Ñò £Tc @s ddklZddklZlZlZlZlZlZlZddk Z ddk l Z l Z l Z lZlZddklZddklZddkZddkZd„Zd„Zd„Zd „Zd „Zd „Zd „Zd efd„ƒYZd„Z d„Z!d„Z"dd„Z$defd„ƒYZ%dd„Z&de'dd„Z(ddd„Z)dde'd„Z*dde'd„Z+d„Z,dS(iÿÿÿÿ(tcopy(tOptiont OptionErrort OptionParsertValuest SUPPRESS_HELPtBadOptionErrort OptionGroupN(t getPortIDt getPortRangetgetServiceNametcheckIPtcheckInterface(tgetByKeycCs6t}y|idƒ\}}Wn t}n™Xt|iƒƒ}|djo t}np|djottdƒ||ƒ‚nFt|ƒdjo2|d|djottdƒ||ƒ‚n|p:|iƒ}|d jottd ƒ||ƒ‚qn|ottd ƒ||ƒ‚n||fS( Nt:iÿÿÿÿsport range %s is not unique.iiis1%s is not a valid range (start port >= end port).ttcptudps%s is not a valid protocol.sinvalid port definition %s.(RR( tFalsetsplittTrueR tstriptNoneRt_tlen(toptiontopttvaluetfailuretportstprotocoltrange((s./usr/share/system-config-firewall/fw_parser.pyt _check_ports(    (   !cCsd}d}|iddƒ}t|ƒdjo8|dtijo$|d}|diddƒ}nt|ƒdjo8|dtijo$|d}|diddƒ}ndi|ƒ}|djo&|djottdƒ|ƒ‚n|||fS( Ntipv4tfilterRiitipv6tnatsipv6 has no nat support.(RRt fw_configtFIREWALL_TYPEStFIREWALL_TABLEStjoinRR(RRRttypettabletsplitstfilename((s./usr/share/system-config-firewall/fw_parser.pyt_check_rulesfile6s' ' cCs.t|ƒpttdƒ||ƒ‚n|S(Nsinvalid service '%s'.(tgetServiceByKeyRR(RRR((s./usr/share/system-config-firewall/fw_parser.pyt_check_serviceGs cCsBt|ƒp1h|d6|d6}ttdƒ||ƒ‚n|S(NRRs1option %(option)s: invalid icmp type '%(value)s'.(tgetICMPTypeByKeyRR(RRRtdict((s./usr/share/system-config-firewall/fw_parser.pyt_check_icmp_typeLs   c Cs€h}d}|iddƒ}xwt|ƒdjoc|didƒ}t|ƒdjotdƒ|d}Pn|\}}|djo t|ƒp4|djo |djp|d jot|ƒo|||Ns --enabledtactiont store_trueRDtenabledtdefaultthelpsEnable firewall (default)s --disabledt store_falsesDisable firewalls --addmoduletcallbackt add_moduleR(tstringtmetavarssEnable an iptables modules--removemodulet remove_modulesDisable an iptables modules-ss --servicetservicesRNs s*Open the firewall for a service (e.g, ssh)s-ps--portRR6s[-]:s2Open specific ports in the firewall (e.g, ssh:tcp)s-ts--trustttrustRQs s)Allow all traffic on the specified devices-ms--masqtmasqsAMasquerades traffic from the specified device. This is IPv4 only.s--highs--mediums-Backwards compatibility, aliased to --enableds--custom-rulest custom_rulesRMs[:][:]s¿Specify a custom rules file for inclusion in the firewall, after the default rules. Default protocol type: ipv4, default table: filter. (Example: ipv4:filter:/etc/sysconfig/ipv4_filter_addon)s--forward-portROsfif=:port=:proto=[:toport=][:toaddr=]sÑForward the port with protocol for the interface to either another local destination port (no destination address given) or to an other destination address with an optional destination port. This is IPv4 only.s --block-icmpt block_icmpRPs s>Block this ICMP type. The default is to accept all ICMP types.(t add_optionRRRK(RG((s./usr/share/system-config-firewall/fw_parser.pyt_addStandardOptions˜sh                         c Css|iddddddtdƒƒ|iddddd dtd ƒƒ|id dddd dtd ƒƒdS(Ns --no-ipsecRVRWRDtno_ipsecRZs*Disable Internet Protocol Security (IPsec)s--no-ipptno_ipps(Disable Internet Printing Protocol (IPP)s --no-mdnstno_mdnssDisable Multicast DNS (mDNS)(RfR(RG((s./usr/share/system-config-firewall/fw_parser.pyt_addCompatOptionsÜs        cCs¶t|tdƒtdƒƒ}|iddddddd d td ƒd tid tdƒditiƒƒ|idddddddd tdƒd tdƒƒ|i|ƒdS(NsSELinux Options (deprecated)s‰Using these options with no additional firewall options will not create or alter firewall configuration, only SELinux will be configured.s --selinuxRVtstoreRDtselinuxR(tchoiceR_stchoicesRZsConfigure SELinux mode: %ss, s --selinuxtypet selinuxtypeR^ss9Configure SELinux type: Usually targeted or strict Policy(RRRfR$t SELINUX_MODESR'tadd_option_group(RGtgroup((s./usr/share/system-config-firewall/fw_parser.pyt_addSELinuxOptionsçs     cCsøy|i||ƒ\}}Wn#tj o}|i|ƒdSXt|ƒdjo,x)|D]}|itdƒ|ƒq\Wn|io/tiotii dƒqºt i dƒnt |dƒp d|_ nt |dƒp t|_n|S(Nisno such option: %siR+t converted(t parse_argst ExceptionR8RRRt_fw_exitR$tuit parse_exittsystexitthasattrR+RRu(RGRHtoptionst_optionst_argsR8targ((s./usr/share/system-config-firewall/fw_parser.pyt _parse_argsús$     t _OptionParsercBs\eZd d„Zd d„Zdd d„Zd„Zd„Zd„Zd„Z d„Z RS( cCsl|djo ti}n|iƒ}t|tƒo%|i|ƒ}|i|dƒ}n|i|ƒdS(Ntreplace( RR{tstdoutt format_helpt isinstancetunicodet _get_encodingtencodetwrite(tselftfiletstrtencoding((s./usr/share/system-config-firewall/fw_parser.pyt print_helps   cCsdS(N((RŒR((s./usr/share/system-config-firewall/fw_parser.pyt print_usagesicCsQ|o/tiotii|ƒq6ti|IJntip t|_ndS(N(R$Ryt parse_errorR{tstderrRRx(RŒtstatustmsg((s./usr/share/system-config-firewall/fw_parser.pyR|s   cCsD|iod|i|f}n t|ƒ}|idd|ƒdS(Ns%s: %siR•(t _fw_sourceRŽR|(RŒR•ttext((s./usr/share/system-config-firewall/fw_parser.pyR8$s  cCs(|ii|ƒo|St|ƒ‚dS(N(t _long_optthas_keyR(RŒR((s./usr/share/system-config-firewall/fw_parser.pyt_match_long_opt*scCs=y|i||ƒWn"tj o}|i|ƒnXdS(N(t_OptionParser__process_long_optRwR8(RŒtrargsRCR•((s./usr/share/system-config-firewall/fw_parser.pyt_process_long_opt.scCs@yti|||ƒWn"tj o}|i|ƒnXdS(N(Rt_process_short_optsRwR8(RŒRœRCR•((s./usr/share/system-config-firewall/fw_parser.pyRž5sc CsÈ|idƒ}d|jo"|iddƒ\}}t}n |}t}|i|ƒ}|i|}|iƒo|i}t|ƒt |ƒ|joW|djo|i t dƒ|ƒq‚h|d6|d6} |i t dƒ| ƒq®|djo|o |} q®|djo|idƒ} q®|o0t |g|d|d!ƒ} |d|d5q®t |d|!ƒ} |d|5n)|o|i t dƒ|ƒnd} |i|| ||ƒdS( NiR2is%s option requires an argumentRR9s.%(option)s option requires %(count)s argumentss%s option does not take a value(R:RRRRšR˜t takes_valuetnargsRtintR8RttupleRtprocess( RŒRœRCRRtnext_argthad_explicit_valueRR R0R((s./usr/share/system-config-firewall/fw_parser.pyt__process_long_opt;s:         N( RRRSRRR‘R|R8RšRRžR›(((s./usr/share/system-config-firewall/fw_parser.pyRƒs     cCs+tdtdtƒ}||_t|_|S(Ntadd_help_optiont option_class(RƒRRLR–Rx(tsourceRG((s./usr/share/system-config-firewall/fw_parser.pyt _gen_parseres  cCs;t|ƒ}t|ƒ|ot|ƒnt|||ƒS(N(RªRgRkR‚(RHR~tcompatR©RG((s./usr/share/system-config-firewall/fw_parser.pytparseSysconfigArgsks   cCs&t|ƒ}t|ƒt|||ƒS(N(RªRtR‚(RHR~R©RG((s./usr/share/system-config-firewall/fw_parser.pytparseSELinuxArgsrs  cCsŽtƒ}|idddddddtdƒƒ|idd dd d d dtd ƒƒ|idddd d ddtdƒƒ|iddd d ddtdƒƒ|idddd d ddtdƒƒ|iddd d ddtdƒƒ|iddd d ddtdƒƒ|iddd d d!d"d#d$td%ƒd&tidtd'ƒd(itiƒƒ|id)dd d d*dtd+ƒƒ|id,dd d d-dtd.ƒƒt|ƒt|ƒtt i ƒd/jo|i ƒt i d0ƒnt |||ƒ}t|_|djok|odt}t}x5t i d1D]&}|id2ƒo t}q@t}q@W|o| o t|_qŠn|S(3Ns-?s-hs--helps--usageRVRZsShow this help messages-qs--quietRWRDtquiets9Run noninteractively; process only command-line argumentss-vs --verbosetverbosesBe more verboses --versiontversions Show versions-ns --nostarttnostarts<Configure firewall but do not activate the new configurations-ftforcesIgnore actual settingss--updatetupdates‰Update firewall non-interactively if the firewall is enabled. This will also restart the firewall. The -n and -f options will be ignored.s --defaultRlRYR(RnR_sRosJSet firewall default type: %s. This overwrites any existing configuration.s, s--list-servicest list_servicessList predefined services.s--list-icmp-typestlist_icmp_typessList the supported icmp types.iiis --selinux(RªRfRR$t DEFAULT_TYPESR'RtRgRR{targvRR|R‚RtnofwRt startswithR(RHR~R«RGRRmtfirewallR((s./usr/share/system-config-firewall/fw_parser.pytparseLokkitArgswsd                               cCstƒ}|idddddddtdƒƒ|id d dddd dtd ƒƒ|id dddddtdƒƒ|iddddddtdƒƒ|iddddddddtdƒdtidtdƒditiƒƒt|ƒt|ƒt|||ƒS(Ns-vs --verboseRVRWRDR¯RZsBe more verboses-ns --nostartR±s<Configure firewall but do not activate the new configurations-fR²sIgnore actual settingss--updateR³s‰Update firewall non-interactively if the firewall is enabled. This will also restart the firewall. The -n and -f options will be ignored.s --defaultRlRYR(RnR_sRosJSet firewall default type: %s. This overwrites any existing configuration.s, ( RªRfRR$R¶R'RtRgR‚(RHR~R«RG((s./usr/share/system-config-firewall/fw_parser.pyt parseDBUSArgsµs*               cCs+|pdStƒ}t|iƒ|_|S(N(RRRt__dict__(RCt new_values((s./usr/share/system-config-firewall/fw_parser.pyt copyValuesÒs  (-RtoptparseRRRRRRRR$t fw_functionsRR R R R t fw_servicesR R-tfw_icmpR/tos.pathtosR{RR,R.R1R@RARKRLRgRkRtRR‚RƒRªRR¬R­R»R¼R¿(((s./usr/share/system-config-firewall/fw_parser.pyts44 (       /   D  V >