Ñò £Tc@s»ddkZddkZddkZddkTddkZddkZddklZl Z l Z l Z l Z ddk TddkTddkZddkZddkTddd„ƒYZdS(iÿÿÿÿN(t*(t getPortIDtgetServiceNamet getPortRangetcheckIPtcheckInterfacetuicBs1eZd„Zd„Zd„Zd„Zd„Zdedƒdffd„Z dedƒdffd„Z dedƒdffd „Z d „Z d „Z ddd „Zdd „Zdddddd„Zdddd„Zd„Zd„Zd„Zd„Zd„Zdd„Zd„Zd„ZRS(c Csî tƒ|_|iiddtƒd|_t|itdƒddƒ|_t dtdƒƒ}|ii |dddd>ddƒt d dƒ}|i t td ƒƒdddd?ƒttd ƒƒ|_|i |idddd@ƒ|ii |ddddAƒt|itd ƒd ftdƒdftdƒdffƒ|i_|ii |iiddddƒg|_t|itdƒddƒ}d|_d|_t dtdƒƒ}|i |dd ddBddƒtdddƒ|_g}tiD]}||iqû~}|iƒx9|D]1}ti|ƒ}|ii|i|dtƒq%W|i |iddddCddddƒ|ii|ƒt|itdƒddƒ}d|_d|_t dtdƒƒ}|i |dd ddDddƒtdddƒ|_g|_t|itdƒdftdƒdftd ƒd!ffd"dƒ|_t dd ƒ}|i |iddddEddƒ|i |iddddFddƒ|i |ddddGddƒ|ii|ƒt|itd#ƒddƒ}d|_d|_t dtd$ƒƒ}|i |dd ddHddƒtdddƒ|_ |i |i ddddIddƒt|itdƒd%ffd"dƒ|_t dd ƒ}|i |i ddddJddƒ|i |iddddKddƒ|i |ddddLddƒ|ii|ƒt|itd&ƒddƒ}d|_d|_t dtd'ƒƒ}|i |dd ddMddd(dddƒtdddƒ|_!|i |i!ddddNddƒt|itdƒd)ffd"dƒ|_t dd ƒ}|i |i!ddddOddƒ|i |iddddPddƒ|i |ddddQddƒ|ii|ƒt|itd*ƒddƒ}d|_d|_t dtd+ƒƒ}|i |dd ddRddd(dddƒtdddƒ|_"g|_#t|itdƒd,ftdƒd-ftd ƒd.ffd"dƒ|_t dd ƒ}|i |i"ddddSddƒ|i |iddddTddƒ|i |ddddUddƒ|ii|ƒt|itd/ƒddƒ}d|_d|_t dtd0ƒƒ}|i |dd ddVddd(dddƒtdddƒ|_$x*t%i&D]}|i$i|idtƒq_W|i |i$ddddWddƒ|ii|ƒt|itd1ƒddƒ}d|_d|_t dtd2ƒƒ}|i |dd ddXddd(dddƒtdddƒ|_'g|_(t|itdƒd3ftdƒd4ftd ƒd5ffd"dƒ|_t dd ƒ}|i |i'ddddYddƒ|i |iddddZddƒ|i |dddd[ddƒ|ii|ƒxÛt)t*|iƒƒD]Ä} |i| }g} | t*|iƒdjo| itd6ƒd7fƒn| djo| itd8ƒd9fƒn| itd:ƒd;fƒt|i| ƒ|_|i |idd<d=dƒq" WdS(\NisFirewall Configurationiii2s¶A firewall protects against unauthorized network intrusions. Enabling a firewall blocks all incoming connections. Disabling a firewall allows all connections and is not recommended. tpaddingtgrowxis Firewall:tEnabledtOKtokt Customizet customizetCanceltcancelisTrusted Servicesi<slHere you can define which services are trusted. Trusted services are accessible from all hosts and networks.tscrolltselectedt anchorTops Other Portss[Add additional ports or port ranges, which need to be accessible for all hosts or networks.itAddt ports_addtEditt ports_edittRemovet ports_removetcompactsTrusted InterfacessKMark all interfaces as trusted which should have full access to the system.ttrust_interface_addt Masqueradings&Mark the interfaces to be masqueraded.t anchorLefttmasq_interface_addsPort ForwardingsçAdd entries to forward ports either from one port to another on the local system or from the local system to another system. Forwarding to another system is only useful if the interface is masqueraded. Port forwarding is IPv4 only.tforward_port_addtforward_port_edittforward_port_removes ICMP FiltersMark the ICMP types in the list, which should be rejected. All other ICMP types are allowed to pass the firewall. The default is no limitation.s Custom Ruless¡Use custom rules files to add additional rules to the firewall. The custom rules are added after the default rules. The files must have the iptables-save format.tcustom_rules_addtcustom_rules_edittcustom_rules_removetForwardtforwardtBacktbacktClosetcloseit anchorRight(iiii(iiii(iiii(iiii(iiii(iiii(iiii(iiii(iiii(iiii(iiii(iiii(iiii(iiii(iiii(iiii(iiii(iiii(iiii(iiii(iiii(iiii(iiii(iiii(iiii(iiii(iiii(iiii(iiii(iiii(+t SnackScreentscreent drawRootTexttAPP_NAMEtNonetconfigtGridFormt_ttopleveltTextboxReflowedtaddtGridtsetFieldtLabeltCheckboxtenabledt ButtonBartbbttabstbb_workt CheckboxTreetservicest fw_servicest service_listtnametsortt getByNametappendtFalsetListboxtother_ports_boxt other_portsttrusttmasqtforward_port_boxt forward_portt block_icmptfw_icmpt icmp_listtcustom_rules_boxt custom_rulestxrangetlen( tselfttrtgridttabt_[1]tsvctkeystkeyticmptitbuttons((s+/usr/share/system-config-firewall/fw_tui.pytinit's"  !"% "   '  (     "  "  ""  +"  ""  +   "  + "  +   "  c Cs||_|iio|iidƒn|iidƒg}xtD]}|i|dƒqGWytiƒ}WnnX|i|iƒƒ|i o6x3|i D]$}||jo|i|ƒq£q£Wn|i o6x3|i D]$}||jo|i|ƒqãqãWn|i ƒg|_ g|_ xZ|D]R}|i i|dtƒ|i i|ƒ|i i|dtƒ|i i|ƒq2WxJtiD]?}t}|i|ijo t}n|ii|d|ƒq’W|iiƒg|_|ioixf|iD]W}|i|d|dƒ}||ijo'|ii|ƒ|ii||ƒqÿqÿWnxN|D]F}t}|i o||i jo t}n|i i|d|ƒqeWxN|D]F}t}|i o||i jo t}n|i i|d|ƒq¶W|iiƒg|_|io*x'|iD]} | d| d| d | id ƒo | d nd | id ƒo | d nd f} | |ijo«d | d|i| d | dƒf} | id ƒo| d| d 7} n| id ƒo&| d|i| d | dƒ7} n|ii| ƒ|ii| | ƒq*q*WnxPtiD]E} t}| i|iijo t}n|ii| i d|ƒqTW|i!iƒg|_"|i"o^x[|i"D]L}||i"jo6di#|ƒ} |i"i|ƒ|i!i| |ƒqÇqÇWndS(NRt t+Riitiftprototportttoaddrtttoports%s %s ->s %st:($R0R:tsetValuet STD_DEVICESRFtfw_nmt device_listtextendR\RKRLRDt trust_listt masq_listRGRARBR]R@tTruet setEntryValueRItclearRJtportst_portStrRMRNthas_keyRPRQRORCRRRStjoin( RVR0tdevicestdevtdevsR[R:tentrytstrtfwdtarraytlineR^((s+/usr/share/system-config-firewall/fw_tui.pyt loadConfigÚs¸                       $      cCsCt|ƒdjod|d|fSd|d|d|fSdS(Nis%s:%sis%s-%s:%s(RU(RVRfRe((s+/usr/share/system-config-firewall/fw_tui.pyRvPscCs:t|ƒdjo d|dSd|d|dfSdS(Nis%sis%s-%s(RU(RVRf((s+/usr/share/system-config-firewall/fw_tui.pyt__simplePortStrVs cCs^d||i||ƒf}|o|d|7}n|o|d|i||ƒ7}n|S(Ns%s %s ->s %s(Rv(RVt interfacetprotocolRft to_addresstto_portR€((s+/usr/share/system-config-firewall/fw_tui.pyt _forwardStr\s R R c CsÐt|i|ddƒ}|itd|ƒdddd ddddƒ|o2|itd|ƒdddd ddddƒnt|i|ƒ}|i|ddddƒ|i|iƒƒ}|iiƒ|S( Niii(iRRRi(iiii(iiii(R1R,R5R4R;t buttonPressedtrunPopupt popWindow(RVttypettextttext2R`tdialogR<tret((s+/usr/share/system-config-firewall/fw_tui.pyRŽds! ! cCs|itdƒ|||ƒS(NtError(RŽR2(RVRŒRR`((s+/usr/share/system-config-firewall/fw_tui.pyterrorqscCs|itdƒ|||ƒS(NtWarning(RŽR2(RVRŒRR`((s+/usr/share/system-config-firewall/fw_tui.pytwarningtscCs$|itdƒ|tdƒƒdS(Ns%Port or port range '%s' is not valid.sZValid values: [-], where port is either a number [0..65535] or a service name.(R‘R2(RVRf((s+/usr/share/system-config-firewall/fw_tui.pyt port_errorwscCs$|itdƒ|tdƒƒdS(NsProtocol '%s' is not valid.sValid values: tcp, udp(R‘R2(RVR„((s+/usr/share/system-config-firewall/fw_tui.pytprotocol_error}sc Cs…|o|i|ƒnd}|o|nd}xMt|idtdƒtdƒ|ftdƒ|ffdtdƒdftd ƒd ffƒ\}}|iiƒ|djo¸t}|d iƒ}t|ƒ}t|t i ƒpt|t i ƒp|i |ƒt }d}n|d iƒ}|djo|i|ƒt }n|}|oq4n||fS|d jodSq4dS(NRhsPort and Protocols/Please enter a port or port range and protocol.sPort / Port Range:s Protocol:R`R R RRiittcptudp(R–R—(t_ui__simplePortStrt EntryWindowR,R2RŠRGtstripRt isinstancettypestListTypet TupleTypeR”RrR/R•(RVRfR„t_portt _protocoltrestvaluesR‘((s+/usr/share/system-config-firewall/fw_tui.pytport_selections:  -          c Cs|o|nd}xøt|itdƒdtdƒ|ffdtdƒdftdƒdffƒ\}}|iiƒ|djort}|d iƒ}t|ƒd j pt|ƒ o!|itd ƒ|ƒt }n|}|oqn|S|djodSqdS( NRhs Add Interfaces Interface:R`R R RRisInterface '%s' is not valid.( R™R,R2RŠRGRšRURR‘RrR/(RVRƒt _interfaceR¡R¢R‘t_ui__interface((s+/usr/share/system-config-firewall/fw_tui.pytinterface_selection¥s&-  "  c Css|o|nd}|o|nd}|o|i|ƒnd}|o|nd} |o|i|ƒnd} xöt|itdƒddƒ} tdtdƒƒ} | i| ddddd dƒ| itdtd ƒƒdddd d dd dƒtd d ƒ} | ittdƒƒdddd!d dƒt dd|ƒ| _ | i| i dddd"d dƒ| ittdƒƒdddd#d dƒt dd|ƒ| _ | i| i dddd$d dƒ| ittdƒƒdd dd%d dƒt dd|ƒ| _ | i| i dd dd&d dƒ| i| dd dd'ƒ| itdtdƒƒdd dd(d dd dƒd} td d ƒ} | ittdƒƒdddd)d dƒt dd| ƒ| _| i| idddd*d dƒ| ittdƒƒdddd+d dƒt dd| ƒ| _| i| idddd,d dƒ| i| dddd-ƒt|itdƒdftdƒdffƒ| _| i| iddd dƒ| ii| iƒƒ}|iiƒ| i iƒ| i iƒ| i iƒ| iiƒ| iiƒf}|djo$t}|diƒ}t|ƒdj pt|ƒ o!|itdƒ|ƒt}n|}|diƒ}|d.jo|i|ƒt}n|}|d iƒ}t|ƒ}t|ti ƒpt|ti!ƒp|i"|ƒt}d}n|d iƒ} t| ƒdjo5t#| ƒ o'|itdƒ| ƒt}d}n| }|diƒ} t| ƒdjoSt| ƒ}t|ti ƒpt|ti!ƒp|i"| ƒt}d}qn|oqyn| p| p| oqyn| o| oqyn|||||fS|djodSqydS(/NRhsPort Forwardingiii(sIPlease select the source and destination options according to your needs.iRRsSource (all needed)Riis Interface:iRŒs Protocol:sPort / Port Range:s!Destination (at least one needed)s IP address:iR R RRisInterface '%s' is not valid.R–R—sAddress '%s' is not valid.(iiii(iiii(iiii(iiii(iiii(iiii(iiii(iiii(iiii(iiii(iiii(iiii(iiii(iiii(iiii(stcpsudp($R˜R1R,R2R4R5R6R7R8tEntryRƒR„RfR/R…R†R;R<RˆR‰RŠtvalueRGRšRURR‘RrR•RR›RœRRžR”R(RVRƒR„RfR…R†R¤R RŸt _to_addresst_to_portRŽRWRXR¡R¢R‘((s+/usr/share/system-config-firewall/fw_tui.pytforward_port_selection½s¼!       *  "       !    c Csm|o|nd}|o|nd}|o|nd}x*t|idtdƒtdƒ|ftdƒ|ftdƒ|ffdtdƒd ftd ƒd ffƒ\}}|iiƒ|d jo†t} |d iƒ}|tjo=|itd ƒ|tdƒditƒƒt } d}n|}|diƒ}|t jo=|itdƒ|tdƒdit ƒƒt } d}n|}|diƒ}| p(t i i|ƒ pt i i|ƒ o'|itdƒ|ƒt } d}n|}|djo*|djo|itdƒƒt } n| oq?n|||fS|d jodSq?dS(NRhsCustom Rules FilesVPlease select the protocol type, the firewall table and the file containing the rules.s Protocol TypesFirewall TabletFileR`R R RRis$The protocol type '%s' is not valid.sValid values: %st,is%The firewall table '%s' is not valid.isThe file '%s' does not exist.tipv6tnatsIPv6 has no nat support.(R™R,R2RŠRGRštFIREWALL_TYPESR‘RxRrR/tFIREWALL_TABLEStostpathtexiststisfile( RVR‹ttabletfilenamet_typet_tablet _filenameR¡R¢R‘((s+/usr/share/system-config-firewall/fw_tui.pytcustom_rules_selection6sZ  -          cCs|iiƒdS(N(R,tfinish(RV((s+/usr/share/system-config-firewall/fw_tui.pyR¼oscCs™dddg}|iiƒo|idƒn|idƒx(|iiƒD]}|id|ƒqMWx(|iiƒD]}|id|ƒqxW|iiƒ}x±tiD]¦}||jo=|id|i ƒx||i D]}|id |ƒqÝWq¬|i oL|i io?|i |i ijo)x&|i D]}|id |ƒq3Wq¬q¬Wx4|i D])\}}|id |i ||ƒƒq`Wx‘|iD]†}d |d |i|dƒ|df} |do| d|i|dƒ7} n|do| d|d7} n|i| ƒq—Wx:|iiƒD])} ti| ƒ} |id| i ƒq1Wx4|iD])\} } }|id| | |fƒqhW|S(Ns/usr/sbin/lokkits-fs-vs --enableds --disableds --trust=%ss --masq=%ss --service=%ss--addmodule=%ss--removemodule=%ss --port=%ss%--forward-port=if=%s:port=%s:proto=%siiiis :toport=%sis :toaddr=%ss--block-icmp=%ss--custom-rules=%s:%s:%s(R:RRFRKt getSelectionRLR@RARBR]tmodulesR0RJRvRNR˜RORPRERS(RVtargsRzRR[tmoduleRfReR|R€RCR^R‹R¶R·((s+/usr/share/system-config-firewall/fw_tui.pytgenArgsrsV      ! %   c Cs|iƒ}|itdƒtdƒdtdƒdftdƒdffƒ}|djodStiƒ\}}tiƒ}|djo»z¦ti|ƒtid ti ƒ}|djo!ti |dƒti|ƒn|d jo!ti |d ƒti|ƒnti d d ƒti |d|ƒWdti d ƒXnti|ƒd }ti |dƒ}x(|o ||7}ti |dƒ}qnWti|ƒti|dƒ\} } | djoP|iiƒHtdƒGHdi|ƒGH|GHtdƒGHtƒ|iiƒd SdS(NssClicking the 'Yes' button will override any existing firewall configuration. Are you sure that you want to do this?sLPlease remember to check if the services iptables and ip6tables are enabled.R`tYestyestNotnois /dev/nulliiiÿRhi sConfiguration failedRbsHit enter to continue.(RÁR“R2R/R²tpipetforkR)topentO_RDONLYtdup2texecvt_exittreadtwaitpidR,tsuspendRxt raw_inputtresume( RVR¿R¡trfdtwfdtpidtfdtcrettcouttcpidtstatus((s+/usr/share/system-config-firewall/fw_tui.pytapplyªsR  '              cCsit|_tƒ}|ptdgddƒ}n|i|ƒ|ioòtii t ƒo6tii t ƒo#tii t ƒotii t ƒ o¥g}tii t ƒ ptii t ƒ o|i t ƒntii t ƒ ptii t ƒ o|i t ƒn|itdƒtdƒdi|ƒƒn|io |itdƒtdƒƒn|S(Ns --disabledtsources-The firewall configuration is not consistent.spThe following files are missing or unusable: %s Apply your firewall configuration now to correct this problem.s sOld firewall configuration.siYour firewall configuration was converted from an old version. Please verify the configuration and apply.(RGt ignore_alltread_sysconfig_configtparseSysconfigArgsR/RR:R²R³R´tIP4TABLES_RULESRµtIP6TABLES_RULESRFR“R2Rxt converted(RVR0tfiles((s+/usr/share/system-config-firewall/fw_tui.pytreadFileás0      cCs |iodS|itdƒ|dtdƒdftdƒdftdƒdffƒ}|djo t|_n)|djo|iƒtid ƒndS( NsParse error in config fileR`tIgnoretignores Ignore AllRÜtQuittquiti(RÜRŽR2RrR¼tsystexit(RVtmsgtresult((s+/usr/share/system-config-firewall/fw_tui.pyt parse_errors     icCsti|ƒdS(N(RèRé(RVRÙ((s+/usr/share/system-config-firewall/fw_tui.pyt parse_exitsc Cs xz |iiƒ}|iii|ƒ}|iiƒ|djo|iƒdjotSq|djotS|djoþ |i i ƒp|i t dƒƒqnd|_ xÈ |i|i iƒ}|iiƒ|i|i ii|ƒ}| o4|i|i io |i|i ii|ƒ}n|djoPn1|djo4|iiƒ|i djo|i d8_ qonð|d jo=|iiƒ|i t|iƒjo|i d7_ qon¦|d joh|iƒ}|oQ||ijoA|i|d|dƒ}|ii|ƒ|ii||ƒqon1|d jo·y|iiƒ}WnqoX|\}}|i||ƒ}|oq||ijoa|ii|ƒ|ii|ƒ|i|d|dƒ}|ii|ƒ|ii||ƒqonm|d joAy|iiƒ}WnqoX|ii|ƒ|ii|ƒn|d jo|iiƒn|i|i ii|ƒ}| o4|i|i io |i|i ii|ƒ}n|djoPq²|djo4|iiƒ|i djo|i d8_ qs q²|d jo=|iiƒ|i t|iƒjo|i d7_ qs q²|d joh|iƒ}|oQ||ijoA|i|d|dƒ}|ii|ƒ|ii||ƒqs q²|d jo·y|iiƒ}Wnqs X|\}}|i||ƒ}|oq||ijoa|ii|ƒ|ii|ƒ|i|d|dƒ}|ii|ƒ|ii||ƒqs q²|d joAy|iiƒ}Wnqs X|ii|ƒ|ii|ƒq²|d još|iƒ}|oƒ||ijos|ii|dtƒ|ii|ƒ|ii|ƒx:tddƒD]%} |iid| di dƒƒqaWqs q²|djoš|iƒ}|oƒ||i!jos|i"i|dtƒ|i"i|ƒ|i!i|ƒx:tddƒD]%} |iid| di dƒƒqWqs q²|djo}|i#ƒ}|of||i$joV|i%|d|d|d|d|dƒ}|i$i|ƒ|i&i||ƒqs q²|djoÞy|i&iƒ}Wnqs X|\} }} } } |i#| || | | ƒ}|o†||i$jov|i$i|ƒ|i&i|ƒ|i%|d|d|d|d|dƒ}|i$i|ƒ|i&i||ƒqs q²|djoAy|i&iƒ}Wnqs X|i$i|ƒ|i&i|ƒq²|djo]|i'ƒ}|oF||i(jo6di)|ƒ}|i(i|ƒ|i*i||ƒqs q²|djo²y|i*iƒ}Wnqs X|\}}}|i'|||ƒ}|of||i(joV|i(i|ƒ|i*i|ƒdi)|ƒ}|i(i|ƒ|i*i||ƒqs q²|djoAy|i*iƒ}Wnqs X|i(i|ƒ|i*i|ƒq²q²qqdS(NR iRR sThe firewall is disabled.R)R'iR%RRRRRiRbi<RRiiiRR R!RjR"R#(+R3R‰R<RˆR,RŠRÚRrRGR:RR‘R2ttab_posR=R>trefreshRUR£RJRvRFRItcurrenttremovetdeleteR¦RpRKt setCurrentRTR-tljustRqRLR«RNR‡RMR»RSRxRR(RVR¡R}tres2tres3titemRuReRzR_RƒRfR…R†R‹R¶R·((s+/usr/share/system-config-firewall/fw_tui.pytmainsZ                                +  +             cCs.|iƒ|iƒ|iƒ}|iƒ|S(N(RaRãRøR¼(RVR¡((s+/usr/share/system-config-firewall/fw_tui.pytrunÜs     N(t__name__t __module__RaRRvR˜R‡R/R2RŽR‘R“R”R•R£R¦R«R»R¼RÁRÚRãRìRíRøRù(((s+/usr/share/system-config-firewall/fw_tui.pyR&s. ³ v      $  x9  8 7 %  Æ((RèRœtos.pathR²t fw_configRARPt fw_functionsRRRRRt fw_parsert fw_sysconfigt fw_iptablesRmtsnackR(((s+/usr/share/system-config-firewall/fw_tui.pyts$   (