Class: Y2Firewall::Firewalld::Api

Inherits:

Object

• Object
• Y2Firewall::Firewalld::Api

Extended by:

Forwardable

Includes:

Services, Zones, Yast::I18n, Yast::Logger

Defined in:

library/network/src/lib/y2firewall/firewalld/api.rb,
library/network/src/lib/y2firewall/firewalld/api/zones.rb,
library/network/src/lib/y2firewall/firewalld/api/services.rb

Overview

Firewalld command line API supporting two modes (:offline and :running)

The :offline mode is useful in environments where the daemon is not running or the DBUS API is not accesible, in other case the :running mode should be used.

Defined Under Namespace

Modules: Services, Zones

Constant Summary

COMMAND =

Map firewalld modes with their command line tools

{ offline: "firewall-offline-cmd", running: "firewall-cmd" }.freeze

PACKAGE =

FIXME: Do not like to define twice

"firewalld".freeze

SUCCESS =

Modification commands were applied successfully

"success".freeze

Instance Attribute Summary

• #mode ⇒ Object

  Determines the mode in which firewalld is running and as consequence the command to be used.

Instance Method Summary

• #complete_reload ⇒ Boolean

  Do a complete reload of the firewall if running.

• #default_zone ⇒ String

  Default zone.

• #disable! ⇒ Object

  Disables the firewalld service.

• #enable! ⇒ Object

  Enables the firewalld service.

• #initialize(mode: nil, permanent: true) ⇒ Api constructor

  Constructor.

• #log_denied_packets ⇒ String

  Packet type which is being logged when denied.

• #log_denied_packets?(kind) ⇒ Boolean

  True if desired packet type is being logged when denied.

• #modify_default_zone(zone) ⇒ Object

  Set the default zone.

• #modify_log_denied_packets(kind) ⇒ Object
• #offline? ⇒ Boolean

  Whether the mode is :offline or not.

• #permanent? ⇒ Boolean

  Whether the command called to modify configuration should make the changes permanent or not.

• #reload ⇒ Boolean

  Do a reload of the firewall if running.

• #running? ⇒ Boolean

  Whether firewalld is running or not.

• #state ⇒ String

  Return the current state of the firewalld service (running or not running).

Methods included from Zones

#add_interface, #add_masquerade, #add_port, #add_protocol, #add_service, #change_interface, #create_zone, #delete_zone, #description, #interface_enabled?, #interface_zone, #list_all, #list_all_zones, #list_interfaces, #list_ports, #list_protocols, #list_services, #masquerade_enabled?, #modify_description, #modify_masquerade, #modify_short, #modify_target, #port_enabled?, #protocol_enabled?, #remove_interface, #remove_masquerade, #remove_port, #remove_protocol, #remove_service, #service_enabled?, #short, #target, #zones

Methods included from Services

#add_service_port, #create_service, #delete_service, #info_service, #modify_service_description, #modify_service_short, #remove_service_port, #service_description, #service_modules, #service_ports, #service_protocols, #service_short, #service_supported?, #services

Constructor Details

#initialize(mode: nil, permanent: true) ⇒ Api

Constructor

Parameters:

• mode (Symbol, nil) (defaults to: nil) —

  defines which cmdline should be used if the running or the offline one. Possible values are: :offline, :running

• permanent (Boolean) (defaults to: true) —

  whether the configuration should be written permanently or in runtime when firewalld is running.

# File 'library/network/src/lib/y2firewall/firewalld/api.rb', line 67

def initialize(mode: nil, permanent: true)
  @mode = mode || (running? ? :running : :offline)
  @permanent = !offline? && permanent
end

Instance Attribute Details

#mode ⇒ Object

Determines the mode in which firewalld is running and as consequence the command to be used.

# File 'library/network/src/lib/y2firewall/firewalld/api.rb', line 59

def mode
  @mode
end

Instance Method Details

#complete_reload ⇒ Boolean

Do a complete reload of the firewall if running. In offline mode just return true as a reload is not needed to apply the changes

Returns:

• (Boolean) —

  true if the firewall was reloaded completely with success

# File 'library/network/src/lib/y2firewall/firewalld/api.rb', line 153

def complete_reload
  return true if offline?

  modify_command("--complete-reload")
end

#default_zone ⇒ String

Returns default zone.

Returns:

• (String) —

  default zone

# File 'library/network/src/lib/y2firewall/firewalld/api.rb', line 128

def default_zone
  string_command("--get-default-zone")
end

#disable! ⇒ Object

Disables the firewalld service

# File 'library/network/src/lib/y2firewall/firewalld/api.rb', line 105

def disable!
  offline? ? run_command("--disable") : Yast::Service.Disable("firewalld")
end

#enable! ⇒ Object

Enables the firewalld service

# File 'library/network/src/lib/y2firewall/firewalld/api.rb', line 100

def enable!
  offline? ? run_command("--enable") : Yast::Service.Enable("firewalld")
end

#log_denied_packets ⇒ String

Returns packet type which is being logged when denied.

Returns:

• (String) —

  packet type which is being logged when denied

# File 'library/network/src/lib/y2firewall/firewalld/api.rb', line 175

def log_denied_packets
  string_command("--get-log-denied").strip
end

#log_denied_packets?(kind) ⇒ Boolean

Returns True if desired packet type is being logged when denied.

Parameters:

• kind (String) —

  Denied packets to log. Possible values are: all, unicast, broadcast, multicast and off

Returns:

• (Boolean) —

  True if desired packet type is being logged when denied

# File 'library/network/src/lib/y2firewall/firewalld/api.rb', line 164

def log_denied_packets?(kind)
  string_command("--get-log-denied").strip == kind
end

#modify_default_zone(zone) ⇒ Object

Set the default zone

Parameters:

• zone (String) —

  The firewall zone

# File 'library/network/src/lib/y2firewall/firewalld/api.rb', line 135

def modify_default_zone(zone)
  modify_command("--set-default-zone=#{zone}")
end

#modify_log_denied_packets(kind) ⇒ Object

Parameters:

• kind (String) —

  Denied packets to log. Possible values are: all, unicast, broadcast, multicast and off

# File 'library/network/src/lib/y2firewall/firewalld/api.rb', line 170

def modify_log_denied_packets(kind)
  modify_command("--set-log-denied=#{kind}")
end

#offline? ⇒ Boolean

Whether the mode is :offline or not

Returns:

• (Boolean) —

  true if current mode if :offline; false otherwise

# File 'library/network/src/lib/y2firewall/firewalld/api.rb', line 75

def offline?
  @mode == :offline
end

#permanent? ⇒ Boolean

Whether the command called to modify configuration should make the changes permanent or not

Returns:

• (Boolean)

# File 'library/network/src/lib/y2firewall/firewalld/api.rb', line 83

def permanent?
  return false if offline?

  @permanent
end

#reload ⇒ Boolean

Do a reload of the firewall if running. In offline mode just return true as a reload is not needed to apply the changes.

Returns:

• (Boolean) —

  true if the firewall was reloaded successfully

# File 'library/network/src/lib/y2firewall/firewalld/api.rb', line 143

def reload
  return true if offline?

  modify_command("--reload")
end

#running? ⇒ Boolean

Whether firewalld is running or not

Returns:

• (Boolean) —

  true if the state is running; false otherwise

# File 'library/network/src/lib/y2firewall/firewalld/api.rb', line 92

def running?
  return false if Yast::Stage.initial
  return false if !Yast::Package.Installed(PACKAGE, target: :system)

  state == "running"
end

#state ⇒ String

Return the current state of the firewalld service (running or not running)

Returns:

• (String) —

  firewalld service state

See Also:

• http://www.firewalld.org/documentation/man-pages/firewall-cmd.html

# File 'library/network/src/lib/y2firewall/firewalld/api.rb', line 114

def state
  case Yast::Execute.on_target("firewall-cmd", "--state", allowed_exitstatus: [0, 252])
  when 0
    "running"
  when 252
    "not running"
  else
    "unknown"
  end
end