Ñò £Tc@s¾ddkZddkZddkZddkZddkZddkZddkZddklZddk Tdfd„ƒYZ e dedƒedƒe e ƒe d ed ƒed ƒƒe d ed ƒedƒƒe dedƒedƒƒe dedƒedƒe e ƒe dedƒedƒƒe dedƒedƒe e ƒgZ d„Z d„Zdfd„ƒYZdefd „ƒYZd!fd"„ƒYZd#efd$„ƒYZdS(%iÿÿÿÿN(t_(t*t_SettingcBseZdeed„ZRS(cCs1||_||_||_||_||_dS(N(tkeytnamet descriptiontiptablest ip6tables(tselfRRRRR((s0/usr/share/system-config-firewall/fw_iptables.pyt__init__!s     N(t__name__t __module__tNonetFalseR (((s0/usr/share/system-config-firewall/fw_iptables.pyR stMODULES_UNLOADs"Unload modules on restart and stopsoTo ensure a sane state, the kernel firewall modules must be unloaded when the firewall is restarted or stopped.t SAVE_ON_STOPs Save on stops´Save the active firewall configuration with all changes since the last start before stopping the firewall. Only do this if you need to preserve the active state for the next start.tSAVE_ON_RESTARTsSave on restarts¶Save the active firewall configuration with all changes since the last start before restarting the firewall. Only do this if you need to preserve the active state for the next start.t SAVE_COUNTERsSave and restore countersXSave on stop and Save on restart additionally save rule and chain counter.tSTATUS_NUMERICsNumeric status outputsBPrint addresses and ports in numeric format for the status output.tSTATUS_VERBOSEsVerbose statuss|Print information about the number of packets and bytes plus the input- and outputdevice in the status output.tSTATUS_LINENUMBERSsStatus line numberss;Print a counter/number for every rule in the status output.cCs*x#tD]}|i|jo|SqWdS(N(t setting_listRR (Rtx((s0/usr/share/system-config-firewall/fw_iptables.pytgetByKeyFs  cCs*x#tD]}|i|jo|SqWdS(N(RRR (RR((s0/usr/share/system-config-firewall/fw_iptables.pyt getByNameLs  tip4tablesConfigcBsVeZdZd„Zd„Zd„Zd„Zd„Zd„Zd„Z d„Z RS( t IPTABLES_cCs||_|iƒdS(N(tfilenametclear(RR((s0/usr/share/system-config-firewall/fw_iptables.pyR Ws cCsÅh|_|id|igƒ|id|idƒ|id|idƒ|id|idƒ|id|idƒ|id|idƒ|id |idƒ|id |idƒdS( Ns %sMODULESs%sMODULES_UNLOADtyess%sSAVE_ON_STOPtnos%sSAVE_ON_RESTARTs%sSAVE_COUNTERs%sSTATUS_NUMERICs%sSTATUS_VERBOSEs%sSTATUS_LINENUMBERS(tp_configtsettprefix(R((s0/usr/share/system-config-firewall/fw_iptables.pyR[s cCs&||iiƒjo |i|SdS(N(RtkeysR (RR((s0/usr/share/system-config-firewall/fw_iptables.pytgetfs cCsE|ddjo||i|iƒ|iD]/\}}| id9|||i|ƒfƒq¼Wn|iot|iƒdjpG|idjo |iot|iƒdjp|idjok| od| id:ƒ|i|| d;|ƒ| id<ƒ|io)x&|iD]}| id=|ƒqžWn|idjo3|io)x&|iD]}| id>|ƒqáWn|idjoª|i o | o™x–|i D]‡} | i d ƒpq+ n| i d ƒo|i| d ƒ}n|i| dƒ}| id?| d| d| d| d |fƒq+ Wq¾ nt|ƒdjo"x|D]}t| |ƒqØ Wn| id@|ƒ| idA|ƒ| idƒ| iƒdS(CNRUsicmp-host-prohibitedsicmp6-adm-prohibiteditmangletnattfilters%s.oldttoaddridR9i€s;# Firewall configuration written by system-config-firewall s8# Manual customization of this file is not recommended. s*mangle s:PREROUTING ACCEPT [0:0] s:INPUT ACCEPT [0:0] s:FORWARD ACCEPT [0:0] s:OUTPUT ACCEPT [0:0] s:POSTROUTING ACCEPT [0:0] tporttmarkis=-A PREROUTING -i %s -p %s --dport %s -j MARK --set-mark 0x%x tiftprotosCOMMIT s*nat s#-A POSTROUTING -o %s -j MASQUERADE R's-m mark --mark 0x%x ttoports:%st-sC-A PREROUTING -i %s -p %s --dport %s %s-j DNAT --to-destination %s s*filter s8-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT tINPUTs-A INPUT -i lo -j ACCEPT tipv6sO-A INPUT -m state --state NEW -m udp -p udp --dport 546 -d fe80::/64 -j ACCEPT s-A INPUT -i %s -j ACCEPT s/-A INPUT -i %s -m state --state NEW -m %s -p %ss --dport %ss -m mark --mark 0x%xs -j ACCEPT ttcptudps-m state --state NEW s -m %s -p %s s-p %s s-m ipv6header --header %s s --dport %s s-d %s s -A INPUT s -j ACCEPT s?-A INPUT -m state --state NEW -m %s -p %s --dport %s -j ACCEPT s:-A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT tFORWARDs-A FORWARD -i lo -j ACCEPT s-A FORWARD -i %s -j ACCEPT s-A FORWARD -o %s -j ACCEPT sM-A FORWARD -i %s -m state --state NEW -m %s -p %s -d %s --dport %s -j ACCEPT s$-A INPUT -j REJECT --reject-with %s s&-A FORWARD -j REJECT --reject-with %s (RbRc(ttypet custom_rulesR1R:R;R<tisfiletappendRR=R>R t forward_portthas_keyRCR/RFRAtcatFilet_portStrtmasqt_icmpttrusttservicest fw_servicesRtportst destinationR3(Rtconft reject_typet custom_manglet custom_natt custom_filtert_typettableRt local_forwardtremote_forwardtfwdtmark_idxRIRZtdevttoR[R5tservicetsvcR]t_statet_destt_portt_protoRrt _filename((s0/usr/share/system-config-firewall/fw_iptables.pyRAósZ           *           3         " '                  " 0     !   c Cs®|idjod}d}n d}d}xd|iD]Y}ti|ƒ}|io|i|ijoq6n|id|||||fƒq6W|id||fƒdS(NRUs-p icmps-m icmp --icmp-types -p ipv6-icmps-m icmp6 --icmpv6-types*-A %s %s %s %s -j REJECT --reject-with %s s-A %s %s -j ACCEPT (Ret block_icmptfw_icmpRRA( RRtRItchainRuR]tmatchRticmp((s0/usr/share/system-config-firewall/fw_iptables.pyRnÓs   t:cCs9t|ƒdjo d|Sd|d||dfSdS(Nis%ss%s%s%si(R1(RRZt delimiter((s0/usr/share/system-config-firewall/fw_iptables.pyRlãs cCs<d||i|f}|p|d7}nti|ƒd?S(Ns%s %s %ss >/dev/null 2>&1i(tprogR:tsystem(RRtargtverbosetcmd((s0/usr/share/system-config-firewall/fw_iptables.pyt_runéscCs|idd|ƒS(Ns /sbin/servicetstart(R”(RR’((s0/usr/share/system-config-firewall/fw_iptables.pyR•ïscCs|idd|ƒS(Ns /sbin/servicetrestart(R”(RR’((s0/usr/share/system-config-firewall/fw_iptables.pyR–òscCs|idd|ƒS(Ns /sbin/servicet condrestart(R”(RR’((s0/usr/share/system-config-firewall/fw_iptables.pyR—õscCs|idd|ƒS(Ns /sbin/servicetstatus(R”(RR’((s0/usr/share/system-config-firewall/fw_iptables.pyR˜øscCs|idd|ƒS(Ns /sbin/servicetstop(R”(RR’((s0/usr/share/system-config-firewall/fw_iptables.pyR™ûscCs|idd|ƒS(Ns/sbin/chkconfigton(R”(RR’((s0/usr/share/system-config-firewall/fw_iptables.pyt chkconfig_onþscCs|idd|ƒS(Ns/sbin/chkconfigtoff(R”(RR’((s0/usr/share/system-config-firewall/fw_iptables.pyt chkconfig_offscCsDtii|iƒo*tii|iƒoti|iƒndS(N(R:R;R<RRgtunlink(R((s0/usr/share/system-config-firewall/fw_iptables.pyRžs,(R R RReR RARnRlR R”R•R–R—R˜R™R›RRž(((s0/usr/share/system-config-firewall/fw_iptables.pyRTìs  à          tip6tablesClasscBseZdZdZRS(RRa(R R RRe(((s0/usr/share/system-config-firewall/fw_iptables.pyRŸ s(R:tos.pathR?R=RMRqR‰t fw_configRt fw_functionsRRCRRRRRRRTRŸ(((s0/usr/share/system-config-firewall/fw_iptables.pyts@                  “ÿ