3
@)òfbÀ ã               @   sV  d gZ ddlmZmZ ddlZeejd< ddlZddlZddlZddl	Z
ddlZ
ddlmZ ddlmZ ddlmZ ddlmZ dd	lmZ dd
lmZmZmZmZ ddlmZ ddlmZmZm Z m!Z!m"Z"m#Z#m$Z$ ddl%m&Z& ddl'm(Z( ddl)m*Z* ddl+m,Z, ddl-m.Z.m/Z/m0Z0 ddl1m2Z2 ddlm3Z3 ddl4m5Z5 G dd „ d e
jj6j7ƒZ8dS )Ú	FirewallDé    )ÚGLibÚGObjectNZgobject)Úconfig)ÚFirewall)Ú	Rich_Rule)Úlog)ÚFirewallClientZoneSettings)Údbus_handle_exceptionsÚdbus_service_methodÚhandle_exceptionsÚFirewallDBusException)ÚFirewallDConfig)Údbus_to_pythonÚcommand_of_senderÚcontext_of_senderÚuid_of_senderÚuser_of_uidÚ%dbus_introspection_prepare_propertiesÚ!dbus_introspection_add_properties)Úcheck_config)ÚIPSet)ÚIcmpType)ÚHelper)Únm_get_bus_nameÚnm_get_connection_of_interfaceÚnm_set_zone_of_connection)Úifcfg_set_zone_of_interface)Úerrors)ÚFirewallErrorc                   s”"  e Zd ZdZdZejjZe	‡ fdd„ƒZ
dd„ Ze	dd„ ƒZe	d	d
„ ƒZedd„ ƒZedd„ ƒZedd„ ƒZedd„ ƒZedd„ ƒZeejddded­dd„ƒƒZeejddded®dd„ƒƒZejjjejjƒeejdd ed¯d!d"„ƒƒƒZejjejd#d$d%d&„ ƒZejjjejjƒeej dd'ed°‡ fd(d)„	ƒƒƒZ!ejjjejjƒeejj"d*d*ded±d+d,„ƒƒƒZ#ejjjejjƒeejj"d*d*ded²d-d.„ƒƒƒZ$ejjejj"ƒed/d0„ ƒƒZ%ejjjejjƒeejj"d*d*ded³d1d2„ƒƒƒZ&ejjjejjƒeejj"d*d*ded´d3d4„ƒƒƒZ'ejjjejj(ƒeejj)d*d*dedµd5d6„ƒƒƒZ*ejjjejj(ƒeejj)d*d*ded¶d7d8„ƒƒƒZ+ejjjejj,ƒeejj)d*d9ded·d:d;„ƒƒƒZ-ejjejj)d*d$ed<d=„ ƒƒZ.ejjejj)d*d$ed>d?„ ƒƒZ/ejjjejj(ƒeejj)dd*ded¸d@dA„ƒƒƒZ0ejjjejj(ƒeejj)dd*ded¹dBdC„ƒƒƒZ1ejjjejj,ƒeejj)dd9dedºdDdE„ƒƒƒZ2ejjjejj,ƒeejj)d*dFded»dGdH„ƒƒƒZ3ejjejj)dd$edIdJ„ ƒƒZ4ejjejj)dd$edKdL„ ƒƒZ5ejjjejj(ƒeejj)dMd*ded¼dNdO„ƒƒƒZ6ejjjejj(ƒeejj)dMd*ded½dPdQ„ƒƒƒZ7ejjjejj,ƒeejj)dMd9ded¾dRdS„ƒƒƒZ8ejjjejj,ƒeejj)d*dTded¿dUdV„ƒƒƒZ9ejjejj)dMd$edWdX„ ƒƒZ:ejjejj)dMd$edYdZ„ ƒƒZ;ejjjejj(ƒeejj)dd*dedÀd[d\„ƒƒƒZ<ejjjejj(ƒeejj)dd*dedÁd]d^„ƒƒƒZ=ejjjejj,ƒeejj)dd9dedÂd_d`„ƒƒƒZ>ejjjejj,ƒeejj)d*dFdedÃdadb„ƒƒƒZ?ejjejj)dd$edcdd„ ƒƒZ@ejjejj)dd$ededf„ ƒƒZAejjjejj(ƒeejj)dd*dedÄdgdh„ƒƒƒZBejjjejj(ƒeejj)dd*dedÅdidj„ƒƒƒZCejjjejj,ƒeejj)dd9dedÆdkdl„ƒƒƒZDejjjejj,ƒeejj)d*dFdedÇdmdn„ƒƒƒZEejjejj)dd$edodp„ ƒƒZFejjejj)dd$edqdr„ ƒƒZGejjjejjƒeejj"d*d*dedÈdsdt„ƒƒƒZHejjjejjƒeejj"d*d*dedÉdudv„ƒƒƒZIejjjejjƒeejj"d*d9dedÊdwdx„ƒƒƒZJejjejj"d*d$edydz„ ƒƒZKejjejj"d*d$ed{d|„ ƒƒZLejjjejjMƒeejj"dd}dedËd~d„ƒƒƒZNejjjejjMƒeejjOdddedÌd€d„ƒƒƒZPejjjejjMƒeejjOd‚d edÍdƒd„„ƒƒƒZQejjejjOd‚d$ed…d†„ ƒƒZRejjjejjMƒeejjSdddedÎd‡dˆ„ƒƒƒZTejjjejjMƒeejjSd‚d edÏd‰dŠ„ƒƒƒZUejjejjSd‚d$ed‹dŒ„ ƒƒZVejjjejjƒeejj"d*dFdedÐddŽ„ƒƒƒZWejjjejjMƒeejj"dddedÑdd‘„ƒƒƒZXejjjejjMƒeejj"dddedÒd’d“„ƒƒƒZYejjjejjƒeejj"d*dFdedÓd”d•„ƒƒƒZZejjjejjMƒeejj"de[j\dedÔd–d—„ƒƒƒZ]ejjjejjMƒeejj"d*ddedÕd˜d™„ƒƒƒZ^ejjjejjƒeejj"dd*dedÖdšd›„ƒƒƒZ_ejjejj"dd$edœd„ ƒƒZ`ejjjejjMƒeejj"d*dded×dždŸ„ƒƒƒZaejjjejjƒeejj"dd*dedØd d¡„ƒƒƒZbejjejj"dd$ed¢d£„ ƒƒZcejjjejjƒeejj"d*ddedÙd¤d¥„ƒƒƒZdejjjejjƒeejj"dd*dedÚd¦d§„ƒƒƒZeejjejj"dd$ed¨d©„ ƒƒZfejjjejjƒeejjSd*dFdedÛdªd«„ƒƒƒZgejjjejjƒeejjSd*d¬dedÜd­d®„ƒƒƒZhejjjejjƒeejjOd*dFdedÝd¯d°„ƒƒƒZiejjjejjƒeejjOd*d¬dedÞd±d²„ƒƒƒZjejjjejjƒeejjOdddedßd³d´„ƒƒƒZkejjjejjƒeejjOdddedàdµd¶„ƒƒƒZlejjjejjMƒeejjOdd9dedád·d¸„ƒƒƒZmejjjejjƒeejjOdddedâd¹dº„ƒƒƒZnejjjejjƒeejjOdddedãd»d¼„ƒƒƒZoejjjejjƒeejjOdddedäd½d¾„ƒƒƒZpejjjejjƒeejjOdddedåd¿dÀ„ƒƒƒZqejjjejjMƒeejjOdd9dedædÁdÂ„ƒƒƒZrejjjejjMƒeejjOddFdedçdÃdÄ„ƒƒƒZsejjejjOdd$edÅdÆ„ ƒƒZtejjejjOdd$edÇdÈ„ ƒƒZuejjejjOdd$edÉdÊ„ ƒƒZvejjejjOdd$edËdÌ„ ƒƒZwejjjejjƒeejjOdddedèdÍdÎ„ƒƒƒZxejjjejjƒeejjOdddedédÏdÐ„ƒƒƒZyejjjejjƒeejjOdddedêdÑdÒ„ƒƒƒZzejjjejjMƒeejjOdd9dedëdÓdÔ„ƒƒƒZ{ejjjejjMƒeejjOddFdedìdÕdÖ„ƒƒƒZ|ejjejjOdd$ed×dØ„ ƒƒZ}ejjejjOdd$edÙdÚ„ ƒƒZ~ejjejjOdd$edÛdÜ„ ƒƒZedÝdÞ„ ƒZ€ejjjejjƒeejjOdßddedídàdá„ƒƒƒZejjjejjƒeejjOdddedîdâdã„ƒƒƒZ‚ejjjejjMƒeejjOdd9dedïdädå„ƒƒƒZƒejjjejjMƒeejjOddFdedðdædç„ƒƒƒZ„ejjejjOdßd$edèdé„ ƒƒZ…ejjejjOdd$edêdë„ ƒƒZ†edìdí„ ƒZ‡ejjjejjƒeejjOdßddedñdîdï„ƒƒƒZˆejjjejjƒeejjOdddedòdðdñ„ƒƒƒZ‰ejjjejjMƒeejjOdd9dedódòdó„ƒƒƒZŠejjjejjMƒeejjOddFdedôdôdõ„ƒƒƒZ‹ejjejjOdßd$edöd÷„ ƒƒZŒejjejjOdd$edødù„ ƒƒZedúdû„ ƒZŽejjjejjƒeejjOdüddedõdýdþ„ƒƒƒZejjjejjƒeejjOdÿddedöd d„ƒƒƒZejjjejjMƒeejjOdÿd9ded÷dd„ƒƒƒZ‘ejjjejjMƒeejjOdddedødd„ƒƒƒZ’ejjejjOdüd$edùdd	„ƒƒZ“ejjejjOdÿd$ed
d„ ƒƒZ”edd„ ƒZ•ejjjejjƒeejjOdßddedúdd„ƒƒƒZ–ejjjejjƒeejjOdddedûdd„ƒƒƒZ—ejjjejjMƒeejjOdd9dedüdd„ƒƒƒZ˜ejjjejjMƒeejjOddFdedýdd„ƒƒƒZ™ejjejjOdßd$edþdd„ƒƒZšejjejjOdd$edd„ ƒƒZ›edd„ ƒZœejjjejjƒeejjOdüddedÿdd„ƒƒƒZejjjejjƒeejjOdÿdded dd„ƒƒƒZžejjjejjMƒeejjOdÿd9dedd d!„ƒƒƒZŸejjjejjMƒeejjOdddedd"d#„ƒƒƒZ ejjejjOdüd$edd$d%„ƒƒZ¡ejjejjOdÿd$ed&d'„ ƒƒZ¢ed(d)„ ƒZ£ejjjejjƒeejjOd*ddedd+d,„ƒƒƒZ¤ejjjejjƒeejjOdddedd-d.„ƒƒƒZ¥ejjjejjMƒeejjOdd9dedd/d0„ƒƒƒZ¦ejjejjOd*d$edd1d2„ƒƒZ§ejjejjOdd$ed3d4„ ƒƒZ¨ed5d6„ ƒZ©ejjjejjƒeejjOd7ddedd8d9„ƒƒƒZªejjjejjƒeejjOd:dded	d;d<„ƒƒƒZ«ejjjejjMƒeejjOd:d9ded
d=d>„ƒƒƒZ¬ejjjejjMƒeejjOdddedd?d@„ƒƒƒZ­ejjejjOd7d$eddAdB„ƒƒZ®ejjejjOd:d$edCdD„ ƒƒZ¯edEdF„ ƒZ°ejjjejjƒeejjOdßddeddGdH„ƒƒƒZ±ejjjejjƒeejjOdddeddIdJ„ƒƒƒZ²ejjjejjMƒeejjOdd9deddKdL„ƒƒƒZ³ejjjejjMƒeejjOddFdeddMdN„ƒƒƒZ´ejjejjOdßd$eddOdP„ƒƒZµejjejjOdd$edQdR„ ƒƒZ¶ejjjejjƒeejjOdddeddSdT„ƒƒƒZ·ejjjejjƒeejjOdddeddUdV„ƒƒƒZ¸ejjjejjMƒeejjOdd9deddWdX„ƒƒƒZ¹ejjejjOdd$edYdZ„ ƒƒZºejjejjOdd$ed[d\„ ƒƒZ»ejjjejj¼ƒeejj½dÿd*dedd]d^„ƒƒƒZ¾ejjjejj¼ƒeejj½dÿd*dedd_d`„ƒƒƒZ¿ejjjejjÀƒeejj½dÿd9deddadb„ƒƒƒZÁejjjejjÀƒeejj½ddFdeddcdd„ƒƒƒZÂejjjejjÀƒeejj½d*dededdfdg„ƒƒƒZÃejjejj½dÿd$edhdi„ ƒƒZÄejjejj½dÿd$edjdk„ ƒƒZÅejjjejj¼ƒeejj½dld*deddmdn„ƒƒƒZÆejjjejj¼ƒeejj½dld*deddodp„ƒƒƒZÇejjjejj¼ƒeejj½dÿd*deddqdr„ƒƒƒZÈejjjejjÀƒeejj½dld9deddsdt„ƒƒƒZÉejjjejjÀƒeejj½dÿdudeddvdw„ƒƒƒZÊejjjejjÀƒeejj½d*dxdeddydz„ƒƒƒZËejjejj½dld$ed{d|„ ƒƒZÌejjejj½dld$ed}d~„ ƒƒZÍejjjejj¼ƒeejj½ddded d€d„ƒƒƒZÎejjjejj¼ƒeejj½dd*ded!d‚dƒ„ƒƒƒZÏejjjejj¼ƒeejj½dd*ded"d„d…„ƒƒƒZÐejjjejjÀƒeejj½dd9ded#d†d‡„ƒƒƒZÑejjjejjÀƒeejj½d*dˆded$d‰dŠ„ƒƒƒZÒejjjejj¼ƒeejj½d*d*ded%d‹dŒ„ƒƒƒZÓejjjejjÀƒeejj½ddded&ddŽ„ƒƒƒZÔejjejj½dd$edd„ ƒƒZÕejjejj½dd$ed‘d’„ ƒƒZÖejjjejj×ƒeejj"d*d*ded'd“d”„ƒƒƒZØejjjejjƒeejjÙdd9ded(d•d–„ƒƒƒZÚejjjejjƒeejjÙd*dFded)d—d˜„ƒƒƒZÛejjjejjMƒeejjÙdeÜj\ded*d™dš„ƒƒƒZÝejjjejjƒeejjÙdd*ded+d›dœ„ƒƒƒZÞejjjejjƒeejjÙdd*ded,ddž„ƒƒƒZßejjjejjƒeejjÙdd9ded-dŸd „ƒƒƒZàejjjejjƒeejjÙddFded.d¡d¢„ƒƒƒZáejjjejjƒeejjÙdd ed/d£d¤„ƒƒƒZâejjejjÙdd$ed¥d¦„ ƒƒZãejjejjÙdd$ed§d¨„ ƒƒZäejjjejjƒeejj"d*dFded0d©dª„ƒƒƒZåejjjejjMƒeejj"deæj\ded1d«d¬„ƒƒƒZç‡  ZèS (2  r   zFirewallD main classTc                s`   t t| ƒj||Ž tƒ | _|d | _|d | _| jƒ  t| t	j
jƒ t| jj	| jt	j
jƒ| _	d S )Nr   é   )Úsuperr   Ú__init__r   ÚfwÚbusnameÚpathÚstartr   r   ÚdbusÚDBUS_INTERFACEr   ZDBUS_PATH_CONFIG)ÚselfÚargsÚkwargs)Ú	__class__© ú/usr/lib/python3.6/firewalld.pyr"   I   s    

zFirewallD.__init__c             C   s   | j ƒ  d S )N)Ústop)r)   r-   r-   r.   Ú__del__T   s    zFirewallD.__del__c             C   s   t jdƒ i | _| jjƒ S )Nzstart())r   Údebug1Ú	_timeoutsr#   r&   )r)   r-   r-   r.   r&   W   s    
zFirewallD.startc             C   s   t jdƒ | jjƒ S )Nzstop())r   r1   r#   r/   )r)   r-   r-   r.   r/   _   s    
zFirewallD.stopc             C   s°   | j jjƒ r¬|d kr"tjdƒ d S tjƒ }t||ƒ}| j jjd|ƒrHd S t	||ƒ}| j jjd|ƒrfd S t
|ƒ}| j jjd|ƒr‚d S t||ƒ}| j jjd|ƒr d S ttjdƒ‚d S )Nz&Lockdown not possible, sender not set.ÚcontextÚuidÚuserÚcommandzlockdown is enabled)r#   ÚpoliciesÚquery_lockdownr   Úerrorr'   Z	SystemBusr   Zaccess_checkr   r   r   r   r   ZACCESS_DENIED)r)   ÚsenderZbusr3   r4   r5   r6   r-   r-   r.   ÚaccessCheckh   s$    



zFirewallD.accessCheckc             C   s&   || j kri | j |< || j | |< d S )N)r2   )r)   ÚzoneÚxÚtagr-   r-   r.   Ú
addTimeout   s    

zFirewallD.addTimeoutc             C   s<   || j kr8|| j | kr8tj| j | | ƒ | j | |= d S )N)r2   r   Úsource_remove)r)   r<   r=   r-   r-   r.   ÚremoveTimeout…   s    zFirewallD.removeTimeoutc             C   sT   xD| j D ]:}x&| j | D ]}tj| j | | ƒ qW | j | jƒ  qW | j jƒ  d S )N)r2   r   r@   Úclear)r)   r<   r=   r-   r-   r.   Úcleanup_timeouts‹   s
    zFirewallD.cleanup_timeoutsc             C   sd  |dkrt jtjƒS |dkr6t jdtj jtj jf ƒS |dkrNt j| jjƒ ƒS |dkrht j| jj	dƒƒS |dkr€t j
| jjdƒS |d	kršt j| jj	d
ƒƒS |dkr°t j| jjƒS |dkrÈt j
| jjdƒS |dkrÞt j| jjƒS |dk röt j| jjƒS |dkrt j
| jjdƒS |dkr$t jdƒS |dkr:t ji dƒS |dkrPt ji dƒS t jjd| ƒ‚d S )NÚversionÚinterface_versionz%d.%dÚstateÚIPv4Úipv4ÚIPv4ICMPTypesÚsÚIPv6Úipv6ÚIPv6_rpfilterÚIPv6ICMPTypesÚBRIDGEr   Ú
IPSetTypesÚnf_conntrack_helper_settingFÚnf_conntrack_helpersÚsasÚnf_nat_helperszDorg.freedesktop.DBus.Error.InvalidArgs: Property '%s' does not exist)r'   ÚStringr   ÚVERSIONZDBUS_INTERFACE_VERSIONZDBUS_INTERFACE_REVISIONr#   Z	get_stateZBooleanZis_ipv_enabledZArrayZipv4_supported_icmp_typesZipv6_rpfilter_enabledZipv6_supported_icmp_typesZebtables_enabledZipset_enabledZipset_supported_typesÚ
DictionaryÚ
exceptionsÚDBusException)r)   Zpropr-   r-   r.   Ú_get_property–   s@    




zFirewallD._get_propertyZssÚv)Úin_signatureÚout_signatureNc             C   s~   t |tƒ}t |tƒ}tjd||ƒ |tjjkr8| j|ƒS |tjjtjj	tjj
tjjgkrjtjjd| ƒ‚ntjjd| ƒ‚d S )NzGet('%s', '%s')zDorg.freedesktop.DBus.Error.InvalidArgs: Property '%s' does not existzJorg.freedesktop.DBus.Error.UnknownInterface: Interface '%s' does not exist)r   Ústrr   r1   r   r'   r(   rZ   ÚDBUS_INTERFACE_ZONEÚDBUS_INTERFACE_DIRECTÚDBUS_INTERFACE_POLICIESÚDBUS_INTERFACE_IPSETrX   rY   )r)   Úinterface_nameÚproperty_namer:   r-   r-   r.   ÚGetÆ   s    



zFirewallD.GetrJ   za{sv}c             C   s„   t |tƒ}tjd|ƒ i }|tjjkrDxNdD ]}| j|ƒ||< q,W n2|tjjtjj	tjj
tjjgkrfntjjd| ƒ‚tj|ddS )NzGetAll('%s')rD   rE   rF   rG   rK   rM   rO   r   rP   rQ   rR   rT   rI   rN   zJorg.freedesktop.DBus.Error.UnknownInterface: Interface '%s' does not existZsv)Ú	signature)rD   rE   rF   rG   rK   rM   rO   r   rP   rQ   rR   rT   rI   rN   )r   r^   r   r1   r   r'   r(   rZ   r_   r`   ra   rb   rX   rY   rW   )r)   rc   r:   Úretr=   r-   r-   r.   ÚGetAllÝ   s&    
   zFirewallD.GetAllZssv)r\   c             C   s´   t |tƒ}t |tƒ}t |ƒ}tjd|||ƒ | j|ƒ |tjjkrn|dkr\tjj	d| ƒ‚q°tjj	d| ƒ‚nB|tjj
tjjtjjtjjgkr tjj	d| ƒ‚ntjj	d| ƒ‚d S )NzSet('%s', '%s', '%s')rD   rE   rF   rG   rK   rM   rO   r   rP   rQ   rR   rT   rI   rN   zGorg.freedesktop.DBus.Error.PropertyReadOnly: Property '%s' is read-onlyzDorg.freedesktop.DBus.Error.InvalidArgs: Property '%s' does not existzJorg.freedesktop.DBus.Error.UnknownInterface: Interface '%s' does not exist)rD   rE   rF   rG   rK   rM   rO   r   rP   rQ   rR   rT   rI   rN   )r   r^   r   r1   r;   r   r'   r(   rX   rY   r_   r`   ra   rb   )r)   rc   rd   Z	new_valuer:   r-   r-   r.   ÚSetø   s:    



    


zFirewallD.Setzsa{sv}as)rf   c             C   s.   t |tƒ}t |ƒ}t |ƒ}tjd|||ƒ d S )Nz#PropertiesChanged('%s', '%s', '%s'))r   r^   r   r1   )r)   rc   Zchanged_propertiesZinvalidated_propertiesr-   r-   r.   ÚPropertiesChanged  s
    
zFirewallD.PropertiesChanged)r]   c                s4   t jdƒ tt| ƒj| j| jjƒ ƒ}t| |t	j
jƒS )NzIntrospect())r   Zdebug2r!   r   Ú
Introspectr%   r$   Zget_busr   r   r'   r(   )r)   r:   Údata)r,   r-   r.   rk   &  s
    
zFirewallD.IntrospectÚ c             C   s*   t jdƒ | jjƒ  | jjƒ  | jƒ  dS )z#Reload the firewall rules.
        zreload()N)r   r1   r#   Úreloadr   ÚReloaded)r)   r:   r-   r-   r.   rn   4  s    


zFirewallD.reloadc             C   s,   t jdƒ | jjdƒ | jjƒ  | jƒ  dS )z™Completely reload the firewall.

        Completely reload the firewall: Stops firewall, unloads modules and 
        starts the firewall again.
        zcompleteReload()TN)r   r1   r#   rn   r   ro   )r)   r:   r-   r-   r.   ÚcompleteReloadC  s    


zFirewallD.completeReloadc             C   s   t jdƒ d S )Nz
Reloaded())r   r1   )r)   r-   r-   r.   ro   S  s    zFirewallD.Reloadedc             C   s   t jdƒ t| jƒ dS )z&Check permanent configuration
        zcheckPermanentConfig()N)r   r1   r   r#   )r)   r:   r-   r-   r.   ÚcheckPermanentConfigX  s    
zFirewallD.checkPermanentConfigc             C   sÎ  t jdƒ d}| jjƒ }xÂ| jjjƒ D ]²}| j|ƒ}yj||kr€| jj|ƒ}|j	ƒ |krpt jd| ƒ |j
|ƒ qœt jd| ƒ nt jd| ƒ | jj||ƒ W q& tk
rÖ } zt jd||f ƒ d}W Y dd}~X q&X q&W | jjƒ }xÈ| jjjƒ D ]¸}| j|ƒ}yn||krR| jj|ƒ}|j	ƒ |krBt jd	| ƒ |j
|ƒ nt jd
| ƒ nt jd| ƒ | jj||ƒ W qô tk
rª } zt jd||f ƒ d}W Y dd}~X qôX qôW | jjƒ }xÊ| jjjƒ D ]º}yx| j|ƒ}||kr&| jj|ƒ}|j	ƒ |krt jd| ƒ |j
|ƒ nt jd| ƒ nt jd| ƒ | jj||ƒ W n: tk
r~ } zt jd||f ƒ d}W Y dd}~X nX qÈW | jjƒ }tƒ }x”| jjjƒ D ]‚}| j|ƒ}t|ƒ}	|dk	r~d}
xH|	j ƒ D ]<}| jjj!||ƒ|krÖt jd||f ƒ |	j"|ƒ d}
qÖW xV|	j ƒ D ]J}y,t#|ƒ}|rNt$||ƒrN|	j"|ƒ d}
W n tk
rf   Y nX q W |
r~~|	j%ƒ }x|	j ƒ D ]}t&||ƒ qˆW yP||krÎ| jj'|ƒ}t jd| ƒ |j(|ƒ nt jd| ƒ | jj)||ƒ W n: tk
r& } zt jd||f ƒ d}W Y dd}~X nX q¦W | jj*ƒ }xž| jj+j,ƒ D ]Ž}| j-|ƒ}yB||krx| jj.|ƒ}|j
|ƒ nt jd| ƒ | jj/||ƒ W n: tk
rÐ } zt jd||f ƒ d}W Y dd}~X nX qFW | jj0ƒ }xÊ| jj1j2ƒ D ]º}| j3|ƒ}yn||krN| jj4|ƒ}|j	ƒ |kr>t jd| ƒ |j
|ƒ nt jd| ƒ nt jd| ƒ | jj5||ƒ W n: tk
r¦ } zt jd||f ƒ d}W Y dd}~X nX qðW | jj6j7ƒ | jj6j8ƒ | jj6j9ƒ f}y6| jj	ƒ |krút jdƒ | jj
|ƒ n
t jdƒ W n6 tk
r< } zt jd| ƒ d}W Y dd}~X nX | jj:j;j<ƒ }y6| jj	ƒ |krvt jdƒ | jj=|ƒ n
t jdƒ W n6 tk
r¸ } zt jd | ƒ d}W Y dd}~X nX |rÊt>t?j@ƒ‚dS )!z-Make runtime configuration permanent
        zcopyRuntimeToPermanent()FzCopying service '%s' settingsz$Service '%s' is identical, ignoring.zCreating service '%s'z/Runtime To Permanent failed on service '%s': %sTNzCopying icmptype '%s' settingsz%IcmpType '%s' is identical, ignoring.zCreating icmptype '%s'z0Runtime To Permanent failed on icmptype '%s': %szCopying ipset '%s' settingsz"IPSet '%s' is identical, ignoring.zCreating ipset '%s'z-Runtime To Permanent failed on ipset '%s': %szEZone '%s': interface binding for '%s' has been added by NM, ignoring.zCopying zone '%s' settingszCreating zone '%s'z,Runtime To Permanent failed on zone '%s': %szCreating policy '%s'z.Runtime To Permanent failed on policy '%s': %szCopying helper '%s' settingsz#Helper '%s' is identical, ignoring.zCreating helper '%s'z.Runtime To Permanent failed on helper '%s': %szCopying direct configurationz,Direct configuration is identical, ignoring.z7Runtime To Permanent failed on direct configuration: %szCopying policies configurationz.Policies configuration is identical, ignoring.z9Runtime To Permanent failed on policies configuration: %s)Ar   r1   r   ZgetServiceNamesr#   ÚserviceÚget_servicesÚgetServiceSettingsZgetServiceByNameZgetSettingsÚupdateÚ
addServiceÚ	ExceptionÚwarningZgetIcmpTypeNamesÚicmptypeÚget_icmptypesÚgetIcmpTypeSettingsZgetIcmpTypeByNameZaddIcmpTypeZgetIPSetNamesÚipsetÚ
get_ipsetsÚgetIPSetSettingsZgetIPSetByNameZaddIPSetZgetZoneNamesr   r<   Ú	get_zonesÚgetZoneSettings2r	   ÚgetInterfacesZinterface_get_senderÚremoveInterfacer   r   ZgetSettingsDictr   ZgetZoneByNameZupdate2ZaddZone2ZgetPolicyNamesÚpolicyÚ"get_policies_not_derived_from_zoneÚgetPolicySettingsZgetPolicyByNameZ	addPolicyZgetHelperNamesÚhelperÚget_helpersÚgetHelperSettingsZgetHelperByNameZ	addHelperÚdirectÚget_all_chainsÚget_all_rulesÚget_all_passthroughsr7   Úlockdown_whitelistÚexport_configZsetLockdownWhitelistr   r   ZRT_TO_PERM_FAILED)r)   r:   r9   Zconfig_namesÚnameZconfZconf_objÚeZnm_bus_nameÚsettingsZchangedÚ	interfaceZ
connectionr-   r-   r.   ÚruntimeToPermanentd  s$   


























zFirewallD.runtimeToPermanentc             C   s,   t jdƒ | j|ƒ | jjjƒ  | jƒ  dS )z!Enable lockdown policies
        zpolicies.enableLockdown()N)r   r1   r;   r#   r7   Zenable_lockdownÚLockdownEnabled)r)   r:   r-   r-   r.   ÚenableLockdown2  s    

zFirewallD.enableLockdownc             C   s,   t jdƒ | j|ƒ | jjjƒ  | jƒ  dS )z"Disable lockdown policies
        zpolicies.disableLockdown()N)r   r1   r;   r#   r7   Zdisable_lockdownÚLockdownDisabled)r)   r:   r-   r-   r.   ÚdisableLockdown>  s    

zFirewallD.disableLockdownÚbc             C   s   t jdƒ | jjjƒ S )z+Retuns True if lockdown is enabled
        zpolicies.queryLockdown())r   r1   r#   r7   r8   )r)   r:   r-   r-   r.   ÚqueryLockdownJ  s    
zFirewallD.queryLockdownc             C   s   t jdƒ d S )NzLockdownEnabled())r   r1   )r)   r-   r-   r.   r”   U  s    zFirewallD.LockdownEnabledc             C   s   t jdƒ d S )NzLockdownDisabled())r   r1   )r)   r-   r-   r.   r–   Z  s    zFirewallD.LockdownDisabledc             C   s@   t |tƒ}tjd| ƒ | j|ƒ | jjjj|ƒ | j	|ƒ dS )zAdd lockdown command
        z*policies.addLockdownWhitelistCommand('%s')N)
r   r^   r   r1   r;   r#   r7   r   Zadd_commandÚLockdownWhitelistCommandAdded)r)   r6   r:   r-   r-   r.   ÚaddLockdownWhitelistCommandc  s
    

z%FirewallD.addLockdownWhitelistCommandc             C   s@   t |tƒ}tjd| ƒ | j|ƒ | jjjj|ƒ | j	|ƒ dS )z Remove lockdown command
        z-policies.removeLockdownWhitelistCommand('%s')N)
r   r^   r   r1   r;   r#   r7   r   Zremove_commandÚLockdownWhitelistCommandRemoved)r)   r6   r:   r-   r-   r.   ÚremoveLockdownWhitelistCommandp  s
    

z(FirewallD.removeLockdownWhitelistCommandc             C   s(   t |tƒ}tjd| ƒ | jjjj|ƒS )zQuery lockdown command
        z,policies.queryLockdownWhitelistCommand('%s'))r   r^   r   r1   r#   r7   r   Zhas_command)r)   r6   r:   r-   r-   r.   ÚqueryLockdownWhitelistCommand}  s    
z'FirewallD.queryLockdownWhitelistCommandÚasc             C   s   t jdƒ | jjjjƒ S )zAdd lockdown command
        z'policies.getLockdownWhitelistCommands())r   r1   r#   r7   r   Zget_commands)r)   r:   r-   r-   r.   ÚgetLockdownWhitelistCommands‰  s    
z&FirewallD.getLockdownWhitelistCommandsc             C   s   t jd| ƒ d S )Nz#LockdownWhitelistCommandAdded('%s'))r   r1   )r)   r6   r-   r-   r.   rš   ”  s    z'FirewallD.LockdownWhitelistCommandAddedc             C   s   t jd| ƒ d S )Nz%LockdownWhitelistCommandRemoved('%s'))r   r1   )r)   r6   r-   r-   r.   rœ   ™  s    z)FirewallD.LockdownWhitelistCommandRemovedÚic             C   s@   t |tƒ}tjd| ƒ | j|ƒ | jjjj|ƒ | j	|ƒ dS )zAdd lockdown uid
        z&policies.addLockdownWhitelistUid('%s')N)
r   Úintr   r1   r;   r#   r7   r   Zadd_uidÚLockdownWhitelistUidAdded)r)   r4   r:   r-   r-   r.   ÚaddLockdownWhitelistUid   s
    

z!FirewallD.addLockdownWhitelistUidc             C   s@   t |tƒ}tjd| ƒ | j|ƒ | jjjj|ƒ | j	|ƒ dS )zRemove lockdown uid
        z)policies.removeLockdownWhitelistUid('%s')N)
r   r¢   r   r1   r;   r#   r7   r   Z
remove_uidÚLockdownWhitelistUidRemoved)r)   r4   r:   r-   r-   r.   ÚremoveLockdownWhitelistUid­  s
    

z$FirewallD.removeLockdownWhitelistUidc             C   s(   t |tƒ}tjd| ƒ | jjjj|ƒS )zQuery lockdown uid
        z(policies.queryLockdownWhitelistUid('%s'))r   r¢   r   r1   r#   r7   r   Zhas_uid)r)   r4   r:   r-   r-   r.   ÚqueryLockdownWhitelistUidº  s    
z#FirewallD.queryLockdownWhitelistUidZaic             C   s   t jdƒ | jjjjƒ S )zAdd lockdown uid
        z#policies.getLockdownWhitelistUids())r   r1   r#   r7   r   Zget_uids)r)   r:   r-   r-   r.   ÚgetLockdownWhitelistUidsÆ  s    
z"FirewallD.getLockdownWhitelistUidsc             C   s   t jd| ƒ d S )NzLockdownWhitelistUidAdded(%d))r   r1   )r)   r4   r-   r-   r.   r£   Ñ  s    z#FirewallD.LockdownWhitelistUidAddedc             C   s   t jd| ƒ d S )NzLockdownWhitelistUidRemoved(%d))r   r1   )r)   r4   r-   r-   r.   r¥   Ö  s    z%FirewallD.LockdownWhitelistUidRemovedc             C   s@   t |tƒ}tjd| ƒ | j|ƒ | jjjj|ƒ | j	|ƒ dS )zAdd lockdown user
        z'policies.addLockdownWhitelistUser('%s')N)
r   r^   r   r1   r;   r#   r7   r   Zadd_userÚLockdownWhitelistUserAdded)r)   r5   r:   r-   r-   r.   ÚaddLockdownWhitelistUserÝ  s
    

z"FirewallD.addLockdownWhitelistUserc             C   s@   t |tƒ}tjd| ƒ | j|ƒ | jjjj|ƒ | j	|ƒ dS )zRemove lockdown user
        z*policies.removeLockdownWhitelistUser('%s')N)
r   r^   r   r1   r;   r#   r7   r   Zremove_userÚLockdownWhitelistUserRemoved)r)   r5   r:   r-   r-   r.   ÚremoveLockdownWhitelistUserê  s
    

z%FirewallD.removeLockdownWhitelistUserc             C   s(   t |tƒ}tjd| ƒ | jjjj|ƒS )zQuery lockdown user
        z)policies.queryLockdownWhitelistUser('%s'))r   r^   r   r1   r#   r7   r   Zhas_user)r)   r5   r:   r-   r-   r.   ÚqueryLockdownWhitelistUser÷  s    
z$FirewallD.queryLockdownWhitelistUserc             C   s   t jdƒ | jjjjƒ S )zAdd lockdown user
        z$policies.getLockdownWhitelistUsers())r   r1   r#   r7   r   Z	get_users)r)   r:   r-   r-   r.   ÚgetLockdownWhitelistUsers  s    
z#FirewallD.getLockdownWhitelistUsersc             C   s   t jd| ƒ d S )Nz LockdownWhitelistUserAdded('%s'))r   r1   )r)   r5   r-   r-   r.   r©     s    z$FirewallD.LockdownWhitelistUserAddedc             C   s   t jd| ƒ d S )Nz"LockdownWhitelistUserRemoved('%s'))r   r1   )r)   r5   r-   r-   r.   r«     s    z&FirewallD.LockdownWhitelistUserRemovedc             C   s@   t |tƒ}tjd| ƒ | j|ƒ | jjjj|ƒ | j	|ƒ dS )zAdd lockdown context
        z*policies.addLockdownWhitelistContext('%s')N)
r   r^   r   r1   r;   r#   r7   r   Zadd_contextÚLockdownWhitelistContextAdded)r)   r3   r:   r-   r-   r.   ÚaddLockdownWhitelistContext  s
    

z%FirewallD.addLockdownWhitelistContextc             C   s@   t |tƒ}tjd| ƒ | j|ƒ | jjjj|ƒ | j	|ƒ dS )z Remove lockdown context
        z-policies.removeLockdownWhitelistContext('%s')N)
r   r^   r   r1   r;   r#   r7   r   Zremove_contextÚLockdownWhitelistContextRemoved)r)   r3   r:   r-   r-   r.   ÚremoveLockdownWhitelistContext'  s
    

z(FirewallD.removeLockdownWhitelistContextc             C   s(   t |tƒ}tjd| ƒ | jjjj|ƒS )zQuery lockdown context
        z,policies.queryLockdownWhitelistContext('%s'))r   r^   r   r1   r#   r7   r   Zhas_context)r)   r3   r:   r-   r-   r.   ÚqueryLockdownWhitelistContext4  s    
z'FirewallD.queryLockdownWhitelistContextc             C   s   t jdƒ | jjjjƒ S )zAdd lockdown context
        z'policies.getLockdownWhitelistContexts())r   r1   r#   r7   r   Zget_contexts)r)   r:   r-   r-   r.   ÚgetLockdownWhitelistContexts@  s    
z&FirewallD.getLockdownWhitelistContextsc             C   s   t jd| ƒ d S )Nz#LockdownWhitelistContextAdded('%s'))r   r1   )r)   r3   r-   r-   r.   r¯   K  s    z'FirewallD.LockdownWhitelistContextAddedc             C   s   t jd| ƒ d S )Nz%LockdownWhitelistContextRemoved('%s'))r   r1   )r)   r3   r-   r-   r.   r±   P  s    z)FirewallD.LockdownWhitelistContextRemovedc             C   s*   t jdƒ | j|ƒ | jjƒ  | jƒ  dS )znEnable panic mode.
        
        All ingoing and outgoing connections and packets will be blocked.
        zenablePanicMode()N)r   r1   r;   r#   Zenable_panic_modeÚPanicModeEnabled)r)   r:   r-   r-   r.   ÚenablePanicModeY  s    	


zFirewallD.enablePanicModec             C   s*   t jdƒ | j|ƒ | jjƒ  | jƒ  dS )zˆDisable panic mode.

        Enables normal mode: Allowed ingoing and outgoing connections 
        will not be blocked anymore
        zdisablePanicMode()N)r   r1   r;   r#   Zdisable_panic_modeÚPanicModeDisabled)r)   r:   r-   r-   r.   ÚdisablePanicModeg  s    


zFirewallD.disablePanicModec             C   s   t jdƒ | jjƒ S )NzqueryPanicMode())r   r1   r#   Zquery_panic_mode)r)   r:   r-   r-   r.   ÚqueryPanicModev  s    
zFirewallD.queryPanicModec             C   s   t jdƒ d S )NzPanicModeEnabled())r   r1   )r)   r-   r-   r.   rµ     s    zFirewallD.PanicModeEnabledc             C   s   t jdƒ d S )NzPanicModeDisabled())r   r1   )r)   r-   r-   r.   r·   „  s    zFirewallD.PanicModeDisabledz&(sssbsasa(ss)asba(ssss)asasasasa(ss)b)c             C   s$   t |tƒ}tjd|ƒ | jjj|ƒS )NzgetZoneSettings(%s))r   r^   r   r1   r#   r<   Zget_config_with_settings)r)   r<   r:   r-   r-   r.   ÚgetZoneSettings  s    
zFirewallD.getZoneSettingsc             C   s$   t |tƒ}tjd|ƒ | jjj|ƒS )NzgetZoneSettings2(%s))r   r^   r   r1   r#   r<   Úget_config_with_settings_dict)r)   r<   r:   r-   r-   r.   r€   —  s    
zFirewallD.getZoneSettings2zsa{sv}c             C   sB   t |tƒ}tjd|ƒ | j|ƒ | jjj|||ƒ | j||ƒ d S )NzsetZoneSettings2(%s))	r   r^   r   r1   r;   r#   r<   Úset_config_with_settings_dictÚZoneUpdated)r)   r<   r‘   r:   r-   r-   r.   ÚsetZoneSettings2   s
    

zFirewallD.setZoneSettings2c             C   s   t jd||f ƒ d S )Nzzone.ZoneUpdated('%s', '%s'))r   r1   )r)   r<   r‘   r-   r-   r.   r½   ª  s    zFirewallD.ZoneUpdatedc             C   s$   t |tƒ}tjd|ƒ | jjj|ƒS )Nzpolicy.getPolicySettings(%s))r   r^   r   r1   r#   rƒ   r»   )r)   rƒ   r:   r-   r-   r.   r…   ¯  s    
zFirewallD.getPolicySettingsc             C   sB   t |tƒ}tjd|ƒ | j|ƒ | jjj|||ƒ | j||ƒ d S )Nzpolicy.setPolicySettings(%s))	r   r^   r   r1   r;   r#   rƒ   r¼   ÚPolicyUpdated)r)   rƒ   r‘   r:   r-   r-   r.   ÚsetPolicySettings¸  s
    

zFirewallD.setPolicySettingsc             C   s   t jd||f ƒ d S )Nz policy.PolicyUpdated('%s', '%s'))r   r1   )r)   rƒ   r‘   r-   r-   r.   r¿   Â  s    zFirewallD.PolicyUpdatedc             C   s   t jdƒ | jjjƒ S )NzlistServices())r   r1   r#   rr   rs   )r)   r:   r-   r-   r.   ÚlistServicesÇ  s    
zFirewallD.listServicesz(sssa(ss)asa{ss}asa(ss))c             C   s–   t |tƒ}tjd|ƒ | jjj|ƒ}|jƒ }g }x\tdƒD ]P}|j	| d |krr|j
tjt||j	| d ƒƒƒ q:|j
||j	| d  ƒ q:W t|ƒS )NzgetServiceSettings(%s)é   r   )r   r^   r   r1   r#   rr   Úget_serviceÚexport_config_dictÚrangeZIMPORT_EXPORT_STRUCTUREÚappendÚcopyÚdeepcopyÚgetattrÚtuple)r)   rr   r:   ÚobjZ	conf_dictZ	conf_listr¡   r-   r-   r.   rt   Ò  s    
"zFirewallD.getServiceSettingsc             C   s,   t |tƒ}tjd|ƒ | jjj|ƒ}|jƒ S )NzgetServiceSettings2(%s))r   r^   r   r1   r#   rr   rÃ   rÄ   )r)   rr   r:   rË   r-   r-   r.   ÚgetServiceSettings2æ  s    
zFirewallD.getServiceSettings2c             C   s   t jdƒ | jjjƒ S )NzlistIcmpTypes())r   r1   r#   ry   rz   )r)   r:   r-   r-   r.   ÚlistIcmpTypesð  s    
zFirewallD.listIcmpTypesc             C   s(   t |tƒ}tjd|ƒ | jjj|ƒjƒ S )NzgetIcmpTypeSettings(%s))r   r^   r   r1   r#   ry   Zget_icmptyperŽ   )r)   ry   r:   r-   r-   r.   r{   û  s    
zFirewallD.getIcmpTypeSettingsc             C   s   t jdƒ | jjƒ S )NzgetLogDenied())r   r1   r#   Zget_log_denied)r)   r:   r-   r-   r.   ÚgetLogDenied	  s    
zFirewallD.getLogDeniedc             C   sX   t |tƒ}tjd| ƒ | j|ƒ | jj|ƒ | j|ƒ | jjƒ  | j	jƒ  | j
ƒ  d S )NzsetLogDenied('%s'))r   r^   r   r1   r;   r#   Zset_log_deniedÚLogDeniedChangedrn   r   ro   )r)   Úvaluer:   r-   r-   r.   ÚsetLogDenied  s    



zFirewallD.setLogDeniedc             C   s   t jd| ƒ d S )NzLogDeniedChanged('%s'))r   r1   )r)   rÐ   r-   r-   r.   rÏ   "  s    zFirewallD.LogDeniedChangedc             C   s   t jdƒ dS )NzgetAutomaticHelpers()Úno)r   r1   )r)   r:   r-   r-   r.   ÚgetAutomaticHelpers+  s    
zFirewallD.getAutomaticHelpersc             C   s&   t |tƒ}tjd| ƒ | j|ƒ d S )NzsetAutomaticHelpers('%s'))r   r^   r   r1   r;   )r)   rÐ   r:   r-   r-   r.   ÚsetAutomaticHelpers6  s    
zFirewallD.setAutomaticHelpersc             C   s   t jd| ƒ d S )NzAutomaticHelpersChanged('%s'))r   r1   )r)   rÐ   r-   r-   r.   ÚAutomaticHelpersChangedB  s    z!FirewallD.AutomaticHelpersChangedc             C   s   t jdƒ | jjƒ S )NzgetDefaultZone())r   r1   r#   Zget_default_zone)r)   r:   r-   r-   r.   ÚgetDefaultZoneK  s    
zFirewallD.getDefaultZonec             C   s<   t |tƒ}tjd| ƒ | j|ƒ | jj|ƒ | j|ƒ d S )NzsetDefaultZone('%s'))r   r^   r   r1   r;   r#   Zset_default_zoneÚDefaultZoneChanged)r)   r<   r:   r-   r-   r.   ÚsetDefaultZoneT  s
    

zFirewallD.setDefaultZonec             C   s   t jd| ƒ d S )NzDefaultZoneChanged('%s'))r   r1   )r)   r<   r-   r-   r.   r×   `  s    zFirewallD.DefaultZoneChangedc             C   s   t jdƒ | jjjƒ S )Nzpolicy.getPolicies())r   r1   r#   rƒ   r„   )r)   r:   r-   r-   r.   ÚgetPoliciesk  s    
zFirewallD.getPoliciesz
a{sa{sas}}c             C   s\   t jdƒ i }xH| jjjƒ D ]8}i ||< | jjj|ƒ|| d< | jjj|ƒ|| d< qW |S )Nzpolicy.getActivePolicies()Zingress_zonesZegress_zones)r   r1   r#   rƒ   Z)get_active_policies_not_derived_from_zoneZlist_ingress_zonesZlist_egress_zones)r)   r:   r7   rƒ   r-   r-   r.   ÚgetActivePoliciess  s    
zFirewallD.getActivePoliciesc             C   s   t jdƒ | jjjƒ S )Nzzone.getZones())r   r1   r#   r<   r   )r)   r:   r-   r-   r.   ÚgetZones†  s    
zFirewallD.getZonesc             C   s   t jdƒ i }x|| jjjƒ D ]l}| jjj|ƒ}| jjj|ƒ}t|ƒt|ƒ dkri ||< t|ƒdkrp||| d< t|ƒdkr||| d< qW |S )Nzzone.getActiveZones()r   Ú
interfacesÚsources)r   r1   r#   r<   r   Úlist_interfacesÚlist_sourcesÚlen)r)   r:   Zzonesr<   rÜ   rÝ   r-   r-   r.   ÚgetActiveZones  s    
zFirewallD.getActiveZonesc             C   s2   t |tƒ}tjd| ƒ | jjj|ƒ}|r.|S dS )z¸Return the zone an interface belongs to.

        :Parameters:
            `interface` : str
                Name of the interface
        :Returns: str. The name of the zone.
        zzone.getZoneOfInterface('%s')rm   )r   r^   r   r1   r#   r<   Zget_zone_of_interface)r)   r’   r:   r<   r-   r-   r.   ÚgetZoneOfInterface£  s    
zFirewallD.getZoneOfInterfacec             C   s2   t |tƒ}tjd| ƒ | jjj|ƒ}|r.|S dS )Nzzone.getZoneOfSource('%s')rm   )r   r^   r   r1   r#   r<   Zget_zone_of_source)r)   Úsourcer:   r<   r-   r-   r.   ÚgetZoneOfSource¶  s    
zFirewallD.getZoneOfSourcec             C   s   dS )NFr-   )r)   r<   r:   r-   r-   r.   ÚisImmutableÃ  s    zFirewallD.isImmutablec             C   sR   t |tƒ}t |tƒ}tjd||f ƒ | j|ƒ | jjj|||ƒ}| j||ƒ |S )zPAdd an interface to a zone.
        If zone is empty, use default zone.
        zzone.addInterface('%s', '%s'))	r   r^   r   r1   r;   r#   r<   Zadd_interfaceÚInterfaceAdded)r)   r<   r’   r:   Ú_zoner-   r-   r.   ÚaddInterfaceÏ  s    


zFirewallD.addInterfacec             C   s"   t |tƒ}t |tƒ}| j|||ƒS )z£Change a zone an interface is part of.
        If zone is empty, use default zone.

        This function is deprecated, use changeZoneOfInterface instead
        )r   r^   ÚchangeZoneOfInterface)r)   r<   r’   r:   r-   r-   r.   Ú
changeZoneà  s    


zFirewallD.changeZonec             C   sR   t |tƒ}t |tƒ}tjd||f ƒ | j|ƒ | jjj|||ƒ}| j||ƒ |S )z[Change a zone an interface is part of.
        If zone is empty, use default zone.
        z&zone.changeZoneOfInterface('%s', '%s'))	r   r^   r   r1   r;   r#   r<   Zchange_zone_of_interfaceÚZoneOfInterfaceChanged)r)   r<   r’   r:   rç   r-   r-   r.   ré   î  s    


zFirewallD.changeZoneOfInterfacec             C   sP   t |tƒ}t |tƒ}tjd||f ƒ | j|ƒ | jjj||ƒ}| j||ƒ |S )zkRemove interface from a zone.
        If zone is empty, remove from zone the interface belongs to.
        z zone.removeInterface('%s', '%s'))	r   r^   r   r1   r;   r#   r<   Zremove_interfaceÚInterfaceRemoved)r)   r<   r’   r:   rç   r-   r-   r.   r‚   ÿ  s    


zFirewallD.removeInterfacec             C   s6   t |tƒ}t |tƒ}tjd||f ƒ | jjj||ƒS )z^Return true if an interface is in a zone.
        If zone is empty, use default zone.
        zzone.queryInterface('%s', '%s'))r   r^   r   r1   r#   r<   Zquery_interface)r)   r<   r’   r:   r-   r-   r.   ÚqueryInterface  s    

zFirewallD.queryInterfacec             C   s&   t |tƒ}tjd| ƒ | jjj|ƒS )z]Return the list of interfaces of a zone.
        If zone is empty, use default zone.
        zzone.getInterfaces('%s'))r   r^   r   r1   r#   r<   rÞ   )r)   r<   r:   r-   r-   r.   r     s    

zFirewallD.getInterfacesc             C   s   t jd||f ƒ d S )Nzzone.InterfaceAdded('%s', '%s'))r   r1   )r)   r<   r’   r-   r-   r.   ræ   +  s    zFirewallD.InterfaceAddedc             C   s   t jd||f ƒ dS )z,
        This signal is deprecated.
        zzone.ZoneChanged('%s', '%s')N)r   r1   )r)   r<   r’   r-   r-   r.   ÚZoneChanged0  s    zFirewallD.ZoneChangedc             C   s"   t jd||f ƒ | j||ƒ d S )Nz'zone.ZoneOfInterfaceChanged('%s', '%s'))r   r1   rî   )r)   r<   r’   r-   r-   r.   rë   8  s    
z FirewallD.ZoneOfInterfaceChangedc             C   s   t jd||f ƒ d S )Nz!zone.InterfaceRemoved('%s', '%s'))r   r1   )r)   r<   r’   r-   r-   r.   rì   ?  s    zFirewallD.InterfaceRemovedc             C   sR   t |tƒ}t |tƒ}tjd||f ƒ | j|ƒ | jjj|||ƒ}| j||ƒ |S )zLAdd a source to a zone.
        If zone is empty, use default zone.
        zzone.addSource('%s', '%s'))	r   r^   r   r1   r;   r#   r<   Z
add_sourceÚSourceAdded)r)   r<   rã   r:   rç   r-   r-   r.   Ú	addSourceH  s    


zFirewallD.addSourcec             C   sR   t |tƒ}t |tƒ}tjd||f ƒ | j|ƒ | jjj|||ƒ}| j||ƒ |S )zXChange a zone an source is part of.
        If zone is empty, use default zone.
        z#zone.changeZoneOfSource('%s', '%s'))	r   r^   r   r1   r;   r#   r<   Zchange_zone_of_sourceÚZoneOfSourceChanged)r)   r<   rã   r:   rç   r-   r-   r.   ÚchangeZoneOfSourceY  s    


zFirewallD.changeZoneOfSourcec             C   sP   t |tƒ}t |tƒ}tjd||f ƒ | j|ƒ | jjj||ƒ}| j||ƒ |S )zeRemove source from a zone.
        If zone is empty, remove from zone the source belongs to.
        zzone.removeSource('%s', '%s'))	r   r^   r   r1   r;   r#   r<   Zremove_sourceÚSourceRemoved)r)   r<   rã   r:   rç   r-   r-   r.   ÚremoveSourcej  s    


zFirewallD.removeSourcec             C   s6   t |tƒ}t |tƒ}tjd||f ƒ | jjj||ƒS )z[Return true if an source is in a zone.
        If zone is empty, use default zone.
        zzone.querySource('%s', '%s'))r   r^   r   r1   r#   r<   Zquery_source)r)   r<   rã   r:   r-   r-   r.   ÚquerySource{  s    

zFirewallD.querySourcec             C   s&   t |tƒ}tjd| ƒ | jjj|ƒS )zZReturn the list of sources of a zone.
        If zone is empty, use default zone.
        zzone.getSources('%s'))r   r^   r   r1   r#   r<   rß   )r)   r<   r:   r-   r-   r.   Ú
getSourcesˆ  s    

zFirewallD.getSourcesc             C   s   t jd||f ƒ d S )Nzzone.SourceAdded('%s', '%s'))r   r1   )r)   r<   rã   r-   r-   r.   rï   –  s    zFirewallD.SourceAddedc             C   s   t jd||f ƒ d S )Nz$zone.ZoneOfSourceChanged('%s', '%s'))r   r1   )r)   r<   rã   r-   r-   r.   rñ   ›  s    zFirewallD.ZoneOfSourceChangedc             C   s   t jd||f ƒ d S )Nzzone.SourceRemoved('%s', '%s'))r   r1   )r)   r<   rã   r-   r-   r.   ró      s    zFirewallD.SourceRemovedc             C   sH   t jd||f ƒ | j| |= t|d}| jjj||ƒ | j||ƒ d S )Nz%zone.disableTimedRichRule('%s', '%s'))Úrule_str)r   r1   r2   r   r#   r<   Úremove_ruleÚRichRuleRemoved)r)   r<   ÚrulerË   r-   r-   r.   ÚdisableTimedRichRule©  s
    
zFirewallD.disableTimedRichRuleZssic             C   s†   t |tƒ}t |tƒ}t |tƒ}tjd||f ƒ t|d}| jjj|||ƒ}|dkrtt	j
|| j||ƒ}| j|||ƒ | j|||ƒ |S )Nzzone.addRichRule('%s', '%s'))r÷   r   )r   r^   r¢   r   r1   r   r#   r<   Úadd_ruler   Útimeout_add_secondsrû   r?   ÚRichRuleAdded)r)   r<   rú   Útimeoutr:   rË   rç   r>   r-   r-   r.   ÚaddRichRule±  s    




zFirewallD.addRichRulec             C   s\   t |tƒ}t |tƒ}tjd||f ƒ t|d}| jjj||ƒ}| j||ƒ | j	||ƒ |S )Nzzone.removeRichRule('%s', '%s'))r÷   )
r   r^   r   r1   r   r#   r<   rø   rA   rù   )r)   r<   rú   r:   rË   rç   r-   r-   r.   ÚremoveRichRuleÅ  s    


zFirewallD.removeRichRulec             C   s@   t |tƒ}t |tƒ}tjd||f ƒ t|d}| jjj||ƒS )Nzzone.queryRichRule('%s', '%s'))r÷   )r   r^   r   r1   r   r#   r<   Ú
query_rule)r)   r<   rú   r:   rË   r-   r-   r.   ÚqueryRichRuleÓ  s
    


zFirewallD.queryRichRulec             C   s&   t |tƒ}tjd| ƒ | jjj|ƒS )Nzzone.getRichRules('%s'))r   r^   r   r1   r#   r<   Z
list_rules)r)   r<   r:   r-   r-   r.   ÚgetRichRulesÞ  s    
zFirewallD.getRichRulesc             C   s   t jd|||f ƒ d S )Nz"zone.RichRuleAdded('%s', '%s', %d))r   r1   )r)   r<   rú   rÿ   r-   r-   r.   rþ   ê  s    zFirewallD.RichRuleAddedc             C   s   t jd||f ƒ d S )Nz zone.RichRuleRemoved('%s', '%s'))r   r1   )r)   r<   rú   r-   r-   r.   rù   ï  s    zFirewallD.RichRuleRemovedc             C   s>   t jd||f ƒ | j| |= | jjj||ƒ | j||ƒ d S )Nz$zone.disableTimedService('%s', '%s'))r   r1   r2   r#   r<   Úremove_serviceÚServiceRemoved)r)   r<   rr   r-   r-   r.   ÚdisableTimedServiceø  s    zFirewallD.disableTimedServicec             C   sŠ   t |tƒ}t |tƒ}t |tƒ}tjd|||f ƒ | j|ƒ | jjj||||ƒ}|dkrxt	j
|| j||ƒ}| j|||ƒ | j|||ƒ |S )Nzzone.addService('%s', '%s', %d)r   )r   r^   r¢   r   r1   r;   r#   r<   Zadd_servicer   rý   r  r?   ÚServiceAdded)r)   r<   rr   rÿ   r:   rç   r>   r-   r-   r.   rv   ÿ  s    




zFirewallD.addServicec             C   s\   t |tƒ}t |tƒ}tjd||f ƒ | j|ƒ | jjj||ƒ}| j||ƒ | j	||ƒ |S )Nzzone.removeService('%s', '%s'))
r   r^   r   r1   r;   r#   r<   r  rA   r  )r)   r<   rr   r:   rç   r-   r-   r.   ÚremoveService  s    


zFirewallD.removeServicec             C   s6   t |tƒ}t |tƒ}tjd||f ƒ | jjj||ƒS )Nzzone.queryService('%s', '%s'))r   r^   r   r1   r#   r<   Zquery_service)r)   r<   rr   r:   r-   r-   r.   ÚqueryService&  s    

zFirewallD.queryServicec             C   s&   t |tƒ}tjd| ƒ | jjj|ƒS )Nzzone.getServices('%s'))r   r^   r   r1   r#   r<   Zlist_services)r)   r<   r:   r-   r-   r.   ÚgetServices1  s    
zFirewallD.getServicesc             C   s   t jd|||f ƒ d S )Nz!zone.ServiceAdded('%s', '%s', %d))r   r1   )r)   r<   rr   rÿ   r-   r-   r.   r  =  s    zFirewallD.ServiceAddedc             C   s   t jd||f ƒ d S )Nzzone.ServiceRemoved('%s', '%s'))r   r1   )r)   r<   rr   r-   r-   r.   r  C  s    zFirewallD.ServiceRemovedc             C   sH   t jd|||f ƒ | j| ||f= | jjj|||ƒ | j|||ƒ d S )Nz'zone.disableTimedPort('%s', '%s', '%s'))r   r1   r2   r#   r<   Úremove_portÚPortRemoved)r)   r<   ÚportÚprotocolr-   r-   r.   ÚdisableTimedPortL  s
    zFirewallD.disableTimedPortZsssic             C   sž   t |tƒ}t |tƒ}t |tƒ}t |tƒ}tjd|||f ƒ | j|ƒ | jjj|||||ƒ}|dkrŠt	j
|| j|||ƒ}| j|||f|ƒ | j||||ƒ |S )Nzzone.addPort('%s', '%s', '%s')r   )r   r^   r¢   r   r1   r;   r#   r<   Zadd_portr   rý   r  r?   Ú	PortAdded)r)   r<   r  r  rÿ   r:   rç   r>   r-   r-   r.   ÚaddPortT  s    





zFirewallD.addPortZsssc             C   sp   t |tƒ}t |tƒ}t |tƒ}tjd|||f ƒ | j|ƒ | jjj|||ƒ}| j|||fƒ | j	|||ƒ |S )Nz!zone.removePort('%s', '%s', '%s'))
r   r^   r   r1   r;   r#   r<   r  rA   r  )r)   r<   r  r  r:   rç   r-   r-   r.   Ú
removePortk  s    



zFirewallD.removePortc             C   sD   t |tƒ}t |tƒ}t |tƒ}tjd|||f ƒ | jjj|||ƒS )Nz zone.queryPort('%s', '%s', '%s'))r   r^   r   r1   r#   r<   Z
query_port)r)   r<   r  r  r:   r-   r-   r.   Ú	queryPort}  s
    


zFirewallD.queryPortZaasc             C   s&   t |tƒ}tjd| ƒ | jjj|ƒS )Nzzone.getPorts('%s'))r   r^   r   r1   r#   r<   Z
list_ports)r)   r<   r:   r-   r-   r.   ÚgetPorts‰  s    
zFirewallD.getPortsr   c             C   s   t jd||||f ƒ d S )Nz$zone.PortAdded('%s', '%s', '%s', %d))r   r1   )r)   r<   r  r  rÿ   r-   r-   r.   r  •  s    zFirewallD.PortAddedc             C   s   t jd|||f ƒ d S )Nz"zone.PortRemoved('%s', '%s', '%s'))r   r1   )r)   r<   r  r  r-   r-   r.   r  ›  s    zFirewallD.PortRemovedc             C   s>   t jd||f ƒ | j| |= | jjj||ƒ | j||ƒ d S )Nz%zone.disableTimedProtocol('%s', '%s'))r   r1   r2   r#   r<   Úremove_protocolÚProtocolRemoved)r)   r<   r  r-   r-   r.   ÚdisableTimedProtocol¥  s    zFirewallD.disableTimedProtocolc             C   sˆ   t |tƒ}t |tƒ}t |tƒ}tjd||f ƒ | j|ƒ | jjj||||ƒ}|dkrvt	j
|| j||ƒ}| j|||ƒ | j|||ƒ |S )Nzzone.enableProtocol('%s', '%s')r   )r   r^   r¢   r   r1   r;   r#   r<   Zadd_protocolr   rý   r  r?   ÚProtocolAdded)r)   r<   r  rÿ   r:   rç   r>   r-   r-   r.   ÚaddProtocol¬  s    




zFirewallD.addProtocolc             C   s\   t |tƒ}t |tƒ}tjd||f ƒ | j|ƒ | jjj||ƒ}| j||ƒ | j	||ƒ |S )Nzzone.removeProtocol('%s', '%s'))
r   r^   r   r1   r;   r#   r<   r  rA   r  )r)   r<   r  r:   rç   r-   r-   r.   ÚremoveProtocolÁ  s    


zFirewallD.removeProtocolc             C   s6   t |tƒ}t |tƒ}tjd||f ƒ | jjj||ƒS )Nzzone.queryProtocol('%s', '%s'))r   r^   r   r1   r#   r<   Zquery_protocol)r)   r<   r  r:   r-   r-   r.   ÚqueryProtocolÑ  s    

zFirewallD.queryProtocolc             C   s&   t |tƒ}tjd| ƒ | jjj|ƒS )Nzzone.getProtocols('%s'))r   r^   r   r1   r#   r<   Zlist_protocols)r)   r<   r:   r-   r-   r.   ÚgetProtocolsÜ  s    
zFirewallD.getProtocolsc             C   s   t jd|||f ƒ d S )Nz"zone.ProtocolAdded('%s', '%s', %d))r   r1   )r)   r<   r  rÿ   r-   r-   r.   r  è  s    zFirewallD.ProtocolAddedc             C   s   t jd||f ƒ d S )Nz zone.ProtocolRemoved('%s', '%s'))r   r1   )r)   r<   r  r-   r-   r.   r  î  s    zFirewallD.ProtocolRemovedc             C   sJ   t jd|||f ƒ | j| d||f= | jjj|||ƒ | j|||ƒ d S )Nz-zone.disableTimedSourcePort('%s', '%s', '%s')Úsport)r   r1   r2   r#   r<   Úremove_source_portÚSourcePortRemoved)r)   r<   r  r  r-   r-   r.   ÚdisableTimedSourcePort÷  s
    z FirewallD.disableTimedSourcePortc             C   s    t |tƒ}t |tƒ}t |tƒ}t |tƒ}tjd|||f ƒ | j|ƒ | jjj|||||ƒ}|dkrŒt	j
|| j|||ƒ}| j|d||f|ƒ | j||||ƒ |S )Nz$zone.addSourcePort('%s', '%s', '%s')r   r  )r   r^   r¢   r   r1   r;   r#   r<   Zadd_source_portr   rý   r!  r?   ÚSourcePortAdded)r)   r<   r  r  rÿ   r:   rç   r>   r-   r-   r.   ÚaddSourcePortÿ  s    




zFirewallD.addSourcePortc             C   sr   t |tƒ}t |tƒ}t |tƒ}tjd|||f ƒ | j|ƒ | jjj|||ƒ}| j|d||fƒ | j	|||ƒ |S )Nz'zone.removeSourcePort('%s', '%s', '%s')r  )
r   r^   r   r1   r;   r#   r<   r  rA   r   )r)   r<   r  r  r:   rç   r-   r-   r.   ÚremoveSourcePort  s    


zFirewallD.removeSourcePortc             C   sD   t |tƒ}t |tƒ}t |tƒ}tjd|||f ƒ | jjj|||ƒS )Nz&zone.querySourcePort('%s', '%s', '%s'))r   r^   r   r1   r#   r<   Zquery_source_port)r)   r<   r  r  r:   r-   r-   r.   ÚquerySourcePort)  s    


zFirewallD.querySourcePortc             C   s&   t |tƒ}tjd| ƒ | jjj|ƒS )Nzzone.getSourcePorts('%s'))r   r^   r   r1   r#   r<   Zlist_source_ports)r)   r<   r:   r-   r-   r.   ÚgetSourcePorts6  s    
zFirewallD.getSourcePortsc             C   s   t jd||||f ƒ d S )Nz*zone.SourcePortAdded('%s', '%s', '%s', %d))r   r1   )r)   r<   r  r  rÿ   r-   r-   r.   r"  B  s    zFirewallD.SourcePortAddedc             C   s   t jd|||f ƒ d S )Nz(zone.SourcePortRemoved('%s', '%s', '%s'))r   r1   )r)   r<   r  r  r-   r-   r.   r   H  s    
zFirewallD.SourcePortRemovedc             C   s(   | j | d= | jjj|ƒ | j|ƒ d S )NÚ
masquerade)r2   r#   r<   Úremove_masqueradeÚMasqueradeRemoved)r)   r<   r-   r-   r.   ÚdisableTimedMasqueradeR  s    z FirewallD.disableTimedMasqueradeZsic             C   st   t |tƒ}t |tƒ}tjd| ƒ | j|ƒ | jjj|||ƒ}|dkrdt	j
|| j|ƒ}| j|d|ƒ | j||ƒ |S )Nzzone.addMasquerade('%s')r   r'  )r   r^   r¢   r   r1   r;   r#   r<   Zadd_masquerader   rý   r*  r?   ÚMasqueradeAdded)r)   r<   rÿ   r:   rç   r>   r-   r-   r.   ÚaddMasqueradeX  s    



zFirewallD.addMasqueradec             C   sJ   t |tƒ}tjd| ƒ | j|ƒ | jjj|ƒ}| j|dƒ | j	|ƒ |S )Nzzone.removeMasquerade('%s')r'  )
r   r^   r   r1   r;   r#   r<   r(  rA   r)  )r)   r<   r:   rç   r-   r-   r.   ÚremoveMasqueradel  s    


zFirewallD.removeMasqueradec             C   s&   t |tƒ}tjd| ƒ | jjj|ƒS )Nzzone.queryMasquerade('%s'))r   r^   r   r1   r#   r<   Zquery_masquerade)r)   r<   r:   r-   r-   r.   ÚqueryMasquerade{  s    
zFirewallD.queryMasqueradec             C   s   t jd||f ƒ d S )Nzzone.MasqueradeAdded('%s', %d))r   r1   )r)   r<   rÿ   r-   r-   r.   r+  …  s    zFirewallD.MasqueradeAddedc             C   s   t jd| ƒ d S )Nzzone.MasqueradeRemoved('%s'))r   r1   )r)   r<   r-   r-   r.   r)  Š  s    zFirewallD.MasqueradeRemovedc             C   s@   | j | ||||f= | jjj|||||ƒ | j|||||ƒ d S )N)r2   r#   r<   Úremove_forward_portÚForwardPortRemoved)r)   r<   r  r  ÚtoportÚtoaddrr-   r-   r.   Údisable_forward_port“  s    zFirewallD.disable_forward_portZsssssic       
      C   sÆ   t |tƒ}t |tƒ}t |tƒ}t |tƒ}t |tƒ}t |tƒ}tjd|||||f ƒ | j|ƒ | jjj|||||||ƒ}|dkr®t	j
|| j|||||ƒ}	| j|||||f|	ƒ | j||||||ƒ |S )Nz1zone.addForwardPort('%s', '%s', '%s', '%s', '%s')r   )r   r^   r¢   r   r1   r;   r#   r<   Zadd_forward_portr   rý   r3  r?   ÚForwardPortAdded)
r)   r<   r  r  r1  r2  rÿ   r:   rç   r>   r-   r-   r.   ÚaddForwardPort™  s&    




zFirewallD.addForwardPortZsssssc             C   s”   t |tƒ}t |tƒ}t |tƒ}t |tƒ}t |tƒ}tjd|||||f ƒ | j|ƒ | jjj|||||ƒ}| j|||||fƒ | j	|||||ƒ |S )Nz4zone.removeForwardPort('%s', '%s', '%s', '%s', '%s'))
r   r^   r   r1   r;   r#   r<   r/  rA   r0  )r)   r<   r  r  r1  r2  r:   rç   r-   r-   r.   ÚremoveForwardPort¶  s    



zFirewallD.removeForwardPortc             C   s`   t |tƒ}t |tƒ}t |tƒ}t |tƒ}t |tƒ}tjd|||||f ƒ | jjj|||||ƒS )Nz3zone.queryForwardPort('%s', '%s', '%s', '%s', '%s'))r   r^   r   r1   r#   r<   Zquery_forward_port)r)   r<   r  r  r1  r2  r:   r-   r-   r.   ÚqueryForwardPortÌ  s    


zFirewallD.queryForwardPortc             C   s&   t |tƒ}tjd| ƒ | jjj|ƒS )Nzzone.getForwardPorts('%s'))r   r^   r   r1   r#   r<   Zlist_forward_ports)r)   r<   r:   r-   r-   r.   ÚgetForwardPortsÝ  s    
zFirewallD.getForwardPortsc             C   s   t jd||||||f ƒ d S )Nz7zone.ForwardPortAdded('%s', '%s', '%s', '%s', '%s', %d))r   r1   )r)   r<   r  r  r1  r2  rÿ   r-   r-   r.   r4  é  s    zFirewallD.ForwardPortAddedc             C   s   t jd|||||f ƒ d S )Nz5zone.ForwardPortRemoved('%s', '%s', '%s', '%s', '%s'))r   r1   )r)   r<   r  r  r1  r2  r-   r-   r.   r0  ð  s    zFirewallD.ForwardPortRemovedc             C   s>   t jd||f ƒ | j| |= | jjj||ƒ | j||ƒ d S )Nz&zone.disableTimedIcmpBlock('%s', '%s'))r   r1   r2   r#   r<   Úremove_icmp_blockÚIcmpBlockRemoved)r)   r<   Úicmpr:   r-   r-   r.   ÚdisableTimedIcmpBlockú  s    zFirewallD.disableTimedIcmpBlockc             C   sŠ   t |tƒ}t |tƒ}t |tƒ}tjd||f ƒ | j|ƒ | jjj||||ƒ}|dkrxt	j
|| j|||ƒ}| j|||ƒ | j|||ƒ |S )Nz zone.enableIcmpBlock('%s', '%s')r   )r   r^   r¢   r   r1   r;   r#   r<   Zadd_icmp_blockr   rý   r<  r?   ÚIcmpBlockAdded)r)   r<   r;  rÿ   r:   rç   r>   r-   r-   r.   ÚaddIcmpBlock  s    





zFirewallD.addIcmpBlockc             C   s\   t |tƒ}t |tƒ}tjd||f ƒ | j|ƒ | jjj||ƒ}| j||ƒ | j	||ƒ |S )Nz zone.removeIcmpBlock('%s', '%s'))
r   r^   r   r1   r;   r#   r<   r9  rA   r:  )r)   r<   r;  r:   rç   r-   r-   r.   ÚremoveIcmpBlock  s    


zFirewallD.removeIcmpBlockc             C   s6   t |tƒ}t |tƒ}tjd||f ƒ | jjj||ƒS )Nzzone.queryIcmpBlock('%s', '%s'))r   r^   r   r1   r#   r<   Zquery_icmp_block)r)   r<   r;  r:   r-   r-   r.   ÚqueryIcmpBlock&  s    

zFirewallD.queryIcmpBlockc             C   s&   t |tƒ}tjd| ƒ | jjj|ƒS )Nzzone.getIcmpBlocks('%s'))r   r^   r   r1   r#   r<   Zlist_icmp_blocks)r)   r<   r:   r-   r-   r.   ÚgetIcmpBlocks1  s    
zFirewallD.getIcmpBlocksc             C   s   t jd|||f ƒ d S )Nz#zone.IcmpBlockAdded('%s', '%s', %d))r   r1   )r)   r<   r;  rÿ   r-   r-   r.   r=  =  s    zFirewallD.IcmpBlockAddedc             C   s   t jd||f ƒ d S )Nz!zone.IcmpBlockRemoved('%s', '%s'))r   r1   )r)   r<   r;  r-   r-   r.   r:  C  s    zFirewallD.IcmpBlockRemovedc             C   s@   t |tƒ}tjd| ƒ | j|ƒ | jjj||ƒ}| j|ƒ |S )Nz zone.addIcmpBlockInversion('%s'))	r   r^   r   r1   r;   r#   r<   Zadd_icmp_block_inversionÚIcmpBlockInversionAdded)r)   r<   r:   rç   r-   r-   r.   ÚaddIcmpBlockInversionL  s    


zFirewallD.addIcmpBlockInversionc             C   s>   t |tƒ}tjd| ƒ | j|ƒ | jjj|ƒ}| j|ƒ |S )Nz#zone.removeIcmpBlockInversion('%s'))	r   r^   r   r1   r;   r#   r<   Zremove_icmp_block_inversionÚIcmpBlockInversionRemoved)r)   r<   r:   rç   r-   r-   r.   ÚremoveIcmpBlockInversionZ  s    


z"FirewallD.removeIcmpBlockInversionc             C   s&   t |tƒ}tjd| ƒ | jjj|ƒS )Nz"zone.queryIcmpBlockInversion('%s'))r   r^   r   r1   r#   r<   Zquery_icmp_block_inversion)r)   r<   r:   r-   r-   r.   ÚqueryIcmpBlockInversionh  s    
z!FirewallD.queryIcmpBlockInversionc             C   s   t jd| ƒ d S )Nz"zone.IcmpBlockInversionAdded('%s'))r   r1   )r)   r<   r-   r-   r.   rB  r  s    z!FirewallD.IcmpBlockInversionAddedc             C   s   t jd| ƒ d S )Nz$zone.IcmpBlockInversionRemoved('%s'))r   r1   )r)   r<   r-   r-   r.   rD  w  s    z#FirewallD.IcmpBlockInversionRemovedc             C   s`   t |tƒ}t |tƒ}t |tƒ}tjd|||f ƒ | j|ƒ | jjj|||ƒ | j|||ƒ d S )Nz!direct.addChain('%s', '%s', '%s'))	r   r^   r   r1   r;   r#   r‰   Z	add_chainÚ
ChainAdded)r)   ÚipvÚtableÚchainr:   r-   r-   r.   ÚaddChain‚  s    



zFirewallD.addChainc             C   s`   t |tƒ}t |tƒ}t |tƒ}tjd|||f ƒ | j|ƒ | jjj|||ƒ | j|||ƒ d S )Nz$direct.removeChain('%s', '%s', '%s'))	r   r^   r   r1   r;   r#   r‰   Zremove_chainÚChainRemoved)r)   rH  rI  rJ  r:   r-   r-   r.   ÚremoveChain  s    



zFirewallD.removeChainc             C   sD   t |tƒ}t |tƒ}t |tƒ}tjd|||f ƒ | jjj|||ƒS )Nz#direct.queryChain('%s', '%s', '%s'))r   r^   r   r1   r#   r‰   Zquery_chain)r)   rH  rI  rJ  r:   r-   r-   r.   Ú
queryChainž  s
    


zFirewallD.queryChainc             C   s6   t |tƒ}t |tƒ}tjd||f ƒ | jjj||ƒS )Nzdirect.getChains('%s', '%s'))r   r^   r   r1   r#   r‰   Z
get_chains)r)   rH  rI  r:   r-   r-   r.   Ú	getChainsª  s    

zFirewallD.getChainsza(sss)c             C   s   t jdƒ | jjjƒ S )Nzdirect.getAllChains())r   r1   r#   r‰   rŠ   )r)   r:   r-   r-   r.   ÚgetAllChainsµ  s    
zFirewallD.getAllChainsc             C   s   t jd|||f ƒ d S )Nz#direct.ChainAdded('%s', '%s', '%s'))r   r1   )r)   rH  rI  rJ  r-   r-   r.   rG  ¾  s    zFirewallD.ChainAddedc             C   s   t jd|||f ƒ d S )Nz%direct.ChainRemoved('%s', '%s', '%s'))r   r1   )r)   rH  rI  rJ  r-   r-   r.   rL  Ã  s    
zFirewallD.ChainRemovedZsssiasc             C   sŽ   t |tƒ}t |tƒ}t |tƒ}t |tƒ}tdd„ |D ƒƒ}tjd||||dj|ƒf ƒ | j|ƒ | jj	j
|||||ƒ | j|||||ƒ d S )Nc             s   s   | ]}t |tƒV  qd S )N)r   r^   )Ú.0r¡   r-   r-   r.   ú	<genexpr>×  s    z$FirewallD.addRule.<locals>.<genexpr>z*direct.addRule('%s', '%s', '%s', %d, '%s')z',')r   r^   r¢   rÊ   r   r1   Újoinr;   r#   r‰   rü   Ú	RuleAdded)r)   rH  rI  rJ  Úpriorityr*   r:   r-   r-   r.   ÚaddRuleÍ  s    



zFirewallD.addRulec             C   sŽ   t |tƒ}t |tƒ}t |tƒ}t |tƒ}tdd„ |D ƒƒ}tjd||||dj|ƒf ƒ | j|ƒ | jj	j
|||||ƒ | j|||||ƒ d S )Nc             s   s   | ]}t |tƒV  qd S )N)r   r^   )rQ  r¡   r-   r-   r.   rR  è  s    z'FirewallD.removeRule.<locals>.<genexpr>z-direct.removeRule('%s', '%s', '%s', %d, '%s')z',')r   r^   r¢   rÊ   r   r1   rS  r;   r#   r‰   rø   ÚRuleRemoved)r)   rH  rI  rJ  rU  r*   r:   r-   r-   r.   Ú
removeRuleÞ  s    



zFirewallD.removeRulec             C   sˆ   t |tƒ}t |tƒ}t |tƒ}tjd|||f ƒ | j|ƒ xF| jjj|||ƒD ]0\}}| jjj|||||ƒ | j	|||||ƒ qPW d S )Nz$direct.removeRules('%s', '%s', '%s'))
r   r^   r   r1   r;   r#   r‰   Ú	get_rulesrø   rW  )r)   rH  rI  rJ  r:   rU  r*   r-   r-   r.   ÚremoveRulesï  s    



zFirewallD.removeRulesc             C   sn   t |tƒ}t |tƒ}t |tƒ}t |tƒ}tdd„ |D ƒƒ}tjd||||dj|ƒf ƒ | jjj	|||||ƒS )Nc             s   s   | ]}t |tƒV  qd S )N)r   r^   )rQ  r¡   r-   r-   r.   rR  	  s    z&FirewallD.queryRule.<locals>.<genexpr>z,direct.queryRule('%s', '%s', '%s', %d, '%s')z',')
r   r^   r¢   rÊ   r   r1   rS  r#   r‰   r  )r)   rH  rI  rJ  rU  r*   r:   r-   r-   r.   Ú	queryRuleþ  s    


zFirewallD.queryRuleza(ias)c             C   sD   t |tƒ}t |tƒ}t |tƒ}tjd|||f ƒ | jjj|||ƒS )Nz!direct.getRules('%s', '%s', '%s'))r   r^   r   r1   r#   r‰   rY  )r)   rH  rI  rJ  r:   r-   r-   r.   ÚgetRules	  s
    


zFirewallD.getRulesz	a(sssias)c             C   s   t jdƒ | jjjƒ S )Nzdirect.getAllRules())r   r1   r#   r‰   r‹   )r)   r:   r-   r-   r.   ÚgetAllRules	  s    
zFirewallD.getAllRulesc             C   s"   t jd||||dj|ƒf ƒ d S )Nz,direct.RuleAdded('%s', '%s', '%s', %d, '%s')z',')r   r1   rS  )r)   rH  rI  rJ  rU  r*   r-   r-   r.   rT  "	  s    zFirewallD.RuleAddedc             C   s"   t jd||||dj|ƒf ƒ d S )Nz.direct.RuleRemoved('%s', '%s', '%s', %d, '%s')z',')r   r1   rS  )r)   rH  rI  rJ  rU  r*   r-   r-   r.   rW  (	  s    zFirewallD.RuleRemovedrS   c             C   sØ   t |tƒ}tdd„ |D ƒƒ}tjd|dj|ƒf ƒ | j|ƒ y| jjj	||ƒS  t
k
rÒ } zh|dkrztddd	d
gƒ}ntd	d
gƒ}t|ƒ}|jtjkrÀtt|ƒ|@ ƒdkr¸tj|ƒ t|ƒ‚‚ W Y d d }~X nX d S )Nc             s   s   | ]}t |tƒV  qd S )N)r   r^   )rQ  r¡   r-   r-   r.   rR  9	  s    z(FirewallD.passthrough.<locals>.<genexpr>zdirect.passthrough('%s', '%s')z','rH   rL   z-Cz--checkz-Lz--listr   )rH   rL   )r   r^   rÊ   r   r1   rS  r;   r#   r‰   Úpassthroughr   ÚsetÚcoder   ZCOMMAND_FAILEDrà   rx   r   )r)   rH  r*   r:   r9   Z
query_argsÚmsgr-   r-   r.   r^  2	  s"    


zFirewallD.passthroughc             C   s\   t |ƒ}tdd„ |D ƒƒ}tjd|dj|ƒf ƒ | j|ƒ | jjj||ƒ | j	||ƒ d S )Nc             s   s   | ]}t |ƒV  qd S )N)r   )rQ  r¡   r-   r-   r.   rR  T	  s    z+FirewallD.addPassthrough.<locals>.<genexpr>z!direct.addPassthrough('%s', '%s')z',')
r   rÊ   r   r1   rS  r;   r#   r‰   Zadd_passthroughÚPassthroughAdded)r)   rH  r*   r:   r-   r-   r.   ÚaddPassthroughM	  s    
zFirewallD.addPassthroughc             C   s\   t |ƒ}tdd„ |D ƒƒ}tjd|dj|ƒf ƒ | j|ƒ | jjj||ƒ | j	||ƒ d S )Nc             s   s   | ]}t |ƒV  qd S )N)r   )rQ  r¡   r-   r-   r.   rR  b	  s    z.FirewallD.removePassthrough.<locals>.<genexpr>z$direct.removePassthrough('%s', '%s')z',')
r   rÊ   r   r1   rS  r;   r#   r‰   Zremove_passthroughÚPassthroughRemoved)r)   rH  r*   r:   r-   r-   r.   ÚremovePassthrough[	  s    
zFirewallD.removePassthroughc             C   sB   t |ƒ}tdd„ |D ƒƒ}tjd|dj|ƒf ƒ | jjj||ƒS )Nc             s   s   | ]}t |ƒV  qd S )N)r   )rQ  r¡   r-   r-   r.   rR  p	  s    z-FirewallD.queryPassthrough.<locals>.<genexpr>z#direct.queryPassthrough('%s', '%s')z',')r   rÊ   r   r1   rS  r#   r‰   Zquery_passthrough)r)   rH  r*   r:   r-   r-   r.   ÚqueryPassthroughi	  s
    zFirewallD.queryPassthroughza(sas)c             C   s   t jdƒ | jjjƒ S )Nzdirect.getAllPassthroughs())r   r1   r#   r‰   rŒ   )r)   r:   r-   r-   r.   ÚgetAllPassthroughsu	  s    
zFirewallD.getAllPassthroughsc             C   s.   t jdƒ xt| jƒ ƒD ]}| j|Ž  qW d S )Nzdirect.removeAllPassthroughs())r   r1   Úreversedrg  re  )r)   r:   r^  r-   r-   r.   ÚremoveAllPassthroughs~	  s    
zFirewallD.removeAllPassthroughsc             C   s"   t |ƒ}tjd|ƒ | jjj|ƒS )Nzdirect.getPassthroughs('%s'))r   r   r1   r#   r‰   Zget_passthroughs)r)   rH  r:   r-   r-   r.   ÚgetPassthroughs‰	  s    zFirewallD.getPassthroughsc             C   s   t jd|dj|ƒf ƒ d S )Nz#direct.PassthroughAdded('%s', '%s')z',')r   r1   rS  )r)   rH  r*   r-   r-   r.   rb  “	  s    zFirewallD.PassthroughAddedc             C   s   t jd|dj|ƒf ƒ d S )Nz%direct.PassthroughRemoved('%s', '%s')z',')r   r1   rS  )r)   rH  r*   r-   r-   r.   rd  ™	  s    zFirewallD.PassthroughRemovedc             C   s   dS )zÈ PK_ACTION_ALL implies all other actions, i.e. once a subject is
            authorized for PK_ACTION_ALL it's also authorized for any other action.
            Use-case is GUI (RHBZ#994729).
        Nr-   )r)   r:   r-   r-   r.   ÚauthorizeAll¡	  s    	zFirewallD.authorizeAllc             C   s$   t |ƒ}tjd| ƒ | jjj|ƒS )Nzipset.queryIPSet('%s'))r   r   r1   r#   r|   Zquery_ipset)r)   r|   r:   r-   r-   r.   Ú
queryIPSet°	  s    zFirewallD.queryIPSetc             C   s   t jdƒ | jjjƒ S )Nzipsets.getIPSets())r   r1   r#   r|   r}   )r)   r:   r-   r-   r.   Ú	getIPSetsº	  s    
zFirewallD.getIPSetsc             C   s(   t |tƒ}tjd|ƒ | jjj|ƒjƒ S )NzgetIPSetSettings(%s))r   r^   r   r1   r#   r|   Z	get_ipsetrŽ   )r)   r|   r:   r-   r-   r.   r~   Ã	  s    
zFirewallD.getIPSetSettingsc             C   sL   t |ƒ}t |ƒ}tjd||f ƒ | j|ƒ | jjj||ƒ | j||ƒ d S )Nzipset.addEntry('%s', '%s'))r   r   r1   r;   r#   r|   Z	add_entryÚ
EntryAdded)r)   r|   Úentryr:   r-   r-   r.   ÚaddEntryÏ	  s    
zFirewallD.addEntryc             C   sL   t |ƒ}t |ƒ}tjd||f ƒ | j|ƒ | jjj||ƒ | j||ƒ d S )Nzipset.removeEntry('%s', '%s'))r   r   r1   r;   r#   r|   Zremove_entryÚEntryRemoved)r)   r|   ro  r:   r-   r-   r.   ÚremoveEntryÜ	  s    
zFirewallD.removeEntryc             C   s2   t |ƒ}t |ƒ}tjd||f ƒ | jjj||ƒS )Nzipset.queryEntry('%s', '%s'))r   r   r1   r#   r|   Zquery_entry)r)   r|   ro  r:   r-   r-   r.   Ú
queryEntryé	  s    zFirewallD.queryEntryc             C   s$   t |ƒ}tjd| ƒ | jjj|ƒS )Nzipset.getEntries('%s'))r   r   r1   r#   r|   Úget_entries)r)   r|   r:   r-   r-   r.   Ú
getEntriesô	  s    zFirewallD.getEntriesc             C   s”   t |ƒ}t |tƒ}tjd|dj|ƒƒ | jjj|ƒ}| jjj||ƒ t	|ƒ}t	|ƒ}x|| D ]}| j
||ƒ q^W x|| D ]}| j||ƒ q|W d S )Nzipset.setEntries('%s', '[%s]')ú,)r   Úlistr   r1   rS  r#   r|   rt  Zset_entriesr_  rn  rq  )r)   r|   Zentriesr:   Zold_entriesZold_entries_setZentries_setro  r-   r-   r.   Ú
setEntriesþ	  s    
zFirewallD.setEntriesc             C   s&   t |ƒ}t |ƒ}tjd||f ƒ d S )Nzipset.EntryAdded('%s', '%s'))r   r   r1   )r)   r|   ro  r-   r-   r.   rn  
  s    zFirewallD.EntryAddedc             C   s&   t |ƒ}t |ƒ}tjd||f ƒ d S )Nzipset.EntryRemoved('%s', '%s'))r   r   r1   )r)   r|   ro  r-   r-   r.   rq  
  s    zFirewallD.EntryRemovedc             C   s   t jdƒ | jjjƒ S )Nzhelpers.getHelpers())r   r1   r#   r†   r‡   )r)   r:   r-   r-   r.   Ú
getHelpers!
  s    
zFirewallD.getHelpersc             C   s(   t |tƒ}tjd|ƒ | jjj|ƒjƒ S )NzgetHelperSettings(%s))r   r^   r   r1   r#   r†   Z
get_helperrŽ   )r)   r†   r:   r-   r-   r.   rˆ   *
  s    
zFirewallD.getHelperSettings)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)r   )N)N)N)N)r   )N)N)N)N)r   )N)N)N)r   )N)N)N)N)r   )N)N)N)N)r   )N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)éÚ__name__Ú
__module__Ú__qualname__Ú__doc__Z
persistentr   r'   ZPK_ACTION_CONFIGZdefault_polkit_auth_requiredr   r"   r0   r&   r/   r
   r;   r?   rA   rC   rZ   r   ZPROPERTIES_IFACEre   rh   ÚslipZpolkitZrequire_authri   rr   Úsignalrj   ZPK_ACTION_INFOZINTROSPECTABLE_IFACErk   r(   rn   rp   ro   rq   r“   ZPK_ACTION_POLICIESra   r•   r—   ZPK_ACTION_POLICIES_INFOr™   r”   r–   r›   r   rž   r    rš   rœ   r¤   r¦   r§   r¨   r£   r¥   rª   r¬   r­   r®   r©   r«   r°   r²   r³   r´   r¯   r±   r¶   r¸   r¹   rµ   r·   ZPK_ACTION_CONFIG_INFOrº   r_   r€   r¾   r½   ZDBUS_INTERFACE_POLICYr…   rÀ   r¿   rÁ   rt   rÌ   rÍ   r   ZDBUS_SIGNATUREr{   rÎ   rÑ   rÏ   rÓ   rÔ   rÕ   rÖ   rØ   r×   rÙ   rÚ   rÛ   rá   râ   rä   rå   rè   rê   ré   r‚   rí   r   ræ   rî   rë   rì   rð   rò   rô   rõ   rö   rï   rñ   ró   rû   r   r  r  r  rþ   rù   r  rv   r	  r
  r  r  r  r  r  r  r  r  r  r  r  r  r  r  r  r  r  r!  r#  r$  r%  r&  r"  r   r*  r,  r-  r.  r+  r)  r3  r5  r6  r7  r8  r4  r0  r<  r>  r?  r@  rA  r=  r:  rC  rE  rF  rB  rD  ZPK_ACTION_DIRECTr`   rK  rM  ZPK_ACTION_DIRECT_INFOrN  rO  rP  rG  rL  rV  rX  rZ  r[  r\  r]  rT  rW  r^  rc  re  rf  rg  ri  rj  rb  rd  ZPK_ACTION_ALLrk  rb   rl  rm  r   r~   rp  rr  rs  ru  rx  rn  rq  ry  r   rˆ   Ú__classcell__r-   r-   )r,   r.   r   A   sì  	0"	



 K



	
	


	
	


	
	


	
	



























	






	





	














	






	
	


	
















	





	









	
	




)9Ú__all__Zgi.repositoryr   r   ÚsysÚmodulesrÇ   r'   Zdbus.serviceZ	slip.dbusr~  Zslip.dbus.serviceZfirewallr   Zfirewall.core.fwr   Zfirewall.core.richr   Zfirewall.core.loggerr   Zfirewall.clientr	   Zfirewall.server.decoratorsr
   r   r   r   Zfirewall.server.configr   Zfirewall.dbus_utilsr   r   r   r   r   r   r   Zfirewall.core.io.functionsr   Zfirewall.core.io.ipsetr   Zfirewall.core.io.icmptyper   Zfirewall.core.io.helperr   Zfirewall.core.fw_nmr   r   r   Zfirewall.core.fw_ifcfgr   r   Zfirewall.errorsr   rr   ZObjectr   r-   r-   r-   r.   Ú<module>   s2   
$