commit 04f5c99e5a8d82f490deeccf643a7a84941d2f7c Author: Thomas Woerner Date: Wed Aug 3 13:52:58 2016 +0200 firewall-cmd: Add missing action to fix --{add,remove}-entries-from-file The mising action="append" setting is needed to make --{add,remove}-entries-from-file functional as a sequence option. diff --git a/src/firewall-cmd b/src/firewall-cmd index 405d08c..3cf3059 100755 --- a/src/firewall-cmd +++ b/src/firewall-cmd @@ -580,8 +580,8 @@ parser_ipset.add_argument("--add-entry", metavar="", action='append') parser_ipset.add_argument("--remove-entry", metavar="", action='append') parser_ipset.add_argument("--query-entry", metavar="", action='append') parser_ipset.add_argument("--get-entries", action="store_true") -parser_ipset.add_argument("--add-entries-from-file", metavar="") -parser_ipset.add_argument("--remove-entries-from-file", metavar="") +parser_ipset.add_argument("--add-entries-from-file", metavar="", action='append') +parser_ipset.add_argument("--remove-entries-from-file", metavar="", action='append') parser.add_argument("--icmptype", metavar="") commit 495a1a527f03e12195ec6334a21eb7ba3924a6e8 Author: Thomas Woerner Date: Wed Aug 3 13:57:53 2016 +0200 firewall-offline-cmd: Fix --{add,remove}-entries-from-file The mising action="append" setting is needed to make --{add,remove}-entries-from-file functional as a sequence option. Also changed was used undefined for --remove-entries-from-file. diff --git a/src/firewall-offline-cmd b/src/firewall-offline-cmd index 978ad8a..a7cb36d 100755 --- a/src/firewall-offline-cmd +++ b/src/firewall-offline-cmd @@ -619,8 +619,8 @@ parser_ipset.add_argument("--add-entry", metavar="", action='append') parser_ipset.add_argument("--remove-entry", metavar="", action='append') parser_ipset.add_argument("--query-entry", metavar="", action='append') parser_ipset.add_argument("--get-entries", action="store_true") -parser_ipset.add_argument("--add-entries-from-file", metavar="") -parser_ipset.add_argument("--remove-entries-from-file", metavar="") +parser_ipset.add_argument("--add-entries-from-file", metavar="", action='append') +parser_ipset.add_argument("--remove-entries-from-file", metavar="", action='append') parser.add_argument("--icmptype", metavar="") @@ -1467,6 +1467,7 @@ try: ipset = fw.config.get_ipset(a.ipset) settings = FirewallClientIPSetSettings( list(fw.config.get_ipset_config(ipset))) + changed = False for filename in a.remove_entries_from_file: try: commit 9afdbaeb1d0ec11cff7d362618657d63df5b6dff Author: Thomas Woerner Date: Mon Aug 8 18:22:40 2016 +0200 firewall/core/io/*.py: Do not traceback on a general sax parsing issue There is a traceback printed in case of general parsing issue (no XML). With this patch there is a proper error reported. diff --git a/src/firewall/core/io/direct.py b/src/firewall/core/io/direct.py index 3916db0..ebbd12d 100644 --- a/src/firewall/core/io/direct.py +++ b/src/firewall/core/io/direct.py @@ -361,8 +361,12 @@ class Direct(IO_Object): parser = sax.make_parser() parser.setContentHandler(handler) with open(self.filename, "r") as f: - parser.parse(f) - + try: + parser.parse(f) + except sax.SAXParseException as msg: + raise FirewallError(errors.INVALID_TYPE, + "Not a valid file: %s" % \ + msg.getException()) def write(self): if os.path.exists(self.filename): diff --git a/src/firewall/core/io/icmptype.py b/src/firewall/core/io/icmptype.py index 36c2d70..99df326 100644 --- a/src/firewall/core/io/icmptype.py +++ b/src/firewall/core/io/icmptype.py @@ -122,7 +122,12 @@ def icmptype_reader(filename, path): parser.setContentHandler(handler) name = "%s/%s" % (path, filename) with open(name, "r") as f: - parser.parse(f) + try: + parser.parse(f) + except sax.SAXParseException as msg: + raise FirewallError(errors.INVALID_ICMPTYPE, + "not a valid icmptype file: %s" % \ + msg.getException()) del handler del parser if PY2: diff --git a/src/firewall/core/io/ipset.py b/src/firewall/core/io/ipset.py index a9e7777..e397f84 100644 --- a/src/firewall/core/io/ipset.py +++ b/src/firewall/core/io/ipset.py @@ -223,7 +223,12 @@ def ipset_reader(filename, path): parser.setContentHandler(handler) name = "%s/%s" % (path, filename) with open(name, "r") as f: - parser.parse(f) + try: + parser.parse(f) + except sax.SAXParseException as msg: + raise FirewallError(errors.INVALID_IPSET, + "not a valid ipset file: %s" % \ + msg.getException()) del handler del parser if "timeout" in ipset.options and len(ipset.entries) > 0: diff --git a/src/firewall/core/io/lockdown_whitelist.py b/src/firewall/core/io/lockdown_whitelist.py index 28aa8da..b7e24b2 100644 --- a/src/firewall/core/io/lockdown_whitelist.py +++ b/src/firewall/core/io/lockdown_whitelist.py @@ -322,7 +322,12 @@ class LockdownWhitelist(IO_Object): handler = lockdown_whitelist_ContentHandler(self) parser = sax.make_parser() parser.setContentHandler(handler) - parser.parse(self.filename) + try: + parser.parse(self.filename) + except sax.SAXParseException as msg: + raise FirewallError(errors.INVALID_TYPE, + "Not a valid file: %s" % \ + msg.getException()) del handler del parser if PY2: diff --git a/src/firewall/core/io/service.py b/src/firewall/core/io/service.py index 705affe..a65a4f4 100644 --- a/src/firewall/core/io/service.py +++ b/src/firewall/core/io/service.py @@ -217,7 +217,12 @@ def service_reader(filename, path): parser.setContentHandler(handler) name = "%s/%s" % (path, filename) with open(name, "r") as f: - parser.parse(f) + try: + parser.parse(f) + except sax.SAXParseException as msg: + raise FirewallError(errors.INVALID_SERVICE, + "not a valid service file: %s" % \ + msg.getException()) del handler del parser if PY2: diff --git a/src/firewall/core/io/zone.py b/src/firewall/core/io/zone.py index 274a633..5dfd1f5 100644 --- a/src/firewall/core/io/zone.py +++ b/src/firewall/core/io/zone.py @@ -676,7 +676,12 @@ def zone_reader(filename, path): parser.setContentHandler(handler) name = "%s/%s" % (path, filename) with open(name, "r") as f: - parser.parse(f) + try: + parser.parse(f) + except sax.SAXParseException as msg: + raise FirewallError(errors.INVALID_ZONE, + "not a valid zone file: %s" % \ + msg.getException()) del handler del parser if PY2: