ENABLED, + "chain '%s' is not in '%s:%s'" % (chain, ipv, table)) + settings[0].remove(idx) + self.update(settings) + + @dbus_service_method(DBUS_INTERFACE_CONFIG_DIRECT, in_signature='sss', + out_signature='b') + @dbus_handle_exceptions + def queryChain(self, ipv, table, chain, sender=None): + ipv = dbus_to_python(ipv) + table = dbus_to_python(table) + chain = dbus_to_python(chain) + log.debug1("config.direct.queryChain('%s', '%s', '%s')" % \ + (ipv, table, chain)) + idx = tuple((ipv, table, chain)) + return idx in self.getSettings()[0] + + @dbus_service_method(DBUS_INTERFACE_CONFIG_DIRECT, in_signature='ss', + out_signature='as') + @dbus_handle_exceptions + def getChains(self, ipv, table, sender=None): + ipv = dbus_to_python(ipv) + table = dbus_to_python(table) + log.debug1("config.direct.getChains('%s', '%s')" % (ipv, table)) + ret = [ ] + for idx in self.getSettings()[0]: + if idx[0] == ipv and idx[1] == table: + ret.append(idx[2]) + return ret + + @dbus_service_method(DBUS_INTERFACE_CONFIG_DIRECT, in_signature='', + out_signature='a(sss)') + @dbus_handle_exceptions + def getAllChains(self, sender=None): + log.debug1("config.direct.getAllChains()") + return self.getSettings()[0] + + # rule + + @dbus_service_method(DBUS_INTERFACE_CONFIG_DIRECT, in_signature='sssias') + @dbus_handle_exceptions + def addRule(self, ipv, table, chain, priority, args, sender=None): + ipv = dbus_to_python(ipv) + table = dbus_to_python(table) + chain = dbus_to_python(chain) + priority = dbus_to_python(priority) + args = dbus_to_python(args) + log.debug1("config.direct.addRule('%s', '%s', '%s', %d, '%s')" % \ + (ipv, table, chain, priority, "','".join(args))) + self.accessCheck(sender) + idx = (ipv, table, chain, priority, args) + settings = list(self.getSettings()) + if idx in settings[1]: + raise FirewallError(ALREADY_ENABLED, + "rule '%s' already is in '%s:%s:%s'" % \ + (args, ipv, table, chain)) + settings[1].append(idx) + self.update(tuple(settings)) + + @dbus_service_method(DBUS_INTERFACE_CONFIG_DIRECT, in_signature='sssias') + @dbus_handle_exceptions + def removeRule(self, ipv, table, chain, priority, args, sender=None): + ipv = dbus_to_python(ipv) + table = dbus_to_python(table) + chain = dbus_to_python(chain) + priority = dbus_to_python(priority) + args = dbus_to_python(args) + log.debug1("config.direct.removeRule('%s', '%s', '%s', %d, '%s')" % \ + (ipv, table, chain, priority, "','".join(args))) + self.accessCheck(sender) + idx = (ipv, table, chain, priority, args) + settings = list(self.getSettings()) + if idx not in settings[1]: + raise FirewallError(NOT_ENABLED, + "rule '%s' is not in '%s:%s:%s'" % \ + (args, ipv, table, chain)) + settings[1].remove(idx) + self.update(tuple(settings)) + + @dbus_service_method(DBUS_INTERFACE_CONFIG_DIRECT, in_signature='sssias', + out_signature='b') + @dbus_handle_exceptions + def queryRule(self, ipv, table, chain, priority, args, sender=None): + ipv = dbus_to_python(ipv) + table = dbus_to_python(table) + chain = dbus_to_python(chain) + priority = dbus_to_python(priority) + args = dbus_to_python(args) + log.debug1("config.direct.queryRule('%s', '%s', '%s', %d, '%s')" % \ + (ipv, table, chain, priority, "','".join(args))) + idx = (ipv, table, chain, priority, args) + return idx in self.getSettings()[1] + + @dbus_service_method(DBUS_INTERFACE_CONFIG_DIRECT, in_signature='sss', + out_signature='a(ias)') + @dbus_handle_exceptions + def getRules(self, ipv, table, chain, sender=None): + ipv = dbus_to_python(ipv) + table = dbus_to_python(table) + chain = dbus_to_python(chain) + log.debug1("config.direct.getRules('%s', '%s', '%s')" % \ + (ipv, table, chain)) + ret = [ ] + for idx in self.getSettings()[1]: + if idx[0] == ipv and idx[1] == table and idx[2] == chain: + ret.append((idx[3], idx[4])) + return ret + + @dbus_service_method(DBUS_INTERFACE_CONFIG_DIRECT, in_signature='', + out_signature='a(sssias)') + @dbus_handle_exceptions + def getAllRules(self, sender=None): + log.debug1("config.direct.getAllRules()") + return self.getSettings()[1] + + # passthrough + + @dbus_service_method(DBUS_INTERFACE_CONFIG_DIRECT, in_signature='sas') + @dbus_handle_exceptions + def addPassthrough(self, ipv, args, sender=None): + ipv = dbus_to_python(ipv) + args = dbus_to_python(args) + log.debug1("config.direct.addPassthrough('%s', '%s')" % \ + (ipv, "','".join(args))) + self.accessCheck(sender) + idx = (ipv, args) + settings = list(self.getSettings()) + if idx in settings[2]: + raise FirewallError(ALREADY_ENABLED, + "passthrough '%s', '%s'" % (ipv, args)) + settings[2].append(idx) + self.update(settings) + + + @dbus_service_method(DBUS_INTERFACE_CONFIG_DIRECT, in_signature='sas') + @dbus_handle_exceptions + def removePassthrough(self, ipv, args, sender=None): + ipv = dbus_to_python(ipv) + args = dbus_to_python(args) + log.debug1("config.direct.removePassthrough('%s', '%s')" % \ + (ipv, "','".join(args))) + self.accessCheck(sender) + idx = (ipv, args) + settings = list(self.getSettings()) + if idx not in settings[2]: + raise FirewallError(NOT_ENABLED, + "passthrough '%s', '%s'" % (ipv, args)) + settings[2].remove(idx) + self.update(settings) + + @dbus_service_method(DBUS_INTERFACE_CONFIG_DIRECT, in_signature='sas', + out_signature='b') + @dbus_handle_exceptions + def queryPassthrough(self, ipv, args, sender=None): + ipv = dbus_to_python(ipv) + args = dbus_to_python(args) + log.debug1("config.direct.queryPassthrough('%s', '%s')" % \ + (ipv, "','".join(args))) + idx = (ipv, args) + return idx in self.getSettings()[2] + + @dbus_service_method(DBUS_INTERFACE_CONFIG_DIRECT, in_signature='s', + out_signature='aas') + @dbus_handle_exceptions + def getPassthroughs(self, ipv, sender=None): + ipv = dbus_to_python(ipv) + log.debug1("config.direct.getPassthroughs('%s')" % (ipv)) + ret = [ ] + for idx in self.getSettings()[2]: + if idx[0] == ipv: + ret.append(idx[1]) + return ret + + @dbus_service_method(DBUS_INTERFACE_CONFIG_DIRECT, out_signature='a(sas)') + @dbus_handle_exceptions + def getAllPassthroughs(self, sender=None): + log.debug1("config.direct.getAllPassthroughs()") + return self.getSettings()[2] diff -up firewalld-0.3.9/src/firewall/server/config_service.py.RHBZ#1127706 firewalld-0.3.9/src/firewall/server/config_service.py --- firewalld-0.3.9/src/firewall/server/config_service.py.RHBZ#1127706 2014-01-13 16:12:35.000000000 +0100 +++ firewalld-0.3.9/src/firewall/server/config_service.py 2014-09-30 01:09:08.591824854 +0200 @@ -219,3 +219,244 @@ class FirewallDConfigService(slip.dbus.s @dbus_handle_exceptions def Renamed(self, name): log.debug1("config.service.%d.Renamed('%s')" % (self.id, name)) + + # version + + @dbus_service_method(DBUS_INTERFACE_CONFIG_SERVICE, out_signature='s') + @dbus_handle_exceptions + def getVersion(self, sender=None): + log.debug1("config.service.%d.getVersion()", self.id) + return self.getSettings()[0] + + @dbus_service_method(DBUS_INTERFACE_CONFIG_SERVICE, in_signature='s') + @dbus_handle_exceptions + def setVersion(self, version, sender=None): + version = dbus_to_python(version, str) + log.debug1("config.service.%d.setVersion('%s')", self.id, version) + self.parent.accessCheck(sender) + settings = list(self.getSettings()) + settings[0] = version + self.update(settings) + + # short + + @dbus_service_method(DBUS_INTERFACE_CONFIG_SERVICE, out_signature='s') + @dbus_handle_exceptions + def getShort(self, sender=None): + log.debug1("config.service.%d.getShort()", self.id) + return self.getSettings()[1] + + @dbus_service_method(DBUS_INTERFACE_CONFIG_SERVICE, in_signature='s') + @dbus_handle_exceptions + def setShort(self, short, sender=None): + short = dbus_to_python(short, str) + log.debug1("config.service.%d.setShort('%s')", self.id, short) + self.parent.accessCheck(sender) + settings = list(self.getSettings()) + settings[1] = short + self.update(settings) + + # description + + @dbus_service_method(DBUS_INTERFACE_CONFIG_SERVICE, out_signature='s') + @dbus_handle_exceptions + def getDescription(self, sender=None): + log.debug1("config.service.%d.getDescription()", self.id) + return self.getSettings()[2] + + @dbus_service_method(DBUS_INTERFACE_CONFIG_SERVICE, in_signature='s') + @dbus_handle_exceptions + def setDescription(self, description, sender=None): + description = dbus_to_python(description, str) + log.debug1("config.service.%d.setDescription('%s')", self.id, + description) + self.parent.accessCheck(sender) + settings = list(self.getSettings()) + settings[2] = description + self.update(settings) + + # port + + @dbus_service_method(DBUS_INTERFACE_CONFIG_SERVICE, out_signature='a(ss)') + @dbus_handle_exceptions + def getPorts(self, sender=None): + log.debug1("config.service.%d.getPorts()", self.id) + return self.getSettings()[3] + + @dbus_service_method(DBUS_INTERFACE_CONFIG_SERVICE, in_signature='a(ss)') + @dbus_handle_exceptions + def setPorts(self, ports, sender=None): + _ports = [ ] + # convert embedded lists to tuples + for port in dbus_to_python(ports, list): + if type(port) == list: + _ports.append(tuple(port)) + else: + _ports.append(port) + ports = _ports + log.debug1("config.service.%d.setPorts('[%s]')", self.id, + ",".join("('%s, '%s')" % (port[0], port[1]) for port in ports)) + self.parent.accessCheck(sender) + settings = list(self.getSettings()) + settings[3] = ports + self.update(settings) + + @dbus_service_method(DBUS_INTERFACE_CONFIG_SERVICE, in_signature='ss') + @dbus_handle_exceptions + def addPort(self, port, protocol, sender=None): + port = dbus_to_python(port, str) + protocol = dbus_to_python(protocol, str) + log.debug1("config.service.%d.addPort('%s', '%s')", self.id, port, + protocol) + self.parent.accessCheck(sender) + settings = list(self.getSettings()) + if (port,protocol) in settings[3]: + raise FirewallError(ALREADY_ENABLED, "%s:%s" % (port, protocol)) + settings[3].append((port,protocol)) + self.update(settings) + + @dbus_service_method(DBUS_INTERFACE_CONFIG_SERVICE, in_signature='ss') + @dbus_handle_exceptions + def removePort(self, port, protocol, sender=None): + port = dbus_to_python(port, str) + protocol = dbus_to_python(protocol, str) + log.debug1("config.service.%d.removePort('%s', '%s')", self.id, port, + protocol) + self.parent.accessCheck(sender) + settings = list(self.getSettings()) + if (port,protocol) not in settings[3]: + raise FirewallError(NOT_ENABLED, "%s:%s" % (port, protocol)) + settings[3].remove((port,protocol)) + self.update(settings) + + @dbus_service_method(DBUS_INTERFACE_CONFIG_SERVICE, in_signature='ss', + out_signature='b') + @dbus_handle_exceptions + def queryPort(self, port, protocol, sender=None): + port = dbus_to_python(port, str) + protocol = dbus_to_python(protocol, str) + log.debug1("config.service.%d.queryPort('%s', '%s')", self.id, port, + protocol) + return (port,protocol) in self.getSettings()[3] + + # module + + @dbus_service_method(DBUS_INTERFACE_CONFIG_SERVICE, out_signature='as') + @dbus_handle_exceptions + def getModules(self, sender=None): + log.debug1("config.service.%d.getModules()", self.id) + return sorted(self.getSettings()[4]) + + @dbus_service_method(DBUS_INTERFACE_CONFIG_SERVICE, in_signature='as') + @dbus_handle_exceptions + def setModules(self, modules, sender=None): + modules = dbus_to_python(modules, list) + log.debug1("config.service.%d.setModules('[%s]')", self.id, + ",".join(modules)) + self.parent.accessCheck(sender) + settings = list(self.getSettings()) + settings[4] = modules + self.update(settings) + + @dbus_service_method(DBUS_INTERFACE_CONFIG_SERVICE, in_signature='s') + @dbus_handle_exceptions + def addModule(self, module, sender=None): + module = dbus_to_python(module, str) + log.debug1("config.service.%d.addModule('%s')", self.id, module) + self.parent.accessCheck(sender) + settings = list(self.getSettings()) + if module in settings[4]: + raise FirewallError(ALREADY_ENABLED, module) + settings[4].append(module) + self.update(settings) + + @dbus_service_method(DBUS_INTERFACE_CONFIG_SERVICE, in_signature='s') + @dbus_handle_exceptions + def removeModule(self, module, sender=None): + module = dbus_to_python(module, str) + log.debug1("config.service.%d.removeModule('%s')", self.id, module) + self.parent.accessCheck(sender) + settings = list(self.getSettings()) + if module not in settings[4]: + raise FirewallError(NOT_ENABLED, module) + settings[4].remove(module) + self.update(settings) + + @dbus_service_method(DBUS_INTERFACE_CONFIG_SERVICE, in_signature='s', + out_signature='b') + @dbus_handle_exceptions + def queryModule(self, module, sender=None): + module = dbus_to_python(module, str) + log.debug1("config.service.%d.queryModule('%s')", self.id, module) + return module in self.getSettings()[4] + + # destination + + @dbus_service_method(DBUS_INTERFACE_CONFIG_SERVICE, out_signature='a{ss}') + @dbus_handle_exceptions + def getDestinations(self, sender=None): + log.debug1("config.service.%d.getDestinations()", self.id) + return self.getSettings()[5] + + @dbus_service_method(DBUS_INTERFACE_CONFIG_SERVICE, in_signature='as') + @dbus_handle_exceptions + def setDestinations(self, destinations, sender=None): + destinations = dbus_to_python(destinations, list) + log.debug1("config.service.%d.setDestinations('[%s]')", self.id, + ",".join(destinations)) + self.parent.accessCheck(sender) + settings = list(self.getSettings()) + settings[5] = destinations + self.update(settings) + + @dbus_service_method(DBUS_INTERFACE_CONFIG_SERVICE, in_signature='s', + out_signature='s') + @dbus_handle_exceptions + def getDestination(self, destination, sender=None): + destination = dbus_to_python(destination, str) + log.debug1("config.service.%d.getDestination('%s')", self.id, + destination) + self.parent.accessCheck(sender) + settings = list(self.getSettings()) + if destination not in settings[5]: + raise FirewallError(NOT_ENABLED, destination) + return settings[5][destination] + + @dbus_service_method(DBUS_INTERFACE_CONFIG_SERVICE, in_signature='ss') + @dbus_handle_exceptions + def setDestination(self, destination, address, sender=None): + destination = dbus_to_python(destination, str) + address = dbus_to_python(address, str) + log.debug1("config.service.%d.setDestination('%s', '%s')", self.id, + destination, address) + self.parent.accessCheck(sender) + settings = list(self.getSettings()) + if destination in settings[5]: + raise FirewallError(ALREADY_ENABLED, destination) + settings[5][destination] = address + self.update(settings) + + @dbus_service_method(DBUS_INTERFACE_CONFIG_SERVICE, in_signature='s') + @dbus_handle_exceptions + def removeDestination(self, destination, sender=None): + destination = dbus_to_python(destination, str) + log.debug1("config.service.%d.removeDestination('%s')", self.id, + destination) + self.parent.accessCheck(sender) + settings = list(self.getSettings()) + if destination not in settings[5]: + raise FirewallError(NOT_ENABLED, destination) + settings[5].remove(destination) + self.update(settings) + + @dbus_service_method(DBUS_INTERFACE_CONFIG_SERVICE, in_signature='ss', + out_signature='b') + @dbus_handle_exceptions + def queryDestination(self, destination, address, sender=None): + destination = dbus_to_python(destination, str) + address = dbus_to_python(address, str) + log.debug1("config.service.%d.queryDestination('%s', '%s')", self.id, + destination, address) + settings = self.getSettings() + return (destination in self.settings[5] and \ + address == self.settings[5][destination]) diff -up firewalld-0.3.9/src/firewall/server/config_zone.py.RHBZ#1127706 firewalld-0.3.9/src/firewall/server/config_zone.py --- firewalld-0.3.9/src/firewall/server/config_zone.py.RHBZ#1127706 2014-01-13 16:12:35.000000000 +0100 +++ firewalld-0.3.9/src/firewall/server/config_zone.py 2014-09-30 01:09:08.591824854 +0200 @@ -36,6 +36,9 @@ from firewall.core.io.zone import Zone from firewall.core.logger import log from firewall.server.decorators import * from firewall.errors import * +from firewall.core.base import DEFAULT_ZONE_TARGET +from firewall.core.rich import Rich_Rule +from firewall.functions import portStr ############################################################################ # @@ -238,3 +241,527 @@ class FirewallDConfigZone(slip.dbus.serv @dbus_handle_exceptions def Renamed(self, name): log.debug1("config.zone.%d.Renamed('%s')" % (self.id, name)) + + # version + + @dbus_service_method(DBUS_INTERFACE_CONFIG_ZONE, out_signature='s') + @dbus_handle_exceptions + def getVersion(self, sender=None): + log.debug1("config.zone.%d.getVersion()", self.id) + return self.getSettings()[0] + + @dbus_service_method(DBUS_INTERFACE_CONFIG_ZONE, in_signature='s') + @dbus_handle_exceptions + def setVersion(self, version, sender=None): + version = dbus_to_python(version, str) + log.debug1("config.zone.%d.setVersion('%s')", self.id, version) + self.parent.accessCheck(sender) + settings = list(self.getSettings()) + settings[0] = version + self.update(settings) + + # short + + @dbus_service_method(DBUS_INTERFACE_CONFIG_ZONE, out_signature='s') + @dbus_handle_exceptions + def getShort(self, sender=None): + log.debug1("config.zone.%d.getShort()", self.id) + return self.getSettings()[1] + + @dbus_service_method(DBUS_INTERFACE_CONFIG_ZONE, in_signature='s') + @dbus_handle_exceptions + def setShort(self, short, sender=None): + short = dbus_to_python(short, str) + log.debug1("config.zone.%d.setShort('%s')", self.id, short) + self.parent.accessCheck(sender) + settings = list(self.getSettings()) + settings[1] = short + self.update(settings) + + # description + + @dbus_service_method(DBUS_INTERFACE_CONFIG_ZONE, out_signature='s') + @dbus_handle_exceptions + def getDescription(self, sender=None): + log.debug1("config.zone.%d.getDescription()", self.id) + return self.getSettings()[2] + + @dbus_service_method(DBUS_INTERFACE_CONFIG_ZONE, in_signature='s') + @dbus_handle_exceptions + def setDescription(self, description, sender=None): + description = dbus_to_python(description, str) + log.debug1("config.zone.%d.setDescription('%s')", self.id, description) + self.parent.accessCheck(sender) + settings = list(self.getSettings()) + settings[2] = description + self.update(settings) + + # immutable (deprecated) + # settings[3] was used for 'immutable' + + # target + + @dbus_service_method(DBUS_INTERFACE_CONFIG_ZONE, out_signature='s') + @dbus_handle_exceptions + def getTarget(self, sender=None): + log.debug1("config.zone.%d.getTarget()", self.id) + settings = self.getSettings() + return settings[4] if settings[4] != DEFAULT_ZONE_TARGET else "default" + + @dbus_service_method(DBUS_INTERFACE_CONFIG_ZONE, in_signature='s') + @dbus_handle_exceptions + def setTarget(self, target, sender=None): + target = dbus_to_python(target, str) + log.debug1("config.zone.%d.setTarget('%s')", self.id, target) + self.parent.accessCheck(sender) + settings = list(self.getSettings()) + settings[4] = target if target != "default" else DEFAULT_ZONE_TARGET + self.update(settings) + + # service + + @dbus_service_method(DBUS_INTERFACE_CONFIG_ZONE, out_signature='as') + @dbus_handle_exceptions + def getServices(self, sender=None): + log.debug1("config.zone.%d.getServices()", self.id) + return sorted(self.getSettings()[5]) + + @dbus_service_method(DBUS_INTERFACE_CONFIG_ZONE, in_signature='as') + @dbus_handle_exceptions + def setServices(self, services, sender=None): + services = dbus_to_python(services, list) + log.debug1("config.zone.%d.setServices('[%s]')", self.id, + ",".join(services)) + self.parent.accessCheck(sender) + settings = list(self.getSettings()) + settings[5] = services + self.update(settings) + + @dbus_service_method(DBUS_INTERFACE_CONFIG_ZONE, in_signature='s') + @dbus_handle_exceptions + def addService(self, service, sender=None): + service = dbus_to_python(service, str) + log.debug1("config.zone.%d.addService('%s')", self.id, service) + self.parent.accessCheck(sender) + settings = list(self.getSettings()) + if service in settings[5]: + raise FirewallError(ALREADY_ENABLED, service) + settings[5].append(service) + self.update(settings) + + @dbus_service_method(DBUS_INTERFACE_CONFIG_ZONE, in_signature='s') + @dbus_handle_exceptions + def removeService(self, service, sender=None): + service = dbus_to_python(service, str) + log.debug1("config.zone.%d.removeService('%s')", self.id, service) + self.parent.accessCheck(sender) + settings = list(self.getSettings()) + if service not in settings[5]: + raise FirewallError(NOT_ENABLED, service) + settings[5].remove(service) + self.update(settings) + + @dbus_service_method(DBUS_INTERFACE_CONFIG_ZONE, in_signature='s', + out_signature='b') + @dbus_handle_exceptions + def queryService(self, service, sender=None): + service = dbus_to_python(service, str) + log.debug1("config.zone.%d.queryService('%s')", self.id, service) + return service in self.getSettings()[5] + + # port + + @dbus_service_method(DBUS_INTERFACE_CONFIG_ZONE, out_signature='a(ss)') + @dbus_handle_exceptions + def getPorts(self, sender=None): + log.debug1("config.zone.%d.getPorts()", self.id) + return self.getSettings()[6] + + @dbus_service_method(DBUS_INTERFACE_CONFIG_ZONE, in_signature='a(ss)') + @dbus_handle_exceptions + def setPorts(self, ports, sender=None): + _ports = [ ] + # convert embedded lists to tuples + for port in dbus_to_python(ports, list): + if type(port) == list: + _ports.append(tuple(port)) + else: + _ports.append(port) + ports = _ports + log.debug1("config.zone.%d.setPorts('[%s]')", self.id, + ",".join("('%s, '%s')" % (port[0], port[1]) for port in ports)) + self.parent.accessCheck(sender) + settings = list(self.getSettings()) + settings[6] = ports + self.update(settings) + + @dbus_service_method(DBUS_INTERFACE_CONFIG_ZONE, in_signature='ss') + @dbus_handle_exceptions + def addPort(self, port, protocol, sender=None): + port = dbus_to_python(port, str) + protocol = dbus_to_python(protocol, str) + log.debug1("config.zone.%d.addPort('%s', '%s')", self.id, port, + protocol) + self.parent.accessCheck(sender) + settings = list(self.getSettings()) + if (port,protocol) in settings[6]: + raise FirewallError(ALREADY_ENABLED, "%s:%s" % (port, protocol)) + settings[6].append((port,protocol)) + self.update(settings) + + @dbus_service_method(DBUS_INTERFACE_CONFIG_ZONE, in_signature='ss') + @dbus_handle_exceptions + def removePort(self, port, protocol, sender=None): + port = dbus_to_python(port, str) + protocol = dbus_to_python(protocol, str) + log.debug1("config.zone.%d.removePort('%s', '%s')", self.id, port, + protocol) + self.parent.accessCheck(sender) + settings = list(self.getSettings()) + if (port,protocol) not in settings[6]: + raise FirewallError(NOT_ENABLED, "%s:%s" % (port, protocol)) + settings[6].remove((port,protocol)) + self.update(settings) + + @dbus_service_method(DBUS_INTERFACE_CONFIG_ZONE, in_signature='ss', + out_signature='b') + @dbus_handle_exceptions + def queryPort(self, port, protocol, sender=None): + port = dbus_to_python(port, str) + protocol = dbus_to_python(protocol, str) + log.debug1("config.zone.%d.queryPort('%s', '%s')", self.id, port, + protocol) + return (port,protocol) in self.getSettings()[6] + + # icmp block + + @dbus_service_method(DBUS_INTERFACE_CONFIG_ZONE, out_signature='as') + @dbus_handle_exceptions + def getIcmpBlocks(self, sender=None): + log.debug1("config.zone.%d.getIcmpBlocks()", self.id) + return sorted(self.getSettings()[7]) + + @dbus_service_method(DBUS_INTERFACE_CONFIG_ZONE, in_signature='as') + @dbus_handle_exceptions + def setIcmpBlocks(self, icmptypes, sender=None): + icmptypes = dbus_to_python(icmptypes, list) + log.debug1("config.zone.%d.setIcmpBlocks('[%s]')", self.id, + ",".join(icmptypes)) + self.parent.accessCheck(sender) + settings = list(self.getSettings()) + settings[7] = icmptypes + self.update(settings) + + @dbus_service_method(DBUS_INTERFACE_CONFIG_ZONE, in_signature='s') + @dbus_handle_exceptions + def addIcmpBlock(self, icmptype, sender=None): + icmptype = dbus_to_python(icmptype, str) + log.debug1("config.zone.%d.addIcmpBlock('%s')", self.id, icmptype) + self.parent.accessCheck(sender) + settings = list(self.getSettings()) + if icmptype in settings[7]: + raise FirewallError(ALREADY_ENABLED, icmptype) + settings[7].append(icmptype) + self.update(settings) + + @dbus_service_method(DBUS_INTERFACE_CONFIG_ZONE, in_signature='s') + @dbus_handle_exceptions + def removeIcmpBlock(self, icmptype, sender=None): + icmptype = dbus_to_python(icmptype, str) + log.debug1("config.zone.%d.removeIcmpBlock('%s')", self.id, icmptype) + self.parent.accessCheck(sender) + settings = list(self.getSettings()) + if icmptype not in settings[7]: + raise FirewallError(NOT_ENABLED, icmptype) + settings[7].remove(icmptype) + self.update(settings) + + @dbus_service_method(DBUS_INTERFACE_CONFIG_ZONE, in_signature='s', + out_signature='b') + @dbus_handle_exceptions + def queryIcmpBlock(self, icmptype, sender=None): + icmptype = dbus_to_python(icmptype, str) + log.debug1("config.zone.%d.removeIcmpBlock('%s')", self.id, icmptype) + return icmptype in self.getSettings()[7] + + # masquerade + + @dbus_service_method(DBUS_INTERFACE_CONFIG_ZONE, out_signature='b') + @dbus_handle_exceptions + def getMasquerade(self, sender=None): + log.debug1("config.zone.%d.getMasquerade()", self.id) + return self.getSettings()[8] + + @dbus_service_method(DBUS_INTERFACE_CONFIG_ZONE, in_signature='b') + @dbus_handle_exceptions + def setMasquerade(self, masquerade, sender=None): + masquerade = dbus_to_python(masquerade, bool) + log.debug1("config.zone.%d.setMasquerade('%s')", self.id, masquerade) + self.parent.accessCheck(sender) + settings = list(self.getSettings()) + settings[8] = masquerade + self.update(settings) + + @dbus_service_method(DBUS_INTERFACE_CONFIG_ZONE) + @dbus_handle_exceptions + def addMasquerade(self, sender=None): + log.debug1("config.zone.%d.addMasquerade()", self.id) + self.parent.accessCheck(sender) + settings = list(self.getSettings()) + if settings[8]: + raise FirewallError(ALREADY_ENABLED, "masquerade") + settings[8] = True + self.update(settings) + + @dbus_service_method(DBUS_INTERFACE_CONFIG_ZONE) + @dbus_handle_exceptions + def removeMasquerade(self, sender=None): + log.debug1("config.zone.%d.removeMasquerade()", self.id) + self.parent.accessCheck(sender) + settings = list(self.getSettings()) + if not settings[8]: + raise FirewallError(NOT_ENABLED, "masquerade") + settings[8] = False + self.update(settings) + + @dbus_service_method(DBUS_INTERFACE_CONFIG_ZONE, out_signature='b') + @dbus_handle_exceptions + def queryMasquerade(self, sender=None): + log.debug1("config.zone.%d.queryMasquerade()", self.id) + return self.getSettings()[8] + + # forward port + + @dbus_service_method(DBUS_INTERFACE_CONFIG_ZONE, out_signature='a(ssss)') + @dbus_handle_exceptions + def getForwardPorts(self, sender=None): + log.debug1("config.zone.%d.getForwardPorts()", self.id) + return self.getSettings()[9] + + @dbus_service_method(DBUS_INTERFACE_CONFIG_ZONE, in_signature='a(ssss)') + @dbus_handle_exceptions + def setForwardPorts(self, ports, sender=None): + _ports = [ ] + # convert embedded lists to tuples + for port in dbus_to_python(ports, list): + if type(port) == list: + _ports.append(tuple(port)) + else: + _ports.append(port) + ports = _ports + log.debug1("config.zone.%d.setForwardPorts('[%s]')", self.id, + ",".join("('%s, '%s', '%s', '%s')" % (port[0], port[1], \ + port[2], port[3]) for port in ports)) + self.parent.accessCheck(sender) + settings = list(self.getSettings()) + settings[9] = ports + self.update(settings) + + @dbus_service_method(DBUS_INTERFACE_CONFIG_ZONE, in_signature='ssss') + @dbus_handle_exceptions + def addForwardPort(self, port, protocol, toport, toaddr, sender=None): + port = dbus_to_python(port, str) + protocol = dbus_to_python(protocol, str) + toport = dbus_to_python(toport, str) + toaddr = dbus_to_python(toaddr, str) + log.debug1("config.zone.%d.addForwardPort('%s', '%s', '%s', '%s')", + self.id, port, protocol, toport, toaddr) + self.parent.accessCheck(sender) + fwp_id = (portStr(port, "-"), protocol, portStr(toport, "-"), + str(toaddr)) + settings = list(self.getSettings()) + if fwp_id in settings[9]: + raise FirewallError(ALREADY_ENABLED, + "%s:%s:%s:%s" % (port, protocol, toport, toaddr)) + settings[9].append(fwp_id) + self.update(settings) + + @dbus_service_method(DBUS_INTERFACE_CONFIG_ZONE, in_signature='ssss') + @dbus_handle_exceptions + def removeForwardPort(self, port, protocol, toport, toaddr, sender=None): + port = dbus_to_python(port, str) + protocol = dbus_to_python(protocol, str) + toport = dbus_to_python(toport, str) + toaddr = dbus_to_python(toaddr, str) + log.debug1("config.zone.%d.removeForwardPort('%s', '%s', '%s', '%s')", + self.id, port, protocol, toport, toaddr) + self.parent.accessCheck(sender) + fwp_id = (portStr(port, "-"), protocol, portStr(toport, "-"), + str(toaddr)) + settings = list(self.getSettings()) + if fwp_id not in settings[9]: + raise FirewallError(NOT_ENABLED, + "%s:%s:%s:%s" % (port, protocol, toport, toaddr)) + settings[9].remove(fwp_id) + self.update(settings) + + @dbus_service_method(DBUS_INTERFACE_CONFIG_ZONE, in_signature='ssss', + out_signature='b') + @dbus_handle_exceptions + def queryForwardPort(self, port, protocol, toport, toaddr, sender=None): + port = dbus_to_python(port, str) + protocol = dbus_to_python(protocol, str) + toport = dbus_to_python(toport, str) + toaddr = dbus_to_python(toaddr, str) + log.debug1("config.zone.%d.queryForwardPort('%s', '%s', '%s', '%s')", + self.id, port, protocol, toport, toaddr) + fwp_id = (portStr(port, "-"), protocol, portStr(toport, "-"), + str(toaddr)) + return fwp_id in self.getSettings()[9] + + # interface + + @dbus_service_method(DBUS_INTERFACE_CONFIG_ZONE, out_signature='as') + @dbus_handle_exceptions + def getInterfaces(self, sender=None): + log.debug1("config.zone.%d.getInterfaces()", self.id) + return sorted(self.getSettings()[10]) + + @dbus_service_method(DBUS_INTERFACE_CONFIG_ZONE, in_signature='as') + @dbus_handle_exceptions + def setInterfaces(self, interfaces, sender=None): + interfaces = dbus_to_python(interfaces, list) + log.debug1("config.zone.%d.setInterfaces('[%s]')", self.id, + ",".join(interfaces)) + self.parent.accessCheck(sender) + settings = list(self.getSettings()) + settings[10] = interfaces + self.update(settings) + + @dbus_service_method(DBUS_INTERFACE_CONFIG_ZONE, in_signature='s') + @dbus_handle_exceptions + def addInterface(self, interface, sender=None): + interface = dbus_to_python(interface, str) + log.debug1("config.zone.%d.addInterface('%s')", self.id, interface) + self.parent.accessCheck(sender) + settings = list(self.getSettings()) + if interface in settings[10]: + raise FirewallError(ALREADY_ENABLED, interface) + settings[10].append(interface) + self.update(settings) + + @dbus_service_method(DBUS_INTERFACE_CONFIG_ZONE, in_signature='s') + @dbus_handle_exceptions + def removeInterface(self, interface, sender=None): + interface = dbus_to_python(interface, str) + log.debug1("config.zone.%d.removeInterface('%s')", self.id, interface) + self.parent.accessCheck(sender) + settings = list(self.getSettings()) + if interface not in settings[10]: + raise FirewallError(NOT_ENABLED, interface) + settings[10].remove(interface) + self.update(settings) + + @dbus_service_method(DBUS_INTERFACE_CONFIG_ZONE, in_signature='s', + out_signature='b') + @dbus_handle_exceptions + def queryInterface(self, interface, sender=None): + interface = dbus_to_python(interface, str) + log.debug1("config.zone.%d.queryInterface('%s')", self.id, interface) + return interface in self.getSettings()[10] + + # source + + @dbus_service_method(DBUS_INTERFACE_CONFIG_ZONE, out_signature='as') + @dbus_handle_exceptions + def getSources(self, sender=None): + log.debug1("config.zone.%d.getSources()", self.id) + return sorted(self.getSettings()[11]) + + @dbus_service_method(DBUS_INTERFACE_CONFIG_ZONE, in_signature='as') + @dbus_handle_exceptions + def setSources(self, sources, sender=None): + sources = dbus_to_python(sources, list) + log.debug1("config.zone.%d.setSources('[%s]')", self.id, + ",".join(sources)) + self.parent.accessCheck(sender) + settings = list(self.getSettings()) + settings[11] = sources + self.update(settings) + + @dbus_service_method(DBUS_INTERFACE_CONFIG_ZONE, in_signature='s') + @dbus_handle_exceptions + def addSource(self, source, sender=None): + source = dbus_to_python(source, str) + log.debug1("config.zone.%d.addSource('%s')", self.id, source) + self.parent.accessCheck(sender) + settings = list(self.getSettings()) + if source in settings[11]: + raise FirewallError(ALREADY_ENABLED, source) + settings[11].append(source) + self.update(settings) + + @dbus_service_method(DBUS_INTERFACE_CONFIG_ZONE, in_signature='s') + @dbus_handle_exceptions + def removeSource(self, source, sender=None): + source = dbus_to_python(source, str) + log.debug1("config.zone.%d.removeSource('%s')", self.id, source) + self.parent.accessCheck(sender) + settings = list(self.getSettings()) + if source not in settings[11]: + raise FirewallError(NOT_ENABLED, source) + settings[11].remove(source) + self.update(settings) + + @dbus_service_method(DBUS_INTERFACE_CONFIG_ZONE, in_signature='s', + out_signature='b') + @dbus_handle_exceptions + def querySource(self, source, sender=None): + source = dbus_to_python(source, str) + log.debug1("config.zone.%d.querySource('%s')", self.id, source) + return source in self.getSettings()[11] + + # rich rule + + @dbus_service_method(DBUS_INTERFACE_CONFIG_ZONE, out_signature='as') + @dbus_handle_exceptions + def getRichRules(self, sender=None): + log.debug1("config.zone.%d.getRichRules()", self.id) + return self.getSettings()[12] + + @dbus_service_method(DBUS_INTERFACE_CONFIG_ZONE, in_signature='as') + @dbus_handle_exceptions + def setRichRules(self, rules, sender=None): + rules = dbus_to_python(rules, list) + log.debug1("config.zone.%d.setRichRules('[%s]')", self.id, + ",".join(rules)) + self.parent.accessCheck(sender) + settings = list(self.getSettings()) + rules = [ str(Rich_Rule(rule_str=r)) for r in rules ] + settings[12] = rules + self.update(settings) + + @dbus_service_method(DBUS_INTERFACE_CONFIG_ZONE, in_signature='s') + @dbus_handle_exceptions + def addRichRule(self, rule, sender=None): + rule = dbus_to_python(rule, str) + log.debug1("config.zone.%d.addRichRule('%s')", self.id, rule) + self.parent.accessCheck(sender) + settings = list(self.getSettings()) + rule_str = str(Rich_Rule(rule_str=rule)) + if rule_str in settings[12]: + raise FirewallError(ALREADY_ENABLED, rule) + settings[12].append(rule_str) + self.update(settings) + + @dbus_service_method(DBUS_INTERFACE_CONFIG_ZONE, in_signature='s') + @dbus_handle_exceptions + def removeRichRule(self, rule, sender=None): + rule = dbus_to_python(rule, str) + log.debug1("config.zone.%d.removeRichRule('%s')", self.id, rule) + self.parent.accessCheck(sender) + settings = list(self.getSettings()) + rule_str = str(Rich_Rule(rule_str=rule)) + if rule_str not in settings[12]: + raise FirewallError(NOT_ENABLED, rule) + settings[12].remove(rule_str) + self.update(settings) + + @dbus_service_method(DBUS_INTERFACE_CONFIG_ZONE, in_signature='s', + out_signature='b') + @dbus_handle_exceptions + def queryRichRule(self, rule, sender=None): + rule = dbus_to_python(rule, str) + log.debug1("config.zone.%d.queryRichRule('%s')", self.id, rule) + rule_str = str(Rich_Rule(rule_str=rule)) + return rule_str in self.getSettings()[12]