Class: Y2Firewall::Firewalld
- Inherits:
-
Object
- Object
- Y2Firewall::Firewalld
- Extended by:
- Forwardable, Relations
- Includes:
- Singleton, Yast::Logger
- Defined in:
- library/network/src/lib/y2firewall/firewalld.rb,
library/network/src/lib/y2firewall/firewalld/api.rb,
library/network/src/lib/y2firewall/firewalld/zone.rb,
library/network/src/lib/y2firewall/firewalld/service.rb,
library/network/src/lib/y2firewall/firewalld/api/zones.rb,
library/network/src/lib/y2firewall/firewalld/interface.rb,
library/network/src/lib/y2firewall/firewalld/relations.rb,
library/network/src/lib/y2firewall/firewalld/zone_reader.rb,
library/network/src/lib/y2firewall/firewalld/api/services.rb,
library/network/src/lib/y2firewall/firewalld/service_reader.rb
Overview
Main class to interact with Firewalld
Defined Under Namespace
Modules: Relations Classes: Api, Error, Interface, Service, ServiceReader, Zone, ZoneReader
Constant Summary collapse
- PACKAGE =
"firewalld".freeze
- SERVICE =
"firewalld".freeze
- DEFAULT_ZONE =
"public".freeze
- DEFAULT_LOG =
"off".freeze
- DEFAULTS_DIR =
"/usr/lib/firewalld".freeze
- CUSTOM_DIR =
"/etc/firewalld".freeze
Instance Attribute Summary collapse
-
#api ⇒ Y2Firewall::Firewalld::Api
Convenience method to instantiate the firewalld API.
-
#current_service_names ⇒ Array<String>
Current service names.
-
#current_zone_names ⇒ Array<String>
Current zone names.
-
#services ⇒ Array<Y2Firewall::Firewalld::Service>
Firewalld services.
-
#zones ⇒ Array<Y2Firewall::Firewalld::Zone>
Firewalld zones.
Instance Method Summary collapse
-
#add_zone(name) ⇒ Boolean
Given a zone name it will add a new Zone to the current list of defined ones just in case it does not exist yet.
-
#apply_zones_changes! ⇒ Object
Apply the changes done in each of the modified zones.
-
#enabled? ⇒ Boolean
Check whether the firewalld service is enable or not.
-
#find_service(name) ⇒ Y2Firewall::Firewalld::Service
Return from the services list the one which matches the given name.
-
#find_zone(name) ⇒ Y2Firewall::Firewalld::Zone?
Return from the zones list the one which matches the given name.
-
#initialize ⇒ Firewalld
constructor
Constructor.
-
#installed? ⇒ Boolean
Return whether the firewalld package is installed or not.
-
#modified?(*item) ⇒ Boolean
Return true if the logging config or any of the zones were modified since read.
-
#modified_from_default(resource, target_root: "/") ⇒ Array<String>
Return the item names modified from the defaults of the given resource.
-
#read(minimal: false) ⇒ Boolean
Read the current firewalld configuration initializing the zones and other attributes as logging.
-
#read? ⇒ Boolean
Return whether the configuration has been read.
-
#read_service(name) ⇒ Y2Firewall::Firewalld::Service
It reads the configuration of the given service or create it from scratch if not exist.
-
#remove_zone(name) ⇒ Boolean
Remove the given zone from the list of zones.
-
#reset ⇒ Object
Reset all the changes done initializing the instance with the defaults.
-
#restart ⇒ Boolean
Restart the firewalld service.
-
#start ⇒ Boolean
Start the firewalld service.
-
#stop ⇒ Boolean
Stop the firewalld service.
-
#system_service ⇒ Yast2::SystemService?
Convenience method to instantiate the firewalld system service.
-
#write ⇒ Object
Apply the changes to the modified zones and sets the logging option.
-
#write_only ⇒ Object
Apply the changes to the modified zones and sets the logging option.
Methods included from Relations
enable_modifications_cache, has_attributes, has_many
Constructor Details
#initialize ⇒ Firewalld
Constructor
79 80 81 82 83 |
# File 'library/network/src/lib/y2firewall/firewalld.rb', line 79 def initialize load_defaults untouched! @read = false end |
Instance Attribute Details
#api ⇒ Y2Firewall::Firewalld::Api
Convenience method to instantiate the firewalld API
259 260 261 |
# File 'library/network/src/lib/y2firewall/firewalld.rb', line 259 def api @api ||= Api.new end |
#current_service_names ⇒ Array<String>
Returns current service names.
62 63 64 |
# File 'library/network/src/lib/y2firewall/firewalld.rb', line 62 def current_service_names @current_service_names end |
#current_zone_names ⇒ Array<String>
Returns current zone names.
60 61 62 |
# File 'library/network/src/lib/y2firewall/firewalld.rb', line 60 def current_zone_names @current_zone_names end |
#services ⇒ Array<Y2Firewall::Firewalld::Service>
Returns firewalld services. To avoid performance problems it is empty by default and the services are added when needed by the find_service method.
66 67 68 |
# File 'library/network/src/lib/y2firewall/firewalld.rb', line 66 def services @services end |
#zones ⇒ Array<Y2Firewall::Firewalld::Zone>
Returns firewalld zones.
58 59 60 |
# File 'library/network/src/lib/y2firewall/firewalld.rb', line 58 def zones @zones end |
Instance Method Details
#add_zone(name) ⇒ Boolean
Given a zone name it will add a new Zone to the current list of defined ones just in case it does not exist yet.
118 119 120 121 122 123 |
# File 'library/network/src/lib/y2firewall/firewalld.rb', line 118 def add_zone(name) return false if find_zone(name) zones << Y2Firewall::Firewalld::Zone.new(name: name) true end |
#apply_zones_changes! ⇒ Object
Apply the changes done in each of the modified zones. It will create or delete all the new or removed zones depending on each case.
193 194 195 196 197 198 199 200 201 |
# File 'library/network/src/lib/y2firewall/firewalld.rb', line 193 def apply_zones_changes! zones.each do |zone| api.create_zone(zone.name) unless current_zone_names.include?(zone.name) zone.apply_changes! if zone.modified? end current_zone_names.each do |name| api.delete_zone(name) if zones.none? { |z| z.name == name } end end |
#enabled? ⇒ Boolean
Check whether the firewalld service is enable or not
215 216 217 218 219 |
# File 'library/network/src/lib/y2firewall/firewalld.rb', line 215 def enabled? return false unless installed? Yast::Service.Enabled(SERVICE) end |
#find_service(name) ⇒ Y2Firewall::Firewalld::Service
Return from the services list the one which matches the given name
148 149 150 |
# File 'library/network/src/lib/y2firewall/firewalld.rb', line 148 def find_service(name) services.find { |s| s.name == name } || read_service(name) end |
#find_zone(name) ⇒ Y2Firewall::Firewalld::Zone?
Return from the zones list the one which matches the given name
139 140 141 |
# File 'library/network/src/lib/y2firewall/firewalld.rb', line 139 def find_zone(name) zones.find { |z| z.name == name } end |
#installed? ⇒ Boolean
Return whether the firewalld package is installed or not
206 207 208 209 210 |
# File 'library/network/src/lib/y2firewall/firewalld.rb', line 206 def installed? return true if @installed @installed = Yast::Package.Installed(PACKAGE, target: :system) end |
#modified?(*item) ⇒ Boolean
Return true if the logging config or any of the zones were modified since read
169 170 171 172 173 |
# File 'library/network/src/lib/y2firewall/firewalld.rb', line 169 def modified?(*item) return modified.include?(item.first) if !item.empty? !modified.empty? || zones.any?(&:modified?) end |
#modified_from_default(resource, target_root: "/") ⇒ Array<String>
Return the item names modified from the defaults of the given resource
286 287 288 289 290 291 292 293 294 295 |
# File 'library/network/src/lib/y2firewall/firewalld.rb', line 286 def modified_from_default(resource, target_root: "/") return if resource.to_s.empty? resource_dir = File.join(target_root, CUSTOM_DIR, resource) return [] unless Dir.exist?(resource_dir) Dir.chdir(resource_dir) do Dir.glob("*.xml").map { |file| File.basename(file, ".xml") } end end |
#read(minimal: false) ⇒ Boolean
when a minimal read is requested it neither parses the zones definition nor initializes any single value attributes
Read the current firewalld configuration initializing the zones and other attributes as logging.
93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 |
# File 'library/network/src/lib/y2firewall/firewalld.rb', line 93 def read(minimal: false) return false unless installed? # Force a reset of the API instance when reading the first time (bsc#1166698) @api = nil @current_zone_names = api.zones @current_service_names = api.services if minimal @zones = current_zone_names.map { |n| Zone.new(name: n) } else @zones = zone_reader.read read_attributes end # The list of services is not read or initialized because takes time and # affects to the performance and also the services are rarely touched. @read = true end |
#read? ⇒ Boolean
Return whether the configuration has been read
252 253 254 |
# File 'library/network/src/lib/y2firewall/firewalld.rb', line 252 def read? @read end |
#read_service(name) ⇒ Y2Firewall::Firewalld::Service
It reads the configuration of the given service or create it from scratch if not exist. After read adds it to the list of touched services.
157 158 159 160 161 162 163 |
# File 'library/network/src/lib/y2firewall/firewalld.rb', line 157 def read_service(name) raise(Service::NotFound, name) unless installed? service = ServiceReader.new.read(name) services << service service end |
#remove_zone(name) ⇒ Boolean
Remove the given zone from the list of zones
129 130 131 132 |
# File 'library/network/src/lib/y2firewall/firewalld.rb', line 129 def remove_zone(name) removed = zones.reject! { |z| z.name == name } !removed.nil? end |
#reset ⇒ Object
Reset all the changes done initializing the instance with the defaults
271 272 273 274 275 276 |
# File 'library/network/src/lib/y2firewall/firewalld.rb', line 271 def reset load_defaults untouched! @api = nil @read = false end |
#restart ⇒ Boolean
Restart the firewalld service
224 225 226 227 228 |
# File 'library/network/src/lib/y2firewall/firewalld.rb', line 224 def restart return false unless installed? Yast::Service.Restart(SERVICE) end |
#start ⇒ Boolean
Start the firewalld service
242 243 244 245 246 |
# File 'library/network/src/lib/y2firewall/firewalld.rb', line 242 def start return false if !installed? || running? Yast::Service.Start(SERVICE) end |
#stop ⇒ Boolean
Stop the firewalld service
233 234 235 236 237 |
# File 'library/network/src/lib/y2firewall/firewalld.rb', line 233 def stop return false if !installed? || !running? Yast::Service.Stop(SERVICE) end |
#system_service ⇒ Yast2::SystemService?
Convenience method to instantiate the firewalld system service
266 267 268 |
# File 'library/network/src/lib/y2firewall/firewalld.rb', line 266 def system_service @system_service ||= Yast2::SystemService.find(SERVICE) end |
#write ⇒ Object
Apply the changes to the modified zones and sets the logging option
176 177 178 |
# File 'library/network/src/lib/y2firewall/firewalld.rb', line 176 def write write_only && reload end |
#write_only ⇒ Object
Apply the changes to the modified zones and sets the logging option
181 182 183 184 185 186 187 188 189 |
# File 'library/network/src/lib/y2firewall/firewalld.rb', line 181 def write_only return false unless installed? read unless read? apply_zones_changes! apply_attributes_changes! untouched! true end |