a

��i�
�@sJ
dg
Zd
dl
mZ
d
dlZd
dlZd
dlZd
dlZd
dlmZ
d
dl	m
Z

d
dlmZ
d
dl
mZ
d
dlmZ
d
d	lmZmZ
d
d
lmZmZmZmZmZmZ
d
dlmZ
d
dlmZmZm Z m!Z!m"Z"m#Z#m$Z$m%Z%
d
d
l&m'Z'
d
dl(m)Z)
d
dl*m+Z+
d
dl,m-Z-
d
dl.m/Z/m0Z0
d
dl1m2Z2
d
dlm3Z3
d
dl4m5Z5
Gdd�de�Z6dS)�	FirewallD�)
�GLibN)
�config)
�Firewall)
�	Rich_Rule)
�log)
�FirewallClientZoneSettings)�FirewallDBusException�DbusServiceObject)�dbus_handle_exceptions�dbus_service_method�handle_exceptions�dbus_service_method_deprecated�dbus_service_signal_deprecated�dbus_polkit_require_auth)
�FirewallDConfig)�dbus_to_python�command_of_sender�context_of_sender�
uid_of_sender�user_of_uid�%dbus_introspection_prepare_properties�!dbus_introspection_add_properties�!dbus_introspection_add_deprecated)
�check_on_disk_config)
�IPSet)
�IcmpType)
�Helper)�nm_get_connection_of_interface�nm_set_zone_of_connection)
�ifcfg_set_zone_of_interface)
�errors)
�
FirewallErrorcs!eZ
dZd
ZdZejjZe	�f
dd��
Z
dd�Ze	dd��
Ze	d	d
��
Z
edd��
Zed
d��
Zedd��
Zedd��
Zedd��
Zeejddd�e�
d�dd�
�
�
Zeejddd�e�
d�dd�
�
�
Zeejj�
eejdd �e�
d�d!d"�
�
�
�
Zejjejd#d$�d%d&��
Zeejj�
eejdd'�e�
d��f
d(d)�	�
�
�
Zeejj�
eejj d*d*d�e�
d�d+d,�
�
�
�
Z!eejj�
eejj d*d*d�e�
d�d-d.�
�
�
�
Z"ej�ejj �
ed/d0��
�
Z#eejj�
eejj d*d*d��
d�d1d2�
�
�
Z$eejj�
eejj d*d*d�e�
d�d3d4�
�
�
�
Z%eejj�
eejj d*d*d�e�
d�d5d6�
�
�
�
Z&eejj'�
eejj(d*d*d�e�
d�d7d8�
�
�
�
Z)eejj'�
eejj(d*d*d�e�
d�d9d:�
�
�
�
Z*eejj+�
eejj(d*d;d�e�
d�d<d=�
�
�
�
Z,ejjejj(d*d$�ed>d?��
�
Z-ejjejj(d*d$�ed@dA��
�
Z.eejj'�
eejj(dd*d�e�
d�dBdC�
�
�
�
Z/eejj'�
eejj(dd*d�e�
d�dDdE�
�
�
�
Z0eejj+�
eejj(dd;d�e�
d�dFdG�
�
�
�
Z1eejj+�
eejj(d*dHd�e�
d�dIdJ�
�
�
�
Z2ejjejj(dd$�edKdL��
�
Z3ejjejj(dd$�edMdN��
�
Z4eejj'�
eejj(dOd*d�e�
d�dPdQ�
�
�
�
Z5eejj'�
eejj(dOd*d�e�
d�dRdS�
�
�
�
Z6eejj+�
eejj(dOd;d�e�
d�dTdU�
�
�
�
Z7eejj+�
eejj(d*dVd�e�
d�dWdX�
�
�
�
Z8ejjejj(dOd$�edYdZ��
�
Z9ejjejj(dOd$�ed[d\��
�
Z:eejj'�
eejj(dd*d�e�
d�d]d^�
�
�
�
Z;eejj'�
eejj(dd*d�e�
d�d_d`�
�
�
�
Z<eejj+�
eejj(dd;d�e�
d�dadb�
�
�
�
Z=eejj+�
eejj(d*dHd�e�
d�dcdd�
�
�
�
Z>ejjejj(dd$�ededf��
�
Z?ejjejj(dd$�edgdh��
�
Z@eejj'�
eejj(dd*d�e�
d�didj�
�
�
�
ZAeejj'�
eejj(dd*d�e�
d�dkdl�
�
�
�
ZBeejj+�
eejj(dd;d�e�
d�dmdn�
�
�
�
ZCeejj+�
eejj(d*dHd�e�
d�dodp�
�
�
�
ZDejjejj(dd$�edqdr��
�
ZEejjejj(dd$�edsdt��
�
ZFeejj�
eejj d*d*d�e�
d�dudv�
�
�
�
ZGeejj�
eejj d*d*d�e�
d�dwdx�
�
�
�
ZHeejj�
eejj d*d;d�e�
d�dydz�
�
�
�
ZIejjejj d*d$�ed{d|��
�
ZJejjejj d*d$�ed}d~��
�
ZKeejjL�
eejj ddd�e�
d�d�d��
�
�
�
ZMeejjL�
eejjNddd�e�
d�d�d��
�
�
�
ZOeejjL�
eejjNd�d �e�
d�d�d��
�
�
�
ZPejjejjNd�d$�ed�d���
�
ZQeejjL�
eejjRddd�e�
d�d�d��
�
�
�
ZSeejjL�
eejjRd�d �e�
d�d�d��
�
�
�
ZTejjejjRd�d$�ed�d���
�
ZUeejj�
eejj d*dHd�e�
d�d�d��
�
�
�
ZVeejjL�
eejj dd�d�e�
d�d�d��
�
�
�
ZWeejjL�
eejj ddd�e�
d�d�d��
�
�
�
ZXeejj�
eejj d*dHd�e�
d�d�d��
�
�
�
ZYeejjL�
eejj deZj[d�e�
d�d�d��
�
�
�
Z\eejjL�
eejj d*dd�e�
d�d�d��
�
�
�
Z]eejj�
eejj dd*d�e�
d�d�d��
�
�
�
Z^ejjejj dd$�ed�d���
�
Z_eejjL�
eejj d*dd�e�
d�d�d��
�
�
�
Z`eejj�
eejj dd*d�e�
d�d�d��
�
�
�
Zaejjejj dd$�ed�d���
�
Zbeejj�
eejj d*dd�e�
d�d�d��
�
�
�
Zceejj�
eejj dd*d�e�
d�d�d��
�
�
�
Zdejjejj dd$�ed�d���
�
Zeeejj�
eejjRd*dHd�e�
d�d�d��
�
�
�
Zfeejj�
eejjRd*d�d�e�
d�d�d��
�
�
�
Zgeejj�
eejjNd*dHd�e�
d�d�d��
�
�
�
Zheejj�
eejjNd*d�d�e�
d�d�d��
�
�
�
Zieejj�
eejjNddd�e�
d�d�d��
�
�
�
Zjeejj�
eejjNddd�e�
d�d�d��
�
�
�
ZkeejjL�
eejjNdd;d�e�
d�d�d��
�
�
�
Zleejj�
eejjNddd�e�
d�d�d��
�
�
�
Zmeejj�
eejjNddd�e�
d�d�d��
�
�
�
Zneejj�
eejjNddd�e�
d�d�d��
�
�
�
Zoeejj�
eejjNddd�e�
d�d�d„
�
�
�
ZpeejjL�
eejjNdd;d�e�
d�d�dĄ
�
�
�
ZqeejjL�
eejjNddHd�e�
d�d�dƄ
�
�
�
ZrejjejjNdd$�ed�dȄ�
�
ZsejjejjNdd$�ed�dʄ�
�
ZtejjejjNdd$�ed�d̄�
�
ZuejjejjNdd$�ed�d΄�
�
Zveejj�
eejjNddd�e�
d�d�dЄ
�
�
�
Zweejj�
eejjNddd�e�
d�d�d҄
�
�
�
Zxeejj�
eejjNddd�e�
d�d�dԄ
�
�
�
ZyeejjL�
eejjNdd;d�e�
d�d�dք
�
�
�
ZzeejjL�
eejjNddHd�e�
d�d�d؄
�
�
�
Z{ejjejjNdd$�ed�dڄ�
�
Z|ejjejjNdd$�ed�d܄�
�
Z}ejjejjNdd$�ed�dބ�
�
Z~ed�d��
Zeejj�
eejjNd�dd�e�
d�d�d�
�
�
�
Z�eejj�
eejjNddd�e�
d�d�d�
�
�
�
Z�eejjL�
eejjNdd;d�e�
d�d�d�
�
�
�
Z�eejjL�
eejjNddHd�e�
d�d�d�
�
�
�
Z�ejjejjNd�d$�ed�d��
�
Z�ejjejjNdd$�ed�d��
�
Z�ed�d��
Z�eejj�
eejjNd�dd�e�
d�d�d�
�
�
�
Z�eejj�
eejjNddd�e�
d�d�d�
�
�
�
Z�eejjL�
eejjNdd;d�e�
d�d�d��
�
�
�
Z�eejjL�
eejjNddHd�e�
d�d�d��
�
�
�
Z�ejjejjNd�d$�ed�d���
�
Z�ejjejjNdd$�ed�d���
�
Z�ed�d���
Z�eejj�
eejjNd�dd�e�
d�d��
d�
�
�
�
Z�eejj�
eejjN�
d
dd�e�
d��
d�
d�
�
�
�
Z�eejjL�
eejjN�
d
d;d�e�
d��
d�
d�
�
�
�
Z�eejjL�
eejjNd�
dd�e�
d��
d�
d�
�
�
�
Z�ejjejjNd�d$�e�
d��
d
�
d�
�
�
Z�ejjejjN�
d
d$�e�
d�
d
��
�
Z�e�
d�
d��
Z�eejj�
eejjNd�dd�e�
d��
d�
d�
�
�
�
Z�eejj�
eejjNddd�e�
d��
d�
d�
�
�
�
Z�eejjL�
eejjNdd;d�e�
d��
d�
d�
�
�
�
Z�eejjL�
eejjNddHd�e�d�
d�
d�
�
�
�
Z�ejjejjNd�d$�e�d
�
d�
d�
�
�
Z�ejjejjNdd$�e�
d�
d��
�
Z�e�
d�
d��
Z�eejj�
eejjNd�dd�e�d�
d�
d�
�
�
�
Z�eejj�
eejjN�
d
dd�e�d�
d �
d!�
�
�
�
Z�eejjL�
eejjN�
d
d;d�e�d�
d"�
d#�
�
�
�
Z�eejjL�
eejjNd�
dd�e�d�
d$�
d%�
�
�
�
Z�ejjejjNd�d$�e�d�
d&�
d'�
�
�
Z�ejjejjN�
d
d$�e�
d(�
d)��
�
Z�e�
d*�
d+��
Z�eejj�
eejjN�
d,dd�e�d�
d-�
d.�
�
�
�
Z�eejj�
eejjNddd�e�d�
d/�
d0�
�
�
�
Z�eejjL�
eejjNdd;d�e�d	�
d1�
d2�
�
�
�
Z�ejjejjN�
d,d$�e�d
�
d3�
d4�
�
�
Z�ejjejjNdd$�e�
d5�
d6��
�
Z�e�
d7�
d8��
Z�eejj�
eejjN�
d9dd�e�d�
d:�
d;�
�
�
�
Z�eejj�
eejjN�
d<dd�e�d�
d=�
d>�
�
�
�
Z�eejjL�
eejjN�
d<d;d�e�d
�
d?�
d@�
�
�
�
Z�eejjL�
eejjNd�
dd�e�d�
dA�
dB�
�
�
�
Z�ejjejjN�
d9d$�e�d�
dC�
dD�
�
�
Z�ejjejjN�
d<d$�e�
dE�
dF��
�
Z�e�
dG�
dH��
Z�eejj�
eejjNd�dd�e�d�
dI�
dJ�
�
�
�
Z�eejj�
eejjNddd�e�d�
dK�
dL�
�
�
�
Z�eejjL�
eejjNdd;d�e�d�
dM�
dN�
�
�
�
Z�eejjL�
eejjNddHd�e�d�
dO�
dP�
�
�
�
Z�ejjejjNd�d$�e�d�
dQ�
dR�
�
�
Z�ejjejjNdd$�e�
dS�
dT��
�
Z�eejj�
eejjNddd�e�d�
dU�
dV�
�
�
�
Z�eejj�
eejjNddd�e�d�
dW�
dX�
�
�
�
Z�eejjL�
eejjNdd;d�e�d�
dY�
dZ�
�
�
�
Z�ejjejjNdd$�e�
d[�
d\��
�
Z�ejjejjNdd$�e�
d]�
d^��
�
Z�eejj��
e�ejj��
eejj��
d
d*d�e�d�
d_�
d`�
�
�
�
�
Z�eejj��
e�ejj��
eejj��
d
d*d�e�d�
da�
db�
�
�
�
�
Z�eejj��
e�ejj��
eejj��
d
d;d�e�d�
dc�
dd�
�
�
�
�
Z�eejj��
e�ejj��
eejj�ddHd�e�d�
de�
df�
�
�
�
�
Z�eejj��
e�ejj��
eejj�d*�
dgd�e�d�
dh�
di�
�
�
�
�
Z�e�ejj��
ejjejj��
d
d$�e�
dj�
dk��
�
�
Z�e�ejj��
ejjejj��
d
d$�e�
dl�
dm��
�
�
Z�eejj��
e�ejj��
eejj��
dnd*d�e�d�
do�
dp�
�
�
�
�
Z�eejj��
e�ejj��
eejj��
dnd*d�e�d�
dq�
dr�
�
�
�
�
Z�eejj��
e�ejj��
eejj��
d
d*d�e�d�
ds�
dt�
�
�
�
�
Z�eejj��
e�ejj��
eejj��
dnd;d�e�d �
du�
dv�
�
�
�
�
Z�eejj��
e�ejj��
eejj��
d
�
dwd�e�d!�
dx�
dy�
�
�
�
�
Z�eejj��
e�ejj��
eejj�d*�
dzd�e�d"�
d{�
d|�
�
�
�
�
Z�e�ejj��
ejjejj��
dnd$�e�
d}�
d~��
�
�
Z�e�ejj��
ejjejj��
dnd$�e�
d�
d���
�
�
Z�eejj��
e�ejj��
eejj��
d�dd�e�d#�
d��
d��
�
�
�
�
Z�eejj��
e�ejj��
eejj��
d�d*d�e�d$�
d��
d��
�
�
�
�
Z�eejj��
e�ejj��
eejj��
d�d*d�e�d%�
d��
d��
�
�
�
�
Z�eejj��
e�ejj��
eejj��
d�d;d�e�d&�
d��
d��
�
�
�
�
Z�eejj��
e�ejj��
eejj�d*�
d�d�e�d'�
d��
d��
�
�
�
�
Z�eejj��
e�ejj��
eejj�d*d*d�e�d(�
d��
d��
�
�
�
�
Z�eejj��
e�ejj��
eejj�d�
dd�e�d)�
d��
d��
�
�
�
�
Z�e�ejj��
ejjejj��
d�d$�e�
d��
d���
�
�
Z�e�ejj��
ejjejj��
d�d$�e�
d��
d���
�
�
Z�eejj؃
eejj d*d*d�e�d*�
d��
d��
�
�
�
Z�eejj�
eejj�dd;d�e�d+�
d��
d��
�
�
�
Z�eejj�
eejj�d*dHd�e�d,�
d��
d��
�
�
�
Z�eejjL�
eejj�de�j[d�e�d-�
d��
d��
�
�
�
Z�eejj�
eejj�dd*d�e�d.�
d��
d��
�
�
�
Z�eejj�
eejj�dd*d�e�d/�
d��
d��
�
�
�
Z�eejj�
eejj�dd;d�e�d0�
d��
d��
�
�
�
Z�eejj�
eejj�ddHd�e�d1�
d��
d��
�
�
�
Z�eejj�
eejjڐ
d�d �e�d2�
d��
d��
�
�
�
Z�ejjejj�dd$�e�
d��
d���
�
Z�ejjejj�dd$�e�
d��
d���
�
Z�eejj�
eejj d*dHd�e�d3�
d��
d��
�
�
�
Z�eejjL�
eejj de�j[d�e�d4�
d��
d��
�
�
�
Z�Z�S(5r
zFirewallD main classTc
s�t�|_
|��
tjjjd
d�

t��}
tjj	t
jj|
d�}tt
|��|t
jj�
||_t
jj|_t|t
jj�
t|j
j
|jt
jj�|_
dS)NT)
Zset_as_default)
�bus)r�fw�start�dbusZmainloopZglibZ
DBusGMainLoop�	SystemBus�serviceZBusNamer�DBUS_INTERFACE�superr
�__init__Z	DBUS_PATH�busname�pathrrZDBUS_PATH_CONFIG)�selfr#�name�
�	__class__��=/usr/lib/python3.9/site-packages/firewall/server/firewalld.pyr+Hs







�zFirewallD.__init__c

Cs|��
dS�
N)
�stop�
r.r2r2r3�__del__Ys
zFirewallD.__del__c

Cst�
d
�

i|_|j��S)Nzstart())r�debug1�	_timeoutsr$r%r6r2r2r3r%\s


zFirewallD.startc

Cst�
d
�

|j��S)Nzstop())rr8r$r5r6r2r2r3r5ds

zFirewallD.stopcCs�|jj
��r�|
dur"t�d
�

dSt��}t||
�}|jj
�d|�rHdSt	||
�}|jj
�d|�rfdSt
|�
}|jj
�d|�r�dSt||
�}|jj
�d|�r�dStt
jd��
dS)Nz&Lockdown not possible, sender not set.�context�uid�user�commandzlockdown is enabled)r$�policies�query_lockdownr�errorr&r'rZaccess_checkrrrr"r!Z
ACCESS_DENIED)r.�senderr#r:r;r<r=r2r2r3�accessCheckms$




















zFirewallD.accessCheckcCs&|
|jv
ri|j|
<||j|
|<dSr4)
r9)r.�zone�
x�tagr2r2r3�
addTimeout�s



zFirewallD.addTimeoutcCs<|
|jvr8||j|
vr8t
�|j|
|�

|j|
|=dSr4)r9r�
source_remove�r.rCrDr2r2r3�
removeTimeout�s

zFirewallD.removeTimeoutc
CsL|jD]6}
|j|
D]}t
�|j|
|�

q|j|
��
q|j��
dSr4)r9rrG�clearrHr2r2r3�cleanup_timeouts�s





zFirewallD.cleanup_timeoutscCsr
|
d
krt�
tj�
S|
dkr6t�
dtjjtjjf�
S|
dkrNt�
|j���
S|
dkrht�|j�	d�
�
S|
dkr�t�
|jjd�S|
d	kr�t�|j�	d
�
�
S|
dkr�t�|jjdkr�d
nd�
S|
dkr�t�
|jj
d�S|
dk�r�t�|jj�
S|
dk�
rt�|jj�
S|
dk�
rt�
|jjd�S|
dk�
r2t�d
�
S|
dk�
rHt�id�S|
dk�
r^t�id�Stj�d|
�
�
dS)N�version�interface_versionz%d.%d�state�IPv4�ipv4�
IPv4ICMPTypes�
s�IPv6�ipv6�
IPv6_rpfilter�noFT�
IPv6ICMPTypes�BRIDGEr�
IPSetTypes�nf_conntrack_helper_setting�nf_conntrack_helpers�sas�nf_nat_helpers�Dorg.freedesktop.DBus.Error.InvalidArgs: Property '%s' does not exist)r&�StringrZVERSIONZDBUS_INTERFACE_VERSIONZDBUS_INTERFACE_REVISIONr$Z	get_stateZBooleanZis_ipv_enabledZArrayZipv4_supported_icmp_typesZ_ipv6_rpfilterZipv6_supported_icmp_typesZebtables_enabledZ
ipset_enabledZipset_supported_types�
Dictionary�
exceptions�
DBusException)r.Zpropr2r2r3�
_get_property�sF



�




















��zFirewallD._get_property�ss�
v)�in_signature�
out_signatureNcCs~t|
t
�}
t|t
�}t�d
|
|�
|
tjjkr8|�|�
S|
tjjtjj	tjj
tjjfvrjtj�
d|�
�
ntj�
d|
�
�
dS)NzGet('%s', '%s')r^�Jorg.freedesktop.DBus.Error.UnknownInterface: Interface '%s' does not exist)r�strrr8rr&r)rc�DBUS_INTERFACE_ZONE�DBUS_INTERFACE_DIRECT�DBUS_INTERFACE_POLICIES�DBUS_INTERFACE_IPSETrarb)r.�interface_name�
property_namerAr2r2r3�Get�s(









�

��

��z
FirewallD.GetrRza{sv}cCs�t|
t
�}
t�d
|
�
i}|
tjjkr@dD]}|�|�
||<q*n2|
tjjtjj	tjj
tjjfvrbntj�
d|
�
�
tj|dd�S)NzGetAll('%s')�rLrMrNrOrSrUrXrrYrZr[r]rQrWrh�sv�
Z	signature)rrirr8rr&r)rcrjrkrlrmrarbr`)r.rnrA�retrDr2r2r3�GetAll�s$







�

��zFirewallD.GetAllZssv)
rfcCs�t|
t
�}
t|t
�}t|�
}t�d
|
||�
|�|�

|
tjjkrn|dvr\tj�	d|�
�
q�tj�	d|�
�
nB|
tjj
tjjtjjtjj
fvr�tj�	d|�
�
ntj�	d|
�
�
dS)NzSet('%s', '%s', '%s')rqzGorg.freedesktop.DBus.Error.PropertyReadOnly: Property '%s' is read-onlyr^rh)rrirr8rBrr&r)rarbrjrkrlrm)r.rnroZ	new_valuerAr2r2r3�Set�sD






�



��

��


�

��

��z
FirewallD.Setzsa{sv}asrscCs.t|
t
�}
t|�
}t|�
}t�d
|
||�
dS)Nz#PropertiesChanged('%s', '%s', '%s'))rrirr8)r.rnZchanged_propertiesZinvalidated_propertiesr2r2r3�PropertiesChanged"
s




�zFirewallD.PropertiesChanged)
rgcs`t�
d
�

tt|��|j|j���}t||t	j
j�}t	j
jf
D]}t
|||t�jt�j�}q>|S)NzIntrospect())rZdebug2r*r
�
Introspectr-r,Zget_busrrr&r)rkrrZ
deprecatedr)r.rA�data�	interfacer0r2r3rx+
s

�
�



�zFirewallD.Introspect�cCs*t�
d
�

|j��
|j��
|��
dS)z#Reload the firewall rules.
        zreload()N�rr8r$�reloadr�Reloaded�r.rAr2r2r3r}A
s




zFirewallD.reloadcCs,t�
d
�

|j�d�

|j��
|��
dS)z�Completely reload the firewall.

        Completely reload the firewall: Stops firewall, unloads modules and
        starts the firewall again.
        zcompleteReload()TNr|rr2r2r3�completeReloadP
s




zFirewallD.completeReloadc

Cst�
d
�

dS)Nz
Reloaded()�rr8r6r2r2r3r~`
szFirewallD.ReloadedcCs"t�
d
�

|jj��
|��
dS)zbreset to firewall's builtin defaults.
        Reloads firewalld to apply changes properly
        zfirewalld.reset_to_defaults()N)rr8r$rZreset_defaultsr}rr2r2r3�resetToDefaultse
s


zFirewallD.resetToDefaultscCst�
d
�

t|j�

dS)z&Check permanent configuration
        zcheckPermanentConfig()N)rr8rr$rr2r2r3�checkPermanentConfigp
s

zFirewallD.checkPermanentConfigcCs�t�
d
�

|jjdkr"ttjd��
d}|j��}|jj	�
�D]�}|�|�
}zj||vr�|j�|�
}|�
�|kr�t�
d|�

|�|�

q�t�
d|�

nt�
d|�

|j�||�
Wq<ty�
}
z"t�d||f�

d	}WYd
}~q<d
}~00q<|j��}|jj��D]�}|�|�
}zn||v�
rf|j�|�
}|�
�|k�
rVt�
d|�

|�|�

nt�
d|�

nt�
d
|�

|j�||�
Wn<t�
y�
}
z"t�d||f�

d	}WYd
}~n
d
}~00�
q|j��}|jj��D]�}zx|�|�
}||v�r:|j�|�
}|�
�|k�r*t�
d|�

|�|�

nt�
d|�

nt�
d|�

|j�||�
Wn<t�y�
}
z"t�d||f�

d	}WYd
}~n
d
}~00�
q�|j��}|jj� �D�
]h}|�!|�
}t"t#�$|�
�
}d}	|�%�D]4}
|
|jj&v�r�t�
d||
f�

|�'|
�

d	}	�q�|�%�D]H}
z,t(|
�
}|�rFt)||��rF|�'|
�

d	}	Wnt�y\


Yn0�q|	�rp|�*�}|�%�D]}
t+||
�
�qxzP||v�r�|j�,|�
}t�
d|�

|�-|�

nt�
d|�

|j�.||�
Wn<t�y
}
z"t�d||f�

d	}WYd
}~n
d
}~00�q�|j�/�}|jj0�1�D]�}|�2|�
}zB||v�rd|j�3|�
}|�|�

nt�
d|�

|j�4||�
Wn<t�y�
}
z"t�d||f�

d	}WYd
}~n
d
}~00�q2|j�5�}|jj6�7�D]�}|�8|�
}zn||v�r8|j�9|�
}|�
�|k�r(t�
d|�

|�|�

nt�
d|�

nt�
d|�

|j�:||�
Wn<t�y�
}
z"t�d||f�

d	}WYd
}~n
d
}~00�q�|jj;�<�|jj;�=�|jj;�>�f}z6|j�
�|k�r�t�
d�

|j�|�

n
t�
d�

Wn8t�y(
}
zt�d|�

d	}WYd
}~n
d
}~00|jj?j@�A�}z6|j�
�|k�rbt�
d �

|j�B|�

n
t�
d!�

Wn8t�y�
}
zt�d"|�

d	}WYd
}~n
d
}~00|�r�ttjC�
�
d
S)#z-Make runtime configuration permanent
        zcopyRuntimeToPermanent()ZFAILEDz�Saving runtime to permanent is not allowed while firewalld is in FAILED state. The permanent configuration must be fixed and then firewalld restarted. Try `firewall-offline-cmd --check-config`.FzCopying service '%s' settingsz$Service '%s' is identical, ignoring.zCreating service '%s'z/Runtime To Permanent failed on service '%s': %sTNzCopying icmptype '%s' settingsz%IcmpType '%s' is identical, ignoring.zCreating icmptype '%s'z0Runtime To Permanent failed on icmptype '%s': %szCopying ipset '%s' settingsz"IPSet '%s' is identical, ignoring.zCreating ipset '%s'z-Runtime To Permanent failed on ipset '%s': %szEZone '%s': interface binding for '%s' has been added by NM, ignoring.zCopying zone '%s' settingszCreating zone '%s'z,Runtime To Permanent failed on zone '%s': %szCreating policy '%s'z.Runtime To Permanent failed on policy '%s': %szCopying helper '%s' settingsz#Helper '%s' is identical, ignoring.zCreating helper '%s'z.Runtime To Permanent failed on helper '%s': %szCopying direct configurationz,Direct configuration is identical, ignoring.z7Runtime To Permanent failed on direct configuration: %szCopying policies configurationz.Policies configuration is identical, ignoring.z9Runtime To Permanent failed on policies configuration: %s)Drr8r$�_stater"r!ZRUNNING_BUT_FAILEDrZgetServiceNamesr(�get_services�getServiceSettingsZgetServiceByNameZgetSettings�update�
addService�	Exception�warningZgetIcmpTypeNames�icmptype�
get_icmptypes�getIcmpTypeSettingsZgetIcmpTypeByNameZaddIcmpTypeZ
getIPSetNames�ipset�
get_ipsets�getIPSetSettingsZgetIPSetByNameZaddIPSetZgetZoneNamesrC�	get_zones�getZoneSettings2r�copy�deepcopy�
getInterfacesZ_nm_assigned_interfaces�removeInterfacerrZgetSettingsDictr Z
getZoneByNameZupdate2ZaddZone2ZgetPolicyNames�policy�"get_policies_not_derived_from_zone�getPolicySettingsZgetPolicyByNameZ	addPolicyZgetHelperNames�helper�get_helpers�getHelperSettingsZgetHelperByNameZ	addHelper�direct�get_all_chains�
get_all_rules�get_all_passthroughsr>�lockdown_whitelist�
export_configZsetLockdownWhitelistZRT_TO_PERM_FAILED)r.rAr@Zconfig_namesr/ZconfZconf_obj�
e�settingsZchangedrzZ
connectionr2r2r3�runtimeToPermanent|
sF



�














��















��















��

































��













��















��




�






�








��
zFirewallD.runtimeToPermanentcCs,t�
d
�

|�|
�

|jj��
|��
dS)z!Enable lockdown policies
        zpolicies.enableLockdown()N)rr8rBr$r>Zenable_lockdown�LockdownEnabledrr2r2r3�enableLockdownNs




zFirewallD.enableLockdowncCs,t�
d
�

|�|
�

|jj��
|��
dS)z"Disable lockdown policies
        zpolicies.disableLockdown()N)rr8rBr$r>Zdisable_lockdown�LockdownDisabledrr2r2r3�disableLockdownZs




zFirewallD.disableLockdown�
bcCst�
d
�

|jj��S)z,Returns True if lockdown is enabled
        zpolicies.queryLockdown())rr8r$r>r?rr2r2r3�
queryLockdownfs
zFirewallD.queryLockdownc

Cst�
d
�

dS)NzLockdownEnabled()r�r6r2r2r3r�qszFirewallD.LockdownEnabledc

Cst�
d
�

dS)NzLockdownDisabled()r�r6r2r2r3r�vszFirewallD.LockdownDisabledcCs@t|
t
�}
t�d
|
�

|�|�

|jjj�|
�

|�	|
�

dS)�Add lockdown command
        z*policies.addLockdownWhitelistCommand('%s')N)
rrirr8rBr$r>r�Zadd_command�LockdownWhitelistCommandAdded�r.r=rAr2r2r3�addLockdownWhitelistCommands






z%FirewallD.addLockdownWhitelistCommandcCs@t|
t
�}
t�d
|
�

|�|�

|jjj�|
�

|�	|
�

dS)z Remove lockdown command
        z-policies.removeLockdownWhitelistCommand('%s')N)
rrirr8rBr$r>r�Zremove_command�LockdownWhitelistCommandRemovedr�r2r2r3�removeLockdownWhitelistCommand�s






z(FirewallD.removeLockdownWhitelistCommandcCs(t|
t
�}
t�d
|
�

|jjj�|
�
S)zQuery lockdown command
        z,policies.queryLockdownWhitelistCommand('%s'))rrirr8r$r>r�Zhas_commandr�r2r2r3�queryLockdownWhitelistCommand�s

z'FirewallD.queryLockdownWhitelistCommand�ascCst�
d
�

|jjj��S)r�z'policies.getLockdownWhitelistCommands())rr8r$r>r�Zget_commandsrr2r2r3�getLockdownWhitelistCommands�s
z&FirewallD.getLockdownWhitelistCommandscCst�
d
|
�

dS)Nz#LockdownWhitelistCommandAdded('%s')r��r.r=r2r2r3r��sz'FirewallD.LockdownWhitelistCommandAddedcCst�
d
|
�

dS)Nz%LockdownWhitelistCommandRemoved('%s')r�r�r2r2r3r��sz)FirewallD.LockdownWhitelistCommandRemoved�
icCs@t|
t
�}
t�d
|
�

|�|�

|jjj�|
�

|�	|
�

dS)�Add lockdown uid
        z&policies.addLockdownWhitelistUid('%s')N)
r�intrr8rBr$r>r�Zadd_uid�LockdownWhitelistUidAdded�r.r;rAr2r2r3�addLockdownWhitelistUid�s






z!FirewallD.addLockdownWhitelistUidcCs@t|
t
�}
t�d
|
�

|�|�

|jjj�|
�

|�	|
�

dS)zRemove lockdown uid
        z)policies.removeLockdownWhitelistUid('%s')N)
rr�rr8rBr$r>r�Z
remove_uid�LockdownWhitelistUidRemovedr�r2r2r3�removeLockdownWhitelistUid�s






z$FirewallD.removeLockdownWhitelistUidcCs(t|
t
�}
t�d
|
�

|jjj�|
�
S)zQuery lockdown uid
        z(policies.queryLockdownWhitelistUid('%s'))rr�rr8r$r>r�Zhas_uidr�r2r2r3�queryLockdownWhitelistUid�s

z#FirewallD.queryLockdownWhitelistUidZaicCst�
d
�

|jjj��S)r�z#policies.getLockdownWhitelistUids())rr8r$r>r�Zget_uidsrr2r2r3�getLockdownWhitelistUids�s
z"FirewallD.getLockdownWhitelistUidscCst�
d
|
�

dS)NzLockdownWhitelistUidAdded(%d)r��r.r;r2r2r3r��sz#FirewallD.LockdownWhitelistUidAddedcCst�
d
|
�

dS)NzLockdownWhitelistUidRemoved(%d)r�r�r2r2r3r��sz%FirewallD.LockdownWhitelistUidRemovedcCs@t|
t
�}
t�d
|
�

|�|�

|jjj�|
�

|�	|
�

dS)�Add lockdown user
        z'policies.addLockdownWhitelistUser('%s')N)
rrirr8rBr$r>r�Zadd_user�LockdownWhitelistUserAdded�r.r<rAr2r2r3�addLockdownWhitelistUser�s






z"FirewallD.addLockdownWhitelistUsercCs@t|
t
�}
t�d
|
�

|�|�

|jjj�|
�

|�	|
�

dS)zRemove lockdown user
        z*policies.removeLockdownWhitelistUser('%s')N)
rrirr8rBr$r>r�Zremove_user�LockdownWhitelistUserRemovedr�r2r2r3�removeLockdownWhitelistUsers






z%FirewallD.removeLockdownWhitelistUsercCs(t|
t
�}
t�d
|
�

|jjj�|
�
S)zQuery lockdown user
        z)policies.queryLockdownWhitelistUser('%s'))rrirr8r$r>r�Zhas_userr�r2r2r3�queryLockdownWhitelistUsers

z$FirewallD.queryLockdownWhitelistUsercCst�
d
�

|jjj��S)r�z$policies.getLockdownWhitelistUsers())rr8r$r>r�Z	get_usersrr2r2r3�getLockdownWhitelistUserss
z#FirewallD.getLockdownWhitelistUserscCst�
d
|
�

dS)Nz LockdownWhitelistUserAdded('%s')r��r.r<r2r2r3r�*sz$FirewallD.LockdownWhitelistUserAddedcCst�
d
|
�

dS)Nz"LockdownWhitelistUserRemoved('%s')r�r�r2r2r3r�/sz&FirewallD.LockdownWhitelistUserRemovedcCs@t|
t
�}
t�d
|
�

|�|�

|jjj�|
�

|�	|
�

dS)�Add lockdown context
        z*policies.addLockdownWhitelistContext('%s')N)
rrirr8rBr$r>r�Zadd_context�LockdownWhitelistContextAdded�r.r:rAr2r2r3�addLockdownWhitelistContext6s






z%FirewallD.addLockdownWhitelistContextcCs@t|
t
�}
t�d
|
�

|�|�

|jjj�|
�

|�	|
�

dS)z Remove lockdown context
        z-policies.removeLockdownWhitelistContext('%s')N)
rrirr8rBr$r>r�Zremove_context�LockdownWhitelistContextRemovedr�r2r2r3�removeLockdownWhitelistContextCs






z(FirewallD.removeLockdownWhitelistContextcCs(t|
t
�}
t�d
|
�

|jjj�|
�
S)zQuery lockdown context
        z,policies.queryLockdownWhitelistContext('%s'))rrirr8r$r>r�Zhas_contextr�r2r2r3�queryLockdownWhitelistContextPs

z'FirewallD.queryLockdownWhitelistContextcCst�
d
�

|jjj��S)r�z'policies.getLockdownWhitelistContexts())rr8r$r>r�Zget_contextsrr2r2r3�getLockdownWhitelistContexts\s
z&FirewallD.getLockdownWhitelistContextscCst�
d
|
�

dS)Nz#LockdownWhitelistContextAdded('%s')r��r.r:r2r2r3r�gsz'FirewallD.LockdownWhitelistContextAddedcCst�
d
|
�

dS)Nz%LockdownWhitelistContextRemoved('%s')r�r�r2r2r3r�lsz)FirewallD.LockdownWhitelistContextRemovedcCs*t�
d
�

|�|
�

|j��
|��
dS)zfEnable panic mode.

        All ingoing and outgoing connections and packets will be blocked.
        zenablePanicMode()N)rr8rBr$Zenable_panic_mode�PanicModeEnabledrr2r2r3�enablePanicModeus	





zFirewallD.enablePanicModecCs*t�
d
�

|�|
�

|j��
|��
dS)z�Disable panic mode.

        Enables normal mode: Allowed ingoing and outgoing connections
        will not be blocked anymore
        zdisablePanicMode()N)rr8rBr$Zdisable_panic_mode�PanicModeDisabledrr2r2r3�disablePanicMode�s






zFirewallD.disablePanicModecCst�
d
�

|j��S)NzqueryPanicMode())rr8r$Zquery_panic_moderr2r2r3�queryPanicMode�s

zFirewallD.queryPanicModec

Cst�
d
�

dS)NzPanicModeEnabled()r�r6r2r2r3r��szFirewallD.PanicModeEnabledc

Cst�
d
�

dS)NzPanicModeDisabled()r�r6r2r2r3r��szFirewallD.PanicModeDisabledz&(sssbsasa(ss)asba(ssss)asasasasa(ss)b)cCs$t|
t
�}
t�d
|
�
|jj�|
�
S)NzgetZoneSettings(%s))rrirr8r$rCZget_config_with_settings�r.rCrAr2r2r3�getZoneSettings�s


zFirewallD.getZoneSettingscCs$t|
t
�}
t�d
|
�
|jj�|
�
S)NzgetZoneSettings2(%s))rrirr8r$rC�get_config_with_settings_dictr�r2r2r3r��s


zFirewallD.getZoneSettings2zsa{sv}cCsFt|
t
�}
t�d
|
�
|�|�

|jj�|
t|�
|�
|�|
|�
dS)NzsetZoneSettings2(%s))	rrirr8rBr$rC�set_config_with_settings_dict�ZoneUpdated)r.rCr�rAr2r2r3�setZoneSettings2�s






zFirewallD.setZoneSettings2cCst�
d
|
|f�

dS)Nzzone.ZoneUpdated('%s', '%s')r�)r.rCr�r2r2r3r��szFirewallD.ZoneUpdatedcCs$t|
t
�}
t�d
|
�
|jj�|
�
S)Nzpolicy.getPolicySettings(%s))rrirr8r$r�r�)r.r�rAr2r2r3r��s


zFirewallD.getPolicySettingscCsFt|
t
�}
t�d
|
�
|�|�

|jj�|
t|�
|�
|�|
|�
dS)Nzpolicy.setPolicySettings(%s))	rrirr8rBr$r�r��
PolicyUpdated)r.r�r�rAr2r2r3�setPolicySettings�s






zFirewallD.setPolicySettingscCst�
d
|
|f�

dS)Nz policy.PolicyUpdated('%s', '%s')r�)r.r�r�r2r2r3r��szFirewallD.PolicyUpdatedcCst�
d
�

|jj��S)NzlistServices())rr8r$r(r�rr2r2r3�listServices�s

zFirewallD.listServicesz(sssa(ss)asa{ss}asa(ss))c	Cs�t|
t
�}
t�d
|
�
|jj�|
�
}|��}g}td�
D]P}|j	|d|v
rp|�
t�t
||j	|d��
�

q8|�
||j	|d�

q8t|�
S)NzgetServiceSettings(%s)�r)rrirr8r$r(�get_service�export_config_dict�rangeZIMPORT_EXPORT_STRUCTURE�appendr�r��getattr�tuple)r.r(rA�objZ	conf_dictZ	conf_listr�r2r2r3r��s






"
zFirewallD.getServiceSettingscCs,t|
t
�}
t�d
|
�
|jj�|
�
}|��S)NzgetServiceSettings2(%s))rrirr8r$r(r�r�)r.r(rAr�r2r2r3�getServiceSettings2s



zFirewallD.getServiceSettings2cCst�
d
�

|jj��S)NzlistIcmpTypes())rr8r$r�r�rr2r2r3�
listIcmpTypess

zFirewallD.listIcmpTypescCs(t|
t
�}
t�d
|
�
|jj�|
�
��S)NzgetIcmpTypeSettings(%s))rrirr8r$r�Zget_icmptyper�)r.r�rAr2r2r3r�s


zFirewallD.getIcmpTypeSettingscCst�
d
�

|j��S)NzgetLogDenied())rr8r$Zget_log_deniedrr2r2r3�getLogDenied%s

zFirewallD.getLogDeniedcCsXt|
t
�}
t�d
|
�

|�|�

|j�|
�

|�|
�

|j��
|j	��
|�
�
dS)NzsetLogDenied('%s'))rrirr8rBr$Zset_log_denied�LogDeniedChangedr}rr~�r.�valuerAr2r2r3�setLogDenied.s










zFirewallD.setLogDeniedcCst�
d
|
�

dS)NzLogDeniedChanged('%s')r��r.r�r2r2r3r�>szFirewallD.LogDeniedChangedcCst�
d
�

dS)NzgetAutomaticHelpers()rVr�rr2r2r3�getAutomaticHelpersGs
zFirewallD.getAutomaticHelperscCs&t|
t
�}
t�d
|
�

|�|�

dS)NzsetAutomaticHelpers('%s'))rrirr8rBr�r2r2r3�setAutomaticHelpersRs


zFirewallD.setAutomaticHelperscCst�
d
|
�

dS)NzAutomaticHelpersChanged('%s')r�r�r2r2r3�AutomaticHelpersChanged^sz!FirewallD.AutomaticHelpersChangedcCst�
d
�

|j��S)NzgetDefaultZone())rr8r$Zget_default_zonerr2r2r3�getDefaultZonegs

zFirewallD.getDefaultZonecCs<t|
t
�}
t�d
|
�

|�|�

|j�|
�

|�|
�

dS)NzsetDefaultZone('%s'))rrirr8rBr$Zset_default_zone�DefaultZoneChangedr�r2r2r3�setDefaultZoneps






zFirewallD.setDefaultZonecCst�
d
|
�

dS)NzDefaultZoneChanged('%s')r��r.rCr2r2r3r�|szFirewallD.DefaultZoneChangedcCst�
d
�

|jj��S)Nzpolicy.getPolicies())rr8r$r�r�rr2r2r3�getPolicies�s

zFirewallD.getPoliciesz
a{sa{sas}}cCsXt�
d
�

i}|jj��D]8}i||<|jj�|�
||d<|jj�|�
||d<q|S)Nzpolicy.getActivePolicies()Z
ingress_zonesZegress_zones)rr8r$r�Z)get_active_policies_not_derived_from_zoneZlist_ingress_zonesZlist_egress_zones)r.rAr>r�r2r2r3�getActivePolicies�s






zFirewallD.getActivePoliciescCst�
d
�

|jj��S)Nzzone.getZones())rr8r$rCr�rr2r2r3�getZones�s

zFirewallD.getZonescCs�t�
d
�

i}|jj��D]l}|jj�|�
}|jj�|�
}t|�
t|�
dkri||<t|�
dkrn|||d<t|�
dkr|||d<q|S)Nzzone.getActiveZones()r�
interfaces�sources)rr8r$rCr��list_interfaces�list_sources�len)r.rAZzonesrCr�r�r2r2r3�getActiveZones�s











zFirewallD.getActiveZonescCs2t|
t
�}
t�d
|
�

|jj�|
�
}|r.|SdS)z�Return the zone an interface belongs to.

        :Parameters:
            `interface` : str
                Name of the interface
        :Returns: str. The name of the zone.
        zzone.getZoneOfInterface('%s')r{)rrirr8r$rCZget_zone_of_interface)r.rzrArCr2r2r3�getZoneOfInterface�s





zFirewallD.getZoneOfInterfacecCs2t|
t
�}
t�d
|
�

|jj�|
�
}|r.|SdS)Nzzone.getZoneOfSource('%s')r{)rrirr8r$rCZget_zone_of_source)r.�sourcerArCr2r2r3�getZoneOfSource�s





zFirewallD.getZoneOfSourcec
Csd
S)NFr2r�r2r2r3�isImmutable�szFirewallD.isImmutablecCsRt|
t
�}
t|t
�}t�d
|
|f�

|�|�

|jj�|
||�}|�||�
|S)zPAdd an interface to a zone.
        If zone is empty, use default zone.
        zzone.addInterface('%s', '%s'))	rrirr8rBr$rCZ
add_interface�InterfaceAdded�r.rCrzrA�_zoner2r2r3�addInterface�s







zFirewallD.addInterfacecCs"t|
t
�}
t|t
�}|�|
||�S)
z�Change a zone an interface is part of.
        If zone is empty, use default zone.

        This function is deprecated, use changeZoneOfInterface instead
        )rri�changeZoneOfInterface�r.rCrzrAr2r2r3�
changeZone�s




zFirewallD.changeZonecCsRt|
t
�}
t|t
�}t�d
|
|f�

|�|�

|jj�|
||�}|�||�
|S)z[Change a zone an interface is part of.
        If zone is empty, use default zone.
        z&zone.changeZoneOfInterface('%s', '%s'))	rrirr8rBr$rCZchange_zone_of_interface�ZoneOfInterfaceChangedr
r2r2r3r	

s







zFirewallD.changeZoneOfInterfacecCsPt|
t
�}
t|t
�}t�d
|
|f�

|�|�

|jj�|
|�}|�||�
|S)zkRemove interface from a zone.
        If zone is empty, remove from zone the interface belongs to.
        z zone.removeInterface('%s', '%s'))	rrirr8rBr$rCZremove_interface�InterfaceRemovedr
r2r2r3r�s







zFirewallD.removeInterfacecCs6t|
t
�}
t|t
�}t�d
|
|f�

|jj�|
|�S)z^Return true if an interface is in a zone.
        If zone is empty, use default zone.
        zzone.queryInterface('%s', '%s'))rrirr8r$rCZquery_interfacer

r2r2r3�queryInterface,s




zFirewallD.queryInterfacecCs&t|
t
�}
t�d
|
�

|jj�|
�
S)z]Return the list of interfaces of a zone.
        If zone is empty, use default zone.
        zzone.getInterfaces('%s'))rrirr8r$rCr�r�r2r2r3r�9s



zFirewallD.getInterfacescCst�
d
|
|f�

dS)Nzzone.InterfaceAdded('%s', '%s')r��r.rCrzr2r2r3r
GszFirewallD.InterfaceAddedcCst�
d
|
|f�

dS)z,
        This signal is deprecated.
        zzone.ZoneChanged('%s', '%s')Nr�r
r2r2r3�ZoneChangedLszFirewallD.ZoneChangedcCs"t�
d
|
|f�

|�|
|�
dS)Nz'zone.ZoneOfInterfaceChanged('%s', '%s'))rr8r
r
r2r2r3r
Ts
�z FirewallD.ZoneOfInterfaceChangedcCst�
d
|
|f�

dS)Nz!zone.InterfaceRemoved('%s', '%s')r�r
r2r2r3r

[szFirewallD.InterfaceRemovedcCsRt|
t
�}
t|t
�}t�d
|
|f�

|�|�

|jj�|
||�}|�||�
|S)zLAdd a source to a zone.
        If zone is empty, use default zone.
        zzone.addSource('%s', '%s'))	rrirr8rBr$rCZ
add_source�SourceAdded�r.rCr
rAr
r2r2r3�	addSourceds







zFirewallD.addSourcecCsRt|
t
�}
t|t
�}t�d
|
|f�

|�|�

|jj�|
||�}|�||�
|S)zXChange a zone an source is part of.
        If zone is empty, use default zone.
        z#zone.changeZoneOfSource('%s', '%s'))	rrirr8rBr$rCZchange_zone_of_source�ZoneOfSourceChangedr
r2r2r3�changeZoneOfSourceus







zFirewallD.changeZoneOfSourcecCsPt|
t
�}
t|t
�}t�d
|
|f�

|�|�

|jj�|
|�}|�||�
|S)zeRemove source from a zone.
        If zone is empty, remove from zone the source belongs to.
        zzone.removeSource('%s', '%s'))	rrirr8rBr$rCZ
remove_source�
SourceRemovedr
r2r2r3�removeSource�s







zFirewallD.removeSourcecCs6t|
t
�}
t|t
�}t�d
|
|f�

|jj�|
|�S)z[Return true if an source is in a zone.
        If zone is empty, use default zone.
        zzone.querySource('%s', '%s'))rrirr8r$rCZquery_source)r.rCr
rAr2r2r3�querySource�s




zFirewallD.querySourcecCs&t|
t
�}
t�d
|
�

|jj�|
�
S)zZReturn the list of sources of a zone.
        If zone is empty, use default zone.
        zzone.getSources('%s'))rrirr8r$rCr�r�r2r2r3�
getSources�s



zFirewallD.getSourcescCst�
d
|
|f�

dS)Nzzone.SourceAdded('%s', '%s')r��r.rCr
r2r2r3r
�szFirewallD.SourceAddedcCst�
d
|
|f�

dS)Nz$zone.ZoneOfSourceChanged('%s', '%s')r�r
r2r2r3r
�szFirewallD.ZoneOfSourceChangedcCst�
d
|
|f�

dS)Nzzone.SourceRemoved('%s', '%s')r�r
r2r2r3r
�szFirewallD.SourceRemovedcCsHt�
d
|
|f�

|j|
|=t|d�
}|jj�|
|�
|�|
|�
dS)Nz%zone.disableTimedRichRule('%s', '%s')�
Zrule_str)rr8r9rr$rC�remove_rule�RichRuleRemoved)r.rC�ruler�r2r2r3�disableTimedRichRule�s





zFirewallD.disableTimedRichRuleZssicCs�t|
t
�}
t|t
�}t|t�}t�d
|
|f�

t|d�
}|jj�|
||�}|dkrtt	�
||j||�}|�|||�
|�
|||�
|S)Nzzone.addRichRule('%s', '%s')r
r)rrir�rr8rr$rC�add_ruler�timeout_add_secondsr
rF�
RichRuleAdded)r.rCr
�timeoutrAr�r
rEr2r2r3�addRichRule�s











�
zFirewallD.addRichRulecCs\t|
t
�}
t|t
�}t�d
|
|f�

t|d�
}|jj�|
|�}|�||�
|�	||�
|S)Nzzone.removeRichRule('%s', '%s')r
)
rrirr8rr$rCr
rIr
)r.rCr
rAr�r
r2r2r3�removeRichRule�s









zFirewallD.removeRichRulecCs@t|
t
�}
t|t
�}t�d
|
|f�

t|d�
}|jj�|
|�S)Nzzone.queryRichRule('%s', '%s')r
)rrirr8rr$rC�
query_rule)r.rCr
rAr�r2r2r3�
queryRichRule�s







zFirewallD.queryRichRulecCs&t|
t
�}
t�d
|
�

|jj�|
�
S)Nzzone.getRichRules('%s'))rrirr8r$rCZ
list_rulesr�r2r2r3�getRichRules�s


zFirewallD.getRichRulescCst�
d
|
||f�

dS)Nz"zone.RichRuleAdded('%s', '%s', %d)r�)r.rCr
r#
r2r2r3r"
szFirewallD.RichRuleAddedcCst�
d
|
|f�

dS)Nz zone.RichRuleRemoved('%s', '%s')r�)r.rCr
r2r2r3r
szFirewallD.RichRuleRemovedcCs>t�
d
|
|f�

|j|
|=|jj�|
|�
|�|
|�
dS)Nz$zone.disableTimedService('%s', '%s'))rr8r9r$rC�remove_service�ServiceRemoved�r.rCr(r2r2r3�disableTimedServices


zFirewallD.disableTimedServicecCs�t|
t
�}
t|t
�}t|t�}t�d
|
||f�

|�|�

|jj�|
|||�}|dkrxt	�
||j||�}|�|||�
|�
|||�
|S)Nzzone.addService('%s', '%s', %d)r)rrir�rr8rBr$rCZadd_servicerr!
r,
rF�ServiceAdded)r.rCr(r#
rAr
rEr2r2r3r�s










�
zFirewallD.addServicecCs\t|
t
�}
t|t
�}t�d
|
|f�

|�|�

|jj�|
|�}|�||�
|�	||�
|S)Nzzone.removeService('%s', '%s'))
rrirr8rBr$rCr)
rIr*
)r.rCr(rAr
r2r2r3�
removeService1s







zFirewallD.removeServicecCs6t|
t
�}
t|t
�}t�d
|
|f�

|jj�|
|�S)Nzzone.queryService('%s', '%s'))rrirr8r$rCZ
query_service)r.rCr(rAr2r2r3�queryServiceBs




zFirewallD.queryServicecCs&t|
t
�}
t�d
|
�

|jj�|
�
S)Nzzone.getServices('%s'))rrirr8r$rCZ
list_servicesr�r2r2r3�getServicesMs


zFirewallD.getServicescCst�
d
|
||f�

dS)Nz!zone.ServiceAdded('%s', '%s', %d)r�)r.rCr(r#
r2r2r3r-
Ys
�zFirewallD.ServiceAddedcCst�
d
|
|f�

dS)Nzzone.ServiceRemoved('%s', '%s')r�r+
r2r2r3r*
_szFirewallD.ServiceRemovedcCsHt�
d
|
||f�

|j|
||f=|jj�|
||�
|�|
||�
dS)Nz'zone.disableTimedPort('%s', '%s', '%s'))rr8r9r$rC�remove_port�PortRemoved�r.rC�port�protocolr2r2r3�disableTimedPorths
�

zFirewallD.disableTimedPortZsssicCs�t|
t
�}
t|t
�}t|t
�}t|t�}t�d
|
||f�

|�|�

|jj�|
||||�}|dkr�t	�
||j|||�}|�|||f|�
|�
||||�
|S)Nzzone.addPort('%s', '%s', '%s')r)rrir�rr8rBr$rCZadd_portrr!
r6
rF�	PortAdded�r.rCr4
r5
r#
rAr
rEr2r2r3�addPortps 








�




�
zFirewallD.addPortZssscCspt|
t
�}
t|t
�}t|t
�}t�d
|
||f�

|�|�

|jj�|
||�}|�|||f�
|�	|||�
|S)Nz!zone.removePort('%s', '%s', '%s'))
rrirr8rBr$rCr1
rIr2
�r.rCr4
r5
rAr
r2r2r3�
removePort�s






�



zFirewallD.removePortcCsDt|
t
�}
t|t
�}t|t
�}t�d
|
||f�

|jj�|
||�S)Nz zone.queryPort('%s', '%s', '%s'))rrirr8r$rCZ
query_port�r.rCr4
r5
rAr2r2r3�	queryPort�s







zFirewallD.queryPortZaascCs&t|
t
�}
t�d
|
�

|jj�|
�
S)Nzzone.getPorts('%s'))rrirr8r$rCZ
list_portsr�r2r2r3�getPorts�s


zFirewallD.getPortsrcCst�
d
|
|||f�

dS)Nz$zone.PortAdded('%s', '%s', '%s', %d)r��r.rCr4
r5
r#
r2r2r3r7
�s

�zFirewallD.PortAddedcCst�
d
|
||f�

dS)Nz"zone.PortRemoved('%s', '%s', '%s')r�r3
r2r2r3r2
�s
�zFirewallD.PortRemovedcCs>t�
d
|
|f�

|j|
|=|jj�|
|�
|�|
|�
dS)Nz%zone.disableTimedProtocol('%s', '%s'))rr8r9r$rC�remove_protocol�ProtocolRemoved�r.rCr5
r2r2r3�disableTimedProtocol�s


zFirewallD.disableTimedProtocolcCs�t|
t
�}
t|t
�}t|t�}t�d
|
|f�

|�|�

|jj�|
|||�}|dkrvt	�
||j||�}|�|||�
|�
|||�
|S)Nzzone.enableProtocol('%s', '%s')r)rrir�rr8rBr$rCZadd_protocolrr!
rC
rF�
ProtocolAdded)r.rCr5
r#
rAr
rEr2r2r3�addProtocol�s











�
zFirewallD.addProtocolcCs\t|
t
�}
t|t
�}t�d
|
|f�

|�|�

|jj�|
|�}|�||�
|�	||�
|S)Nzzone.removeProtocol('%s', '%s'))
rrirr8rBr$rCr@
rIrA
)r.rCr5
rAr
r2r2r3�removeProtocol�s








zFirewallD.removeProtocolcCs6t|
t
�}
t|t
�}t�d
|
|f�

|jj�|
|�S)Nzzone.queryProtocol('%s', '%s'))rrirr8r$rCZquery_protocol)r.rCr5
rAr2r2r3�
queryProtocol�s




zFirewallD.queryProtocolcCs&t|
t
�}
t�d
|
�

|jj�|
�
S)Nzzone.getProtocols('%s'))rrirr8r$rCZlist_protocolsr�r2r2r3�getProtocols�s


zFirewallD.getProtocolscCst�
d
|
||f�

dS)Nz"zone.ProtocolAdded('%s', '%s', %d)r�)r.rCr5
r#
r2r2r3rD
s
�zFirewallD.ProtocolAddedcCst�
d
|
|f�

dS)Nz zone.ProtocolRemoved('%s', '%s')r�rB
r2r2r3rA

szFirewallD.ProtocolRemovedcCsJt�
d
|
||f�

|j|
d||f=|jj�|
||�
|�|
||�
dS)Nz-zone.disableTimedSourcePort('%s', '%s', '%s')�sport)rr8r9r$rC�remove_source_port�SourcePortRemovedr3
r2r2r3�disableTimedSourcePorts
�

z FirewallD.disableTimedSourcePortcCs�t|
t
�}
t|t
�}t|t
�}t|t�}t�d
|
||f�

|�|�

|jj�|
||||�}|dkr�t	�
||j|||�}|�|d||f|�
|�
||||�
|S)Nz$zone.addSourcePort('%s', '%s', '%s')rrI
)rrir�rr8rBr$rCZadd_source_portrr!
rL
rF�SourcePortAddedr8
r2r2r3�
addSourcePorts$









�


�


�
zFirewallD.addSourcePortcCsrt|
t
�}
t|t
�}t|t
�}t�d
|
||f�

|�|�

|jj�|
||�}|�|d||f�
|�	|||�
|S)Nz'zone.removeSourcePort('%s', '%s', '%s')rI
)
rrirr8rBr$rCrJ
rIrK
r:
r2r2r3�removeSourcePort3s







�



zFirewallD.removeSourcePortcCsDt|
t
�}
t|t
�}t|t
�}t�d
|
||f�

|jj�|
||�S)Nz&zone.querySourcePort('%s', '%s', '%s'))rrirr8r$rCZquery_source_portr<
r2r2r3�querySourcePortEs







�zFirewallD.querySourcePortcCs&t|
t
�}
t�d
|
�

|jj�|
�
S)Nzzone.getSourcePorts('%s'))rrirr8r$rCZlist_source_portsr�r2r2r3�getSourcePortsRs


zFirewallD.getSourcePortscCst�
d
|
|||f�

dS)Nz*zone.SourcePortAdded('%s', '%s', '%s', %d)r�r?
r2r2r3rM
^s

�zFirewallD.SourcePortAddedcCst�
d
|
||f�

dS)Nz(zone.SourcePortRemoved('%s', '%s', '%s')r�r3
r2r2r3rK
ds

�zFirewallD.SourcePortRemovedcCs(|j|
d
=|j
j�|
�

|�|
�

dS)N�
masquerade)r9r$rC�remove_masquerade�MasqueradeRemovedr�r2r2r3�disableTimedMasqueradens

z FirewallD.disableTimedMasquerade�sicCstt|
t
�}
t|t�}t�d
|
�

|�|�

|jj�|
||�}|dkrdt	�
||j|�}|�|d|�
|�
||�
|S)Nzzone.addMasquerade('%s')rrR
)rrir�rr8rBr$rCZadd_masqueraderr!
rU
rF�MasqueradeAdded)r.rCr#
rAr
rEr2r2r3�
addMasqueradets









�
zFirewallD.addMasqueradecCsJt|
t
�}
t�d
|
�

|�|�

|jj�|
�
}|�|d�
|�	|�

|S)Nzzone.removeMasquerade('%s')rR
)
rrirr8rBr$rCrS
rIrT
�r.rCrAr
r2r2r3�removeMasquerade�s







zFirewallD.removeMasqueradecCs&t|
t
�}
t�d
|
�

|jj�|
�
S)Nzzone.queryMasquerade('%s'))rrirr8r$rCZquery_masquerader�r2r2r3�queryMasquerade�s


zFirewallD.queryMasqueradecCst�
d
|
|f�

dS)Nzzone.MasqueradeAdded('%s', %d)r�)r.rCr#
r2r2r3rW
�szFirewallD.MasqueradeAddedcCst�
d
|
�

dS)Nzzone.MasqueradeRemoved('%s')r�r�r2r2r3rT
�szFirewallD.MasqueradeRemovedcCs@|j|
||||f=|j
j�|
||||�
|�|
||||�
dSr4)r9r$rC�remove_forward_port�ForwardPortRemoved�r.rCr4
r5
�toport�toaddrr2r2r3�disable_forward_port�s

zFirewallD.disable_forward_portZsssssic
	Cs�t|
t
�}
t|t
�}t|t
�}t|t
�}t|t
�}t|t�}t�d
|
||||f�

|�|�

|jj�|
||||||�}|dkr�t	�
||j|||||�}	|�|||||f|	�
|�
||||||�
|S)Nz1zone.addForwardPort('%s', '%s', '%s', '%s', '%s')r)rrir�rr8rBr$rCZadd_forward_portrr!
ra
rF�ForwardPortAdded)
r.rCr4
r5
r_
r`
r#
rAr
rEr2r2r3�addForwardPort�s,












�


�



�
zFirewallD.addForwardPortZssssscCs�t|
t
�}
t|t
�}t|t
�}t|t
�}t|t
�}t�d
|
||||f�

|�|�

|jj�|
||||�}|�|||||f�
|�	|||||�
|S)Nz4zone.removeForwardPort('%s', '%s', '%s', '%s', '%s'))
rrirr8rBr$rCr\
rIr]
)r.rCr4
r5
r_
r`
rAr
r2r2r3�removeForwardPort�s










�


�

zFirewallD.removeForwardPortcCs`t|
t
�}
t|t
�}t|t
�}t|t
�}t|t
�}t�d
|
||||f�

|jj�|
||||�S)Nz3zone.queryForwardPort('%s', '%s', '%s', '%s', '%s'))rrirr8r$rCZquery_forward_port)r.rCr4
r5
r_
r`
rAr2r2r3�queryForwardPort�s










�
�zFirewallD.queryForwardPortcCs&t|
t
�}
t�d
|
�

|jj�|
�
S)Nzzone.getForwardPorts('%s'))rrirr8r$rCZlist_forward_portsr�r2r2r3�getForwardPorts�s


zFirewallD.getForwardPortsc	Cst�
d
|
|||||f�

dS)Nz7zone.ForwardPortAdded('%s', '%s', '%s', '%s', '%s', %d)r�)r.rCr4
r5
r_
r`
r#
r2r2r3rb
s
�zFirewallD.ForwardPortAddedcCst�
d
|
||||f�

dS)Nz5zone.ForwardPortRemoved('%s', '%s', '%s', '%s', '%s')r�r^
r2r2r3r]
s
�zFirewallD.ForwardPortRemovedcCs>t�
d
|
|f�

|j|
|=|jj�|
|�
|�|
|�
dS)Nz&zone.disableTimedIcmpBlock('%s', '%s'))rr8r9r$rC�remove_icmp_block�IcmpBlockRemoved�r.rC�icmprAr2r2r3�disableTimedIcmpBlocks


zFirewallD.disableTimedIcmpBlockcCs�t|
t
�}
t|t
�}t|t�}t�d
|
|f�

|�|�

|jj�|
|||�}|dkrxt	�
||j|||�}|�|||�
|�
|||�
|S)Nz zone.enableIcmpBlock('%s', '%s')r)rrir�rr8rBr$rCZadd_icmp_blockrr!
rk
rF�IcmpBlockAdded)r.rCrj
r#
rAr
rEr2r2r3�addIcmpBlocks











�
zFirewallD.addIcmpBlockcCs\t|
t
�}
t|t
�}t�d
|
|f�

|�|�

|jj�|
|�}|�||�
|�	||�
|S)Nz zone.removeIcmpBlock('%s', '%s'))
rrirr8rBr$rCrg
rIrh
)r.rCrj
rAr
r2r2r3�removeIcmpBlock2s








zFirewallD.removeIcmpBlockcCs6t|
t
�}
t|t
�}t�d
|
|f�

|jj�|
|�S)Nzzone.queryIcmpBlock('%s', '%s'))rrirr8r$rCZquery_icmp_blockri
r2r2r3�queryIcmpBlockBs




zFirewallD.queryIcmpBlockcCs&t|
t
�}
t�d
|
�

|jj�|
�
S)Nzzone.getIcmpBlocks('%s'))rrirr8r$rCZlist_icmp_blocksr�r2r2r3�
getIcmpBlocksMs


zFirewallD.getIcmpBlockscCst�
d
|
||f�

dS)Nz#zone.IcmpBlockAdded('%s', '%s', %d)r�)r.rCrj
r#
r2r2r3rl
Ys
�zFirewallD.IcmpBlockAddedcCst�
d
|
|f�

dS)Nz!zone.IcmpBlockRemoved('%s', '%s')r�)r.rCrj
r2r2r3rh
_szFirewallD.IcmpBlockRemovedcCs@t|
t
�}
t�d
|
�

|�|�

|jj�|
|�}|�|�

|S)Nz zone.addIcmpBlockInversion('%s'))	rrirr8rBr$rCZadd_icmp_block_inversion�IcmpBlockInversionAddedrY
r2r2r3�addIcmpBlockInversionhs






zFirewallD.addIcmpBlockInversioncCs>t|
t
�}
t�d
|
�

|�|�

|jj�|
�
}|�|�

|S)Nz#zone.removeIcmpBlockInversion('%s'))	rrirr8rBr$rCZremove_icmp_block_inversion�IcmpBlockInversionRemovedrY
r2r2r3�removeIcmpBlockInversionvs






z"FirewallD.removeIcmpBlockInversioncCs&t|
t
�}
t�d
|
�

|jj�|
�
S)Nz"zone.queryIcmpBlockInversion('%s'))rrirr8r$rCZquery_icmp_block_inversionr�r2r2r3�queryIcmpBlockInversion�s


z!FirewallD.queryIcmpBlockInversioncCst�
d
|
�

dS)Nz"zone.IcmpBlockInversionAdded('%s')r�r�r2r2r3rq
�sz!FirewallD.IcmpBlockInversionAddedcCst�
d
|
�

dS)Nz$zone.IcmpBlockInversionRemoved('%s')r�r�r2r2r3rs
�sz#FirewallD.IcmpBlockInversionRemovedcCs`t|
t
�}
t|t
�}t|t
�}t�d
|
||f�

|�|�

|jj�|
||�
|�|
||�
dS)Nz!direct.addChain('%s', '%s', '%s'))	rrirr8rBr$r�Z	add_chain�
ChainAdded�r.�ipv�table�chainrAr2r2r3�addChain�s









zFirewallD.addChaincCs`t|
t
�}
t|t
�}t|t
�}t�d
|
||f�

|�|�

|jj�|
||�
|�|
||�
dS)Nz$direct.removeChain('%s', '%s', '%s'))	rrirr8rBr$r�Zremove_chain�ChainRemovedrw
r2r2r3�removeChain�s









zFirewallD.removeChaincCsDt|
t
�}
t|t
�}t|t
�}t�d
|
||f�

|jj�|
||�S)Nz#direct.queryChain('%s', '%s', '%s'))rrirr8r$r�Zquery_chainrw
r2r2r3�
queryChain�s







zFirewallD.queryChaincCs6t|
t
�}
t|t
�}t�d
|
|f�

|jj�|
|�S)Nzdirect.getChains('%s', '%s'))rrirr8r$r�Z
get_chains)r.rx
ry
rAr2r2r3�	getChains�s




zFirewallD.getChainsza(sss)cCst�
d
�

|jj��S)Nzdirect.getAllChains())rr8r$r�r�rr2r2r3�getAllChains�s

zFirewallD.getAllChainscCst�
d
|
||f�

dS)Nz#direct.ChainAdded('%s', '%s', '%s')r��r.rx
ry
rz
r2r2r3rv
�szFirewallD.ChainAddedcCst�
d
|
||f�

dS)Nz%direct.ChainRemoved('%s', '%s', '%s')r�r�
r2r2r3r|
�s

�zFirewallD.ChainRemovedZsssiasc
Cs�t|
t
�}
t|t
�}t|t
�}t|t�}td
d�|D�
�
}t�d|
|||d�|�
f�

|�|�

|jj	�
|
||||�
|�|
||||�
dS)Nc
ss|]}
t|
t
�V
qdSr4�rri��.0r�r2r2r3�	<genexpr>��z$FirewallD.addRule.<locals>.<genexpr>z*direct.addRule('%s', '%s', '%s', %d, '%s')�',')rrir�r�rr8�joinrBr$r�r 
�	RuleAdded�r.rx
ry
rz
�priority�argsrAr2r2r3�addRule�s









�


zFirewallD.addRulec
Cs�t|
t
�}
t|t
�}t|t
�}t|t�}td
d�|D�
�
}t�d|
|||d�|�
f�

|�|�

|jj	�
|
||||�
|�|
||||�
dS)Nc
ss|]}
t|
t
�V
qdSr4r�
r�
r2r2r3r�

	r�
z'FirewallD.removeRule.<locals>.<genexpr>z-direct.removeRule('%s', '%s', '%s', %d, '%s')r�
)rrir�r�rr8r�
rBr$r�r
�RuleRemovedr�
r2r2r3�
removeRule	s









�


zFirewallD.removeRulecCs�t|
t
�}
t|t
�}t|t
�}t�d
|
||f�

|�|�

|jj�|
||�D]0\}}|jj�|
||||�
|�	|
||||�
qNdS)Nz$direct.removeRules('%s', '%s', '%s'))
rrirr8rBr$r��	get_rulesr
r�
)r.rx
ry
rz
rAr�
r�
r2r2r3�removeRules	s










zFirewallD.removeRulesc
Csnt|
t
�}
t|t
�}t|t
�}t|t�}td
d�|D�
�
}t�d|
|||d�|�
f�

|jj�	|
||||�S)Nc
ss|]}
t|
t
�V
qdSr4r�
r�
r2r2r3r�
/	r�
z&FirewallD.queryRule.<locals>.<genexpr>z,direct.queryRule('%s', '%s', '%s', %d, '%s')r�
)
rrir�r�rr8r�
r$r�r&
r�
r2r2r3�	queryRule$	s









�zFirewallD.queryRuleza(ias)cCsDt|
t
�}
t|t
�}t|t
�}t�d
|
||f�

|jj�|
||�S)Nz!direct.getRules('%s', '%s', '%s'))rrirr8r$r�r�
rw
r2r2r3�getRules4	s







zFirewallD.getRulesz	a(sssias)cCst�
d
�

|jj��S)Nzdirect.getAllRules())rr8r$r�r�rr2r2r3�getAllRulesA	s

zFirewallD.getAllRulesc
Cs"t�
d
|
|||d�|�
f�

dS)Nz,direct.RuleAdded('%s', '%s', '%s', %d, '%s')r�
�rr8r�
�r.rx
ry
rz
r�
r�
r2r2r3r�
K	s
�zFirewallD.RuleAddedc
Cs"t�
d
|
|||d�|�
f�

dS)Nz.direct.RuleRemoved('%s', '%s', '%s', %d, '%s')r�
r�
r�
r2r2r3r�
R	s
�zFirewallD.RuleRemovedr\c
Cs�t|
t
�}
td
d�|D�
�
}t�d|
d�|�
f�

|�|�

z|jj�	|
|�WSt
y�
}
zj|
dvrvtgd�
�
}ntddg�
}t
|�
}|jt
jkr�tt|�
|@�
d	k
r�t�|�

t|�
�
�WYd}~n
d}~00dS)
Nc
ss|]}
t|
t
�V
qdSr4r�
r�
r2r2r3r�
e	r�
z(FirewallD.passthrough.<locals>.<genexpr>zdirect.passthrough('%s', '%s')r�
)rPrT)z-Cz--check�-L�--listr�
r�
r)rrir�rr8r�
rBr$r��passthroughr"�set�coder!ZCOMMAND_FAILEDr�r�r	)r.rx
r�
rAr@Z
query_args�msgr2r2r3r�
]	s 
















zFirewallD.passthroughcCs\t|
�
}
t
d
d�|D�
�
}t�d|
d�|�
f�

|�|�

|jj�|
|�
|�	|
|�
dS)Nc
ss|]}
t|
�
V
qdSr4�
rr�
r2r2r3r�
�	r�
z+FirewallD.addPassthrough.<locals>.<genexpr>z!direct.addPassthrough('%s', '%s')r�
)
rr�rr8r�
rBr$r�Zadd_passthrough�PassthroughAdded�r.rx
r�
rAr2r2r3�addPassthroughy	s


�


zFirewallD.addPassthroughcCs\t|
�
}
t
d
d�|D�
�
}t�d|
d�|�
f�

|�|�

|jj�|
|�
|�	|
|�
dS)Nc
ss|]}
t|
�
V
qdSr4r�
r�
r2r2r3r�
�	r�
z.FirewallD.removePassthrough.<locals>.<genexpr>z$direct.removePassthrough('%s', '%s')r�
)
rr�rr8r�
rBr$r�Zremove_passthrough�PassthroughRemovedr�
r2r2r3�removePassthrough�	s


�


zFirewallD.removePassthroughcCsBt|
�
}
t
d
d�|D�
�
}t�d|
d�|�
f�

|jj�|
|�S)Nc
ss|]}
t|
�
V
qdSr4r�
r�
r2r2r3r�
�	r�
z-FirewallD.queryPassthrough.<locals>.<genexpr>z#direct.queryPassthrough('%s', '%s')r�
)rr�rr8r�
r$r�Zquery_passthroughr�
r2r2r3�queryPassthrough�	s


�zFirewallD.queryPassthroughza(sas)cCst�
d
�

|jj��S)Nzdirect.getAllPassthroughs())rr8r$r�r�rr2r2r3�getAllPassthroughs�	s

zFirewallD.getAllPassthroughscCs*t�
d
�

t|���
D]}|j|�
qdS)Nzdirect.removeAllPassthroughs())rr8�reversedr�
r�
)r.rAr�
r2r2r3�removeAllPassthroughs�	s

zFirewallD.removeAllPassthroughscCs"t|
�
}
t
�d
|
�
|jj�|
�
S)Nzdirect.getPassthroughs('%s'))rrr8r$r�Zget_passthroughs)r.rx
rAr2r2r3�getPassthroughs�	s

zFirewallD.getPassthroughscCst�
d
|
d�|�
f�

dS)Nz#direct.PassthroughAdded('%s', '%s')r�
r�
�r.rx
r�
r2r2r3r�
�	s
�zFirewallD.PassthroughAddedcCst�
d
|
d�|�
f�

dS)Nz%direct.PassthroughRemoved('%s', '%s')r�
r�
r�
r2r2r3r�
�	s
�zFirewallD.PassthroughRemovedc
Csd
S)z� PK_ACTION_ALL implies all other actions, i.e. once a subject is
            authorized for PK_ACTION_ALL it's also authorized for any other action.
            Use-case is GUI (RHBZ#994729).
        Nr2rr2r2r3�authorizeAll�	s	zFirewallD.authorizeAllcCs$t|
�
}
t
�d
|
�

|jj�|
�
S)Nzipset.queryIPSet('%s'))rrr8r$r�Zquery_ipset�r.r�rAr2r2r3�
queryIPSet�	s

zFirewallD.queryIPSetcCst�
d
�

|jj��S)Nzipsets.getIPSets())rr8r$r�r�rr2r2r3�	getIPSets�	s

zFirewallD.getIPSetscCs(t|
t
�}
t�d
|
�
|jj�|
�
��S)NzgetIPSetSettings(%s))rrirr8r$r�Z	get_ipsetr�r�
r2r2r3r��	s


zFirewallD.getIPSetSettingscCsLt|
�
}
t|�
}t
�d
|
|f�

|�|�

|jj�|
|�
|�|
|�
dS)Nzipset.addEntry('%s', '%s'))rrr8rBr$r�Z	add_entry�
EntryAdded�r.r��entryrAr2r2r3�addEntry
s





zFirewallD.addEntrycCsLt|
�
}
t|�
}t
�d
|
|f�

|�|�

|jj�|
|�
|�|
|�
dS)Nzipset.removeEntry('%s', '%s'))rrr8rBr$r�Zremove_entry�EntryRemovedr�
r2r2r3�removeEntry
s





zFirewallD.removeEntrycCs2t|
�
}
t|�
}t
�d
|
|f�

|jj�|
|�S)Nzipset.queryEntry('%s', '%s'))rrr8r$r�Zquery_entryr�
r2r2r3�
queryEntry
s


zFirewallD.queryEntrycCs$t|
�
}
t
�d
|
�

|jj�|
�
S)Nzipset.getEntries('%s'))rrr8r$r��get_entriesr�
r2r2r3�
getEntries(
s

zFirewallD.getEntriescCs�t|
�
}
t|t
�}t�d
|
d�|�
�
|jj�|
�
}|jj�|
|�
t	|�
}t	|�
}||D]}|�
|
|�
q\||D]}|�|
|�
qvdS)Nzipset.setEntries('%s', '[%s]')�
,)r�listrr8r�
r$r�r�
Zset_entriesr�
r�
r�
)r.r��entriesrAZold_entriesZold_entries_setZentries_setr�
r2r2r3�
setEntries2
s










zFirewallD.setEntriescCs&t|
�
}
t|�
}t
�d
|
|f�

dS)Nzipset.EntryAdded('%s', '%s')�rrr8�r.r�r�
r2r2r3r�
C
s

zFirewallD.EntryAddedcCs&t|
�
}
t|�
}t
�d
|
|f�

dS)Nzipset.EntryRemoved('%s', '%s')r�
r�
r2r2r3r�
J
s

zFirewallD.EntryRemovedcCst�
d
�

|jj��S)Nzhelpers.getHelpers())rr8r$r�r�rr2r2r3�
getHelpersU
s

zFirewallD.getHelperscCs(t|
t
�}
t�d
|
�
|jj�|
�
��S)NzgetHelperSettings(%s))rrirr8r$r�Z
get_helperr�)r.r�rAr2r2r3r�^
s


zFirewallD.getHelperSettings)
N)
N)
N)
N)
N)
N)
N)
N)
N)
N)
N)
N)
N)
N)
N)
N)
N)
N)
N)
N)
N)
N)
N)
N)
N)
N)
N)
N)
N)
N)
N)
N)
N)
N)
N)
N)
N)
N)
N)
N)
N)
N)
N)
N)
N)
N)
N)
N)
N)
N)
N)
N)
N)
N)
N)
N)
N)
N)
N)
N)
N)
N)
N)
N)
N)
N)
N)
N)
N)
N)
N)
N)
N)
N)
N)
N)
N)
r)
N)
N)
N)
N)
r)
N)
N)
N)
N)
r)
N)
N)
N)
r)
N)
N)
N)
N)
r)
N)
N)
N)
N)
r)
N)
N)
N)
N)
N)
N)
N)
N)
N)
N)
N)
N)
N)
N)
N)
N)
N)
N)
N)
N)
N)
N)
N)
N)
N)
N)
N)
N)
N)
N)
N)
N)��__name__�
__module__�__qualname__�__doc__Z
persistentrr&ZPK_ACTION_CONFIGZdefault_polkit_auth_requiredr
r+r7r%r5rrBrFrIrKrcrZPROPERTIES_IFACErprurrvr(�signalrwZPK_ACTION_INFOZINTROSPECTABLE_IFACErxr)r}r�r~r�r�r�ZPK_ACTION_POLICIESrlr�r�ZPK_ACTION_POLICIES_INFOr�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�r�ZPK_ACTION_CONFIG_INFOr�rjr�r�r�ZDBUS_INTERFACE_POLICYr�r�r�r�r�r�r�rZDBUS_SIGNATUREr�r�r�r�r�r�r�r�r�r�r�r�r�r
r

r
r
r
r
r	
r�r
r�r
r
r
r

r
r
r
r
r
r
r
r
r
r$
r%
r'
r(
r"
r
r,
r�r.
r/
r0
r-
r*
r6
r9
r;
r=
r>
r7
r2
rC
rE
rF
rG
rH
rD
rA
rL
rN
rO
rP
rQ
rM
rK
rU
rX
rZ
r[
rW
rT
ra
rc
rd
re
rf
rb
r]
rk
rm
rn
ro
rp
rl
rh
rr
rt
ru
rq
rs
ZPK_ACTION_DIRECTrrkr{
r}
ZPK_ACTION_DIRECT_INFOr~
r
r�
rrv
r|
r�
r�
r�
r�
r�
r�
r�
r�
r�
r�
r�
r�
r�
r�
r�
r�
r�
Z
PK_ACTION_ALLr�
rmr�
r�
rr�r�
r�
r�
r�
r�
r�
r�
r�
rr��
__classcell__r2r2r0r3r
@s�
















/
�

�




"









�




�






�



�




�
O



�




�




�








�
	



�
	



�




�








�
	



�
	



�




�








�
	



�
	



�




�








�
	



�
	



�




�








�





�




�








�




�










�










�




�




�




�




�





�




�






�




�






�




�


	



�




�



�




�




�




�
	



�




�




�





�




�




�
	



�













�




�




�




�
	



�













�




�





�




�










�




�




�




�










�



�



�




�









�




�




�




�









�



�



�
	



�








�




�




�








��


��


��



�

�






�




�




�




�








�





�





�




	




�






�






�






�






�













�





�





�





�





�






�













�





�






�






�






�






�






�












�




�




�




�




�
	



�
	



�




�








	



�




�
)7�__all__Z
gi.repositoryrr�r&Zdbus.serviceZdbus.mainloop.glibZfirewallrZfirewall.core.fwrZfirewall.core.richrZfirewall.core.loggerrZfirewall.clientrZfirewall.server.dbusr	r
Zfirewall.server.decoratorsrrr
rrrZfirewall.server.configrZfirewall.dbus_utilsrrrrrrrrZfirewall.core.io.functionsrZfirewall.core.io.ipsetrZfirewall.core.io.icmptyperZfirewall.core.io.helperrZfirewall.core.fw_nmrrZfirewall.core.fw_ifcfgr r!Zfirewall.errorsr"r
r2r2r2r3�<module>s.








 
(