a i@sJdgZddlmZddlZddlZddlZddlZddlmZddl m Z ddl m Z ddl mZddlmZdd lmZmZdd lmZmZmZmZmZmZdd lmZdd lmZmZm Z m!Z!m"Z"m#Z#m$Z$m%Z%dd l&m'Z'ddl(m)Z)ddl*m+Z+ddl,m-Z-ddl.m/Z/m0Z0ddl1m2Z2ddlm3Z3ddl4m5Z5GdddeZ6dS) FirewallD)GLibN)config)Firewall) Rich_Rule)log)FirewallClientZoneSettings)FirewallDBusExceptionDbusServiceObject)dbus_handle_exceptionsdbus_service_methodhandle_exceptionsdbus_service_method_deprecateddbus_service_signal_deprecateddbus_polkit_require_auth)FirewallDConfig)dbus_to_pythoncommand_of_sendercontext_of_sender uid_of_sender user_of_uid%dbus_introspection_prepare_properties!dbus_introspection_add_properties!dbus_introspection_add_deprecated)check_on_disk_config)IPSet)IcmpType)Helper)nm_get_connection_of_interfacenm_set_zone_of_connection)ifcfg_set_zone_of_interface)errors) FirewallErrorcs !eZdZdZdZejjZe fddZ ddZ e ddZ e d d Z ed d Zed dZeddZeddZeddZeejdddedddZeejdddedddZeejjeejdd edd!d"Zejjejd#d$d%d&Zeejjeejdd'edfd(d) Zeejjeejj d*d*dedd+d,Z!eejjeejj d*d*dedd-d.Z"ejejj ed/d0Z#eejjeejj d*d*ddd1d2Z$eejjeejj d*d*dedd3d4Z%eejjeejj d*d*dedd5d6Z&eejj'eejj(d*d*dedd7d8Z)eejj'eejj(d*d*dedd9d:Z*eejj+eejj(d*d;deddd?Z-ejjejj(d*d$ed@dAZ.eejj'eejj(dd*deddBdCZ/eejj'eejj(dd*deddDdEZ0eejj+eejj(dd;deddFdGZ1eejj+eejj(d*dHdeddIdJZ2ejjejj(dd$edKdLZ3ejjejj(dd$edMdNZ4eejj'eejj(dOd*deddPdQZ5eejj'eejj(dOd*deddRdSZ6eejj+eejj(dOd;deddTdUZ7eejj+eejj(d*dVdeddWdXZ8ejjejj(dOd$edYdZZ9ejjejj(dOd$ed[d\Z:eejj'eejj(dd*dedd]d^Z;eejj'eejj(dd*dedd_d`Zejjejj(dd$ededfZ?ejjejj(dd$edgdhZ@eejj'eejj(dd*deddidjZAeejj'eejj(dd*deddkdlZBeejj+eejj(dd;deddmdnZCeejj+eejj(d*dHdeddodpZDejjejj(dd$edqdrZEejjejj(dd$edsdtZFeejjeejj d*d*deddudvZGeejjeejj d*d*deddwdxZHeejjeejj d*d;deddydzZIejjejj d*d$ed{d|ZJejjejj d*d$ed}d~ZKeejjLeejj dddedddZMeejjLeejjNdddedddZOeejjLeejjNdd edddZPejjejjNdd$eddZQeejjLeejjRdddedddZSeejjLeejjRdd edddZTejjejjRdd$eddZUeejjeejj d*dHdedddZVeejjLeejj dddedddZWeejjLeejj dddedddZXeejjeejj d*dHdedddZYeejjLeejj deZj[dedddZ\eejjLeejj d*ddedddZ]eejjeejj dd*dedddZ^ejjejj dd$eddZ_eejjLeejj d*ddedddZ`eejjeejj dd*dedddZaejjejj dd$eddZbeejjeejj d*ddedddZceejjeejj dd*dedddZdejjejj dd$eddZeeejjeejjRd*dHdedddZfeejjeejjRd*ddedddZgeejjeejjNd*dHdedddZheejjeejjNd*ddedddZieejjeejjNdddedddZjeejjeejjNdddedddZkeejjLeejjNdd;dedddZleejjeejjNdddedddZmeejjeejjNdddedddZneejjeejjNdddedddZoeejjeejjNdddeddd„ZpeejjLeejjNdd;dedddĄZqeejjLeejjNddHdedddƄZrejjejjNdd$eddȄZsejjejjNdd$eddʄZtejjejjNdd$edd̄ZuejjejjNdd$edd΄ZveejjeejjNdddedddЄZweejjeejjNdddeddd҄ZxeejjeejjNdddedddԄZyeejjLeejjNdd;dedddքZzeejjLeejjNddHdeddd؄Z{ejjejjNdd$eddڄZ|ejjejjNdd$edd܄Z}ejjejjNdd$eddބZ~eddZeejjeejjNdddedddZeejjeejjNdddedddZeejjLeejjNdd;dedddZeejjLeejjNddHdedddZejjejjNdd$eddZejjejjNdd$eddZeddZeejjeejjNdddedddZeejjeejjNdddedddZeejjLeejjNdd;dedddZeejjLeejjNddHdedddZejjejjNdd$eddZejjejjNdd$eddZeddZeejjeejjNdddedddZeejjeejjNdddedddZeejjLeejjNdd;dedddZeejjLeejjNdddedddZejjejjNdd$edd d ZejjejjNdd$ed d ZeddZeejjeejjNdddedddZeejjeejjNdddedddZeejjLeejjNdd;dedddZeejjLeejjNddHdedddZejjejjNdd$edddZejjejjNdd$eddZeddZeejjeejjNdddedddZeejjeejjNdddedd d!ZeejjLeejjNdd;dedd"d#ZeejjLeejjNdddedd$d%ZejjejjNdd$edd&d'ZejjejjNdd$ed(d)Zed*d+ZeejjeejjNd,ddedd-d.ZeejjeejjNdddedd/d0ZeejjLeejjNdd;ded d1d2ZejjejjNd,d$ed d3d4ZejjejjNdd$ed5d6Zed7d8ZeejjeejjNd9dded d:d;ZeejjeejjNdZeejjLeejjNd|S)Nz Introspect())rZdebug2r*r Introspectr-r,Zget_busrrr&r)rkrrZ deprecatedr)r.rAdata interfacer0r2r3rx+s zFirewallD.IntrospectcCs*td|j|j|dS)z#Reload the firewall rules. zreload()Nrr8r$reloadrReloadedr.rAr2r2r3r}As   zFirewallD.reloadcCs,td|jd|j|dS)zCompletely reload the firewall. Completely reload the firewall: Stops firewall, unloads modules and starts the firewall again. zcompleteReload()TNr|rr2r2r3completeReloadPs   zFirewallD.completeReloadcCstddS)Nz Reloaded()rr8r6r2r2r3r~`szFirewallD.ReloadedcCs"td|jj|dS)zbreset to firewall's builtin defaults. Reloads firewalld to apply changes properly zfirewalld.reset_to_defaults()N)rr8r$rZreset_defaultsr}rr2r2r3resetToDefaultses  zFirewallD.resetToDefaultscCstdt|jdS)z&Check permanent configuration zcheckPermanentConfig()N)rr8rr$rr2r2r3checkPermanentConfigps zFirewallD.checkPermanentConfigc Cstd|jjdkr"ttjdd}|j}|jj D]}| |}zj||vr|j |}| |krtd|||qtd|ntd||j||Wq<ty}z"td||fd }WYd }~qf}z6|j |krtd|j|n tdWn8ty(}ztd|d }WYd }~n d }~00|jj?j@A}z6|j |krbtd |jB|n td!Wn8ty}ztd"|d }WYd }~n d }~00|rttjCd S)#z-Make runtime configuration permanent zcopyRuntimeToPermanent()ZFAILEDzSaving runtime to permanent is not allowed while firewalld is in FAILED state. The permanent configuration must be fixed and then firewalld restarted. Try `firewall-offline-cmd --check-config`.FzCopying service '%s' settingsz$Service '%s' is identical, ignoring.zCreating service '%s'z/Runtime To Permanent failed on service '%s': %sTNzCopying icmptype '%s' settingsz%IcmpType '%s' is identical, ignoring.zCreating icmptype '%s'z0Runtime To Permanent failed on icmptype '%s': %szCopying ipset '%s' settingsz"IPSet '%s' is identical, ignoring.zCreating ipset '%s'z-Runtime To Permanent failed on ipset '%s': %szEZone '%s': interface binding for '%s' has been added by NM, ignoring.zCopying zone '%s' settingszCreating zone '%s'z,Runtime To Permanent failed on zone '%s': %szCreating policy '%s'z.Runtime To Permanent failed on policy '%s': %szCopying helper '%s' settingsz#Helper '%s' is identical, ignoring.zCreating helper '%s'z.Runtime To Permanent failed on helper '%s': %szCopying direct configurationz,Direct configuration is identical, ignoring.z7Runtime To Permanent failed on direct configuration: %szCopying policies configurationz.Policies configuration is identical, ignoring.z9Runtime To Permanent failed on policies configuration: %s)Drr8r$_stater"r!ZRUNNING_BUT_FAILEDrZgetServiceNamesr( get_servicesgetServiceSettingsZgetServiceByNameZ getSettingsupdate addService ExceptionwarningZgetIcmpTypeNamesicmptype get_icmptypesgetIcmpTypeSettingsZgetIcmpTypeByNameZ addIcmpTypeZ getIPSetNamesipset get_ipsetsgetIPSetSettingsZgetIPSetByNameZaddIPSetZ getZoneNamesrC get_zonesgetZoneSettings2rcopydeepcopy getInterfacesZ_nm_assigned_interfacesremoveInterfacerrZgetSettingsDictr Z getZoneByNameZupdate2ZaddZone2ZgetPolicyNamespolicy"get_policies_not_derived_from_zonegetPolicySettingsZgetPolicyByNameZ addPolicyZgetHelperNameshelper get_helpersgetHelperSettingsZgetHelperByNameZ addHelperdirectget_all_chains get_all_rulesget_all_passthroughsr>lockdown_whitelist export_configZsetLockdownWhitelistZRT_TO_PERM_FAILED) r.rAr@Z config_namesr/ZconfZconf_objesettingsZchangedrzZ connectionr2r2r3runtimeToPermanent|sF                                           zFirewallD.runtimeToPermanentcCs,td|||jj|dS)z!Enable lockdown policies zpolicies.enableLockdown()N)rr8rBr$r>Zenable_lockdownLockdownEnabledrr2r2r3enableLockdownNs   zFirewallD.enableLockdowncCs,td|||jj|dS)z"Disable lockdown policies zpolicies.disableLockdown()N)rr8rBr$r>Zdisable_lockdownLockdownDisabledrr2r2r3disableLockdownZs   zFirewallD.disableLockdownbcCstd|jjS)z,Returns True if lockdown is enabled zpolicies.queryLockdown())rr8r$r>r?rr2r2r3 queryLockdownfs zFirewallD.queryLockdowncCstddS)NzLockdownEnabled()rr6r2r2r3rqszFirewallD.LockdownEnabledcCstddS)NzLockdownDisabled()rr6r2r2r3rvszFirewallD.LockdownDisabledcCs@t|t}td||||jjj|| |dS)Add lockdown command z*policies.addLockdownWhitelistCommand('%s')N) rrirr8rBr$r>rZ add_commandLockdownWhitelistCommandAddedr.r=rAr2r2r3addLockdownWhitelistCommands   z%FirewallD.addLockdownWhitelistCommandcCs@t|t}td||||jjj|| |dS)z Remove lockdown command z-policies.removeLockdownWhitelistCommand('%s')N) rrirr8rBr$r>rZremove_commandLockdownWhitelistCommandRemovedrr2r2r3removeLockdownWhitelistCommands   z(FirewallD.removeLockdownWhitelistCommandcCs(t|t}td||jjj|S)zQuery lockdown command z,policies.queryLockdownWhitelistCommand('%s'))rrirr8r$r>rZ has_commandrr2r2r3queryLockdownWhitelistCommands z'FirewallD.queryLockdownWhitelistCommandascCstd|jjjS)rz'policies.getLockdownWhitelistCommands())rr8r$r>rZ get_commandsrr2r2r3getLockdownWhitelistCommandss z&FirewallD.getLockdownWhitelistCommandscCstd|dS)Nz#LockdownWhitelistCommandAdded('%s')rr.r=r2r2r3rsz'FirewallD.LockdownWhitelistCommandAddedcCstd|dS)Nz%LockdownWhitelistCommandRemoved('%s')rrr2r2r3rsz)FirewallD.LockdownWhitelistCommandRemovedicCs@t|t}td||||jjj|| |dS)Add lockdown uid z&policies.addLockdownWhitelistUid('%s')N) rintrr8rBr$r>rZadd_uidLockdownWhitelistUidAddedr.r;rAr2r2r3addLockdownWhitelistUids   z!FirewallD.addLockdownWhitelistUidcCs@t|t}td||||jjj|| |dS)zRemove lockdown uid z)policies.removeLockdownWhitelistUid('%s')N) rrrr8rBr$r>rZ remove_uidLockdownWhitelistUidRemovedrr2r2r3removeLockdownWhitelistUids   z$FirewallD.removeLockdownWhitelistUidcCs(t|t}td||jjj|S)zQuery lockdown uid z(policies.queryLockdownWhitelistUid('%s'))rrrr8r$r>rZhas_uidrr2r2r3queryLockdownWhitelistUids z#FirewallD.queryLockdownWhitelistUidZaicCstd|jjjS)rz#policies.getLockdownWhitelistUids())rr8r$r>rZget_uidsrr2r2r3getLockdownWhitelistUidss z"FirewallD.getLockdownWhitelistUidscCstd|dS)NzLockdownWhitelistUidAdded(%d)rr.r;r2r2r3rsz#FirewallD.LockdownWhitelistUidAddedcCstd|dS)NzLockdownWhitelistUidRemoved(%d)rrr2r2r3rsz%FirewallD.LockdownWhitelistUidRemovedcCs@t|t}td||||jjj|| |dS)Add lockdown user z'policies.addLockdownWhitelistUser('%s')N) rrirr8rBr$r>rZadd_userLockdownWhitelistUserAddedr.r<rAr2r2r3addLockdownWhitelistUsers   z"FirewallD.addLockdownWhitelistUsercCs@t|t}td||||jjj|| |dS)zRemove lockdown user z*policies.removeLockdownWhitelistUser('%s')N) rrirr8rBr$r>rZ remove_userLockdownWhitelistUserRemovedrr2r2r3removeLockdownWhitelistUsers   z%FirewallD.removeLockdownWhitelistUsercCs(t|t}td||jjj|S)zQuery lockdown user z)policies.queryLockdownWhitelistUser('%s'))rrirr8r$r>rZhas_userrr2r2r3queryLockdownWhitelistUsers z$FirewallD.queryLockdownWhitelistUsercCstd|jjjS)rz$policies.getLockdownWhitelistUsers())rr8r$r>rZ get_usersrr2r2r3getLockdownWhitelistUserss z#FirewallD.getLockdownWhitelistUserscCstd|dS)Nz LockdownWhitelistUserAdded('%s')rr.r<r2r2r3r*sz$FirewallD.LockdownWhitelistUserAddedcCstd|dS)Nz"LockdownWhitelistUserRemoved('%s')rrr2r2r3r/sz&FirewallD.LockdownWhitelistUserRemovedcCs@t|t}td||||jjj|| |dS)Add lockdown context z*policies.addLockdownWhitelistContext('%s')N) rrirr8rBr$r>rZ add_contextLockdownWhitelistContextAddedr.r:rAr2r2r3addLockdownWhitelistContext6s   z%FirewallD.addLockdownWhitelistContextcCs@t|t}td||||jjj|| |dS)z Remove lockdown context z-policies.removeLockdownWhitelistContext('%s')N) rrirr8rBr$r>rZremove_contextLockdownWhitelistContextRemovedrr2r2r3removeLockdownWhitelistContextCs   z(FirewallD.removeLockdownWhitelistContextcCs(t|t}td||jjj|S)zQuery lockdown context z,policies.queryLockdownWhitelistContext('%s'))rrirr8r$r>rZ has_contextrr2r2r3queryLockdownWhitelistContextPs z'FirewallD.queryLockdownWhitelistContextcCstd|jjjS)rz'policies.getLockdownWhitelistContexts())rr8r$r>rZ get_contextsrr2r2r3getLockdownWhitelistContexts\s z&FirewallD.getLockdownWhitelistContextscCstd|dS)Nz#LockdownWhitelistContextAdded('%s')rr.r:r2r2r3rgsz'FirewallD.LockdownWhitelistContextAddedcCstd|dS)Nz%LockdownWhitelistContextRemoved('%s')rrr2r2r3rlsz)FirewallD.LockdownWhitelistContextRemovedcCs*td|||j|dS)zfEnable panic mode. All ingoing and outgoing connections and packets will be blocked. zenablePanicMode()N)rr8rBr$Zenable_panic_modePanicModeEnabledrr2r2r3enablePanicModeus   zFirewallD.enablePanicModecCs*td|||j|dS)zDisable panic mode. Enables normal mode: Allowed ingoing and outgoing connections will not be blocked anymore zdisablePanicMode()N)rr8rBr$Zdisable_panic_modePanicModeDisabledrr2r2r3disablePanicModes   zFirewallD.disablePanicModecCstd|jS)NzqueryPanicMode())rr8r$Zquery_panic_moderr2r2r3queryPanicModes zFirewallD.queryPanicModecCstddS)NzPanicModeEnabled()rr6r2r2r3rszFirewallD.PanicModeEnabledcCstddS)NzPanicModeDisabled()rr6r2r2r3rszFirewallD.PanicModeDisabledz&(sssbsasa(ss)asba(ssss)asasasasa(ss)b)cCs$t|t}td||jj|S)NzgetZoneSettings(%s))rrirr8r$rCZget_config_with_settingsr.rCrAr2r2r3getZoneSettingss  zFirewallD.getZoneSettingscCs$t|t}td||jj|S)NzgetZoneSettings2(%s))rrirr8r$rCget_config_with_settings_dictrr2r2r3rs  zFirewallD.getZoneSettings2zsa{sv}cCsFt|t}td||||jj|t|||||dS)NzsetZoneSettings2(%s)) rrirr8rBr$rCset_config_with_settings_dict ZoneUpdated)r.rCrrAr2r2r3setZoneSettings2s    zFirewallD.setZoneSettings2cCstd||fdS)Nzzone.ZoneUpdated('%s', '%s')r)r.rCrr2r2r3rszFirewallD.ZoneUpdatedcCs$t|t}td||jj|S)Nzpolicy.getPolicySettings(%s))rrirr8r$rr)r.rrAr2r2r3rs  zFirewallD.getPolicySettingscCsFt|t}td||||jj|t|||||dS)Nzpolicy.setPolicySettings(%s)) rrirr8rBr$rr PolicyUpdated)r.rrrAr2r2r3setPolicySettingss    zFirewallD.setPolicySettingscCstd||fdS)Nz policy.PolicyUpdated('%s', '%s')r)r.rrr2r2r3rszFirewallD.PolicyUpdatedcCstd|jjS)NzlistServices())rr8r$r(rrr2r2r3 listServicess zFirewallD.listServicesz(sssa(ss)asa{ss}asa(ss))c Cst|t}td||jj|}|}g}tdD]P}|j |d|vrp| t t ||j |dq8| ||j |dq8t|S)NzgetServiceSettings(%s)r)rrirr8r$r( get_serviceexport_config_dictrangeZIMPORT_EXPORT_STRUCTUREappendrrgetattrtuple)r.r(rAobjZ conf_dictZ conf_listrr2r2r3rs   "zFirewallD.getServiceSettingscCs,t|t}td||jj|}|S)NzgetServiceSettings2(%s))rrirr8r$r(rr)r.r(rArr2r2r3getServiceSettings2s  zFirewallD.getServiceSettings2cCstd|jjS)NzlistIcmpTypes())rr8r$rrrr2r2r3 listIcmpTypes s zFirewallD.listIcmpTypescCs(t|t}td||jj|S)NzgetIcmpTypeSettings(%s))rrirr8r$rZ get_icmptyper)r.rrAr2r2r3rs  zFirewallD.getIcmpTypeSettingscCstd|jS)NzgetLogDenied())rr8r$Zget_log_deniedrr2r2r3 getLogDenied%s zFirewallD.getLogDeniedcCsXt|t}td||||j||||j|j | dS)NzsetLogDenied('%s')) rrirr8rBr$Zset_log_deniedLogDeniedChangedr}rr~r.valuerAr2r2r3 setLogDenied.s      zFirewallD.setLogDeniedcCstd|dS)NzLogDeniedChanged('%s')rr.rr2r2r3r>szFirewallD.LogDeniedChangedcCstddS)NzgetAutomaticHelpers()rVrrr2r2r3getAutomaticHelpersGs zFirewallD.getAutomaticHelperscCs&t|t}td|||dS)NzsetAutomaticHelpers('%s'))rrirr8rBrr2r2r3setAutomaticHelpersRs zFirewallD.setAutomaticHelperscCstd|dS)NzAutomaticHelpersChanged('%s')rrr2r2r3AutomaticHelpersChanged^sz!FirewallD.AutomaticHelpersChangedcCstd|jS)NzgetDefaultZone())rr8r$Zget_default_zonerr2r2r3getDefaultZonegs zFirewallD.getDefaultZonecCs<t|t}td||||j|||dS)NzsetDefaultZone('%s'))rrirr8rBr$Zset_default_zoneDefaultZoneChangedrr2r2r3setDefaultZoneps    zFirewallD.setDefaultZonecCstd|dS)NzDefaultZoneChanged('%s')rr.rCr2r2r3r|szFirewallD.DefaultZoneChangedcCstd|jjS)Nzpolicy.getPolicies())rr8r$rrrr2r2r3 getPoliciess zFirewallD.getPoliciesz a{sa{sas}}cCsXtdi}|jjD]8}i||<|jj|||d<|jj|||d<q|S)Nzpolicy.getActivePolicies()Z ingress_zonesZ egress_zones)rr8r$rZ)get_active_policies_not_derived_from_zoneZlist_ingress_zonesZlist_egress_zones)r.rAr>rr2r2r3getActivePoliciess zFirewallD.getActivePoliciescCstd|jjS)Nzzone.getZones())rr8r$rCrrr2r2r3getZoness zFirewallD.getZonescCstdi}|jjD]l}|jj|}|jj|}t|t|dkri||<t|dkrn|||d<t|dkr|||d<q|S)Nzzone.getActiveZones()r interfacessources)rr8r$rCrlist_interfaces list_sourceslen)r.rAZzonesrCrrr2r2r3getActiveZoness    zFirewallD.getActiveZonescCs2t|t}td||jj|}|r.|SdS)zReturn the zone an interface belongs to. :Parameters: `interface` : str Name of the interface :Returns: str. The name of the zone. zzone.getZoneOfInterface('%s')r{)rrirr8r$rCZget_zone_of_interface)r.rzrArCr2r2r3getZoneOfInterfaces zFirewallD.getZoneOfInterfacecCs2t|t}td||jj|}|r.|SdS)Nzzone.getZoneOfSource('%s')r{)rrirr8r$rCZget_zone_of_source)r.sourcerArCr2r2r3getZoneOfSources  zFirewallD.getZoneOfSourcecCsdS)NFr2rr2r2r3 isImmutableszFirewallD.isImmutablecCsRt|t}t|t}td||f|||jj|||}||||S)zPAdd an interface to a zone. If zone is empty, use default zone. zzone.addInterface('%s', '%s')) rrirr8rBr$rCZ add_interfaceInterfaceAddedr.rCrzrA_zoner2r2r3 addInterfaces    zFirewallD.addInterfacecCs"t|t}t|t}||||S)zChange a zone an interface is part of. If zone is empty, use default zone. This function is deprecated, use changeZoneOfInterface instead )rrichangeZoneOfInterfacer.rCrzrAr2r2r3 changeZones  zFirewallD.changeZonecCsRt|t}t|t}td||f|||jj|||}||||S)z[Change a zone an interface is part of. If zone is empty, use default zone. z&zone.changeZoneOfInterface('%s', '%s')) rrirr8rBr$rCZchange_zone_of_interfaceZoneOfInterfaceChangedrr2r2r3r  s    zFirewallD.changeZoneOfInterfacecCsPt|t}t|t}td||f|||jj||}||||S)zkRemove interface from a zone. If zone is empty, remove from zone the interface belongs to. z zone.removeInterface('%s', '%s')) rrirr8rBr$rCZremove_interfaceInterfaceRemovedrr2r2r3rs    zFirewallD.removeInterfacecCs6t|t}t|t}td||f|jj||S)z^Return true if an interface is in a zone. If zone is empty, use default zone. zzone.queryInterface('%s', '%s'))rrirr8r$rCZquery_interfacer r2r2r3queryInterface,s  zFirewallD.queryInterfacecCs&t|t}td||jj|S)z]Return the list of interfaces of a zone. If zone is empty, use default zone. zzone.getInterfaces('%s'))rrirr8r$rCrrr2r2r3r9s zFirewallD.getInterfacescCstd||fdS)Nzzone.InterfaceAdded('%s', '%s')rr.rCrzr2r2r3rGszFirewallD.InterfaceAddedcCstd||fdS)z, This signal is deprecated. zzone.ZoneChanged('%s', '%s')Nrrr2r2r3 ZoneChangedLszFirewallD.ZoneChangedcCs"td||f|||dS)Nz'zone.ZoneOfInterfaceChanged('%s', '%s'))rr8rrr2r2r3r Tsz FirewallD.ZoneOfInterfaceChangedcCstd||fdS)Nz!zone.InterfaceRemoved('%s', '%s')rrr2r2r3r [szFirewallD.InterfaceRemovedcCsRt|t}t|t}td||f|||jj|||}||||S)zLAdd a source to a zone. If zone is empty, use default zone. zzone.addSource('%s', '%s')) rrirr8rBr$rCZ add_source SourceAddedr.rCrrArr2r2r3 addSourceds    zFirewallD.addSourcecCsRt|t}t|t}td||f|||jj|||}||||S)zXChange a zone an source is part of. If zone is empty, use default zone. z#zone.changeZoneOfSource('%s', '%s')) rrirr8rBr$rCZchange_zone_of_sourceZoneOfSourceChangedrr2r2r3changeZoneOfSourceus    zFirewallD.changeZoneOfSourcecCsPt|t}t|t}td||f|||jj||}||||S)zeRemove source from a zone. If zone is empty, remove from zone the source belongs to. zzone.removeSource('%s', '%s')) rrirr8rBr$rCZ remove_source SourceRemovedrr2r2r3 removeSources    zFirewallD.removeSourcecCs6t|t}t|t}td||f|jj||S)z[Return true if an source is in a zone. If zone is empty, use default zone. zzone.querySource('%s', '%s'))rrirr8r$rCZ query_source)r.rCrrAr2r2r3 querySources  zFirewallD.querySourcecCs&t|t}td||jj|S)zZReturn the list of sources of a zone. If zone is empty, use default zone. zzone.getSources('%s'))rrirr8r$rCrrr2r2r3 getSourcess zFirewallD.getSourcescCstd||fdS)Nzzone.SourceAdded('%s', '%s')rr.rCrr2r2r3rszFirewallD.SourceAddedcCstd||fdS)Nz$zone.ZoneOfSourceChanged('%s', '%s')rrr2r2r3rszFirewallD.ZoneOfSourceChangedcCstd||fdS)Nzzone.SourceRemoved('%s', '%s')rrr2r2r3rszFirewallD.SourceRemovedcCsHtd||f|j||=t|d}|jj|||||dS)Nz%zone.disableTimedRichRule('%s', '%s')Zrule_str)rr8r9rr$rC remove_ruleRichRuleRemoved)r.rCrulerr2r2r3disableTimedRichRules   zFirewallD.disableTimedRichRuleZssicCst|t}t|t}t|t}td||ft|d}|jj|||}|dkrtt ||j ||}| |||| ||||S)Nzzone.addRichRule('%s', '%s')rr)rrirrr8rr$rCadd_rulertimeout_add_secondsrrF RichRuleAdded)r.rCrtimeoutrArrrEr2r2r3 addRichRules     zFirewallD.addRichRulecCs\t|t}t|t}td||ft|d}|jj||}|||| |||S)Nzzone.removeRichRule('%s', '%s')r) rrirr8rr$rCrrIr)r.rCrrArrr2r2r3removeRichRules     zFirewallD.removeRichRulecCs@t|t}t|t}td||ft|d}|jj||S)Nzzone.queryRichRule('%s', '%s')r)rrirr8rr$rC query_rule)r.rCrrArr2r2r3 queryRichRules    zFirewallD.queryRichRulecCs&t|t}td||jj|S)Nzzone.getRichRules('%s'))rrirr8r$rCZ list_rulesrr2r2r3 getRichRuless zFirewallD.getRichRulescCstd|||fdS)Nz"zone.RichRuleAdded('%s', '%s', %d)r)r.rCrr#r2r2r3r"szFirewallD.RichRuleAddedcCstd||fdS)Nz zone.RichRuleRemoved('%s', '%s')r)r.rCrr2r2r3r szFirewallD.RichRuleRemovedcCs>td||f|j||=|jj|||||dS)Nz$zone.disableTimedService('%s', '%s'))rr8r9r$rCremove_serviceServiceRemovedr.rCr(r2r2r3disableTimedServices zFirewallD.disableTimedServicecCst|t}t|t}t|t}td|||f|||jj||||}|dkrxt ||j ||}| |||| ||||S)Nzzone.addService('%s', '%s', %d)r)rrirrr8rBr$rCZ add_servicerr!r,rF ServiceAdded)r.rCr(r#rArrEr2r2r3rs     zFirewallD.addServicecCs\t|t}t|t}td||f|||jj||}|||| |||S)Nzzone.removeService('%s', '%s')) rrirr8rBr$rCr)rIr*)r.rCr(rArr2r2r3 removeService1s     zFirewallD.removeServicecCs6t|t}t|t}td||f|jj||S)Nzzone.queryService('%s', '%s'))rrirr8r$rCZ query_service)r.rCr(rAr2r2r3 queryServiceBs  zFirewallD.queryServicecCs&t|t}td||jj|S)Nzzone.getServices('%s'))rrirr8r$rCZ list_servicesrr2r2r3 getServicesMs zFirewallD.getServicescCstd|||fdS)Nz!zone.ServiceAdded('%s', '%s', %d)r)r.rCr(r#r2r2r3r-YszFirewallD.ServiceAddedcCstd||fdS)Nzzone.ServiceRemoved('%s', '%s')rr+r2r2r3r*_szFirewallD.ServiceRemovedcCsHtd|||f|j|||f=|jj|||||||dS)Nz'zone.disableTimedPort('%s', '%s', '%s'))rr8r9r$rC remove_port PortRemovedr.rCportprotocolr2r2r3disableTimedPorths zFirewallD.disableTimedPortZsssicCst|t}t|t}t|t}t|t}td|||f|||jj|||||}|dkrt ||j |||}| |||f|| |||||S)Nzzone.addPort('%s', '%s', '%s')r)rrirrr8rBr$rCZadd_portrr!r6rF PortAddedr.rCr4r5r#rArrEr2r2r3addPortps       zFirewallD.addPortZssscCspt|t}t|t}t|t}td|||f|||jj|||}||||f| ||||S)Nz!zone.removePort('%s', '%s', '%s')) rrirr8rBr$rCr1rIr2r.rCr4r5rArr2r2r3 removePorts    zFirewallD.removePortcCsDt|t}t|t}t|t}td|||f|jj|||S)Nz zone.queryPort('%s', '%s', '%s'))rrirr8r$rCZ query_portr.rCr4r5rAr2r2r3 queryPorts    zFirewallD.queryPortZaascCs&t|t}td||jj|S)Nzzone.getPorts('%s'))rrirr8r$rCZ list_portsrr2r2r3getPortss zFirewallD.getPortsrcCstd||||fdS)Nz$zone.PortAdded('%s', '%s', '%s', %d)rr.rCr4r5r#r2r2r3r7s zFirewallD.PortAddedcCstd|||fdS)Nz"zone.PortRemoved('%s', '%s', '%s')rr3r2r2r3r2szFirewallD.PortRemovedcCs>td||f|j||=|jj|||||dS)Nz%zone.disableTimedProtocol('%s', '%s'))rr8r9r$rCremove_protocolProtocolRemovedr.rCr5r2r2r3disableTimedProtocols zFirewallD.disableTimedProtocolcCst|t}t|t}t|t}td||f|||jj||||}|dkrvt ||j ||}| |||| ||||S)Nzzone.enableProtocol('%s', '%s')r)rrirrr8rBr$rCZ add_protocolrr!rCrF ProtocolAdded)r.rCr5r#rArrEr2r2r3 addProtocols     zFirewallD.addProtocolcCs\t|t}t|t}td||f|||jj||}|||| |||S)Nzzone.removeProtocol('%s', '%s')) rrirr8rBr$rCr@rIrA)r.rCr5rArr2r2r3removeProtocols     zFirewallD.removeProtocolcCs6t|t}t|t}td||f|jj||S)Nzzone.queryProtocol('%s', '%s'))rrirr8r$rCZquery_protocol)r.rCr5rAr2r2r3 queryProtocols  zFirewallD.queryProtocolcCs&t|t}td||jj|S)Nzzone.getProtocols('%s'))rrirr8r$rCZlist_protocolsrr2r2r3 getProtocolss zFirewallD.getProtocolscCstd|||fdS)Nz"zone.ProtocolAdded('%s', '%s', %d)r)r.rCr5r#r2r2r3rDszFirewallD.ProtocolAddedcCstd||fdS)Nz zone.ProtocolRemoved('%s', '%s')rrBr2r2r3rA szFirewallD.ProtocolRemovedcCsJtd|||f|j|d||f=|jj|||||||dS)Nz-zone.disableTimedSourcePort('%s', '%s', '%s')sport)rr8r9r$rCremove_source_portSourcePortRemovedr3r2r2r3disableTimedSourcePorts z FirewallD.disableTimedSourcePortcCst|t}t|t}t|t}t|t}td|||f|||jj|||||}|dkrt ||j |||}| |d||f|| |||||S)Nz$zone.addSourcePort('%s', '%s', '%s')rrI)rrirrr8rBr$rCZadd_source_portrr!rLrFSourcePortAddedr8r2r2r3 addSourcePorts$       zFirewallD.addSourcePortcCsrt|t}t|t}t|t}td|||f|||jj|||}||d||f| ||||S)Nz'zone.removeSourcePort('%s', '%s', '%s')rI) rrirr8rBr$rCrJrIrKr:r2r2r3removeSourcePort3s     zFirewallD.removeSourcePortcCsDt|t}t|t}t|t}td|||f|jj|||S)Nz&zone.querySourcePort('%s', '%s', '%s'))rrirr8r$rCZquery_source_portr<r2r2r3querySourcePortEs    zFirewallD.querySourcePortcCs&t|t}td||jj|S)Nzzone.getSourcePorts('%s'))rrirr8r$rCZlist_source_portsrr2r2r3getSourcePortsRs zFirewallD.getSourcePortscCstd||||fdS)Nz*zone.SourcePortAdded('%s', '%s', '%s', %d)rr?r2r2r3rM^s zFirewallD.SourcePortAddedcCstd|||fdS)Nz(zone.SourcePortRemoved('%s', '%s', '%s')rr3r2r2r3rKds zFirewallD.SourcePortRemovedcCs(|j|d=|jj|||dS)N masquerade)r9r$rCremove_masqueradeMasqueradeRemovedrr2r2r3disableTimedMasqueradens z FirewallD.disableTimedMasqueradesicCstt|t}t|t}td||||jj|||}|dkrdt ||j |}| |d|| |||S)Nzzone.addMasquerade('%s')rrR)rrirrr8rBr$rCZadd_masqueraderr!rUrFMasqueradeAdded)r.rCr#rArrEr2r2r3 addMasqueradets     zFirewallD.addMasqueradecCsJt|t}td||||jj|}||d| ||S)Nzzone.removeMasquerade('%s')rR) rrirr8rBr$rCrSrIrTr.rCrArr2r2r3removeMasquerades    zFirewallD.removeMasqueradecCs&t|t}td||jj|S)Nzzone.queryMasquerade('%s'))rrirr8r$rCZquery_masqueraderr2r2r3queryMasquerades zFirewallD.queryMasqueradecCstd||fdS)Nzzone.MasqueradeAdded('%s', %d)r)r.rCr#r2r2r3rWszFirewallD.MasqueradeAddedcCstd|dS)Nzzone.MasqueradeRemoved('%s')rrr2r2r3rTszFirewallD.MasqueradeRemovedcCs@|j|||||f=|jj|||||||||||dSr4)r9r$rCremove_forward_portForwardPortRemovedr.rCr4r5toporttoaddrr2r2r3disable_forward_portszFirewallD.disable_forward_portZsssssic Cst|t}t|t}t|t}t|t}t|t}t|t}td|||||f|||jj|||||||}|dkrt ||j |||||} | |||||f| | |||||||S)Nz1zone.addForwardPort('%s', '%s', '%s', '%s', '%s')r)rrirrr8rBr$rCZadd_forward_portrr!rarFForwardPortAdded) r.rCr4r5r_r`r#rArrEr2r2r3addForwardPorts,        zFirewallD.addForwardPortZssssscCst|t}t|t}t|t}t|t}t|t}td|||||f|||jj|||||}||||||f| ||||||S)Nz4zone.removeForwardPort('%s', '%s', '%s', '%s', '%s')) rrirr8rBr$rCr\rIr])r.rCr4r5r_r`rArr2r2r3removeForwardPorts       zFirewallD.removeForwardPortcCs`t|t}t|t}t|t}t|t}t|t}td|||||f|jj|||||S)Nz3zone.queryForwardPort('%s', '%s', '%s', '%s', '%s'))rrirr8r$rCZquery_forward_port)r.rCr4r5r_r`rAr2r2r3queryForwardPorts      zFirewallD.queryForwardPortcCs&t|t}td||jj|S)Nzzone.getForwardPorts('%s'))rrirr8r$rCZlist_forward_portsrr2r2r3getForwardPortss zFirewallD.getForwardPortsc Cstd||||||fdS)Nz7zone.ForwardPortAdded('%s', '%s', '%s', '%s', '%s', %d)r)r.rCr4r5r_r`r#r2r2r3rbszFirewallD.ForwardPortAddedcCstd|||||fdS)Nz5zone.ForwardPortRemoved('%s', '%s', '%s', '%s', '%s')rr^r2r2r3r] s zFirewallD.ForwardPortRemovedcCs>td||f|j||=|jj|||||dS)Nz&zone.disableTimedIcmpBlock('%s', '%s'))rr8r9r$rCremove_icmp_blockIcmpBlockRemovedr.rCicmprAr2r2r3disableTimedIcmpBlocks zFirewallD.disableTimedIcmpBlockcCst|t}t|t}t|t}td||f|||jj||||}|dkrxt ||j |||}| |||| ||||S)Nz zone.enableIcmpBlock('%s', '%s')r)rrirrr8rBr$rCZadd_icmp_blockrr!rkrFIcmpBlockAdded)r.rCrjr#rArrEr2r2r3 addIcmpBlocks     zFirewallD.addIcmpBlockcCs\t|t}t|t}td||f|||jj||}|||| |||S)Nz zone.removeIcmpBlock('%s', '%s')) rrirr8rBr$rCrgrIrh)r.rCrjrArr2r2r3removeIcmpBlock2s     zFirewallD.removeIcmpBlockcCs6t|t}t|t}td||f|jj||S)Nzzone.queryIcmpBlock('%s', '%s'))rrirr8r$rCZquery_icmp_blockrir2r2r3queryIcmpBlockBs  zFirewallD.queryIcmpBlockcCs&t|t}td||jj|S)Nzzone.getIcmpBlocks('%s'))rrirr8r$rCZlist_icmp_blocksrr2r2r3 getIcmpBlocksMs zFirewallD.getIcmpBlockscCstd|||fdS)Nz#zone.IcmpBlockAdded('%s', '%s', %d)r)r.rCrjr#r2r2r3rlYszFirewallD.IcmpBlockAddedcCstd||fdS)Nz!zone.IcmpBlockRemoved('%s', '%s')r)r.rCrjr2r2r3rh_szFirewallD.IcmpBlockRemovedcCs@t|t}td||||jj||}|||S)Nz zone.addIcmpBlockInversion('%s')) rrirr8rBr$rCZadd_icmp_block_inversionIcmpBlockInversionAddedrYr2r2r3addIcmpBlockInversionhs    zFirewallD.addIcmpBlockInversioncCs>t|t}td||||jj|}|||S)Nz#zone.removeIcmpBlockInversion('%s')) rrirr8rBr$rCZremove_icmp_block_inversionIcmpBlockInversionRemovedrYr2r2r3removeIcmpBlockInversionvs    z"FirewallD.removeIcmpBlockInversioncCs&t|t}td||jj|S)Nz"zone.queryIcmpBlockInversion('%s'))rrirr8r$rCZquery_icmp_block_inversionrr2r2r3queryIcmpBlockInversions z!FirewallD.queryIcmpBlockInversioncCstd|dS)Nz"zone.IcmpBlockInversionAdded('%s')rrr2r2r3rqsz!FirewallD.IcmpBlockInversionAddedcCstd|dS)Nz$zone.IcmpBlockInversionRemoved('%s')rrr2r2r3rssz#FirewallD.IcmpBlockInversionRemovedcCs`t|t}t|t}t|t}td|||f|||jj|||||||dS)Nz!direct.addChain('%s', '%s', '%s')) rrirr8rBr$rZ add_chain ChainAddedr.ipvtablechainrAr2r2r3addChains    zFirewallD.addChaincCs`t|t}t|t}t|t}td|||f|||jj|||||||dS)Nz$direct.removeChain('%s', '%s', '%s')) rrirr8rBr$rZ remove_chain ChainRemovedrwr2r2r3 removeChains    zFirewallD.removeChaincCsDt|t}t|t}t|t}td|||f|jj|||S)Nz#direct.queryChain('%s', '%s', '%s'))rrirr8r$rZ query_chainrwr2r2r3 queryChains    zFirewallD.queryChaincCs6t|t}t|t}td||f|jj||S)Nzdirect.getChains('%s', '%s'))rrirr8r$rZ get_chains)r.rxryrAr2r2r3 getChainss  zFirewallD.getChainsza(sss)cCstd|jjS)Nzdirect.getAllChains())rr8r$rrrr2r2r3 getAllChainss zFirewallD.getAllChainscCstd|||fdS)Nz#direct.ChainAdded('%s', '%s', '%s')rr.rxryrzr2r2r3rvszFirewallD.ChainAddedcCstd|||fdS)Nz%direct.ChainRemoved('%s', '%s', '%s')rrr2r2r3r|s zFirewallD.ChainRemovedZsssiasc Cst|t}t|t}t|t}t|t}tdd|D}td||||d|f|||jj |||||| |||||dS)Ncss|]}t|tVqdSr4rri.0rr2r2r3 z$FirewallD.addRule..z*direct.addRule('%s', '%s', '%s', %d, '%s')',') rrirrrr8joinrBr$rr  RuleAddedr.rxryrzpriorityargsrAr2r2r3addRules     zFirewallD.addRulec Cst|t}t|t}t|t}t|t}tdd|D}td||||d|f|||jj |||||| |||||dS)Ncss|]}t|tVqdSr4rrr2r2r3r rz'FirewallD.removeRule..z-direct.removeRule('%s', '%s', '%s', %d, '%s')r) rrirrrr8rrBr$rr RuleRemovedrr2r2r3 removeRule s     zFirewallD.removeRulecCst|t}t|t}t|t}td|||f|||jj|||D]0\}}|jj|||||| |||||qNdS)Nz$direct.removeRules('%s', '%s', '%s')) rrirr8rBr$r get_rulesrr)r.rxryrzrArrr2r2r3 removeRules s    zFirewallD.removeRulesc Csnt|t}t|t}t|t}t|t}tdd|D}td||||d|f|jj |||||S)Ncss|]}t|tVqdSr4rrr2r2r3r/ rz&FirewallD.queryRule..z,direct.queryRule('%s', '%s', '%s', %d, '%s')r) rrirrrr8rr$rr&rr2r2r3 queryRule$ s    zFirewallD.queryRuleza(ias)cCsDt|t}t|t}t|t}td|||f|jj|||S)Nz!direct.getRules('%s', '%s', '%s'))rrirr8r$rrrwr2r2r3getRules4 s    zFirewallD.getRulesz a(sssias)cCstd|jjS)Nzdirect.getAllRules())rr8r$rrrr2r2r3 getAllRulesA s zFirewallD.getAllRulesc Cs"td||||d|fdS)Nz,direct.RuleAdded('%s', '%s', '%s', %d, '%s')rrr8rr.rxryrzrrr2r2r3rK szFirewallD.RuleAddedc Cs"td||||d|fdS)Nz.direct.RuleRemoved('%s', '%s', '%s', %d, '%s')rrrr2r2r3rR szFirewallD.RuleRemovedr\c Cst|t}tdd|D}td|d|f||z|jj ||WSt y}zj|dvrvt gd}n t ddg}t|}|j t jkrtt ||@d krt|t|WYd}~n d}~00dS) Ncss|]}t|tVqdSr4rrr2r2r3re rz(FirewallD.passthrough..zdirect.passthrough('%s', '%s')r)rPrT)z-Cz--check-L--listrrr)rrirrr8rrBr$r passthroughr"setcoder!ZCOMMAND_FAILEDrrr )r.rxrrAr@Z query_argsmsgr2r2r3r] s      zFirewallD.passthroughcCs\t|}tdd|D}td|d|f|||jj||| ||dS)Ncss|]}t|VqdSr4rrr2r2r3r rz+FirewallD.addPassthrough..z!direct.addPassthrough('%s', '%s')r) rrrr8rrBr$rZadd_passthroughPassthroughAddedr.rxrrAr2r2r3addPassthroughy s  zFirewallD.addPassthroughcCs\t|}tdd|D}td|d|f|||jj||| ||dS)Ncss|]}t|VqdSr4rrr2r2r3r rz.FirewallD.removePassthrough..z$direct.removePassthrough('%s', '%s')r) rrrr8rrBr$rZremove_passthroughPassthroughRemovedrr2r2r3removePassthrough s  zFirewallD.removePassthroughcCsBt|}tdd|D}td|d|f|jj||S)Ncss|]}t|VqdSr4rrr2r2r3r rz-FirewallD.queryPassthrough..z#direct.queryPassthrough('%s', '%s')r)rrrr8rr$rZquery_passthroughrr2r2r3queryPassthrough s  zFirewallD.queryPassthroughza(sas)cCstd|jjS)Nzdirect.getAllPassthroughs())rr8r$rrrr2r2r3getAllPassthroughs s zFirewallD.getAllPassthroughscCs*tdt|D]}|j|qdS)Nzdirect.removeAllPassthroughs())rr8reversedrr)r.rArr2r2r3removeAllPassthroughs s zFirewallD.removeAllPassthroughscCs"t|}td||jj|S)Nzdirect.getPassthroughs('%s'))rrr8r$rZget_passthroughs)r.rxrAr2r2r3getPassthroughs s zFirewallD.getPassthroughscCstd|d|fdS)Nz#direct.PassthroughAdded('%s', '%s')rrr.rxrr2r2r3r s zFirewallD.PassthroughAddedcCstd|d|fdS)Nz%direct.PassthroughRemoved('%s', '%s')rrrr2r2r3r s zFirewallD.PassthroughRemovedcCsdS)z PK_ACTION_ALL implies all other actions, i.e. once a subject is authorized for PK_ACTION_ALL it's also authorized for any other action. Use-case is GUI (RHBZ#994729). Nr2rr2r2r3 authorizeAll s zFirewallD.authorizeAllcCs$t|}td||jj|S)Nzipset.queryIPSet('%s'))rrr8r$rZ query_ipsetr.rrAr2r2r3 queryIPSet szFirewallD.queryIPSetcCstd|jjS)Nzipsets.getIPSets())rr8r$rrrr2r2r3 getIPSets s zFirewallD.getIPSetscCs(t|t}td||jj|S)NzgetIPSetSettings(%s))rrirr8r$rZ get_ipsetrrr2r2r3r s  zFirewallD.getIPSetSettingscCsLt|}t|}td||f|||jj|||||dS)Nzipset.addEntry('%s', '%s'))rrr8rBr$rZ add_entry EntryAddedr.rentryrAr2r2r3addEntry s  zFirewallD.addEntrycCsLt|}t|}td||f|||jj|||||dS)Nzipset.removeEntry('%s', '%s'))rrr8rBr$rZ remove_entry EntryRemovedrr2r2r3 removeEntry s  zFirewallD.removeEntrycCs2t|}t|}td||f|jj||S)Nzipset.queryEntry('%s', '%s'))rrr8r$rZ query_entryrr2r2r3 queryEntry szFirewallD.queryEntrycCs$t|}td||jj|S)Nzipset.getEntries('%s'))rrr8r$r get_entriesrr2r2r3 getEntries( szFirewallD.getEntriescCst|}t|t}td|d||jj|}|jj||t |}t |}||D]}| ||q\||D]}| ||qvdS)Nzipset.setEntries('%s', '[%s]'),) rlistrr8rr$rrZ set_entriesrrr)r.rentriesrAZ old_entriesZold_entries_setZ entries_setrr2r2r3 setEntries2 s   zFirewallD.setEntriescCs&t|}t|}td||fdS)Nzipset.EntryAdded('%s', '%s')rrr8r.rrr2r2r3rC szFirewallD.EntryAddedcCs&t|}t|}td||fdS)Nzipset.EntryRemoved('%s', '%s')rrr2r2r3rJ szFirewallD.EntryRemovedcCstd|jjS)Nzhelpers.getHelpers())rr8r$rrrr2r2r3 getHelpersU s zFirewallD.getHelperscCs(t|t}td||jj|S)NzgetHelperSettings(%s))rrirr8r$rZ get_helperr)r.rrAr2r2r3r^ s  zFirewallD.getHelperSettings)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)r)N)N)N)N)r)N)N)N)N)r)N)N)N)r)N)N)N)N)r)N)N)N)N)r)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)N)__name__ __module__ __qualname____doc__Z persistentrr&ZPK_ACTION_CONFIGZdefault_polkit_auth_requiredr r+r7r%r5r rBrFrIrKrcr ZPROPERTIES_IFACErprurrvr(signalrwZPK_ACTION_INFOZINTROSPECTABLE_IFACErxr)r}rr~rrrZPK_ACTION_POLICIESrlrrZPK_ACTION_POLICIES_INFOrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrZPK_ACTION_CONFIG_INFOrrjrrrZDBUS_INTERFACE_POLICYrrrrrrrrZDBUS_SIGNATURErrrrrrrrrrrrrrrrrrr r rrrrrr r rrrrrrrrrr$r%r'r(r"rr,rr.r/r0r-r*r6r9r;r=r>r7r2rCrErFrGrHrDrArLrNrOrPrQrMrKrUrXrZr[rWrTrarcrdrerfrbr]rkrmrnrorprlrhrrrtrurqrsZPK_ACTION_DIRECTrrkr{r}ZPK_ACTION_DIRECT_INFOr~rrrrvr|rrrrrrrrrrrrrrrrrZ PK_ACTION_ALLrrmrrrrrrrrrrrrrr __classcell__r2r2r0r3r@s       /  "               O                                                                                                                                                                                                                                                                                                 )7__all__Z gi.repositoryrrr&Z dbus.serviceZdbus.mainloop.glibZfirewallrZfirewall.core.fwrZfirewall.core.richrZfirewall.core.loggerrZfirewall.clientrZfirewall.server.dbusr r Zfirewall.server.decoratorsr r r rrrZfirewall.server.configrZfirewall.dbus_utilsrrrrrrrrZfirewall.core.io.functionsrZfirewall.core.io.ipsetrZfirewall.core.io.icmptyperZfirewall.core.io.helperrZfirewall.core.fw_nmrrZfirewall.core.fw_ifcfgr r!Zfirewall.errorsr"rr2r2r2r3s.        (