a iG@sBdgZddlmZddlZddlZddlZddlmZddlm Z ddl m Z ddl m Z ddlmZdd lmZmZdd lmZmZmZmZmZmZdd lmZdd lmZmZmZm Z m!Z!m"Z"m#Z#m$Z$dd l%m&Z&ddl'm(Z(ddl)m*Z*ddl+m,Z,ddl-m.Z.m/Z/ddl0m1Z1ddlm2Z2ddl3m4Z4GdddeZ5dS) FirewallD)GLibN)config)Firewall) Rich_Rule)log)FirewallClientZoneSettings)FirewallDBusExceptionDbusServiceObject)dbus_handle_exceptionsdbus_service_methodhandle_exceptionsdbus_service_method_deprecateddbus_service_signal_deprecateddbus_polkit_require_auth)FirewallDConfig)dbus_to_pythoncommand_of_sendercontext_of_sender uid_of_sender user_of_uid%dbus_introspection_prepare_properties!dbus_introspection_add_properties!dbus_introspection_add_deprecated)check_on_disk_config)IPSet)IcmpType)Helper)nm_get_connection_of_interfacenm_set_zone_of_connection)ifcfg_set_zone_of_interface)errors) FirewallErrorcs !eZdZdZdZejjZe fddZ ddZ e ddZ e d d Z ed d Zed dZeddZeddZeddZeejdddedddZeejdddedddZeejjeejdd edd!d"Zejjejd#d$d%d&Zeejjeejdd'edfd(d) Zeejjeejj d*d*dedd+d,Z!eejjeejj d*d*dedd-d.Z"ejejj ed/d0Z#eejjeejj d*d*ddd1d2Z$eejjeejj d*d*dedd3d4Z%eejjeejj d*d*dedd5d6Z&eejj'eejj(d*d*dedd7d8Z)eejj'eejj(d*d*dedd9d:Z*eejj+eejj(d*d;deddd?Z-ejjejj(d*d$ed@dAZ.eejj'eejj(dd*deddBdCZ/eejj'eejj(dd*deddDdEZ0eejj+eejj(dd;deddFdGZ1eejj+eejj(d*dHdeddIdJZ2ejjejj(dd$edKdLZ3ejjejj(dd$edMdNZ4eejj'eejj(dOd*deddPdQZ5eejj'eejj(dOd*deddRdSZ6eejj+eejj(dOd;deddTdUZ7eejj+eejj(d*dVdeddWdXZ8ejjejj(dOd$edYdZZ9ejjejj(dOd$ed[d\Z:eejj'eejj(dd*dedd]d^Z;eejj'eejj(dd*dedd_d`Zejjejj(dd$ededfZ?ejjejj(dd$edgdhZ@eejj'eejj(dd*deddidjZAeejj'eejj(dd*deddkdlZBeejj+eejj(dd;deddmdnZCeejj+eejj(d*dHdeddodpZDejjejj(dd$edqdrZEejjejj(dd$edsdtZFeejjeejj d*d*deddudvZGeejjeejj d*d*deddwdxZHeejjeejj d*d;deddydzZIejjejj d*d$ed{d|ZJejjejj d*d$ed}d~ZKeejjLeejj dddedddZMeejjLeejjNdddedddZOeejjLeejjNdd edddZPejjejjNdd$eddZQeejjLeejjRdddedddZSeejjLeejjRdd edddZTejjejjRdd$eddZUeejjeejj d*dHdedddZVeejjLeejj dddedddZWeejjLeejj dddedddZXeejjeejj d*dHdedddZYeejjLeejj deZj[dedddZ\eejjLeejj d*ddedddZ]eejjeejj dd*dedddZ^ejjejj dd$eddZ_eejjLeejj d*ddedddZ`eejjeejj dd*dedddZaejjejj dd$eddZbeejjeejj d*ddedddZceejjeejj dd*dedddZdejjejj dd$eddZeeejjeejjRd*dHdedddZfeejjeejjRd*ddedddZgeejjeejjNd*dHdedddZheejjeejjNd*ddedddZieejjeejjNdddedddZjeejjeejjNdddedddZkeejjLeejjNdd;dedddZleejjeejjNdddedddZmeejjeejjNdddedddZneejjeejjNdddedddZoeejjeejjNdddeddd„ZpeejjLeejjNdd;dedddĄZqeejjLeejjNddHdedddƄZrejjejjNdd$eddȄZsejjejjNdd$eddʄZtejjejjNdd$edd̄ZuejjejjNdd$edd΄ZveejjeejjNdddedddЄZweejjeejjNdddeddd҄ZxeejjeejjNdddedddԄZyeejjLeejjNdd;dedddքZzeejjLeejjNddHdeddd؄Z{ejjejjNdd$eddڄZ|ejjejjNdd$edd܄Z}ejjejjNdd$eddބZ~eddZeejjeejjNdddedddZeejjeejjNdddedddZeejjLeejjNdd;dedddZeejjLeejjNddHdedddZejjejjNdd$eddZejjejjNdd$eddZeddZeejjeejjNdddedddZeejjeejjNdddedddZeejjLeejjNdd;dedddZeejjLeejjNddHdedddZejjejjNdd$eddZejjejjNdd$eddZeddZeejjeejjNdddedddZeejjeejjNdddedddZeejjLeejjNdd;dedddZeejjLeejjNdddedddZejjejjNdd$edd d ZejjejjNdd$ed d ZeddZeejjeejjNdddedddZeejjeejjNdddedddZeejjLeejjNdd;dedddZeejjLeejjNddHdedddZejjejjNdd$edddZejjejjNdd$eddZeddZeejjeejjNdddedddZeejjeejjNdddedd d!ZeejjLeejjNdd;dedd"d#ZeejjLeejjNdddedd$d%ZejjejjNdd$edd&d'ZejjejjNdd$ed(d)Zed*d+ZeejjeejjNd,ddedd-d.ZeejjeejjNdddedd/d0ZeejjLeejjNdd;ded d1d2ZejjejjNd,d$ed d3d4ZejjejjNdd$ed5d6Zed7d8ZeejjeejjNd9dded d:d;ZeejjeejjNdZeejjLeejjNd|S)Nz Introspect())rZdebug2r$r Introspectr(r'Zget_busrrr*r+rjrrZ deprecatedr)r,r@data interfacer/r1r2rw$s zFirewallD.IntrospectcCs*td|j|j|dS)z#Reload the firewall rules. zreload()Nrr7r&reloadrReloadedr,r@r1r1r2r|:s   zFirewallD.reloadcCs,td|jd|j|dS)zCompletely reload the firewall. Completely reload the firewall: Stops firewall, unloads modules and starts the firewall again. zcompleteReload()TNr{r~r1r1r2completeReloadIs   zFirewallD.completeReloadcCstddS)Nz Reloaded()rr7r5r1r1r2r}YszFirewallD.ReloadedcCs"td|jj|dS)zbreset to firewall's builtin defaults. Reloads firewalld to apply changes properly zfirewalld.reset_to_defaults()N)rr7r&rZreset_defaultsr|r~r1r1r2resetToDefaults^s  zFirewallD.resetToDefaultscCstdt|jdS)z&Check permanent configuration zcheckPermanentConfig()N)rr7rr&r~r1r1r2checkPermanentConfigis zFirewallD.checkPermanentConfigc Cstd|jjdkr"ttjdd}|j}|jj D]}| |}zj||vr|j |}| |krtd|||qtd|ntd||j||Wq<ty}z"td||fd }WYd }~qf}z6|j |krtd|j|n tdWn8ty(}ztd|d }WYd }~n d }~00|jj?j@A}z6|j |krbtd |jB|n td!Wn8ty}ztd"|d }WYd }~n d }~00|rttjCd S)#z-Make runtime configuration permanent zcopyRuntimeToPermanent()ZFAILEDzSaving runtime to permanent is not allowed while firewalld is in FAILED state. The permanent configuration must be fixed and then firewalld restarted. Try `firewall-offline-cmd --check-config`.FzCopying service '%s' settingsz$Service '%s' is identical, ignoring.zCreating service '%s'z/Runtime To Permanent failed on service '%s': %sTNzCopying icmptype '%s' settingsz%IcmpType '%s' is identical, ignoring.zCreating icmptype '%s'z0Runtime To Permanent failed on icmptype '%s': %szCopying ipset '%s' settingsz"IPSet '%s' is identical, ignoring.zCreating ipset '%s'z-Runtime To Permanent failed on ipset '%s': %szEZone '%s': interface binding for '%s' has been added by NM, ignoring.zCopying zone '%s' settingszCreating zone '%s'z,Runtime To Permanent failed on zone '%s': %szCreating policy '%s'z.Runtime To Permanent failed on policy '%s': %szCopying helper '%s' settingsz#Helper '%s' is identical, ignoring.zCreating helper '%s'z.Runtime To Permanent failed on helper '%s': %szCopying direct configurationz,Direct configuration is identical, ignoring.z7Runtime To Permanent failed on direct configuration: %szCopying policies configurationz.Policies configuration is identical, ignoring.z9Runtime To Permanent failed on policies configuration: %s)Drr7r&_stater"r!ZRUNNING_BUT_FAILEDrZgetServiceNamesservice get_servicesgetServiceSettingsZgetServiceByNameZ getSettingsupdate addService ExceptionwarningZgetIcmpTypeNamesicmptype get_icmptypesgetIcmpTypeSettingsZgetIcmpTypeByNameZ addIcmpTypeZ getIPSetNamesipset get_ipsetsgetIPSetSettingsZgetIPSetByNameZaddIPSetZ getZoneNamesrB get_zonesgetZoneSettings2rcopydeepcopy getInterfacesZ_nm_assigned_interfacesremoveInterfacerrZgetSettingsDictr Z getZoneByNameZupdate2ZaddZone2ZgetPolicyNamespolicy"get_policies_not_derived_from_zonegetPolicySettingsZgetPolicyByNameZ addPolicyZgetHelperNameshelper get_helpersgetHelperSettingsZgetHelperByNameZ addHelperdirectget_all_chains get_all_rulesget_all_passthroughsr=lockdown_whitelist export_configZsetLockdownWhitelistZRT_TO_PERM_FAILED) r,r@r?Z config_namesnameZconfZconf_objesettingsZchangedryZ connectionr1r1r2runtimeToPermanentusF                                           zFirewallD.runtimeToPermanentcCs,td|||jj|dS)z!Enable lockdown policies zpolicies.enableLockdown()N)rr7rAr&r=Zenable_lockdownLockdownEnabledr~r1r1r2enableLockdownGs   zFirewallD.enableLockdowncCs,td|||jj|dS)z"Disable lockdown policies zpolicies.disableLockdown()N)rr7rAr&r=Zdisable_lockdownLockdownDisabledr~r1r1r2disableLockdownSs   zFirewallD.disableLockdownbcCstd|jjS)z,Returns True if lockdown is enabled zpolicies.queryLockdown())rr7r&r=r>r~r1r1r2 queryLockdown_s zFirewallD.queryLockdowncCstddS)NzLockdownEnabled()rr5r1r1r2rjszFirewallD.LockdownEnabledcCstddS)NzLockdownDisabled()rr5r1r1r2roszFirewallD.LockdownDisabledcCs@t|t}td||||jjj|| |dS)Add lockdown command z*policies.addLockdownWhitelistCommand('%s')N) rrhrr7rAr&r=rZ add_commandLockdownWhitelistCommandAddedr,r<r@r1r1r2addLockdownWhitelistCommandxs   z%FirewallD.addLockdownWhitelistCommandcCs@t|t}td||||jjj|| |dS)z Remove lockdown command z-policies.removeLockdownWhitelistCommand('%s')N) rrhrr7rAr&r=rZremove_commandLockdownWhitelistCommandRemovedrr1r1r2removeLockdownWhitelistCommands   z(FirewallD.removeLockdownWhitelistCommandcCs(t|t}td||jjj|S)zQuery lockdown command z,policies.queryLockdownWhitelistCommand('%s'))rrhrr7r&r=rZ has_commandrr1r1r2queryLockdownWhitelistCommands z'FirewallD.queryLockdownWhitelistCommandascCstd|jjjS)rz'policies.getLockdownWhitelistCommands())rr7r&r=rZ get_commandsr~r1r1r2getLockdownWhitelistCommandss z&FirewallD.getLockdownWhitelistCommandscCstd|dS)Nz#LockdownWhitelistCommandAdded('%s')rr,r<r1r1r2rsz'FirewallD.LockdownWhitelistCommandAddedcCstd|dS)Nz%LockdownWhitelistCommandRemoved('%s')rrr1r1r2rsz)FirewallD.LockdownWhitelistCommandRemovedicCs@t|t}td||||jjj|| |dS)Add lockdown uid z&policies.addLockdownWhitelistUid('%s')N) rintrr7rAr&r=rZadd_uidLockdownWhitelistUidAddedr,r:r@r1r1r2addLockdownWhitelistUids   z!FirewallD.addLockdownWhitelistUidcCs@t|t}td||||jjj|| |dS)zRemove lockdown uid z)policies.removeLockdownWhitelistUid('%s')N) rrrr7rAr&r=rZ remove_uidLockdownWhitelistUidRemovedrr1r1r2removeLockdownWhitelistUids   z$FirewallD.removeLockdownWhitelistUidcCs(t|t}td||jjj|S)zQuery lockdown uid z(policies.queryLockdownWhitelistUid('%s'))rrrr7r&r=rZhas_uidrr1r1r2queryLockdownWhitelistUids z#FirewallD.queryLockdownWhitelistUidZaicCstd|jjjS)rz#policies.getLockdownWhitelistUids())rr7r&r=rZget_uidsr~r1r1r2getLockdownWhitelistUidss z"FirewallD.getLockdownWhitelistUidscCstd|dS)NzLockdownWhitelistUidAdded(%d)rr,r:r1r1r2rsz#FirewallD.LockdownWhitelistUidAddedcCstd|dS)NzLockdownWhitelistUidRemoved(%d)rrr1r1r2rsz%FirewallD.LockdownWhitelistUidRemovedcCs@t|t}td||||jjj|| |dS)Add lockdown user z'policies.addLockdownWhitelistUser('%s')N) rrhrr7rAr&r=rZadd_userLockdownWhitelistUserAddedr,r;r@r1r1r2addLockdownWhitelistUsers   z"FirewallD.addLockdownWhitelistUsercCs@t|t}td||||jjj|| |dS)zRemove lockdown user z*policies.removeLockdownWhitelistUser('%s')N) rrhrr7rAr&r=rZ remove_userLockdownWhitelistUserRemovedrr1r1r2removeLockdownWhitelistUsers   z%FirewallD.removeLockdownWhitelistUsercCs(t|t}td||jjj|S)zQuery lockdown user z)policies.queryLockdownWhitelistUser('%s'))rrhrr7r&r=rZhas_userrr1r1r2queryLockdownWhitelistUser s z$FirewallD.queryLockdownWhitelistUsercCstd|jjjS)rz$policies.getLockdownWhitelistUsers())rr7r&r=rZ get_usersr~r1r1r2getLockdownWhitelistUserss z#FirewallD.getLockdownWhitelistUserscCstd|dS)Nz LockdownWhitelistUserAdded('%s')rr,r;r1r1r2r#sz$FirewallD.LockdownWhitelistUserAddedcCstd|dS)Nz"LockdownWhitelistUserRemoved('%s')rrr1r1r2r(sz&FirewallD.LockdownWhitelistUserRemovedcCs@t|t}td||||jjj|| |dS)Add lockdown context z*policies.addLockdownWhitelistContext('%s')N) rrhrr7rAr&r=rZ add_contextLockdownWhitelistContextAddedr,r9r@r1r1r2addLockdownWhitelistContext/s   z%FirewallD.addLockdownWhitelistContextcCs@t|t}td||||jjj|| |dS)z Remove lockdown context z-policies.removeLockdownWhitelistContext('%s')N) rrhrr7rAr&r=rZremove_contextLockdownWhitelistContextRemovedrr1r1r2removeLockdownWhitelistContext<s   z(FirewallD.removeLockdownWhitelistContextcCs(t|t}td||jjj|S)zQuery lockdown context z,policies.queryLockdownWhitelistContext('%s'))rrhrr7r&r=rZ has_contextrr1r1r2queryLockdownWhitelistContextIs z'FirewallD.queryLockdownWhitelistContextcCstd|jjjS)rz'policies.getLockdownWhitelistContexts())rr7r&r=rZ get_contextsr~r1r1r2getLockdownWhitelistContextsUs z&FirewallD.getLockdownWhitelistContextscCstd|dS)Nz#LockdownWhitelistContextAdded('%s')rr,r9r1r1r2r`sz'FirewallD.LockdownWhitelistContextAddedcCstd|dS)Nz%LockdownWhitelistContextRemoved('%s')rrr1r1r2resz)FirewallD.LockdownWhitelistContextRemovedcCs*td|||j|dS)zfEnable panic mode. All ingoing and outgoing connections and packets will be blocked. zenablePanicMode()N)rr7rAr&Zenable_panic_modePanicModeEnabledr~r1r1r2enablePanicModens   zFirewallD.enablePanicModecCs*td|||j|dS)zDisable panic mode. Enables normal mode: Allowed ingoing and outgoing connections will not be blocked anymore zdisablePanicMode()N)rr7rAr&Zdisable_panic_modePanicModeDisabledr~r1r1r2disablePanicMode|s   zFirewallD.disablePanicModecCstd|jS)NzqueryPanicMode())rr7r&Zquery_panic_moder~r1r1r2queryPanicModes zFirewallD.queryPanicModecCstddS)NzPanicModeEnabled()rr5r1r1r2rszFirewallD.PanicModeEnabledcCstddS)NzPanicModeDisabled()rr5r1r1r2rszFirewallD.PanicModeDisabledz&(sssbsasa(ss)asba(ssss)asasasasa(ss)b)cCs$t|t}td||jj|S)NzgetZoneSettings(%s))rrhrr7r&rBZget_config_with_settingsr,rBr@r1r1r2getZoneSettingss  zFirewallD.getZoneSettingscCs$t|t}td||jj|S)NzgetZoneSettings2(%s))rrhrr7r&rBget_config_with_settings_dictrr1r1r2rs  zFirewallD.getZoneSettings2zsa{sv}cCsFt|t}td||||jj|t|||||dS)NzsetZoneSettings2(%s)) rrhrr7rAr&rBset_config_with_settings_dict ZoneUpdated)r,rBrr@r1r1r2setZoneSettings2s    zFirewallD.setZoneSettings2cCstd||fdS)Nzzone.ZoneUpdated('%s', '%s')r)r,rBrr1r1r2rszFirewallD.ZoneUpdatedcCs$t|t}td||jj|S)Nzpolicy.getPolicySettings(%s))rrhrr7r&rr)r,rr@r1r1r2rs  zFirewallD.getPolicySettingscCsFt|t}td||||jj|t|||||dS)Nzpolicy.setPolicySettings(%s)) rrhrr7rAr&rr PolicyUpdated)r,rrr@r1r1r2setPolicySettingss    zFirewallD.setPolicySettingscCstd||fdS)Nz policy.PolicyUpdated('%s', '%s')r)r,rrr1r1r2rszFirewallD.PolicyUpdatedcCstd|jjS)NzlistServices())rr7r&rrr~r1r1r2 listServicess zFirewallD.listServicesz(sssa(ss)asa{ss}asa(ss))c Cst|t}td||jj|}|}g}tdD]P}|j |d|vrp| t t ||j |dq8| ||j |dq8t|S)NzgetServiceSettings(%s)r)rrhrr7r&r get_serviceexport_config_dictrangeZIMPORT_EXPORT_STRUCTUREappendrrgetattrtuple)r,rr@objZ conf_dictZ conf_listrr1r1r2rs   "zFirewallD.getServiceSettingscCs,t|t}td||jj|}|S)NzgetServiceSettings2(%s))rrhrr7r&rrr)r,rr@rr1r1r2getServiceSettings2s  zFirewallD.getServiceSettings2cCstd|jjS)NzlistIcmpTypes())rr7r&rrr~r1r1r2 listIcmpTypess zFirewallD.listIcmpTypescCs(t|t}td||jj|S)NzgetIcmpTypeSettings(%s))rrhrr7r&rZ get_icmptyper)r,rr@r1r1r2rs  zFirewallD.getIcmpTypeSettingscCstd|jS)NzgetLogDenied())rr7r&Zget_log_deniedr~r1r1r2 getLogDenieds zFirewallD.getLogDeniedcCsXt|t}td||||j||||j|j | dS)NzsetLogDenied('%s')) rrhrr7rAr&Zset_log_deniedLogDeniedChangedr|rr}r,valuer@r1r1r2 setLogDenied's      zFirewallD.setLogDeniedcCstd|dS)NzLogDeniedChanged('%s')rr,rr1r1r2r7szFirewallD.LogDeniedChangedcCstddS)NzgetAutomaticHelpers()rUrr~r1r1r2getAutomaticHelpers@s zFirewallD.getAutomaticHelperscCs&t|t}td|||dS)NzsetAutomaticHelpers('%s'))rrhrr7rArr1r1r2setAutomaticHelpersKs zFirewallD.setAutomaticHelperscCstd|dS)NzAutomaticHelpersChanged('%s')rrr1r1r2AutomaticHelpersChangedWsz!FirewallD.AutomaticHelpersChangedcCstd|jS)NzgetDefaultZone())rr7r&Zget_default_zoner~r1r1r2getDefaultZone`s zFirewallD.getDefaultZonecCs<t|t}td||||j|||dS)NzsetDefaultZone('%s'))rrhrr7rAr&Zset_default_zoneDefaultZoneChangedrr1r1r2setDefaultZoneis    zFirewallD.setDefaultZonecCstd|dS)NzDefaultZoneChanged('%s')rr,rBr1r1r2ruszFirewallD.DefaultZoneChangedcCstd|jjS)Nzpolicy.getPolicies())rr7r&rrr~r1r1r2 getPoliciess zFirewallD.getPoliciesz a{sa{sas}}cCsXtdi}|jjD]8}i||<|jj|||d<|jj|||d<q|S)Nzpolicy.getActivePolicies()Z ingress_zonesZ egress_zones)rr7r&rZ)get_active_policies_not_derived_from_zoneZlist_ingress_zonesZlist_egress_zones)r,r@r=rr1r1r2getActivePoliciess zFirewallD.getActivePoliciescCstd|jjS)Nzzone.getZones())rr7r&rBrr~r1r1r2getZoness zFirewallD.getZonescCstdi}|jjD]l}|jj|}|jj|}t|t|dkri||<t|dkrn|||d<t|dkr|||d<q|S)Nzzone.getActiveZones()r interfacessources)rr7r&rBrlist_interfaces list_sourceslen)r,r@ZzonesrBrrr1r1r2getActiveZoness    zFirewallD.getActiveZonescCs2t|t}td||jj|}|r.|SdS)zReturn the zone an interface belongs to. :Parameters: `interface` : str Name of the interface :Returns: str. The name of the zone. zzone.getZoneOfInterface('%s')rz)rrhrr7r&rBZget_zone_of_interface)r,ryr@rBr1r1r2getZoneOfInterfaces zFirewallD.getZoneOfInterfacecCs2t|t}td||jj|}|r.|SdS)Nzzone.getZoneOfSource('%s')rz)rrhrr7r&rBZget_zone_of_source)r,sourcer@rBr1r1r2getZoneOfSources  zFirewallD.getZoneOfSourcecCsdS)NFr1rr1r1r2 isImmutableszFirewallD.isImmutablecCsRt|t}t|t}td||f|||jj|||}||||S)zPAdd an interface to a zone. If zone is empty, use default zone. zzone.addInterface('%s', '%s')) rrhrr7rAr&rBZ add_interfaceInterfaceAddedr,rBryr@_zoner1r1r2 addInterfaces    zFirewallD.addInterfacecCs"t|t}t|t}||||S)zChange a zone an interface is part of. If zone is empty, use default zone. This function is deprecated, use changeZoneOfInterface instead )rrhchangeZoneOfInterfacer,rBryr@r1r1r2 changeZones  zFirewallD.changeZonecCsRt|t}t|t}td||f|||jj|||}||||S)z[Change a zone an interface is part of. If zone is empty, use default zone. z&zone.changeZoneOfInterface('%s', '%s')) rrhrr7rAr&rBZchange_zone_of_interfaceZoneOfInterfaceChangedrr1r1r2r s    zFirewallD.changeZoneOfInterfacecCsPt|t}t|t}td||f|||jj||}||||S)zkRemove interface from a zone. If zone is empty, remove from zone the interface belongs to. z zone.removeInterface('%s', '%s')) rrhrr7rAr&rBZremove_interfaceInterfaceRemovedrr1r1r2rs    zFirewallD.removeInterfacecCs6t|t}t|t}td||f|jj||S)z^Return true if an interface is in a zone. If zone is empty, use default zone. zzone.queryInterface('%s', '%s'))rrhrr7r&rBZquery_interfacer r1r1r2queryInterface%s  zFirewallD.queryInterfacecCs&t|t}td||jj|S)z]Return the list of interfaces of a zone. If zone is empty, use default zone. zzone.getInterfaces('%s'))rrhrr7r&rBrrr1r1r2r2s zFirewallD.getInterfacescCstd||fdS)Nzzone.InterfaceAdded('%s', '%s')rr,rBryr1r1r2r@szFirewallD.InterfaceAddedcCstd||fdS)z, This signal is deprecated. zzone.ZoneChanged('%s', '%s')Nrrr1r1r2 ZoneChangedEszFirewallD.ZoneChangedcCs"td||f|||dS)Nz'zone.ZoneOfInterfaceChanged('%s', '%s'))rr7rrr1r1r2r Msz FirewallD.ZoneOfInterfaceChangedcCstd||fdS)Nz!zone.InterfaceRemoved('%s', '%s')rrr1r1r2rTszFirewallD.InterfaceRemovedcCsRt|t}t|t}td||f|||jj|||}||||S)zLAdd a source to a zone. If zone is empty, use default zone. zzone.addSource('%s', '%s')) rrhrr7rAr&rBZ add_source SourceAddedr,rBrr@rr1r1r2 addSource]s    zFirewallD.addSourcecCsRt|t}t|t}td||f|||jj|||}||||S)zXChange a zone an source is part of. If zone is empty, use default zone. z#zone.changeZoneOfSource('%s', '%s')) rrhrr7rAr&rBZchange_zone_of_sourceZoneOfSourceChangedrr1r1r2changeZoneOfSourcens    zFirewallD.changeZoneOfSourcecCsPt|t}t|t}td||f|||jj||}||||S)zeRemove source from a zone. If zone is empty, remove from zone the source belongs to. zzone.removeSource('%s', '%s')) rrhrr7rAr&rBZ remove_source SourceRemovedrr1r1r2 removeSources    zFirewallD.removeSourcecCs6t|t}t|t}td||f|jj||S)z[Return true if an source is in a zone. If zone is empty, use default zone. zzone.querySource('%s', '%s'))rrhrr7r&rBZ query_source)r,rBrr@r1r1r2 querySources  zFirewallD.querySourcecCs&t|t}td||jj|S)zZReturn the list of sources of a zone. If zone is empty, use default zone. zzone.getSources('%s'))rrhrr7r&rBrrr1r1r2 getSourcess zFirewallD.getSourcescCstd||fdS)Nzzone.SourceAdded('%s', '%s')rr,rBrr1r1r2rszFirewallD.SourceAddedcCstd||fdS)Nz$zone.ZoneOfSourceChanged('%s', '%s')rrr1r1r2rszFirewallD.ZoneOfSourceChangedcCstd||fdS)Nzzone.SourceRemoved('%s', '%s')rrr1r1r2rszFirewallD.SourceRemovedcCsHtd||f|j||=t|d}|jj|||||dS)Nz%zone.disableTimedRichRule('%s', '%s')Zrule_str)rr7r8rr&rB remove_ruleRichRuleRemoved)r,rBrulerr1r1r2disableTimedRichRules   zFirewallD.disableTimedRichRuleZssicCst|t}t|t}t|t}td||ft|d}|jj|||}|dkrtt ||j ||}| |||| ||||S)Nzzone.addRichRule('%s', '%s')rr)rrhrrr7rr&rBadd_rulertimeout_add_secondsr rE RichRuleAdded)r,rBrtimeoutr@rrrDr1r1r2 addRichRules     zFirewallD.addRichRulecCs\t|t}t|t}td||ft|d}|jj||}|||| |||S)Nzzone.removeRichRule('%s', '%s')r) rrhrr7rr&rBrrHr)r,rBrr@rrr1r1r2removeRichRules     zFirewallD.removeRichRulecCs@t|t}t|t}td||ft|d}|jj||S)Nzzone.queryRichRule('%s', '%s')r)rrhrr7rr&rB query_rule)r,rBrr@rr1r1r2 queryRichRules    zFirewallD.queryRichRulecCs&t|t}td||jj|S)Nzzone.getRichRules('%s'))rrhrr7r&rBZ list_rulesrr1r1r2 getRichRuless zFirewallD.getRichRulescCstd|||fdS)Nz"zone.RichRuleAdded('%s', '%s', %d)r)r,rBrr$r1r1r2r#szFirewallD.RichRuleAddedcCstd||fdS)Nz zone.RichRuleRemoved('%s', '%s')r)r,rBrr1r1r2rszFirewallD.RichRuleRemovedcCs>td||f|j||=|jj|||||dS)Nz$zone.disableTimedService('%s', '%s'))rr7r8r&rBremove_serviceServiceRemovedr,rBrr1r1r2disableTimedService s zFirewallD.disableTimedServicecCst|t}t|t}t|t}td|||f|||jj||||}|dkrxt ||j ||}| |||| ||||S)Nzzone.addService('%s', '%s', %d)r)rrhrrr7rAr&rBZ add_servicerr"r-rE ServiceAdded)r,rBrr$r@rrDr1r1r2rs     zFirewallD.addServicecCs\t|t}t|t}td||f|||jj||}|||| |||S)Nzzone.removeService('%s', '%s')) rrhrr7rAr&rBr*rHr+)r,rBrr@rr1r1r2 removeService*s     zFirewallD.removeServicecCs6t|t}t|t}td||f|jj||S)Nzzone.queryService('%s', '%s'))rrhrr7r&rBZ query_service)r,rBrr@r1r1r2 queryService;s  zFirewallD.queryServicecCs&t|t}td||jj|S)Nzzone.getServices('%s'))rrhrr7r&rBZ list_servicesrr1r1r2 getServicesFs zFirewallD.getServicescCstd|||fdS)Nz!zone.ServiceAdded('%s', '%s', %d)r)r,rBrr$r1r1r2r.RszFirewallD.ServiceAddedcCstd||fdS)Nzzone.ServiceRemoved('%s', '%s')rr,r1r1r2r+XszFirewallD.ServiceRemovedcCsHtd|||f|j|||f=|jj|||||||dS)Nz'zone.disableTimedPort('%s', '%s', '%s'))rr7r8r&rB remove_port PortRemovedr,rBportprotocolr1r1r2disableTimedPortas zFirewallD.disableTimedPortZsssicCst|t}t|t}t|t}t|t}td|||f|||jj|||||}|dkrt ||j |||}| |||f|| |||||S)Nzzone.addPort('%s', '%s', '%s')r)rrhrrr7rAr&rBZadd_portrr"r7rE PortAddedr,rBr5r6r$r@rrDr1r1r2addPortis       zFirewallD.addPortZssscCspt|t}t|t}t|t}td|||f|||jj|||}||||f| ||||S)Nz!zone.removePort('%s', '%s', '%s')) rrhrr7rAr&rBr2rHr3r,rBr5r6r@rr1r1r2 removePorts    zFirewallD.removePortcCsDt|t}t|t}t|t}td|||f|jj|||S)Nz zone.queryPort('%s', '%s', '%s'))rrhrr7r&rBZ query_portr,rBr5r6r@r1r1r2 queryPorts    zFirewallD.queryPortZaascCs&t|t}td||jj|S)Nzzone.getPorts('%s'))rrhrr7r&rBZ list_portsrr1r1r2getPortss zFirewallD.getPortsrcCstd||||fdS)Nz$zone.PortAdded('%s', '%s', '%s', %d)rr,rBr5r6r$r1r1r2r8s zFirewallD.PortAddedcCstd|||fdS)Nz"zone.PortRemoved('%s', '%s', '%s')rr4r1r1r2r3szFirewallD.PortRemovedcCs>td||f|j||=|jj|||||dS)Nz%zone.disableTimedProtocol('%s', '%s'))rr7r8r&rBremove_protocolProtocolRemovedr,rBr6r1r1r2disableTimedProtocols zFirewallD.disableTimedProtocolcCst|t}t|t}t|t}td||f|||jj||||}|dkrvt ||j ||}| |||| ||||S)Nzzone.enableProtocol('%s', '%s')r)rrhrrr7rAr&rBZ add_protocolrr"rDrE ProtocolAdded)r,rBr6r$r@rrDr1r1r2 addProtocols     zFirewallD.addProtocolcCs\t|t}t|t}td||f|||jj||}|||| |||S)Nzzone.removeProtocol('%s', '%s')) rrhrr7rAr&rBrArHrB)r,rBr6r@rr1r1r2removeProtocols     zFirewallD.removeProtocolcCs6t|t}t|t}td||f|jj||S)Nzzone.queryProtocol('%s', '%s'))rrhrr7r&rBZquery_protocol)r,rBr6r@r1r1r2 queryProtocols  zFirewallD.queryProtocolcCs&t|t}td||jj|S)Nzzone.getProtocols('%s'))rrhrr7r&rBZlist_protocolsrr1r1r2 getProtocolss zFirewallD.getProtocolscCstd|||fdS)Nz"zone.ProtocolAdded('%s', '%s', %d)r)r,rBr6r$r1r1r2rEszFirewallD.ProtocolAddedcCstd||fdS)Nz zone.ProtocolRemoved('%s', '%s')rrCr1r1r2rBszFirewallD.ProtocolRemovedcCsJtd|||f|j|d||f=|jj|||||||dS)Nz-zone.disableTimedSourcePort('%s', '%s', '%s')sport)rr7r8r&rBremove_source_portSourcePortRemovedr4r1r1r2disableTimedSourcePort s z FirewallD.disableTimedSourcePortcCst|t}t|t}t|t}t|t}td|||f|||jj|||||}|dkrt ||j |||}| |d||f|| |||||S)Nz$zone.addSourcePort('%s', '%s', '%s')rrJ)rrhrrr7rAr&rBZadd_source_portrr"rMrESourcePortAddedr9r1r1r2 addSourcePorts$       zFirewallD.addSourcePortcCsrt|t}t|t}t|t}td|||f|||jj|||}||d||f| ||||S)Nz'zone.removeSourcePort('%s', '%s', '%s')rJ) rrhrr7rAr&rBrKrHrLr;r1r1r2removeSourcePort,s     zFirewallD.removeSourcePortcCsDt|t}t|t}t|t}td|||f|jj|||S)Nz&zone.querySourcePort('%s', '%s', '%s'))rrhrr7r&rBZquery_source_portr=r1r1r2querySourcePort>s    zFirewallD.querySourcePortcCs&t|t}td||jj|S)Nzzone.getSourcePorts('%s'))rrhrr7r&rBZlist_source_portsrr1r1r2getSourcePortsKs zFirewallD.getSourcePortscCstd||||fdS)Nz*zone.SourcePortAdded('%s', '%s', '%s', %d)rr@r1r1r2rNWs zFirewallD.SourcePortAddedcCstd|||fdS)Nz(zone.SourcePortRemoved('%s', '%s', '%s')rr4r1r1r2rL]s zFirewallD.SourcePortRemovedcCs(|j|d=|jj|||dS)N masquerade)r8r&rBremove_masqueradeMasqueradeRemovedrr1r1r2disableTimedMasqueradegs z FirewallD.disableTimedMasqueradesicCstt|t}t|t}td||||jj|||}|dkrdt ||j |}| |d|| |||S)Nzzone.addMasquerade('%s')rrS)rrhrrr7rAr&rBZadd_masqueraderr"rVrEMasqueradeAdded)r,rBr$r@rrDr1r1r2 addMasqueradems     zFirewallD.addMasqueradecCsJt|t}td||||jj|}||d| ||S)Nzzone.removeMasquerade('%s')rS) rrhrr7rAr&rBrTrHrUr,rBr@rr1r1r2removeMasquerades    zFirewallD.removeMasqueradecCs&t|t}td||jj|S)Nzzone.queryMasquerade('%s'))rrhrr7r&rBZquery_masqueraderr1r1r2queryMasquerades zFirewallD.queryMasqueradecCstd||fdS)Nzzone.MasqueradeAdded('%s', %d)r)r,rBr$r1r1r2rXszFirewallD.MasqueradeAddedcCstd|dS)Nzzone.MasqueradeRemoved('%s')rrr1r1r2rUszFirewallD.MasqueradeRemovedcCs@|j|||||f=|jj|||||||||||dSr3)r8r&rBremove_forward_portForwardPortRemovedr,rBr5r6toporttoaddrr1r1r2disable_forward_portszFirewallD.disable_forward_portZsssssic Cst|t}t|t}t|t}t|t}t|t}t|t}td|||||f|||jj|||||||}|dkrt ||j |||||} | |||||f| | |||||||S)Nz1zone.addForwardPort('%s', '%s', '%s', '%s', '%s')r)rrhrrr7rAr&rBZadd_forward_portrr"rbrEForwardPortAdded) r,rBr5r6r`rar$r@rrDr1r1r2addForwardPorts,        zFirewallD.addForwardPortZssssscCst|t}t|t}t|t}t|t}t|t}td|||||f|||jj|||||}||||||f| ||||||S)Nz4zone.removeForwardPort('%s', '%s', '%s', '%s', '%s')) rrhrr7rAr&rBr]rHr^)r,rBr5r6r`rar@rr1r1r2removeForwardPorts       zFirewallD.removeForwardPortcCs`t|t}t|t}t|t}t|t}t|t}td|||||f|jj|||||S)Nz3zone.queryForwardPort('%s', '%s', '%s', '%s', '%s'))rrhrr7r&rBZquery_forward_port)r,rBr5r6r`rar@r1r1r2queryForwardPorts      zFirewallD.queryForwardPortcCs&t|t}td||jj|S)Nzzone.getForwardPorts('%s'))rrhrr7r&rBZlist_forward_portsrr1r1r2getForwardPortss zFirewallD.getForwardPortsc Cstd||||||fdS)Nz7zone.ForwardPortAdded('%s', '%s', '%s', '%s', '%s', %d)r)r,rBr5r6r`rar$r1r1r2rcszFirewallD.ForwardPortAddedcCstd|||||fdS)Nz5zone.ForwardPortRemoved('%s', '%s', '%s', '%s', '%s')rr_r1r1r2r^s zFirewallD.ForwardPortRemovedcCs>td||f|j||=|jj|||||dS)Nz&zone.disableTimedIcmpBlock('%s', '%s'))rr7r8r&rBremove_icmp_blockIcmpBlockRemovedr,rBicmpr@r1r1r2disableTimedIcmpBlocks zFirewallD.disableTimedIcmpBlockcCst|t}t|t}t|t}td||f|||jj||||}|dkrxt ||j |||}| |||| ||||S)Nz zone.enableIcmpBlock('%s', '%s')r)rrhrrr7rAr&rBZadd_icmp_blockrr"rlrEIcmpBlockAdded)r,rBrkr$r@rrDr1r1r2 addIcmpBlocks     zFirewallD.addIcmpBlockcCs\t|t}t|t}td||f|||jj||}|||| |||S)Nz zone.removeIcmpBlock('%s', '%s')) rrhrr7rAr&rBrhrHri)r,rBrkr@rr1r1r2removeIcmpBlock+s     zFirewallD.removeIcmpBlockcCs6t|t}t|t}td||f|jj||S)Nzzone.queryIcmpBlock('%s', '%s'))rrhrr7r&rBZquery_icmp_blockrjr1r1r2queryIcmpBlock;s  zFirewallD.queryIcmpBlockcCs&t|t}td||jj|S)Nzzone.getIcmpBlocks('%s'))rrhrr7r&rBZlist_icmp_blocksrr1r1r2 getIcmpBlocksFs zFirewallD.getIcmpBlockscCstd|||fdS)Nz#zone.IcmpBlockAdded('%s', '%s', %d)r)r,rBrkr$r1r1r2rmRszFirewallD.IcmpBlockAddedcCstd||fdS)Nz!zone.IcmpBlockRemoved('%s', '%s')r)r,rBrkr1r1r2riXszFirewallD.IcmpBlockRemovedcCs@t|t}td||||jj||}|||S)Nz zone.addIcmpBlockInversion('%s')) rrhrr7rAr&rBZadd_icmp_block_inversionIcmpBlockInversionAddedrZr1r1r2addIcmpBlockInversionas    zFirewallD.addIcmpBlockInversioncCs>t|t}td||||jj|}|||S)Nz#zone.removeIcmpBlockInversion('%s')) rrhrr7rAr&rBZremove_icmp_block_inversionIcmpBlockInversionRemovedrZr1r1r2removeIcmpBlockInversionos    z"FirewallD.removeIcmpBlockInversioncCs&t|t}td||jj|S)Nz"zone.queryIcmpBlockInversion('%s'))rrhrr7r&rBZquery_icmp_block_inversionrr1r1r2queryIcmpBlockInversion}s z!FirewallD.queryIcmpBlockInversioncCstd|dS)Nz"zone.IcmpBlockInversionAdded('%s')rrr1r1r2rrsz!FirewallD.IcmpBlockInversionAddedcCstd|dS)Nz$zone.IcmpBlockInversionRemoved('%s')rrr1r1r2rtsz#FirewallD.IcmpBlockInversionRemovedcCs`t|t}t|t}t|t}td|||f|||jj|||||||dS)Nz!direct.addChain('%s', '%s', '%s')) rrhrr7rAr&rZ add_chain ChainAddedr,ipvtablechainr@r1r1r2addChains    zFirewallD.addChaincCs`t|t}t|t}t|t}td|||f|||jj|||||||dS)Nz$direct.removeChain('%s', '%s', '%s')) rrhrr7rAr&rZ remove_chain ChainRemovedrxr1r1r2 removeChains    zFirewallD.removeChaincCsDt|t}t|t}t|t}td|||f|jj|||S)Nz#direct.queryChain('%s', '%s', '%s'))rrhrr7r&rZ query_chainrxr1r1r2 queryChains    zFirewallD.queryChaincCs6t|t}t|t}td||f|jj||S)Nzdirect.getChains('%s', '%s'))rrhrr7r&rZ get_chains)r,ryrzr@r1r1r2 getChainss  zFirewallD.getChainsza(sss)cCstd|jjS)Nzdirect.getAllChains())rr7r&rrr~r1r1r2 getAllChainss zFirewallD.getAllChainscCstd|||fdS)Nz#direct.ChainAdded('%s', '%s', '%s')rr,ryrzr{r1r1r2rwszFirewallD.ChainAddedcCstd|||fdS)Nz%direct.ChainRemoved('%s', '%s', '%s')rrr1r1r2r}s zFirewallD.ChainRemovedZsssiasc Cst|t}t|t}t|t}t|t}tdd|D}td||||d|f|||jj |||||| |||||dS)Ncss|]}t|tVqdSr3rrh.0rr1r1r2 z$FirewallD.addRule..z*direct.addRule('%s', '%s', '%s', %d, '%s')',') rrhrrrr7joinrAr&rr! RuleAddedr,ryrzr{priorityr-r@r1r1r2addRules     zFirewallD.addRulec Cst|t}t|t}t|t}t|t}tdd|D}td||||d|f|||jj |||||| |||||dS)Ncss|]}t|tVqdSr3rrr1r1r2r rz'FirewallD.removeRule..z-direct.removeRule('%s', '%s', '%s', %d, '%s')r) rrhrrrr7rrAr&rr RuleRemovedrr1r1r2 removeRules     zFirewallD.removeRulecCst|t}t|t}t|t}td|||f|||jj|||D]0\}}|jj|||||| |||||qNdS)Nz$direct.removeRules('%s', '%s', '%s')) rrhrr7rAr&r get_rulesrr)r,ryrzr{r@rr-r1r1r2 removeRules s    zFirewallD.removeRulesc Csnt|t}t|t}t|t}t|t}tdd|D}td||||d|f|jj |||||S)Ncss|]}t|tVqdSr3rrr1r1r2r( rz&FirewallD.queryRule..z,direct.queryRule('%s', '%s', '%s', %d, '%s')r) rrhrrrr7rr&rr'rr1r1r2 queryRule s    zFirewallD.queryRuleza(ias)cCsDt|t}t|t}t|t}td|||f|jj|||S)Nz!direct.getRules('%s', '%s', '%s'))rrhrr7r&rrrxr1r1r2getRules- s    zFirewallD.getRulesz a(sssias)cCstd|jjS)Nzdirect.getAllRules())rr7r&rrr~r1r1r2 getAllRules: s zFirewallD.getAllRulesc Cs"td||||d|fdS)Nz,direct.RuleAdded('%s', '%s', '%s', %d, '%s')rrr7rr,ryrzr{rr-r1r1r2rD szFirewallD.RuleAddedc Cs"td||||d|fdS)Nz.direct.RuleRemoved('%s', '%s', '%s', %d, '%s')rrrr1r1r2rK szFirewallD.RuleRemovedr[c Cst|t}tdd|D}td|d|f||z|jj ||WSt y}zj|dvrvt gd}n t ddg}t|}|j t jkrtt ||@d krt|t|WYd}~n d}~00dS) Ncss|]}t|tVqdSr3rrr1r1r2r^ rz(FirewallD.passthrough..zdirect.passthrough('%s', '%s')r)rOrS)z-Cz--check-L--listrrr)rrhrrr7rrAr&r passthroughr"setcoder!ZCOMMAND_FAILEDrrr )r,ryr-r@r?Z query_argsmsgr1r1r2rV s      zFirewallD.passthroughcCs\t|}tdd|D}td|d|f|||jj||| ||dS)Ncss|]}t|VqdSr3rrr1r1r2rz rz+FirewallD.addPassthrough..z!direct.addPassthrough('%s', '%s')r) rrrr7rrAr&rZadd_passthroughPassthroughAddedr,ryr-r@r1r1r2addPassthroughr s  zFirewallD.addPassthroughcCs\t|}tdd|D}td|d|f|||jj||| ||dS)Ncss|]}t|VqdSr3rrr1r1r2r rz.FirewallD.removePassthrough..z$direct.removePassthrough('%s', '%s')r) rrrr7rrAr&rZremove_passthroughPassthroughRemovedrr1r1r2removePassthrough s  zFirewallD.removePassthroughcCsBt|}tdd|D}td|d|f|jj||S)Ncss|]}t|VqdSr3rrr1r1r2r rz-FirewallD.queryPassthrough..z#direct.queryPassthrough('%s', '%s')r)rrrr7rr&rZquery_passthroughrr1r1r2queryPassthrough s  zFirewallD.queryPassthroughza(sas)cCstd|jjS)Nzdirect.getAllPassthroughs())rr7r&rrr~r1r1r2getAllPassthroughs s zFirewallD.getAllPassthroughscCs*tdt|D]}|j|qdS)Nzdirect.removeAllPassthroughs())rr7reversedrr)r,r@rr1r1r2removeAllPassthroughs s zFirewallD.removeAllPassthroughscCs"t|}td||jj|S)Nzdirect.getPassthroughs('%s'))rrr7r&rZget_passthroughs)r,ryr@r1r1r2getPassthroughs s zFirewallD.getPassthroughscCstd|d|fdS)Nz#direct.PassthroughAdded('%s', '%s')rrr,ryr-r1r1r2r s zFirewallD.PassthroughAddedcCstd|d|fdS)Nz%direct.PassthroughRemoved('%s', '%s')rrrr1r1r2r s zFirewallD.PassthroughRemovedcCsdS)z PK_ACTION_ALL implies all other actions, i.e. once a subject is authorized for PK_ACTION_ALL it's also authorized for any other action. Use-case is GUI (RHBZ#994729). Nr1r~r1r1r2 authorizeAll s zFirewallD.authorizeAllcCs$t|}td||jj|S)Nzipset.queryIPSet('%s'))rrr7r&rZ query_ipsetr,rr@r1r1r2 queryIPSet szFirewallD.queryIPSetcCstd|jjS)Nzipsets.getIPSets())rr7r&rrr~r1r1r2 getIPSets s zFirewallD.getIPSetscCs(t|t}td||jj|S)NzgetIPSetSettings(%s))rrhrr7r&rZ get_ipsetrrr1r1r2r s  zFirewallD.getIPSetSettingscCsLt|}t|}td||f|||jj|||||dS)Nzipset.addEntry('%s', '%s'))rrr7rAr&rZ add_entry EntryAddedr,rentryr@r1r1r2addEntry s  zFirewallD.addEntrycCsLt|}t|}td||f|||jj|||||dS)Nzipset.removeEntry('%s', '%s'))rrr7rAr&rZ remove_entry EntryRemovedrr1r1r2 removeEntry s  zFirewallD.removeEntrycCs2t|}t|}td||f|jj||S)Nzipset.queryEntry('%s', '%s'))rrr7r&rZ query_entryrr1r1r2 queryEntry szFirewallD.queryEntrycCs$t|}td||jj|S)Nzipset.getEntries('%s'))rrr7r&r get_entriesrr1r1r2 getEntries! szFirewallD.getEntriescCst|}t|t}td|d||jj|}|jj||t |}t |}||D]}| ||q\||D]}| ||qvdS)Nzipset.setEntries('%s', '[%s]'),) rlistrr7rr&rrZ set_entriesrrr)r,rentriesr@Z old_entriesZold_entries_setZ entries_setrr1r1r2 setEntries+ s   zFirewallD.setEntriescCs&t|}t|}td||fdS)Nzipset.EntryAdded('%s', '%s')rrr7r,rrr1r1r2r< szFirewallD.EntryAddedcCs&t|}t|}td||fdS)Nzipset.EntryRemoved('%s', '%s')rrr1r1r2rC szFirewallD.EntryRemovedcCstd|jjS)Nzhelpers.getHelpers())rr7r&rrr~r1r1r2 getHelpersN s zFirewallD.getHelperscCs(t|t}td||jj|S)NzgetHelperSettings(%s))rrhrr7r&rZ get_helperr)r,rr@r1r1r2rW s  zFirewallD.getHelperSettings)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)r)N)N)N)N)r)N)N)N)N)r)N)N)N)r)N)N)N)N)r)N)N)N)N)r)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)__name__ __module__ __qualname____doc__Z persistentrr*ZPK_ACTION_CONFIGZdefault_polkit_auth_requiredr r%r6r)r4r rArErHrJrbr ZPROPERTIES_IFACErortrrursignalrvZPK_ACTION_INFOZINTROSPECTABLE_IFACErwr+r|rr}rrrZPK_ACTION_POLICIESrkrrZPK_ACTION_POLICIES_INFOrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrZPK_ACTION_CONFIG_INFOrrirrrZDBUS_INTERFACE_POLICYrrrrrrrrZDBUS_SIGNATURErrrrrrrrrrrrrrrrrr r r rrrrrr rrrrrrrrrr r%r&r(r)r#rr-rr/r0r1r.r+r7r:r<r>r?r8r3rDrFrGrHrIrErBrMrOrPrQrRrNrLrVrYr[r\rXrUrbrdrerfrgrcr^rlrnrorprqrmrirsrurvrrrtZPK_ACTION_DIRECTrrjr|r~ZPK_ACTION_DIRECT_INFOrrrrrwr}rrrrrrrrrrrrrrrrrZ PK_ACTION_ALLrrlrrrrrrrrrrrrrr __classcell__r1r1r/r2r?s        /  "               O                                                                                                                                                                                                                                                                                                 )6__all__Z gi.repositoryrrr*Z dbus.serviceZfirewallrZfirewall.core.fwrZfirewall.core.richrZfirewall.core.loggerrZfirewall.clientrZfirewall.server.dbusr r Zfirewall.server.decoratorsr r r rrrZfirewall.server.configrZfirewall.dbus_utilsrrrrrrrrZfirewall.core.io.functionsrZfirewall.core.io.ipsetrZfirewall.core.io.icmptyperZfirewall.core.io.helperrZfirewall.core.fw_nmrrZfirewall.core.fw_ifcfgr r!Zfirewall.errorsr"rr1r1r1r2s,        (